What Is the Microsoft Power BI Architecture?
The Power BI architecture service, made on Azure, is Microsoft’s cloud computing infrastructure and platform. The ability to bismuth service design is predicated on two clusters — the online front (WFE) cluster and the side cluster. The WFE cluster is liable for the initial association and authentication to the ability bismuth service, and, once documented, the rear finish handles all resultant user interactions. Power BI architecture uses Azure Active Directory (AAD) to store and manage user identities and the storage of knowledge and data victimization through the Azure BLOB and Azure SQL information.1337x
Power BI Architecture
As mentioned previously, each Power BI architecture consists of two clusters — an online front (WFE) cluster and a side cluster.
The WFE cluster manages the initial association and authentication method for Power BI architecture and victimization AAD to manifest purchasers and supply tokens for resultant consumer connections to the ability bismuth service. Power BI architecture conjointly uses the Azure Traffic Manager (ATM) to direct user traffic to the closest datacenter, which is determined by the DNS record of the consumer making an attempt to attach, for the authentication method, and transfer static content and files. The Power BI architecture uses the Azure Content Delivery Network (CDN) to expeditiously distribute the mandatory static content and files to users supported at a geographical locus.
The Back finish cluster is how documented purchasers act with the ability for bismuth service. The rear finish cluster manages visualizations, user dashboards, datasets, reports, knowledge storage, knowledge connections, knowledge refresh, and different aspects of interacting with the ability bismuth service. The entranceway Role acts as an entranceway between user requests and, therefore, the Power BI architecture service. Users don’t act directly with any roles, nonetheless, the entranceway role. Azure API Management can eventually handle the entranceway role.
Data Storage Security
Power BI architecture uses two primary repositories for storing and managing knowledge. This includes data that is uploaded from users and is often sent to Azure BLOB storage. Every piece of data, additionally, is uploaded as artifacts for the system itself to square measure and keep it in Azure SQL information.
The line within the side cluster image shown above clarifies the boundary between the sole two elements that square measure accessible by users (left of the dotted line) and roles that square measure solely accessible by the system. Once an associate-documented user connects to the ability bismuth Service, the association and any request by the consumer is accepted and managed by the entranceway role (eventually to be handled by Azure API Management) that, then, interacts on the user’s behalf with the remainder of the ability bismuth service. Parenthetically, once a consumer makes an attempt to look at a dashboard, the entranceway role accepts that request and individually sends a letter of invitation to the presentation role to retrieve the info required by the browser to render the dashboard.
User Authentication
Power BI architecture uses Azure Active Directory (AAD) to manifest users World Health Organization login to the ability bismuth service and, successively, uses the ability bismuth login credentials whenever a user arranges resources that need authentication. Users log in to the ability bismuth service victimization that the e-mail address accustomed to establish their Power BI architecture account. Power BI architecture uses that login email because of the effective username that passes to resources whenever a user makes an attempt to attach to knowledge. The effective username maps to a User Principal Name (ESN) and resolves to the associated windows domain account, against that authentication, and applies.
For organizations that used work emails for Power BI architecture logins (such as david@contoso.com), the effective username to UPN mapping is easy. For organizations that failed to use work emails for Power BI architecture login (such as david@contoso.onmicrosoft.com), a mapping between AAD and on-premises credentials would force directory synchronization to figure properly.
Platform security for architecture conjointly includes multi-tenant surroundings security, networking security, and, therefore, the ability to feature extra AAD-based security measures.
Data and Repair Security
As delineated earlier in this article, a user’s Power BI architecture login is employed by on-premises Active Directory servers to map to a UPN for credentials. However, it’s vital to notice that users square measure liable for what they share — if a user connects to data sources victimization of their credentials, then, it shares a report supported by data with users. These users with who the dashboard is shared don’t seem to document against the first knowledge supply and can grant access to the report.
An exception would be connections to the SQL Server associate analysis services victimization. With the on-premises knowledge gateway, dashboards' square measure is cached in the Power BI architecture. However, access to underlying reports or datasets initiate authentication for the user, making an attempt to access the report (or dataset) and can solely grant access, if the user has spare credentials to access the info. For a lot of data, see on-premises knowledge entranceway deep dive.
EmoticonEmoticon