What is Power BI Architecture – With Data Security
In this Power BI tutorial, we will learn about the Power BI Architecture. Moreover, we will study, data storage security, user authentication, and data & repair security.
So, let’s start a Power BI Architecture Tutorial.
2. What is Microsoft Power BI Architecture?
The Power BI architecture service made on Azure, that is Microsoft’s cloud computing infrastructure and platform. The ability to bismuth service design is predicated on 2 clusters – the online front (WFE) cluster and therefore the side cluster. The WFE cluster is liable for initial association and authentication to the ability bismuth service, and once documented, the rear finish handles all resultant user interactions.
Power BI architecture uses Azure Active Directory (AAD) to store and manage user identities and manages the storage of knowledge and data victimization Azure BLOB and Azure SQL information, severally.
3. Power BI Architecture
Each Power BI architecture readying consists of 2 clusters – an online front (WFE) cluster, and a side cluster.
The WFE cluster manages the initial association and authentication method for Power BI architecture, victimization AAD to manifest purchasers and supply tokens for resultant consumer connections to the ability bismuth service.
Power BI architecture conjointly uses the Azure Traffic Manager (ATM) to direct user traffic to the closest datacenter, determined by the DNS record of the consumer making an attempt to attach, for the authentication method and to transfer static content and files. This architecture uses the Azure Content Delivery Network (CDN) to expeditiously distribute the mandatory static content and files to users supported geographical locus.
The Back finish cluster is however documented purchasers act with the ability for bismuth service. the rear finish cluster manages visualizations, user dashboards, datasets, reports, knowledge storage, knowledge connections, knowledge refresh, and different aspects of interacting with the ability bismuth service. The entranceway Role acts as an entranceway between user requests and therefore the Power BI architecture service. Users don’t act directly with any roles nonetheless the entranceway Role. Azure API Management can eventually handle the entranceway Role.
4. Data Storage Security
Power BI architecture uses 2 primary repositories for storing and managing knowledge: data that’s uploaded from users is often sent to Azure BLOB storage, and every one data additionally as artifacts for the system itself square measure keep in Azure SQL information.
The line within the side cluster image, above, clarifies the boundary between the sole 2 elements that square measure accessible by users (left of the dotted line), and roles that square measure solely accessible by the system.
Once an associate documented user connects to the ability bismuth service, the association and any request by the consumer is accepted and managed by the entranceway role (eventually to handle by Azure API Management), that then interacts on the user’s behalf with the remainder of the ability bismuth Service. Parenthetically, once a consumer makes an attempt to look at a dashboard, the entranceway Role accepts that request then individually sends a letter of invitation to the Presentation Role to retrieve the info required by the browser to render the dashboard.
5. User Authentication
Power BI architecture uses Azure Active Directory (AAD) to manifest users World Health Organization login to the ability bismuth service, and successively, uses the ability bismuth login credentials whenever a user arranges to resources that need authentication. Users log in to the ability bismuth service victimization the e-mail address accustomed establish their Power BI architecture account.
Architecture of Power BI uses that login email because the effective username, that pass to resources whenever a user makes an attempt to attach to knowledge. The effective username map to a User Principal Name (UPN) and resolve to the associated windows domain account, against that authentication, apply.
For organizations that used work emails for Power BI architecture login (such as firstname.lastname@example.org), the effective username to UPN mapping is easy. For organizations that failed to use work emails for Power BI architecture login. A mapping between AAD and on-premises credentials would force directory synchronization to figure properly.
Platform security for architecture conjointly includes multi-tenant surroundings security, and networking security. Therefore the ability to feature extra AAD-based security measures.
6. Data and Repair Security
For a lot of data, please visit the Microsoft Trust Center.
As delineate earlier in this article, a user’s Power BI architecture login is employed by on-premises Active Directory servers to map to a UPN for credentials. However, it’s vital to notice that users square measure liable for they share. If a user connects to data sources victimization her credentials, then shares a report supported that data, users with whom the dashboard is shared don’t seem to document against the first knowledge supply and can grant access to the report.
An exception is connections to SQL Server associate analysis Services victimization the On-premises knowledge gateway; dashboards square measure cached in Power BI architecture. However, access to underlying reports or datasets initiate authentication for the user making an attempt to access the report. And access can solely grant if the user has spare credentials to access the info. For a lot of data, see On-premises knowledge entranceway deep dive.
So, this was all about Microsoft Power BI Architecture Tutorial. Hope you like our explanation.
Hence, in this tutorial, we studied the architecture of power BI and many other points related to it. Still, you have any doubt, feel free to ask in the comment section.
Related Topic – Create Power BI Dashboard