Strategies for maintaining a secure connection between a data warehouse and Power BI Server for customers hosting their data warehouse on-prem (including AWS servers they control).
Power BI Server’s IP addresses are dynamic and can change frequently. There are various strategies for maintaining a secure connection between the MS SQL Server hosting the data warehouse and Power BI Server. Customers hosting their data warehouse on-prem are responsible for their SQL Server security configuration.
SQL Server to Power BI Server Security Strategies
There are various strategies for establishing a secure connection between a SQL Server and Power BI.
DataSelf cloud hosted data warehouses provide this service.
For customers hosting their own data warehouse on SQL Server or AWS strategies include:
-
Azure IP Ranges and Service Tags – Public Cloud
Microsoft provides regularly updated lists of the IP Ranges of Power BI Servers in JSON format via their Azure IP Ranges and Service Tags – Public Cloud. Update the SQL firewall rules to include these IP addresses. -
VPN Endpoint & Power BI Gateway
Route all Power BI Service traffic through VM with Power BI Gatway to access the SQL Server. -
AWS PrivateLink Endpoint, Power BI Gateway
AWS PrivateLink Endpoint and Power BI Gateway bridges Power BI Service and SQL Server.
Expose the SQL Server using an AWS PrivateLink Endpoint. -
Power BI On-Premises Gateway
Power BI On-Premises Data Gateway bridges Power BI Service and SQL Server. -
Azure Private Endpoint for Power BI with VPN or PrivateLink