Does anyone have experience placing the gateway in a perimeter network (also known as DMZ, demilitarized zone, and screened subnet)?
If the data gateway is on a VM in the DMZ and the VM is not joined to the domain/forest then it not will be able to connect to an analysis server I assume since SSAS requires windows authentication. We would still be able to connect to a SQL Server though.
Is placing a gateway on the DMZ not a recommended approach? anyone has experience with this approach please.
Thank you for the information. In this case I would have to create a job that copies the SSAS model to a server on the DMZ which would work.
In the case though that the data gateway and SSAS are not on the same domain, it won't work because for data gateway SSAS data sources there seems to be only one option which is a windows user for authentication. I'm assuming that's why Microsoft indicates that for SSAS data sources the data gateway and analysis server have to be on the same domain/forest.
"If you have an Analysis Services data source, you need to install the gateway on a computer joined to the same forest/domain as your Analysis Services server."
"The Windows account you enter must be a member of the Server Administrator role on the Analysis Services instance you're connecting to. If this account’s password is set to expire, users could get a connection error if the password isn’t updated for the data source"