Power BI service allows connectivity thru PowerBI Gateway in case you do not want to expose the on-premise data sources. Power BI Gateway can be installed on a server /VM deployed in the on-premise environment. Now If you deploy the Enterprise gateway in the On-Premise network your network team may not be happy and they will not open the firewall to expose the Enterprise Gateway to connect to the Internet. But do not worry and here is the good news, in order for the Enterprise gateway to function properly it requires certain ports to be open and it does not require ports to be exposed to the internet. Here are the list of ports to be opened:
Here’s a list of FQDNs used by the gateway:
Domain names | Outbound ports | Description |
---|---|---|
*.download.microsoft.com | 80 | Used to download the installer. This is also used by the on-premises data gateway app to check for version and gateway region. |
*.powerbi.com | 443 | Used for identifying the relevant Power BI cluster. |
*.analysis.windows.net | 443 | Used for identifying the relevant Power BI cluster. |
*.login.windows.net, login.live.com, aadcdn.msauth.net | 443 | Used for authenticating the on-premises data gateway app (AAD/OAuth2). |
*.servicebus.windows.net | 5671-5672 | Used for Advanced Message Queuing Protocol (AMQP). |
*.servicebus.windows.net | 443, 9350-9354 | Listens on Service Bus Relay over TCP (requires 443 for Access Control token acquisition). |
*.frontend.clouddatahub.net | 443 | Deprecated – Not required. Will be removed from the public documentation as well. |
*.core.windows.net | 443 | Used by data flows in Power BI to write data to Azure data lake. |
login.microsoftonline.com | 443 | Used for authenticating the on-premises data gateway app (AAD/OAuth2). |
*.msftncsi.com | 443 | Used to test internet connectivity if the gateway is unreachable by the Power BI service. |
*.microsoftonline-p.com | 443 | Used for authenticating the on-premises data gateway app (AAD/OAuth2). |
dc.services.visualstudio.com | 443 | Used by AppInsights to collect telemetry. |
Please use this link to find the latest port details.
Once you open the ports specified above, you need to configure Power BI Gateway to use a Proxy IP address for outbound traffic. This IP address is configured by your Network Administrator so all the communication happens thru this IP address and Port. Enterprise gateway uses Azure Service bus to communicate to PowerBI service thru an Encrypted connection so your data is secure. Here is the step-by-step instructions on how to configure the Proxy outbound address.
STEP 1. Download and Copy PowerBI Gateway Binaries into the server/VM hosted in the On-Premise data center. Install PowerBI Gateway. Installing the PowerBI gateway is a very simple process as Microsoft provides a nice installer graphical interface. You need to select Enterprise mode instead of personal mode for the corporate Enterprise environment.
STEP 2. Note down the Proxy outbound IP address from Your network Admin and test if the Proxy server is configured properly.
Test-NetConnection -ComputerName watchdog.servicebus.windows.net -Port 9350
The results should look like the output below. If TcpTestSucceeded is not true, you may be blocked by a firewall.
ComputerName : watchdog.servicebus.windows.net RemoteAddress : 70.37.104.240 RemotePort : 5672 InterfaceAlias : vEthernet (Broadcom NetXtreme Gigabit Ethernet - Virtual Switch) SourceAddress : 10.120.60.105 PingSucceeded : False PingReplyDetails (RTT) : 0 ms TcpTestSucceeded : True
You can also use the CURL command line tool as well. Here IP Address and port provided by Network Admin. The gateway will use this IP Address and Port for outbound communication.
CURL http://watchdog.servicebus.windows.net --proxy IPADDRESS:PORT
In my experience in a typical corporate environment, you have to do so much back and forth to get the proxy setting done. Sometimes you may have to use the Wireshark tool output to prove your point to your network Administrator.
STEP 3. Open the config file located at this link C:\Program Files\On-premises data gateway/EnterpriseGatewayConfigurator.exe.config
Append the XML configuration carefully. Please replace the IP Address and Port provided by your Network Administrator.
<system.net> <defaultProxy useDefaultCredentials="true" > <proxy autoDetect="false" proxyaddress="http://IP ADDRESS:PORT" bypassonlocal="true" usesystemdefault="true" /> </defaultProxy> </system.net>
STEP 4: Repeat step 2 for the file located at C:\Program Files\On-premises data gateway/Microsoft.PowerBI.EnterpriseGateway.exe.config .Please replace the IP Address and Port provided by your Network Administrator. Usually, port 3128 is used by some proxy servers (3proxy).
<system.net> <defaultProxy useDefaultCredentials="true" > <proxy autoDetect="false" proxyaddress="http://IP ADDRESS:PORT" bypassonlocal="true" usesystemdefault="true" /> </defaultProxy> </system.net>
STEP 5. In case you want your gateway to connect to cloud data sources through a proxy, you need to update the following file: C:\Program Files\On-premises data gateway\Microsoft.Mashup.Container.NetFX45.exe.config.
<configuration> <system.net> <defaultProxy useDefaultCredentials="true" enabled="true"> <proxy proxyaddress="http://IPAddress:Port" bypassonlocal="true" /> </defaultProxy> </system.net> </configuration>
STEP 6. Stop and start the Enterprise Gateway service so your changes can take into effect.
net stop PBIEgwService net start PBIEgwService
STEP 7: Open PowerBI Enterprise Gateway and Sign in to your PowerBI account. Go to Enable diagnostic logging and conduct the network port test by clicking start network port test.
It will show a text file with the overall result and granular result. You can send these results to your network administrator and request him to resolve the network issues.
The Proxy URI will be in the form of IPADDRESS:Port and this will be provided by your Network Administrator. If the results of these tests are successful this means you should be able to connect to the gateway.
STEP 9: Ensure that the VM where you have deployed the Gateway is able to connect to your data sources either thru ODBC or directly thru the IP address of the data sources. In order to test the connectivity, you can download the PowerBI desktop into the Sever /VM where you have deployed the Gateway and try creating the sample report by connecting it to a data source. Now publish the report.
STEP 10. Now download the report published in STEP 9 to your desktop and you can start working on this report without changing the data source. You will notice that all the data source is already available once you shape the data and publish the report. It is using the Power BI gateway to pull the data.
I hope this helps.