Note Power BI Premium
Power BI Premium is a subscription level that provides a tenant with a dedicated Back-End service cluster, as shown in Figure 1-41, created on virtual machines located in the same data center as the tenant.
FIGURE 1-41 Power BI Premium Back-End cluster architecture
The Premium cluster contains separate instances of roles found in the Back-End cluster, including the Gateway Role, Azure API Management, Data Role, and Job Processing Role, as well as a separate Azure SQL Database. All communication with the dedicated Premium cluster goes through the shared Back-End cluster, which relays traffic to and from the Gateway Role in the Premium cluster.
Designers should also be conscious of the security of the data they use to create dashboards and reports, in addition to the authentication needed to access the Power BI service. When Power BI designers connect to a data source, they typically have to supply credentials for a separate authentication to that source. A dashboard or report that contains the data uses the designer’s credentials to access and update that data. However, when the designer shares the dashboard or report with consumers, those users are not authenticated to the original data sources. Therefore, if the data in the Power BI content is sensitive, the designer is solely responsible for making it accessible to the consumers. As noted earlier in this chapter, Power BI users cannot modify the data used to create dashboards and reports, but in situations where the data is confidential, designers must control who has access to their Power BI content.
The Back-End cluster contains two forms of data storage: Azure Blob and an Azure SQL Database instance. Azure Blob is a storage solution that Azure uses for large amounts of unstructured data. Power BI uses Azure Blob storage for data that designers import from a source, such as an Excel worksheet. Power BI uses the Azure SQL Database for all other data, including tenant information, workspaces, dashboards and reports, and metadata.
When designers access data sources, they do so in two possible ways:
■ Import—Data accessed from a file, such as an Excel worksheet
■ DirectQuery—Data accessed using a reference to an outside source, such as a SharePoint site or a database
The Data Role in Power BI reads imported data into an Analysis Services in-memory database, in which it is retained for up to one hour, and also stored in Azure Blob storage in encrypted form. Data accessed by DirectQuery is also stored in the Analysis Services database, but only while it is in process—that is, when a procedure occurs that requires access to the data, such as when a user accesses a data set or modifies a report or dashboard, or when a data refresh occurs. The Analysis Services database is unencrypted to allow Power BI to access the necessary data immediately. When data is at rest, the opposite of in process, it is stored in either in Azure Blob or the Azure SQL Database, and is always encrypted.
