部署 Power BI 之資料閘道的指引Guidance for deploying a data gateway for Power BI

本文提供在網路環境中部署資料閘道的指引和考量。This article provides guidance and considerations for deploying a data gateway in your network environment. 閘道是一種軟體,可針對雲端服務中的後續使用 (例如 Power BI),方便存取私用內部部署網路上的資料。A gateway is software that facilitates access to data that resides on a private, on-premises network, for subsequent use in a cloud service like Power BI. 本文會引導您完成部署,並提供內部部署資料閘道安裝的指引。This article walks you through the deployment, and provides guidance for, the on-premises data gateway setup.

如需內部部署資料閘道的詳細資訊 (包括其安裝連結),請查看部落格文章For more about on-premises data gateway, including a link to install it, take a look at the blog post.

內部部署資料閘道的安裝考量Installation considerations for the on-premises data gateway

太過深入安裝和部署詳細資料之前,有幾個考量必須謹記在心。Before getting too far into the details of installation and deployment, there are a handful of considerations you should keep in mind. 下列各節描述要謹記在心的重要事項。The following sections describe important things to keep in mind.

使用者數目Number of users

使用利用閘道之報表的使用者數目是決定在何處安裝閘道的重要度量。The number of users consuming a report that's using the gateway is an important metric in deciding where to install the gateway. 以下是要考慮的一些問題:Here are some questions to consider:

  • 使用者會在每天的不同時間使用這些報表嗎?Are users using these reports at different times of the day?
  • 他們正在使用的連接類型 (DirectQuery 或 Import) 為何?What types of connections are they using (DirectQuery or Import)?
  • 所有使用者都使用相同的報表嗎?Are all users using the same report?

如果使用者都會在每天的相同時間存取指定的報表,則您會想要確定在可處理所有這些要求的電腦上安裝閘道 (請參閱下列各節,以取得可協助您判斷這個情況的效能計數器和最低需求)。If users are all accessing a given report at the same time each day, you'll want to make sure you install the gateway on a machine that's capable of handling all those requests (see following sections for performance counters and minimum requirements that can help you determine this).

Power BI 中有一個「報表」只允許「一個」閘道的條件約束;因此,即使報表是根據多個資料來源,所有這類資料來源還是必須經過單一閘道。There is a constraint in Power BI that allows only one gateway per report, so even if a report is based on multiple data sources, all such data sources must go through a single gateway. 不過,如果儀表板根據「多個」報表,您可以針對每個參與的報表使用專用閘道,因而將閘道負載分散到多個參與該單一儀表板的報表。However, if a dashboard is based on multiple reports, you can use a dedicated gateway for each contributing report, and thereby distribute the gateway load among those multiple reports that contribute to that single dashboard.

連線類型Connection type

Power BI 提供兩種類型的連接:DirectQueryImportPower BI offers two types of connections, DirectQuery and Import. 並非所有資料來源都支援兩種連接類型,而且有許多原因可能會導致選擇其中一個,例如安全性需求、效能、資料限制和資料模型大小。Not all data sources support both connection types, and many reasons may contribute to choosing one over the other, such as security requirements, performance, data limits, and data model sizes. 您可以深入了解內部部署資料閘道一文的<可用資料來源類型清單>一節中的連線類型和支援的資料來源。You can learn more about connection type and supported data sources in the list of available data source types section of the On-premises data gateway article.

根據使用的連接類型,閘道使用量可能會不同。Depending on which type of connection are use, gateway usage can be different. 例如,可能的話,您應該嘗試分隔 DirectQuery 資料來源與 [排程重新整理] 資料來源 (假設它們位於不同的報表中,而且可以予以分隔)。For example, you should try to separate DirectQuery data sources from Scheduled Refresh data sources whenever possible (assuming they're in different reports and can be separated). 在早上排程重新整理用於公司主要儀表板的大規模資料模型的同時,這樣做可避免閘道將數千個 DirectQuery 要求排入佇列中。Doing so prevents the gateway from having thousands of DirectQuery requests queued up, at the same time as the morning's scheduled refresh of a large size data model that's used for the company's main dashboard. 以下是每個所需要考量的事項:Here's what to consider for each:

  • 排程重新整理:根據查詢大小以及每天發生的重新整理次數,您可以選擇保持建議的最低硬體需求,或升級為更高效能的電腦。For Scheduled Refresh: depending on your query size and the number of refreshes occurring per day, you can choose to stay between the recommended minimum hardware requirements or upgrade to a higher performance machine. 如果未摺疊指定的查詢,就會在閘道電腦上進行轉換;因此,閘道電腦受惠於具有更多可用的 RAM。If a given query is not folded, transformations occur on the gateway machine, and as such, the gateway machine benefits from having more available RAM.
  • DirectQuery:每次任何使用者開啟報表或查看資料時,都會傳送查詢。For DirectQuery: a query is be sent each time any user opens the report or looks at data. 因此,如果您預期有 1,000 位以上的使用者同時存取資料,則您會想要確定電腦具有穩固且支援硬體的元件。So if you anticipate more than 1,000 users accessing the data concurrently, you'll want to make sure your computer has robust and capable hardware components. 更多的 CPU 核心將會導致 DirectQuery 連接具有更佳的輸送量。More CPU cores will result in better throughput for a DirectQuery connection.

安裝內部部署資料閘道的電腦需求如下:The requirements for a machine on which you install an on-premises data gateway are the following:

最低:Minimum:

  • .NET 4.5 Framework.NET 4.5 Framework
  • 64 位元版本的 Windows 7/Windows Server 2008 R2 (或更新版本)64-bit version of Windows 7 / Windows Server 2008 R2 (or later)

建議︰Recommended:

  • 8 核心 CPU8 Core CPU
  • 8 GB 的記憶體8 GB Memory
  • 64 位元版本的 Windows 2012 R2 (或更新版本)64-bit version of Windows 2012 R2 (or later)

位置Location

閘道安裝位置可能會對查詢效能造成重大影響,因此請嘗試確定您的閘道、資料來源位置和 Power BI 租用戶盡可能彼此接近,將網路延遲降至最低。The location of the gateway installation can have significant impact on your query performance, so try to make sure your gateway, data source locations, and the Power BI tenant are as close as possible to each other to minimize network latency. 若要判斷 Power BI 租用戶位置,請在 Power BI 服務中選取右上角的 ?To determine your Power BI tenant location, in the Power BI service select the ? 圖示,然後選取 [關於 Power BI]。icon in the upper-right corner, and then select About Power BI.

監視閘道Monitoring gateways

您可以使用幾個工具來監視已安裝閘道的使用和效能。There are a few tools that you can use to monitor the use and performance of your installed gateways.

效能計數器Performance counters

有許多效能計數器可以用來評估和評量閘道上發生的活動。There are many performance counters that can be used to evaluate and assess activity occurring on the gateway. 計數器可協助您了解您是否有特定類型的大量活動,這可能會提示您部署新的閘道。The counters can help you understand whether you have large volume of activities by the specific type, which may prompt you to deploy a new gateway.

注意

這些計數器不會擷取特定工作持續時間。These counters will not capture specific task duration time.

除了電腦的計數器之外,「閘道計數器」還會提供電腦處理多少負載,而且可以指出延伸還是超過伺服器資源能力。The gateway counter, in addition to your machine's counters, provide you with an idea of how much load your machine is handling, and can provide an indication of whether the server resource capacity is becoming stretched or exceeded.

這些計數器可以從 [Windows 效能監視器] 進行存取,而且可以供任何用於此用途的報告工具使用。These counters can be accessed from Windows Performance Monitor, and can be consumed by any reporting tools you use for this purpose. 如需如何搭配使用閘道效能監視器與 Power BI 的詳細逐步解說,請查看下列社群建立部落格文章。For a detailed walk-through of how to use the gateway performance monitor with Power BI, take a look at the following community-create blog post.

記錄Logs

設定和服務記錄會提供有關閘道發生情況的另一個維度。Configuration and service logs provide another dimension on what's happening with your gateway. 因為並非所有錯誤訊息都會顯示在 Power BI 服務上,所以當您的連接未如預期運作時,請一律檢查閘道記錄。Always check your gateway logs when your connection is not working as expected, as not all error messages are surfaced on the Power BI service.

檢視本機電腦上所有記錄檔的簡單方法,是在初始安裝完成之後,於重新開啟閘道時使用內部部署資料閘道上的 [匯出記錄] 按鈕,然後選取 [診斷] > [匯出記錄]。An easy way to view all the log files on your local machine is to use the Export Logs button on the on-premises data gateway when you re-open the gateway after the initial installation is complete, and then select Diagnostics > Export Logs.

其他記錄Additional logging

閘道預設會執行基本記錄。By default the gateway performs basic logging. 如果您要調查閘道問題,並且需要查詢連接詳細資料的詳細資訊,則可以暫時啟用「詳細資訊記錄」收集其他記錄資訊。If you're investigating gateway issues, and need more information about query connection details, you can temporarily enable verbose logging to gather additional log information. 若要這樣做,請在已安裝的閘道中選取 [診斷] > [其他記錄]。To do this, in the installed gateway select Diagnostics > Additional logging.

根據閘道使用量,啟用此設定可能會大幅增加記錄大小。Enabling this setting likely will increase the log size significantly, based on gateway usage. 建議您在完成記錄檢閱之後,停用 [其他記錄]。It's recommended that once you're done reviewing the logs, you disable Additional logging. 不建議在正常閘道使用量期間啟用這項設定。It's not recommended to leave this setting enabled during normal gateway usage.

網路設定Network configuration

閘道會建立 Azure 服務匯流排的輸出連接。The gateway creates an outbound connection to the Azure Service Bus. 閘道會在下列輸出連接埠上進行通訊:The gateway communicates on the following outbound ports:

  • TCP 443 (預設)TCP 443 (default)
  • 56715671
  • 56725672
  • 9350 到 93549350 thru 9354

閘道「不」需要輸入連接埠。The gateway does not require inbound ports. 所有必要連接埠都會列在上面的清單中。All required ports are listed in the above list.

建議您將您資料區域的 IP 位址加入防火牆的允許清單中。It is recommended that you whitelist the IP addresses, for your data region, in your firewall. 您可以下載 Microsoft Azure Datacenter IP 清單中的 IP 位址清單。You can download list of IP addresses, which are found in the Microsoft Azure Datacenter IP list. 此清單會每週更新。That list is updated weekly. 閘道會使用指定的 IP 位址及完整網域名稱 (FQDN) 來與 Azure 服務匯流排通訊。The gateway will communicate with Azure Service Bus using the specified IP address, along with the fully qualified domain name (FQDN). 如果您強制閘道使用 HTTPS 進行通訊,閘道會嚴格只使用 FQDN,使用 IP 位址則不會發生通訊。If you're forcing the gateway to communicate using HTTPS, the gateway strictly uses FQDN only, and no communication will occur using IP addresses.

強制與 Azure 服務匯流排進行 HTTPS 通訊Forcing HTTPS communication with Azure Service Bus

您可以強制閘道使用 HTTPS 與 Azure 服務匯流排進行通訊,而不使用直接 TCP。You can force the gateway to communicate with the Azure Service Bus by using HTTPS, instead of direct TCP. 這樣做將會稍微降低效能。Doing so will slightly reduce performance. 您也可以使用閘道使用者介面,強制閘道使用 HTTPS 與 Azure 服務匯流排進行通訊 (從閘道的 2017 年 3 月版開始)。You can also force the gateway to communicate with the Azure Service Bus by using HTTPS by using the gateway's user interface (beginning with the March 2017 release of the gateway).

若要這樣做,請在閘道中選取 [網路],然後將 [Azure 服務匯流排連線模式] 設為 [開啟]。To do so, in the gateway select Network, then turn the Azure Service Bus connectivity mode On.

其他指引Additional guidance

本節提供部署和管理閘道的其他指引。This section provides additional guidance for deploying and managing gateways.

  • 請避免單一失敗點。Avoid having a single point of failure. 可能的話,請將您的內部部署資料來源分散到數個閘道。在此情況下,如果有一部電腦無法使用,您仍然可以重新整理資料各部分,並不會完全遺失該功能。If possible, distribute your on-premises data sources across several gateways; in this case, if one machine becomes unavailable, you'll still be able to refresh portions of your data, and not lose that functionality completely.
  • 閘道不能安裝在網域控制站上,因此不會規劃或嘗試這麼做。The gateway cannot be installed on a domain controller, so don't plan or try to do so.
  • 不要在可能關機、進入睡眠模式或未連線到網際網路的電腦 (例如膝上型電腦) 上安裝閘道,因為閘道無法在所有這些情況下執行。Don't install a gateway on a computer that may be turned off, go into the sleep mode, or not be connected to the Internet (for example, a laptop computer), because the gateway can't run under any of those circumstances.
  • 避免在無線網路上安裝閘道,因為透過無線網路可能會降低效能。Avoid installing a gateway on a wireless network, since performance might suffer over a wireless network.

閘道復原Gateway Recovery

您可以使用修復金鑰來復原現有閘道,或將它移至新的電腦。You can recover your existing gateway, or move it to a new machine, using the recovery key. 修復金鑰是提供給安裝閘道的使用者使用,稍後「無法」進行變更。The recovery key is provided to the user who installs the gateway, and it cannot be changed later. 修復金鑰同時用於資料加密和閘道復原。The recovery key is used for both data encryption and gateway recovery.

若要復原閘道,請確定您是閘道管理員、確定您知道閘道名稱、確定您有正確的修復金鑰,以及您有新的電腦可提供類似的效能特性。To recover your gateway, make sure you're an admin on the gateway, make sure you know the gateway name, ensure you have the correct recovery key, and that you have a new machine available with similar performance characteristics.

在您登入之後,請選取 [Migrate an existing gateway](移轉現有閘道) 選項。After you sign in, select the Migrate an existing gateway option. 接下來,您需要選擇想要復原或移轉的閘道,最後提供修復金鑰,並點擊 [設定]。Next, you need to choose the gateway you'd like to recover or migrate, and finally provide the recovery key and hit configure. 完成該步驟之後,新的閘道將會取代舊的閘道,而且新的閘道將會繼承其名稱以及所有先前設定的資料來源。Once that step is done, the old gateway will be replaced by the new gateway, and the new gateway will inherit its name and all data sources previously configured. 所有資料來源現在都會經過新的電腦,而不需要重新發佈任何項目。All data sources will now go through the new machine, without the need to re-publish anything. 尚未支援自動容錯移轉,但它是閘道小組主動考量的功能。Automatic failover is not yet supported, but it is a feature that the gateway team is actively considering.

管理員Administrators

您可以在 Power BI 服務中找到閘道管理員清單。You can find a list of gateway administrators in the Power BI service. 登入 Power BI 服務時,請選取 [設定] (齒輪圖示) > [管理閘道] > [閘道 UI]。When signed into the Power BI service, select Settings (the gear icon) > Manage Gateways > Gateway UI.

從該處,您可以選取閘道,並查看閘道管理員清單。From there, you can select a gateway and see the list of gateway administrators. 列出的管理員可以存取、復原和刪除閘道。The administrators listed can access, recover, and delete the gateway. 它們也可以新增和刪除閘道中的資料來源。They can also add and delete data sources in the gateway. 若要確保組織中的所有管理員都可以存取其群組中的所有閘道,則建議進行下列動作:To make sure all administrators in the organization have access to all gateways in their group, the following is recommended:

  • 建立 AAD 安全群組並在其中新增其他使用者,然後將此安全性群組新增至個別閘道管理員清單。Create an AAD security group and add other users to it, then add this security group to the list of the respective gateway administrators. 這確保有多個人可以在閘道故障時或您需要復原或移轉閘道時存取閘道。This ensures that more than one person has access to the gateway in case of a failure, or when you need to recover or migrate the gateway. 這也可讓其他管理員檢視其群組中所使用的閘道以及每個閘道上的資料來源。This also gives other administrators a view of what gateways are being used in their groups, and which data sources exist on each gateway.

後續步驟Next steps

設定 Proxy 設定Configuring proxy settings
為內部部署資料閘道進行疑難排解Troubleshooting the on-premises data gateway
內部部署資料閘道常見問題集On-premises data gateway FAQ

有其他問題嗎?More questions? 試試 Power BI 社群Try the Power BI Community