Connecting to on-premises data sources with On-premises data gateway
The on-premises data gateway provides secure data transfer between on-premises data sources and your Azure Analysis Services servers in the cloud. In addition to working with multiple Azure Analysis Services servers in the same region, the latest version of the gateway also works with Azure Logic Apps, Power BI, Power Apps, and Power Automate. While the gateway you install is the same across all of these services, Azure Analysis Services and Logic Apps have some additional steps.
Information provided here is specific to how Azure Analysis Services works with the On-premises Data Gateway. To learn more about the gateway in general and how it works with other services, see What is an on-premises data gateway?.
For Azure Analysis Services, getting setup with the gateway the first time is a four-part process:
Download and run setup - This step installs a gateway service on a computer in your organization. You also sign in to Azure using an account in your tenant's Azure AD. Azure B2B (guest) accounts are not supported.
Register your gateway - In this step, you specify a name and recovery key for your gateway and select a region, registering your gateway with the Gateway Cloud Service. Your gateway resource can be registered in any region, but it's recommended it be in the same region as your Analysis Services servers.
Create a gateway resource in Azure - In this step, you create a gateway resource in Azure.
Connect the gateway resource to servers - Once you have a gateway resource, you can begin connecting servers to it. You can connect multiple servers and other resources provided they are in the same region.
When installing for an Azure Analysis Services environment, it's important you follow the steps described in Install and configure on-premises data gateway for Azure Analysis Services. This article is specific to Azure Analysis Services. It includes additional steps required to setup an On-premises data gateway resource in Azure, and connect your Azure Analysis Services server to the resource.
Connecting to a gateway resource in a different subscription
It's recommended you create your Azure gateway resource in the same subscription as your server. However, you can configure your servers to connect to a gateway resource in another subscription. Connecting to a gateway resource in another subscription is not supported when configuring existing server settings or creating a new server in the portal, but can be configured by using PowerShell. To learn more, see Connect gateway resource to server.
Ports and communication settings
The gateway creates an outbound connection to Azure Service Bus. It communicates on outbound ports: TCP 443 (default), 5671, 5672, 9350 through 9354. The gateway does not require inbound ports.
You may need to include IP addresses for your data region in your firewall. You can download the Microsoft Azure Datacenter IP list. This list is updated weekly. The IP Addresses listed in the Azure Datacenter IP list are in CIDR notation. To learn more, see Classless Inter-Domain Routing.
The following are fully qualified domain names used by the gateway.
|Domain names||Outbound ports||Description|
|*.powerbi.com||80||HTTP used to download the installer.|
|*.login.windows.net, login.live.com, aadcdn.msauth.net||443||HTTPS|
|*.servicebus.windows.net||5671-5672||Advanced Message Queuing Protocol (AMQP)|
|*.servicebus.windows.net||443, 9350-9354||Listeners on Service Bus Relay over TCP (requires 443 for Access Control token acquisition)|
|*.msftncsi.com||80||Used to test internet connectivity if the gateway is unreachable by the Power BI service.|
|*.microsoftonline-p.com||443||Used for authentication depending on configuration.|
|dc.services.visualstudio.com||443||Used by AppInsights to collect telemetry.|
The following articles are included in the On-premises data gateway general content that applies to all services the gateway supports: