Breadcrumbs

Power BI Server & Dynamic IP Addresses

Strategies for maintaining a secure connection between a data warehouse and Power BI Server for customers hosting their data warehouse on-prem (including AWS servers they control).

Power BI Server’s IP addresses are dynamic and can change frequently. There are various strategies for maintaining a secure connection between the MS SQL Server hosting the data warehouse and Power BI Server. Customers hosting their data warehouse on-prem are responsible for their SQL Server security configuration.

SQL Server to Power BI Server Security Strategies

There are various strategies for establishing a secure connection between a SQL Server and Power BI.
DataSelf cloud hosted data warehouses provide this service.
For customers hosting their own data warehouse on SQL Server or AWS strategies include:

  • Azure IP Ranges and Service Tags – Public Cloud
    Microsoft provides regularly updated lists of the IP Ranges of Power BI Servers in JSON format via their Azure IP Ranges and Service Tags – Public Cloud. Update the SQL firewall rules to include these IP addresses.

  • VPN Endpoint & Power BI Gateway
    Route all Power BI Service traffic through VM with Power BI Gatway to access the SQL Server.

  • AWS PrivateLink Endpoint, Power BI Gateway
    AWS PrivateLink Endpoint and Power BI Gateway bridges Power BI Service and SQL Server.
    Expose the SQL Server using an AWS PrivateLink Endpoint.

  • Power BI On-Premises Gateway
    Power BI On-Premises Data Gateway bridges Power BI Service and SQL Server.

  • Azure Private Endpoint for Power BI with VPN or PrivateLink