內部部署資料閘道On-premises data gateway

內部部署資料閘道作為橋接器,替內部部署資料 (非位於雲端的資料) 與 Power BI、Microsoft Flow、Logic Apps 以及 PowerApps 服務之間,提供快速且安全的資料傳輸。The on-premises data gateway acts as a bridge, providing quick and secure data transfer between on-premises data (data that is not in the cloud) and the Power BI, Microsoft Flow, Logic Apps, and PowerApps services.

您可以同時以不同服務使用單一閘道。You can use a single gateway with different services at the same time. 如果您同時使用 Power BI 與 PowerApps,單一閘道亦可同時用於兩者。If you are using Power BI as well as PowerApps, a single gateway can be used for both. 其取決於您登入時使用的帳戶。It is dependent on the account you sign in with.


內部部署資料閘道會在所有模式中實作資料壓縮和傳輸加密。The on-premises data gateway implements data compression, and transport encryption, in all modes.


最低需求:Minimum Requirements:

  • .NET 4.6 Framework.NET 4.6 Framework
  • 64 位元版本的 Windows 7/Windows Server 2008 R2 (或更新版本)64-bit version of Windows 7 / Windows Server 2008 R2 (or later)


  • 8 核心 CPU8 Core CPU
  • 8 GB 的記憶體8 GB Memory
  • 64 位元版本的 Windows 2012 R2 (或更新版本)64-bit version of Windows 2012 R2 (or later)

相關考量︰Related Considerations:

  • 閘道不能安裝在網域控制站上The gateway cannot be installed on a domain controller
  • 您不應在可能關機、進入睡眠狀態或未連線到網際網路的電腦 (例如膝上型電腦) 上安裝閘道,因為閘道無法這些情況下執行。You shouldn't install a gateway on a computer, such a laptop, that may be turned off, asleep, or not connected to the Internet because the gateway can't run under any of those circumstances. 此外,透過無線網路使用閘道可能會降低效能。In addition, gateway performance might suffer over a wireless network.
  • 使用閘道時,不一定需要 Analysis Services。Analysis Services is not required to use the gateway. 您可以使用閘道連線到 Analysis Services 資料來源。You can use the gateway to connect to an Analysis Services data source.

Analysis Services 即時連線的限制Limitations of Analysis Services live connections

您可以使用即時連線針對表格式或多維度執行個體。You can use a live connection against tabular or multidimensional instances.

伺服器版本Server version 必要的 SKURequired SKU
2012 SP1 CU4 或更新版本2012 SP1 CU4 or later 商業智慧和企業版 SKUBusiness Intelligence and Enterprise SKU
20142014 商業智慧和企業版 SKUBusiness Intelligence and Enterprise SKU
20162016 標準 SKU 或更高版本Standard SKU or higher
  • 不支援資料格層級格式化與轉譯功能。Cell level Formatting and translation features are not supported.
  • 動作和命名集不會公開至 Power BI,但您仍然可以連接至同樣包含動作或命名集的多維度 Cube,然後建立視覺效果和報表。Actions and Named Sets are not exposed to Power BI, but you can still connect to multidimensional cubes that also contain Actions or Named sets and create visuals and reports.

可用的資料來源類型清單List of available data source types

資料來源Data source 即時/DirectQueryLive/DirectQuery 使用者設定的手動或排程重新整理User configured manual or scheduled refresh
Analysis Services 表格式Analysis Services Tabular Yes Yes
Analysis Services 多維度Analysis Services Multidimensional Yes Yes
檔案File No Yes
資料夾Folder No Yes
IBM Informix 資料庫IBM Informix Database No Yes
ImpalaImpala Yes Yes
ODataOData No Yes
OledbOledb No Yes
OracleOracle Yes Yes
PostgresSQLPostgresSQL No Yes
SharePoint 清單 (內部部署)SharePoint list (on-premises) No Yes
雪花式Snowflake Yes Yes
SQL ServerSQL Server Yes Yes
SybaseSybase No Yes
TeradataTeradata Yes Yes
WebWeb No Yes

下載並安裝內部部署資料閘道Download and install the on-premises data gateway

請於下載功能表下選取 [資料閘道],以下載閘道。To download the gateway, select Data Gateway under the Downloads menu. 下載內部部署資料閘道Download the on-premises data gateway.

安裝內部部署資料閘道Install the on-premises data gateway

資料閘道會在您的電腦上安裝並執行。The data gateway installs and runs on your computer. 閘道最好安裝在可以一直保持執行的電腦上。It is best to install the gateway on a machine that can be left running all the time.


閘道僅適用於 64 位元的 Windows 作業系統。The gateway is supported only on 64-bit Windows operating systems.

您必須為 Power BI 做的第一個選擇是閘道模式。For Power BI, the first choice you have to make is the mode of the gateway.

  • 內部部署資料閘道︰在此模式中,多位使用者可以共用及重複使用閘道。On-premises data gateway: Multiple users can share and reuse a gateway in this mode. Power BI、PowerApps、Flow 或 Logic Apps 都可以使用此閘道。This gateway can be used by Power BI, PowerApps, Flow or Logic Apps. 若為 Power BI,還支援排程重新整理和 DirectQuery。For Power BI, this includes support for both schedule refresh and DirectQuery
  • 個人︰僅限 Power BI,不需要任何系統管理員設定即可以個人身分使用。Personal: This is for Power BI only and can be used as an individual without any administrator configuration. 僅供用於隨選重新整理和排程重新整理。This can only be used for on-demand refresh and schedule refresh. 此選取項目會啟動個人閘道的安裝。This selection launchs installation of the personal gateway.

安裝任一種模式下的閘道須注意一些事項:There are a few things to note about insalling either mode of the gateway:

  • 兩個閘道都需要 64 位元 Windows 作業系統both gateways require 64-bit Windows operating systems
  • 閘道不能安裝在網域控制站上gateways can’t be installed on a domain controller
  • 同一部電腦最多可安裝兩個內部部署資料閘道,每個閘道各執行一種模式 (個人和標準)。you can install up to two on-premises data gateways on the same computer, one running in each mode (personal and standard).
  • 同一部電腦不可有一個以上的閘道執行相同的模式。you cannot have more than one gateway running in the same mode on the same computer.
  • 不同電腦上可安裝多個內部部署資料閘道,並可從相同的 Power BI 閘道管理介面一併管理 (個人模式除外,請參閱下列的項目符號)you can install multiple on-premises data gateways on different computers, and manage them all from the same Power BI gateway management interface (excluding personal, see the following bullet point)
  • 每個 Power BI 使用者只能執行一個個人模式閘道。You can only have one Personal mode gateway running for each Power BI user. 如果為相同的使用者安裝另一個個人模式閘道 (即使在不同的電腦上),最新的安裝都會取代先前的既有安裝。If you install another Personal mode gateway for the same user, even on a different computer, the most recent installation replaces the existing previous installation.


以下是安裝閘道前要考慮的事項。Here are a few things to consider before installing the gateway.

  • 如果要安裝在膝上型電腦,而您的膝上型電腦關機未連線到網際網路,或處於睡眠狀態,則閘道會無法運作,且雲端服務的資料不會與內部部署資料同步。If you are installing on a laptop, and your laptop is turned off, not connected to the internet, or asleep the gateway won’t work and the data in the cloud service will not be synchronized with your on-premises data.
  • 如果電腦連線到無線網路,閘道執行速度可能會變慢,使其需要更長的時間來同步處理雲端服務資料和內部部署資料。If your machine is connected to a wireless network, the gateway may perform more slowly which will cause it to take longer to synchronize the data in the cloud service with your on-premises data.

閘道安裝後,您必須使用工作或學校帳戶登入。Once the gateway is installed, you will need to sign in with your work or school account.


登入後,您可以選擇要設定新的閘道,還是要移轉、還原或取代現有的閘道。After you are signed in, you will have the option to configure a new gateway, or to migrate, restore, or take over an existing gateway.


設定新的閘道Configure a new gateway

  1. 輸入閘道的名稱Enter a name for the gateway
  2. 輸入修復金鑰Enter a recovery key. 至少必須有 8 個字元。This has to be a minimum of 8 characters.
  3. 選取 [設定]。Select Configure.


如果需要移轉、還原或取代閘道,就會需要修復金鑰。The recovery key will be needed if you ever need to migrate, restore or take over a gateway. 請務必將此金鑰存放在安全的地方。Be sure to keep this key in a safe place.


移轉、還原或取代現有的閘道Migrate, restore or take over an existing gateway

您需要選取想要復原的閘道,並提供最初建立閘道時所使用的修復金鑰。You will need to select the gateway you want to recover and supply the recovery key that was used to first create the gateway.

已連接內部部署資料閘道On-premises data gateway connected

閘道一經設定,您就能夠用它連接至內部部署資料來源。Once the gateway is configured, you will be able to make use of it to connect to on-premises data sources.

如果閘道用於 Power BI,您就必須將資料來源加入 Power BI 服務的閘道中。If the gateway is for Power BI, you will need to add your data sources to the gateway within the Power BI service. 這會在 [管理閘道] 區域內完成。This is done within the Manage gateways area. 如需詳細資訊,請參閱管理資料來源文章。You can refer to the manage data sources articles for more information.

若為 PowerApps,您必須為支援的資料來源選取已定義連線的閘道。For PowerApps, you will need to select a gateway for a defined connection for supported data sources. 若為 Flow 和 Logic Apps,您可以隨時使用此閘道和內部部署連線。For Flow and Logic Apps, this gateway is ready to be used with your on-premises connections.

以個人模式安裝閘道Install the gateway in personal mode


個人只適用於 Power BI。Personal will only work with Power BI.

安裝個人閘道之後,您必須啟動 Power BI Gateway─Personal 設定精靈After the personal gateway is installed, you will need to launch the Power BI Gateway - Personal Configuration Wizard.

然後您必須登入 Power BI 以將閘道註冊至雲端服務。You will then need to sign into Power BI to register the gateway with the cloud service.

您也必須提供 Windows 服務執行時會使用的 Windows 使用者名稱和密碼。You will also need to supply the windows user name and password that the windows service will run as. 您可以指定與您自己的帳戶不同的 Windows 帳戶。You can specify a different Windows account from your own. 閘道器服務會使用此帳戶來執行。The gateway service will run using this account.

安裝完成後,您必須移至您在 Power BI 中的資料集,並確定已輸入您的內部部署資料來源的認證。After the installation is complete, you will need to go to your datasets within Power BI and make sure credentials are entered for your on-premises data sources.

在雲端中儲存加密的認證Storing encrypted credentials in the cloud

當您在閘道中加入資料來源時,您必須提供該資料來源的認證。When you add a data source to the gateway, you need to provide credentials for that data source. 資料來源的所有查詢都會使用這些認證來執行。All queries to the data source will run using these credentials. 認證使用非對稱式加密安全地加密,因此在儲存到雲端之前,都無法在雲端中解密。The credentials are encrypted securely, using asymmetric encryption so that they cannot be decrypted in the cloud, before they are stored in the cloud. 認證會傳送至執行閘道的內部部署電腦,並在存取資料來源時解密。The credentials are sent to the machine, running the gateway, on-premises where they are decrypted when the data sources are accessed.

登入帳戶Sign in account

使用者將會使用公司或學校帳戶登入。Users will sign in with either a work or school account. 這是您的組織帳戶。This is your organization account. 如果您註冊 Office 365 供應項目,而且未提供實際的公司電子郵件,其看起來可能會類似 nancy@contoso.onmicrosoft.com。您在雲端服務中的帳戶會儲存在 Azure Active Directory (AAD) 租用戶中。If you signed up for an Office 365 offering and didn’t supply your actual work email, it may look like nancy@contoso.onmicrosoft.com. Your account, within a cloud service, is stored within a tenant in Azure Active Directory (AAD). 在大部分情況下,您的 AAD 帳戶 UPN 會與電子郵件地址相符。In most cases, your AAD account’s UPN will match the email address.

Windows 服務帳戶Windows Service account

內部部署資料閘道已設定為使用 NT SERVICE\PBIEgwService 來表示 Windows 服務的登入認證。The on-premises data gateway is configured to use NT SERVICE\PBIEgwService for the Windows service logon credential. 根據預設,其具有「以服務方式登入」的權限。By default, it has the right of Log on as a service. 這在您要安裝閘道的電腦內容中。This is in the context of the machine that you are installing the gateway on.


如果您選取個人模式,請另外設定 Windows 服務帳戶。If you selected personal mode, you configure the Windows service account separately.

這不是用來連接至內部部署資料來源的帳戶。This is not the account used to connect to on-premises data sources. 這也不是您登入雲端服務所用的工作或學校帳戶。This is also not your work or school account that you sign into cloud services with.

若您的 Proxy 伺服器發生驗證問題,可以將 Windows 服務帳戶變更為網域使用者或受管理的服務帳戶。If you encounter issues with your proxy server, due to authentication, you may want to change the Windows service account to a domain user or managed service account. 您可以學習如何從 Proxy 設定變更此帳戶。You can learn how to change the account in proxy configuration.


閘道會建立 Azure 服務匯流排的輸出連線。The gateway creates an outbound connection to Azure Service Bus. 它會在輸出連接埠上進行通訊:TCP 443 (預設)、5671、5672、9350 到 9354。It communicates on outbound ports: TCP 443 (default), 5671, 5672, 9350 thru 9354. 閘道不需要輸入連接埠。The gateway does not require inbound ports. 深入了解Learn more

建議您將您資料區域的 IP 位址加入防火牆的允許清單中。It is recommended that you whitelist the IP addresses, for your data region, in your firewall. 您可以下載 Microsoft Azure 資料中心的 IP 清單You can download the Microsoft Azure Datacenter IP list. 此清單會每週更新。This list is updated weekly. 閘道會使用 IP 位址及完整網域名稱 (FQDN) 來與 Azure 服務匯流排通訊。The gateway will communicate with Azure Service Bus using the IP address along with the fully qualified domain name (FQDN). 如果您強制閘道器使用 HTTPS 進行通訊,閘道器會嚴格限於使用 FQDN,使用 IP 位址則不會發生通訊。If you are forcing the gateway to communicate using HTTPS it will strictly use FQDN only, and no communication will happen using IP addresses.


Azure Datacenter IP 清單中所列的 IP 位址採用 CIDR 標記法。The IP Addresses listed in the Azure Datacenter IP list are in CIDR notation. 例如 並不等於 到。For example, does not mean thru 深入了解 CIDR 標記法Learn more about the CIDR notation.

下列清單包含閘道所使用的完整網域名稱。Here is a listing of the fully qualified domain names used by the gateway.

網域名稱Domain names 輸出連接埠Outbound ports 描述Description
*.download.microsoft.com*.download.microsoft.com 8080 下載安裝程式所使用的 HTTP。HTTP used to download the installer.
*.powerbi.com*.powerbi.com 443443 HTTPSHTTPS
*.analysis.windows.net*.analysis.windows.net 443443 HTTPSHTTPS
*.login.windows.net*.login.windows.net 443443 HTTPSHTTPS
*.servicebus.windows.net*.servicebus.windows.net 5671-56725671-5672 進階訊息佇列通訊協定 (AMQP)Advanced Message Queuing Protocol (AMQP)
*.servicebus.windows.net*.servicebus.windows.net 443, 9350-9354443, 9350-9354 透過 TCP 之服務匯流排轉送上的接聽程式 (需要 443 以取得存取控制 Token)Listeners on Service Bus Relay over TCP (requires 443 for Access Control token acquisition)
*.frontend.clouddatahub.net*.frontend.clouddatahub.net 443443 HTTPSHTTPS
*.core.windows.net*.core.windows.net 443443 HTTPSHTTPS
login.microsoftonline.comlogin.microsoftonline.com 443443 HTTPSHTTPS
*.msftncsi.com*.msftncsi.com 443443 在 Power BI 服務無法與閘道連線時,用於測試網際網路連線。Used to test internet connectivity if the gateway is unreachable by the Power BI service.
*.microsoftonline-p.com*.microsoftonline-p.com 443443 用於依據組態進行驗證。Used for authentication depending on configuration.


前往 visualstudio.com 或 visualstudioonline.com 的流量是供 App Insights 使用,對閘道的運作並非必要。Traffic going to visualstudio.com or visualstudioonline.com are for app insights and are not required for the gateway to function.

強制與 Azure 服務匯流排進行 HTTPS 通訊Forcing HTTPS communication with Azure Service Bus

您可以強制閘道使用 HTTPS 與 Azure 服務匯流排進行通訊,而不使用 TCP。You can force the gateway to communicate with Azure Service Bus using HTTPS instead of direct TCP. 這可能會對效能產生影響。This may have an impact on performance. 若要這樣做,請修改 Microsoft.PowerBI.DataMovement.Pipeline.GatewayCore.dll.config 檔案,方法是將值從 AutoDetect 變更為 Https,如本段後面接著的程式碼片段所示。To do so, modify the Microsoft.PowerBI.DataMovement.Pipeline.GatewayCore.dll.config file by changing the value from AutoDetect to Https, as shown in the code snippet directly following this paragraph. 該檔案 (依預設) 位於 C:\Program Files\On-premises data gateway。That file is located (by default) at C:\Program Files\On-premises data gateway.

<setting name="ServiceBusSystemConnectivityModeString" serializeAs="String">

ServiceBusSystemConnectivityModeString 參數的值有區分大小寫。The value for the ServiceBusSystemConnectivityModeString parameter is case sensitive. 有效值為「自動偵測」和「Https」。Valid values are AutoDetect and Https.

您也可以使用 2017 年 3 月版本開始提供的閘道使用者介面,強制閘道器採用此行為。Alternatively, you can force the gateway to adopt this behavior using the gateway user interface, beginning with the March 2017 release. 在閘道器使用者介面中選取 [網路],然後將 [Azure 服務匯流排連線模式] 切換為 [開啟]。In the gateway user interface select Network, then toggle the Azure Service Bus connectivity mode to On.

變更後,當您選取 [套用] (進行變更才出現的按鈕) 時,「閘道 Windows 服務」會自動重新啟動,讓變更生效。Once changed, when you select Apply (a button that only appears when you make a change), the gateway Windows service restarts automatically, so the change can take effect.

為供日後參考,您可以選取 [服務設定],然後選取 [立即重新啟動],從使用者介面對話方塊重新啟動「閘道 Windows 服務」。For future reference, you can restart the gateway Windows service from the user interface dialog by selecting Service Settings then select Restart Now.

TLS 1.1/1.2 支援Support for TLS 1.1/1.2

有了 2017 年 8 月更新和以上版本之後,內部部署資料閘道會根據預設,使用傳輸層安全性 (TLS) 1.1 或 1.2 與 Power BI 服務通訊。With the August 2017 update and beyond, the on-premises data gateway uses Transport Layer Security (TLS) 1.1 or 1.2 to communicate with the Power BI service by default. 根據預設,舊版內部部署資料閘道會使用 TLS 1.0。Previous versions of the on-premises data gateway use TLS 1.0 by default. 2018 年 3 月 15 日將結束 TLS 1.0 支援 (包括閘道使用 TLS 1.0 與 Power BI 服務互動的功能),因此您必須在屆期前將內部部署資料閘道安裝升級為 2017 年 8 月版本或更新版本,以確保閘道持續運作。On March 15th 2018, support for TLS 1.0 will end, including the gateway's ability to interact with the Power BI service using TLS 1.0, so by then you must upgrade your on-premises data gateway installations to the August 2017 release or newer to ensure your gateways continue to operate.

請務必注意,在 11 月 1 日之前,內部部署資料閘道仍然支援 TLS 1.0,並用以當成後援機制。It's important to note that TLS 1.0 is still supported by the on-premises data gateway prior to November 1st, and is used by the gateway as a fallback mechanism. 若要確保所有閘道流量使用 TLS 1.1 或 1.2 (以及避免在閘道上使用 TLS 1.0),您必須新增或修改執行閘道服務之電腦上的下列登錄機碼:To ensure all gateway traffic uses TLS 1.1 or 1.2 (and to prevent the use of TLS 1.0 on your gateway), you must add or modify the following registry keys on the machine running the gateway service:



新增或修改這些登錄機碼會將變更套用至所有 .NET 應用程式。Adding or modifying these registry keys applies the change to all .NET applications. 如需影響其他應用程式之 TLS 之登錄變更的資訊,請參閱 Transport Layer Security (TLS) registry settings (傳輸層安全性 (TLS) 登錄設定)。For information about registry changes that affect TLS for other applications, see Transport Layer Security (TLS) registry settings.

如何重新啟動閘道How to restart the gateway

閘道會當作 Windows 服務來執行。The gateway runs as a windows service. 您可以像是任何 Windows 服務啟動及停止這項服務。You can start and stop it like any windows service. 有多種方式可以執行這項操作。There are multiple ways to do this. 以下示範如何從命令提示字元執行這項操作。Here is how you can do it from the command prompt.

  1. 在執行閘道的電腦上,啟動系統管理員命令提示字元。On the machine where the gateway is running, launch an admin command prompt.
  2. 使用下列命令停止服務。Use the following command to stop the service.

    net stop PBIEgwServicenet stop PBIEgwService

  3. 使用下列命令啟動服務。Use the following command to start the service.

    net start PBIEgwServicenet start PBIEgwService

閘道運作方式How the gateway works


我們先來看看使用者與連接至內部部署資料來源的項目互動時的情形。Let’s first look at what happens when a user interacts with an element connected to an on-premises data source.


Power BI 必須設定閘道的資料來源。For Power BI, you will need to configure a data source for the gateway.

  1. 雲端服務會建立查詢,和內部部署資料來源的加密認證一起傳送到佇列,以供閘道處理。A query will be created by the cloud service, along with the encrypted credentials for the on-premises data source, and sent to the queue for the gateway to process.
  2. 閘道雲端服務會分析此查詢,並將要求推送到 Azure 服務匯流排The gateway cloud service will analyze the query and will push the request to the Azure Service Bus.
  3. 內部部署資料閘道會輪詢 Azure 服務匯流排,得知是否有擱置的要求。The on-premises data gateway polls the Azure Service Bus for pending requests.
  4. 閘道收到查詢、將認證解密,然後使用該認證連接至資料來源。The gateway gets the query, decrypts the credentials and connects to the data source(s) with those credentials.
  5. 閘道將查詢傳送到資料來源以用於執行。The gateway sends the query to the data source for execution.
  6. 結果會從資料來源傳回閘道,然後傳送到雲端服務。The results are sent from the data source, back to the gateway, and then onto the cloud service. 服務接著使用該結果。The service then uses the results.


若您在安裝和設定閘道時遇到問題,請務必參閱為內部部署資料閘道進行疑難排解If you’re having trouble when installing and configuring a gateway, be sure to see Troubleshooting the on-premises data gateway. 若您認為您的防火牆發生問題,請參閱疑難排解文章中的防火牆或 Proxy 一節。If you think you are having an issue with your firewall, see the firewall or proxy section in the troubleshooting article.

若您認為自己遇到閘道 Proxy 問題,請參閱進行 Power BI Gateway 的 Proxy 設定If you think you are encountering proxy issues, with the gateway, see Configuring proxy settings for the Power BI gateways.

後續步驟Next steps

管理您的資料來源─Analysis ServicesManage your data source - Analysis Services
管理您的資料來源 - SAP HANAManage your data source - SAP HANA
管理您的資料來源 - SQL ServerManage your data source - SQL Server
管理您的資料來源 - OracleManage your data source - Oracle
管理您的資料來源 - 匯入/已排程的重新整理Manage your data source - Import/Scheduled refresh
內部部署資料閘道 - 深入資訊On-premises data gateway in-depth
內部部署資料閘道 (個人模式) - 新版本的個人閘道 進行內部部署資料閘道的 Proxy 設定On-premises data gateway (personal mode) - the new version of the personal gateway Configuring proxy settings for the on-premises data gateway
有其他問題嗎?More questions? 試試 Power BI 社群Try the Power BI Community