Module 5 - Power Platform On-Premise Data Gateway
Module 5 - Power Platform On-Premise Data Gateway
Platform for
Administrators:
Power Platform On-premise Data
Gateway
Microsoft
Services
Conditions and Terms of Use
Microsoft Confidential
This training package is proprietary and confidential and is intended only for uses described in the training materials. Content and software is
provided to you under a Non-Disclosure Agreement and cannot be distributed. Copying or disclosing all or any portion of the content and/or
software included in such packages is strictly prohibited.
The contents of this package are for informational and training purposes only and are provided "as is" without warranty of any kind, whether
express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, and non-
infringement.
Training package content, including URLs and other Internet website references, is subject to change without notice. Because Microsoft must
respond to changing market conditions, the content should not be interpreted to be a commitment on the part of Microsoft, and Microsoft
cannot guarantee the accuracy of any information presented after the date of publication. Unless otherwise noted, the companies,
organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association
with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred.
• The gateway service must run on a local server in your on-premise location.
• The server does not have to be the same one as the resources it will proxy access to, however it
should be on the same local network to reduce latency.
• Multiple application and flow connections can use the same gateway install.
• During the install the gateway is setup to use NT Service\PBIEgwService for the Windows service
sign-in.
• You can switch this to a domain user or managed service account if you’d like.
Gateway Permission Access
By default, you have this permission on any gateway that you install.
As the administrator you can grant another user permission to co-administrate the gateway or use only.
When you set up a data source on the gateway you need to provide credentials for that data source.
Credentials are encrypted securely, using asymmetric encryption before they are stored in the cloud.
The credentials are sent to the machine, running the gateway on-premises, where they are decrypted when the
data source is accessed.
The gateway service creates an
outbound connection to the Azure
Data Service Bus so there are no inbound
ports required to be opened.
Gateway
In/outboun The outbound connection
d communicates on ports:
TCP 443(default), 5671, 5672, and
9350 through 9354.
Updates are not auto-installed for the On-
premises data gateway.
Managing
Tenant Data
Gateways
(cont.)
Manage Gateway Users
• Select the People icon next to the gateway cluster name to see the list of gateway users.
• Add or remove gateway admins in the Manage Users page.
• For personal gateways, this would show the owner of the personal gateway and cannot be changed due to the
security scope of personal gateways.
• For an On-premises data gateway in standard mode, users can be added to any of the following three categories.
Admin:
• Power BI: Administrators have full control of the gateway, including adding other admins, creating data
Managing •
sources, managing data source users, and deleting the gateway.
Power Apps and Power Automate: Administrators have full control of the gateway, including adding other
Tenant Data admins, creating connections, additionally sharing gateways in Can use and Can use + share permission
levels and deleting the gateway.
Gateways • Others: Administrators have full control of the gateway, including adding other admins and deleting the
gateway.
Managing • You can use an on-premises data gateway with all supported services, with a single gateway
installation.
Tenant Data • This gateway is well-suited to complex scenarios with multiple people accessing multiple data sources.
On-premises data gateway (personal mode)
Gateways • Allows one user to connect to sources and can’t be shared with others.
• An on-premises data gateway (personal mode) can be used only with Power BI.
• This gateway is well-suited to scenarios where you’re the only person who creates reports, and you
don't need to share any data sources with others.
• Installation file for this type of data gateway is named PowerBIGatewayInstall.exe and available here
https://go.microsoft.com/fwlink/?LinkId=820925&clcid=0x409 .
Manage Gateway Installers
• As either an Azure AD Global administrator (which includes Office 365 Global
admins) or a Power BI service administrator, use Manage Gateway installers to
manage who can install the On-premises data gateway in your enterprise.
• Note:
• This operation isn’t available for gateway admins.
• This feature does not apply for On-premises data gateways (personal mode).
Managing • Navigate to Power Platform Admin center and select Data Gateways.
• Select Manage Gateway Installers.
Tenant • Enable Restrict Users in your organization from installing gateways.
Data • This option is Off by default allowing anyone in your organization to install
gateway.
Gateways
Manage Gateway Installers
• Enter the users allowed to install gateway, and then select Add.
• Currently, we do not support groups for Manage Installers; you can
add individual users.
• To remove users who have permission to install gateway, select
Remove installer then select confirm.
• If a person who doesn’t have access to install gateways tries to install
one, they will get the following error once they provide their
Managing credentials during the gateway registration.
Tenant
Data
Gateways
Configure Proxy Settings
for the On-premises Data
Gateway
Introduction
Your work environment might require that you go through a proxy to access the internet. This could
prevent the Microsoft on-premises data gateway from connecting to the service. Although most
gateway configuration settings can be changed by using the on-premises data gateway app, proxy
information is configured within a .NET configuration file.
The location and file names are different, depending on the gateway you're using. Two main
configuration files are involved with the gateway in which proxy settings can be edited:
• The first file is for the configuration screens that actually configure the gateway.
Note: If you're having issues configuring the gateway, look at the following file: C:\Program
Files\On-premises data gateway\enterprisegatewayconfigurator.exe.config
• The second file is for the actual Windows service that interacts with the cloud service using the
gateway.
This file handles the requests: C:\Program Files\On-premises data gateway\
Microsoft.PowerBI.EnterpriseGateway.exe.config
Note: If you're going to make changes to the proxy configuration, these files must be edited so that
proxy configurations are exactly the same in both files.
Configure Proxy Settings
• The following sample shows the • The default configuration works with Windows
authentication.
default proxy configuration found in
• If your proxy uses another form of authentication,
both of the two main configuration you must change the settings.
files. • If you aren't sure, contact your network
administrator.
• We don't recommend basic proxy authentication
because it causes proxy authentication errors that
result in the gateway not being properly configured.
• Use a stronger proxy authentication mechanism to
resolve.
Configure Proxy Settings (continued)
• In addition to using default credentials, you can add
a <proxy> element to define proxy server settings in
more detail.
• For example, you can specify that an on-premises
data gateway should always use the proxy, even for
local resources, by setting the bypassonlocal
parameter to false.
• This can help in troubleshooting situations, if you
want to track all HTTPS requests that originate from
a gateway in the proxy log files.
• The following sample configuration specifies that all
requests must go through a specific proxy with the
IP address 192.168.1.10.
Configure Proxy Settings (continued)
• Additionally, for the gateway to connect to cloud data sources through a proxy,
update the following file: C:\Program Files\On-premises data gateway\
Microsoft.Mashup.Container.NetFX45.exe.config
• In the file, expand the <configurations> section to include the following contents,
and update the proxyaddress attribute with your proxy information.
• The following example routes all cloud requests through a specific proxy with the
IP address 192.168.1.10.
Configure Log Files
for Data Gateway
• There are three categories of service logs for an on-premises data gateway:
information, error, and network.
• These categorizations provide a troubleshooting experience that lets you focus on
the specific area for an error or issue.
• You can see the three categories GatewayInfo.log, GatewayErrors.log, and
GatewayNetwork.log in the following excerpt from the gateway configuration file
Microsoft.PowerBI.EnterpriseGateway.exe.config
Configure Log • By default, the gateway configuration file is located in the directory
Files for the On-
Program Files\On-premises data gateway.
premises Data
• To set the number of log files to retain, change the first number in the file's
Gateway initializeData value.
• To configure the size of each log file, change the second number.
• The following example specifies that 20 log files, each 50 MB in size, will be
retained:
• GatewayInfo.log,GatewayErrors.log,GatewayNetwork.log,20,50
Additional Valuable Resource
You can use “Open in new window” to run virtual machine in a separate window.
Step 1) Download and Install
Data Gateway
You can use “Open in new window” to run virtual machine in a separate window.
Step 1) Download and Install Data
Gateway (continued)
5. Copy the link below and paste it to the ContosoSQL
machine web browser:
• https://www.Microsoft.com/en-us/download/details.asp
x?id=53127
Update an On-
premises Data
Gateway
• Download the latest gateway and run the installation program.
• If the version you're trying to install isn't newer than the version already installed, you'll receive one
of the following error messages.
• If you install a newer version, you'll be prompted to update. Select Update to begin updating.
• After the installation finishes, select Sign in.
End of Lab Exercise
La
b:
Exercise 3