Professional Documents
Culture Documents
General
Q3: Do I need a gateway for cloud data sources like Azure SQL Database?
Answer: No. In general, the service will be able to connect to that data source
without a gateway. However, for on-premises data sources, or if the data sources
reside behind a firewall, or requires a VPN, or are on virtual networks, a data
gateway may be needed.
Q4: Are there any inbound connections to the gateway from the cloud?
Answer: No. The gateway uses outbound connections to Azure Service Bus.
Q6: Does the gateway have to be installed on the same machine as the data
source?
Answer: No. The gateway will connect to the data source using the connection
information that was provided.
Think of the gateway as a client application in this sense. It will just need to be able
to connect to the server name that was provided.
Q8: What is the latency for running queries to a data source from the gateway?
What is the best architecture?
Answer: We recommend that you have the gateway as close to the data source as
possible to avoid network latency. If you can install the gateway on the actual data
source, it will minimize the latency introduced. Consider the data centers as well.
For example, if your service is making use of the West US data center, and you have
SQL Server hosted in an Azure VM, you will want to have the Azure VM in West US as
well. This will minimize latency and avoid egress charges on the Azure VM.
1|Page
Q9: Are there any requirements for network bandwidth?
Answer: We recommend that you have good throughput for your network
connection. Every environment is different and this is also dependent on the amount
of data being sent. Using ExpressRoute could help to guarantee a level of throughput
between on-premises and the Azure data centers.
You can use the 3rd party Azure Speed Test app to help gauge what your throughput
is. High Availability/Disaster Recovery
Q10: Can the gateway Windows service run with an Azure Active Directory
account?
Answer: No. The Windows service needs to have a valid Windows account. By
default it will run with the Service SID NT SERVICE\PBIEgwService.
Q14: Can I place the gateway in a perimeter network (also known as DMZ,
demilitarized zone, and screened subnet)?
Answer: The gateway requires connectivity to the data source. If the data source is
not accessible in your perimeter network, the gateway may not be able to connect to
it. For example, your SQL Server may not be in your perimeter network. And, you
cannot connect to your SQL Server from the perimeter network. If you placed
the gateway in your perimeter network, it would not be able to reach the SQL Server.
Q15: Is it possible to force the gateway to use HTTPS traffic with Azure Service Bus
instead of TCP?
Answer: Yes. For more information, see Force HTTPS communication with Azure
Service Bus. Turning on this feature has very little impact on performance.
Q16: Do I need to whitelist the Azure Datacenter IP list? Where do I get the list?
Answer: If you are blocking outbound IP traffic, you may need to whitelist the Azure
Datacenter IP list. Currently, the gateway will communicate with Azure Service Bus
using the IP address in addition to the fully qualified domain name. The Azure
Datacenter IP list is updated weekly. For more information, see Enable outbound
Azure connections.
2|Page
Q17: Are the on-premises data gateway and the Data Management Gateway (used
by Azure Machine Learning Studio and Azure Data Factory) the same thing?
Answer: No, they are two different products. To get more information about the
Data Management Gateway (now called Self-hosted Integration Runtime), see Create
and configure a self-hosted integration runtime.
Q18: Can the person who sets up that gateway in the Azure Portal be different
from the one who installs the gateway?
Answer: Yes. You'll have to use PowerShell to add other owners to the same gateway
and these users could create the gateway on the portal. However, the tenant under
which they connect to Azure Portal and the gateway should be the same.
Q19: Are there any plans for enabling high availability scenarios with the gateway?
Answer: High availability clusters of on-premises data gateways help with avoiding a
single point of failure. Cloud services like PowerApps or Power BI use the primary
node by default, but falls back to the secondary in case the primary is unavailable.
Troubleshooting
Q23: How can I see what queries are being sent to the on-premises data source?
Answer: You can enable query tracing by turning on Additional logging. This will
include the queries being sent.
Remember to turn query tracing back off when done troubleshooting. Having query
tracing enabled will cause the logs to be larger. You can also look at tools your data
source has for tracing queries.
For example, for SQL Server and Analysis Services you can use Extended Events or
SQL Profiler.
3|Page
Administration
Q25: Does the gateway admin need to be an admin on the machine where the
gateway is installed?
Answer: No. The gateway admin is used to manage the gateway from within the
service.
4|Page