Data Gateway Azure Secure On-Premise Data Access

You can connect your on-premises data to Azure services using a Data Gateway, which provides a secure connection between your on-premises data and the cloud.

The Data Gateway supports TCP/IP, HTTP, and HTTPS protocols, allowing you to connect to various data sources, including SQL Server, Oracle, and MySQL.

With a Data Gateway, you can access your on-premises data from Azure services, such as Azure Synapse Analytics, Azure Databricks, and Azure Logic Apps.

This secure connection enables you to integrate your on-premises data with cloud-based services, making it easier to build hybrid cloud solutions.

You can use the Azure data gateway to create cloud-based Azure Logic Apps workflows that require data from on-premises software as part of their run.

These workflows can be triggered by various events, such as user input or scheduled tasks, and can perform a wide range of actions, including data processing and integration with other cloud services.

Cloud-based Azure Logic Apps workflows that require data from on-premises software as part of their run include:

By using the Azure data gateway, you can extend the capabilities of existing on-premises software by triggering Logic Apps workflows in the cloud, which can help to improve business processes and increase productivity.

Security is a top priority when it comes to connecting your on-premises data sources to Azure. Exposing your on-premises servers to the public internet is not recommended, but using an on-premises data gateway creates a secure read/write connection between your on-premises data sources and Azure.

A stored credential is used to connect from the gateway to on-premises data sources, and the gateway uses this credential to connect regardless of the user. There might be authentication exceptions for specific services, such as DirectQuery and LiveConnect for Analysis Services in Power BI.

To secure remote access to on-premises web applications, you can use Azure Active Directory's Application Proxy. This requires an Azure AD Premium P1 or P2 license, and allows users to access on-premise applications the same way they access M365 applications.

Security is a top priority when it comes to protecting your valuable data and systems. Exposing your on-premises servers to the public internet is possible, but it's not the recommended approach.

Using an on-premises data gateway is a more secure option, as it creates a secure read/write connection between your on-premises data sources and Azure.

This gateway provides a safe and reliable way to access your data, reducing the risk of unauthorized access or data breaches.

By implementing an on-premises data gateway, you can ensure that your data is protected and secure, giving you peace of mind and confidence in your security setup.

Authentication to on-premises data sources is a crucial aspect of security, and it's essential to understand how it works. A stored credential is used to connect from the gateway to on-premises data sources, regardless of the user.

The gateway uses the stored credential to connect, and there might be authentication exceptions for specific services, such as DirectQuery and LiveConnect for Analysis Services in Power BI. This means that the stored credential may not work for all services, and you may need to configure additional authentication settings.

To access on-premises resources, you can use either Hybrid Connections or VNet Integration in Azure Functions. This allows you to connect to your on-premises resources, such as SQL or BizTalk, from your Azure Function app.

Here are the options for accessing on-premises resources in Azure Functions:

Make sure to choose the correct hosting plan and operating system for your Azure Function app, as the consumption-based plan is not supported for on-premises integration.

To set up a high availability environment for your data gateway, you can use data gateway clusters with multiple gateway installations. This ensures there are no single points of failure and allows for load balancing of traffic across gateways in the group.

Data encryption is handled automatically, so you don't need to worry about the security of your data as it travels through the gateway.

A high availability setup using data gateway clusters is a great way to ensure your data is always available and secure.

Here's how the on-premises data gateway works its magic.

The gateway requires installation and setup by an admin, typically with Server Administrator permissions or special knowledge about on-premises servers.

An admin must install and set up an on-premises data gateway for developers to access on-premises data they already have authorized access to.

The gateway facilitates faster and more secure behind-the-scenes communication between the user, the gateway cloud service, and the on-premises data source.

All traffic originates as secured outbound traffic from the gateway agent, using only outbound connections that work with firewalls.

The gateway sends data from on-premises sources on encrypted channels through Service Bus messaging, which creates a channel between the gateway and the calling service without storing any data.

The data that travels through the gateway is always encrypted.

Here's a step-by-step overview of what happens when you interact with an element connected to an on-premises data source:

To set up the foundation for your solution, you'll need to start with a few prerequisites. An Azure account and subscription are required, and if you don't have one, you can create a free account.

To begin the installation process, you'll need to download and run the gateway installer on a local computer. The minimum requirements for the local computer are specified in the main guide for installing the on-premises data gateway.

The installation process involves several steps, including reviewing the minimum requirements, keeping the default installation path, and accepting the terms of use. You'll also need to select the region for the gateway cloud service and Azure Service Bus messaging instance.

Here are the specific steps to register your gateway installation with the gateway cloud service:

Before you can use the gateway, you'll need to create the Azure resource for your gateway installation. This is a crucial step in setting up the solution.

To adjust communication settings for the on-premises data gateway, you'll need to follow these steps:

By following these steps, you'll be able to set up the necessary prerequisites and installation process for your solution.

To build a high availability data gateway setup, you can use data gateway clusters with multiple gateway installations in standard mode. This setup avoids single points of failure and load balances traffic across gateways in the group.

First, you'll need to build a Virtual Network in Azure, which creates a private environment for your services instead of exposing them to the public internet. This is the first step in building the solution.

Next, build a private endpoint for Azure SQL, which inserts Azure SQL inside your private environment, eliminating internet access from the service. This is done by creating a private endpoint, which involves selecting the resource group, naming the endpoint, and selecting the region.

To create a private endpoint, you'll need to follow these steps:

After creating the private endpoint, you'll need to build the Power BI Virtual Network Data Gateway to link Power BI with your virtual network. This involves registering the resource provider, creating a delegated subnet, and creating the Virtual Network Data Gateway.

To create the Virtual Network Data Gateway, follow these steps:

Once you have the Virtual Network Data Gateway set up, you can create your data source on the Virtual Network Data Gateway. This allows Power BI to access your private Azure SQL.

To create your data source, use Power BI Desktop to create a report using the Azure SQL Database as a source. Then, create a premium or PPU workspace in Power BI portal, publish the Power BI report to the created workspace, and refresh the created dataset.

The architecture of a data gateway is a crucial aspect of its functionality. It's based on a diagram from Microsoft that illustrates how the gateway works.

Microsoft has a clear diagram that outlines the architecture of a data gateway. This diagram is a great resource to understand the inner workings of the gateway.

To get a better understanding, I recommend checking out the On-premises data gateway FAQ. It provides additional information and answers to common questions about the gateway's architecture.

A data gateway's architecture is designed to facilitate secure and efficient data transfer between different systems.

You can access on-premise resources in Azure Functions using either Hybrid Connections or VNet Integration.

To connect to on-premise resources, you'll need to use a hosting plan other than the consumption-based plan, such as a premium or app service plan, and ensure the operating system is Windows.

Azure Functions allows you to access on-premise resources like SQL and Biztalk.

Here are the two methods you can use to access on-premise resources in Azure Functions:

You can also access on-premise resources in Azure Automation using the Hybrid runbook worker feature.

Azure Active Directory's Application Proxy provides secure remote access to on-premises web applications and allows for single sign-on.

To use Azure AD Application Proxy, you'll need an Azure AD Premium P1 or P2 license.

Here are some steps to expose your on-premise application or existing web API in Office 365 cloud:

A stored credential is used to connect from the gateway to on-premises data sources in Azure Data Gateway.