部署 Power BI 数据网关指南Guidance for deploying a data gateway for Power BI

本文提供在网络环境中部署数据网关的指南和注意事项。This article provides guidance and considerations for deploying a data gateway in your network environment. 网关是一种便于访问驻留在本地专用网络上的数据的软件,方便后续在 Power BI 等云服务中使用这些数据。A gateway is software that facilitates access to data that resides on a private, on-premises network, for subsequent use in a cloud service like Power BI. 本文将指导你完成部署,并为本地数据网关设置提供指南。This article walks you through the deployment, and provides guidance for, the on-premises data gateway setup.

有关本地数据网关的详细信息(包括安装链接),请查看博客文章For more about on-premises data gateway, including a link to install it, take a look at the blog post.

本地数据网关的安装注意事项Installation considerations for the on-premises data gateway

在深入了解安装和部署的详细信息之前,应牢记一些注意事项。Before getting too far into the details of installation and deployment, there are a handful of considerations you should keep in mind. 以下各部分介绍了需要牢记的重要事项。The following sections describe important things to keep in mind.

用户数Number of users

使用报表(该报表使用网关)的用户数是决定安装该网关位置的重要指标。The number of users consuming a report that's using the gateway is an important metric in deciding where to install the gateway. 下面是要考虑的一些问题:Here are some questions to consider:

  • 用户是否在一天中的不同时间使用这些报表?Are users using these reports at different times of the day?
  • 他们使用什么类型的连接(DirectQuery 或 Import)?What types of connections are they using (DirectQuery or Import)?
  • 是否所有用户都使用相同的报表?Are all users using the same report?

如果用户每天都在同一时间访问给定的报表,则需要确保在能够处理所有这些请求的计算机上安装网关(请参阅以下各部分,了解可帮助确定此问题的性能计数器和最低要求)。If users are all accessing a given report at the same time each day, you'll want to make sure you install the gateway on a machine that's capable of handling all those requests (see following sections for performance counters and minimum requirements that can help you determine this).

在 Power BI 中有一个约束,只允许每个报表有一个网关。因此,即使报表基于多个数据源,所有此类数据源也必须通过单个网关。There is a constraint in Power BI that allows only one gateway per report, so even if a report is based on multiple data sources, all such data sources must go through a single gateway. 但是,如果仪表板基于多个报表,则可以对每个提供的报表使用专用网关,从而将网关负载分发到有助于该单个仪表板的多个报表中。However, if a dashboard is based on multiple reports, you can use a dedicated gateway for each contributing report, and thereby distribute the gateway load among those multiple reports that contribute to that single dashboard.

连接类型Connection type

Power BI 提供了两种连接类型:DirectQuery 和 Import。Power BI offers two types of connections, DirectQuery and Import. 并非所有数据源都支持这两种连接类型,而且有很多原因可能会导致选择其中一种类型,如安全要求、性能、数据限制和数据模型大小。Not all data sources support both connection types, and many reasons may contribute to choosing one over the other, such as security requirements, performance, data limits, and data model sizes. 可在本地数据网关一文的“可用数据源类型列表”部分中详细了解连接类型和支持数据源。You can learn more about connection type and supported data sources in the list of available data source types section of the On-premises data gateway article.

根据所使用的连接类型,网关的使用可能会有所不同。Depending on which type of connection are use, gateway usage can be different. 例如,应尽可能将 DirectQuery 数据源从“计划刷新”数据源中分离出来(假设它们位于不同的报表中并且可以分开)。For example, you should try to separate DirectQuery data sources from Scheduled Refresh data sources whenever possible (assuming they're in different reports and can be separated). 这样做可以防止网关将成千上万的 DirectQuery 请求排入队列的时间与上午计划用于公司主仪表板的大型数据模型刷新时间相同。Doing so prevents the gateway from having thousands of DirectQuery requests queued up, at the same time as the morning's scheduled refresh of a large size data model that's used for the company's main dashboard. 以下是每种类型需要考虑的内容:Here's what to consider for each:

  • “计划刷新”:根据查询大小和每天发生的刷新次数,可以选择保持在推荐的最低硬件要求之间或升级到更高性能的计算机。For Scheduled Refresh: depending on your query size and the number of refreshes occurring per day, you can choose to stay between the recommended minimum hardware requirements or upgrade to a higher performance machine. 如果没有折叠给定的查询,网关计算机上会发生转换,因此网关计算机可受益于拥有更多可用的 RAM。If a given query is not folded, transformations occur on the gateway machine, and as such, the gateway machine benefits from having more available RAM.
  • DirectQuery:每次任何用户打开报表或查看数据时,都会发送查询。For DirectQuery: a query is be sent each time any user opens the report or looks at data. 因此,如果预计有超过 1,000 位用户同时访问数据,那么需要确保计算机具有强大耐用的硬件组件。So if you anticipate more than 1,000 users accessing the data concurrently, you'll want to make sure your computer has robust and capable hardware components. 更多 CPU 内核可使 DirectQuery 连接有更好的吞吐量。More CPU cores will result in better throughput for a DirectQuery connection.

安装本地数据网关的计算机的要求如下:The requirements for a machine on which you install an on-premises data gateway are the following:

最低:Minimum:

  • .NET 4.5 Framework.NET 4.5 Framework
  • 64 位版本的 Windows 7 / Windows Server 2008 R2(或更高版本)64-bit version of Windows 7 / Windows Server 2008 R2 (or later)

推荐:Recommended:

  • 8 核 CPU8 Core CPU
  • 8 GB 内存8 GB Memory
  • 64 位版本的 Windows 2012 R2(或更高版本)64-bit version of Windows 2012 R2 (or later)

位置Location

网关的安装位置可能会对查询性能产生重大影响,因此请尝试确保网关、数据源位置和 Power BI 租户尽可能靠近彼此,最大限度地减少网络延迟。The location of the gateway installation can have significant impact on your query performance, so try to make sure your gateway, data source locations, and the Power BI tenant are as close as possible to each other to minimize network latency. 若要确定 Power BI 租户位置,请在 Power BI 服务中选择“?”To determine your Power BI tenant location, in the Power BI service select the ? 图标(右上角),然后选择“关于 Power BI”。icon in the upper-right corner, and then select About Power BI.

监视网关Monitoring gateways

可以使用一些工具来监视已安装网关的使用和性能。There are a few tools that you can use to monitor the use and performance of your installed gateways.

性能计数器Performance counters

有许多性能计数器可用于评价并估计网关上发生的活动。There are many performance counters that can be used to evaluate and assess activity occurring on the gateway. 计数器有助于了解是否存在大量特定类型的活动,这可能会提示你部署新网关。The counters can help you understand whether you have large volume of activities by the specific type, which may prompt you to deploy a new gateway.

备注

这些计数器将不会捕获特定任务持续时间。These counters will not capture specific task duration time.

除了计算机的计数器之外,网关计数器也提供计算机所处理负载量的信息,并且可以提供服务器资源容量是否正在延伸或即将超出范围的指示。The gateway counter, in addition to your machine's counters, provide you with an idea of how much load your machine is handling, and can provide an indication of whether the server resource capacity is becoming stretched or exceeded.

这些计数器可从“Windows 性能监视器”进行访问,并且可由用于此目的的任何报表工具使用。These counters can be accessed from Windows Performance Monitor, and can be consumed by any reporting tools you use for this purpose. 有关如何结合使用网关性能监视器与 Power BI 的详细步骤,请查看以下社区创建的博客文章。For a detailed walk-through of how to use the gateway performance monitor with Power BI, take a look at the following community-create blog post.

日志Logs

配置和服务日志提供了网关所发生情况的另一层面的信息。Configuration and service logs provide another dimension on what's happening with your gateway. 当连接未按预期方式工作时,要记得检查网关日志,因为并非所有的错误信息都会出现在 Power BI 服务上。Always check your gateway logs when your connection is not working as expected, as not all error messages are surfaced on the Power BI service.

在本地计算机上查看所有日志文件的一种简单方法是在初始安装完成后,重新打开网关时,使用本地数据网关上的“导出日志”按钮,然后选择“诊断”>“导出日志”。An easy way to view all the log files on your local machine is to use the Export Logs button on the on-premises data gateway when you re-open the gateway after the initial installation is complete, and then select Diagnostics > Export Logs.

附加日志记录Additional logging

默认情况下,网关执行基本日志记录。By default the gateway performs basic logging. 如果正在调查网关问题,且需要有关查询连接细节的详细信息,可暂时启用“详细日志记录”来收集其他日志信息。If you're investigating gateway issues, and need more information about query connection details, you can temporarily enable verbose logging to gather additional log information. 为此,请在已安装的网关中选择“诊断程序”>“其他日志记录”。To do this, in the installed gateway select Diagnostics > Additional logging.

根据网关使用情况,启用此设置可能会显著增加日志大小。Enabling this setting likely will increase the log size significantly, based on gateway usage. 建议在完成审查日志后,禁用“其他日志记录”。It's recommended that once you're done reviewing the logs, you disable Additional logging. 不建议在网关正常使用期间将此设置保持为启用状态。It's not recommended to leave this setting enabled during normal gateway usage.

网络配置Network configuration

网关创建与 Azure 服务总线的出站连接。The gateway creates an outbound connection to the Azure Service Bus. 网关使用以下出站端口进行通信:The gateway communicates on the following outbound ports:

  • TCP 443(默认)TCP 443 (default)
  • 56715671
  • 56725672
  • 9350 至 93549350 thru 9354

网关不需要入站端口。The gateway does not require inbound ports. 所有必需的端口列在上面的列表中。All required ports are listed in the above list.

建议你将防火墙中数据区域的 IP 地址列入白名单。It is recommended that you whitelist the IP addresses, for your data region, in your firewall. 可在 Microsoft Azure 数据中心 IP 列表中下载 IP 地址列表。You can download list of IP addresses, which are found in the Microsoft Azure Datacenter IP list. 该列表每周更新一次。That list is updated weekly. 网关将使用指定的 IP 地址以及完全限定的域名 (FQDN) 与 Azure 服务总线进行通信。The gateway will communicate with Azure Service Bus using the specified IP address, along with the fully qualified domain name (FQDN). 如果使用 HTTPS 强制网关进行通信,则网关仅使用 FQDN,并且不会使用 IP 地址则进行通信。If you're forcing the gateway to communicate using HTTPS, the gateway strictly uses FQDN only, and no communication will occur using IP addresses.

强制 HTTPS 与 Azure 服务总线通信Forcing HTTPS communication with Azure Service Bus

可以使用 HTTPS 替代直接 TCP 来强制网关与 Azure 服务总线通信。You can force the gateway to communicate with the Azure Service Bus by using HTTPS, instead of direct TCP. 这样会稍微降低性能。Doing so will slightly reduce performance. 还可以使用网关接口(从 2017 年 3 月的网关版本开始),通过使用 HTTPS 来强制网关与 Azure 服务总线进行通信。You can also force the gateway to communicate with the Azure Service Bus by using HTTPS by using the gateway's user interface (beginning with the March 2017 release of the gateway).

为此,请在网关中选择“网络”,然后将“Azure 服务总线连接模式”切换至“启用”。To do so, in the gateway select Network, then turn the Azure Service Bus connectivity mode On.

附加指南Additional guidance

本部分为部署和管理网关提供附加指南。This section provides additional guidance for deploying and managing gateways.

  • 避免单点故障。Avoid having a single point of failure. 如果可以,请将本地数据源分发到多个网关上;在这种情况下,如果一台计算机变得不可用,你仍能刷新部分数据,不会完全丢失该功能。If possible, distribute your on-premises data sources across several gateways; in this case, if one machine becomes unavailable, you'll still be able to refresh portions of your data, and not lose that functionality completely.
  • 网关不能安装在域控制器上,因此不要计划或尝试执行此操作。The gateway cannot be installed on a domain controller, so don't plan or try to do so.
  • 不能在可能会关闭、进入休眠模式或无法连接到 Internet 的计算机上(如便携式计算机)安装网关,因为网关无法在任何这些环境下运行。Don't install a gateway on a computer that may be turned off, go into the sleep mode, or not be connected to the Internet (for example, a laptop computer), because the gateway can't run under any of those circumstances.
  • 避免在无线网络上安装网关,因为性能可能会受到无线网络的影响。Avoid installing a gateway on a wireless network, since performance might suffer over a wireless network.

网关恢复Gateway Recovery

可使用恢复密钥恢复现有网关,或者将其移动到新计算机中。You can recover your existing gateway, or move it to a new machine, using the recovery key. 会向安装网关的用户提供恢复密钥,并且之后不能更改密钥。The recovery key is provided to the user who installs the gateway, and it cannot be changed later. 恢复密钥用于数据加密和网关恢复。The recovery key is used for both data encryption and gateway recovery.

若要恢复网关,请确保你是网关上的管理员,知道网关名称,有正确的恢复密钥并且具有相似性能特征的新计算机可用。To recover your gateway, make sure you're an admin on the gateway, make sure you know the gateway name, ensure you have the correct recovery key, and that you have a new machine available with similar performance characteristics.

登录后,选择“迁移现有网关”选项。After you sign in, select the Migrate an existing gateway option. 然后,需要选择要恢复或迁移的网关,最后提供恢复密钥并点击配置。Next, you need to choose the gateway you'd like to recover or migrate, and finally provide the recovery key and hit configure. 完成该步骤后,旧网关将被新网关替代,新网关将继承其以前配置的名称和所有数据源。Once that step is done, the old gateway will be replaced by the new gateway, and the new gateway will inherit its name and all data sources previously configured. 所有数据源现在将通过新计算机,而无需重新发布任何内容。All data sources will now go through the new machine, without the need to re-publish anything. 尚不支持自动故障转移,但网关团队正在积极考虑提供此功能。Automatic failover is not yet supported, but it is a feature that the gateway team is actively considering.

管理员Administrators

可在 Power BI 服务中找到网关管理员列表。You can find a list of gateway administrators in the Power BI service. 登录 Power BI 服务时,请选择“设置”(齿轮图标)>“管理网关”->“网关 UI”。When signed into the Power BI service, select Settings (the gear icon) > Manage Gateways > Gateway UI.

在此可以选择网关并查看网关管理员列表。From there, you can select a gateway and see the list of gateway administrators. 列出的管理员可以访问、恢复和删除网关。The administrators listed can access, recover, and delete the gateway. 还可以在网关中添加和删除数据源。They can also add and delete data sources in the gateway. 若要确保组织中的所有管理员都能访问组中的所有网关,建议使用以下内容:To make sure all administrators in the organization have access to all gateways in their group, the following is recommended:

  • 创建 AAD 安全组并向其添加其他用户,然后将此安全组添加到各自的网关管理员列表中。Create an AAD security group and add other users to it, then add this security group to the list of the respective gateway administrators. 这可确保在发生故障时或需要恢复或迁移网关时,多个用户可以访问网关。This ensures that more than one person has access to the gateway in case of a failure, or when you need to recover or migrate the gateway. 这也让其他管理员了解其组中正在使用哪些网关以及每个网关上存在哪些数据源。This also gives other administrators a view of what gateways are being used in their groups, and which data sources exist on each gateway.

后续步骤Next steps

配置代理设置Configuring proxy settings
本地数据网关疑难解答Troubleshooting the on-premises data gateway
本地数据网关常见问题解答On-premises data gateway FAQ

更多问题?More questions? 尝试参与 Power BI 社区Try the Power BI Community