Power BI Security & Architecture

Are you an enterprise, CIO or IT decision maker?

Before investing your budgets in a modern BI tool for your organization, we strongly advise to evaluate your BI vendors security and architecture. Whether the tool is Power BI, Tableau, Qlik or Looker, each of these tools provide a cloud BI solution for your needs.

You have cloud and on-premise versions. Using the cloud version offers several known advantages. However, data security becomes the key. There are several questions that might be bothering you.

Is my data secure?

Where is my data stored?

What security options and best practices does the vendor implement?

How is the data movement?

Is the data encrypted? What all is encrypted?

Does this sound like you?


If you are looking for answers to above questions or evaluating Power BI as your go to modern Enterprise BI tool, I invite you to read Power BI security whitepaper which talks about Power BI security and architecture in detail.

To summarize

Power BI is a SaaS platform by Microsoft hosted on Azure. It uses Azure services for its operation. There are Web Front End clusters and Back End clusters.

The WFE and Back End
Image source: Microsoft

Front End cluster

The frontend cluster (WFE) is responsible for initiation and authentication to the Power BI service, sending static files and content.

The WEF Cluster
Frontend (WFE) cluster

Back End cluster

The Back-end cluster role comes into play once the authentication is done. This cluster is responsible for data, storage, visualization, connections, refresh, and other user interactions etc.

The Back-End Cluster
Back-end cluster

The Back End cluster is the heart. If you consider your data as your asset, then the Back End cluster is a critical asset.

You should particularly focus on items to the left of the dotted line above and items to the right of the dotted line. A request to get data, dashboards or reports goes to “Gateway Role” only. This Gateway Role decides where to route the request.

Snippet from the security paper:

The Gateway Role acts as a gateway between user requests and the Power BI service. Users do not interact directly with any roles other than the Gateway Role.

Important: It is imperative to note that only Azure API Management (APIM) and Gateway (GW) roles are accessible through the public Internet. They provide authentication, authorization, DDoS protection, Throttling, Load Balancing, Routing, and other capabilities.

The dotted line in the Back-End cluster image, above, clarifies the boundary between the only two roles that are accessible by users (left of the dotted line), and roles that are only accessible by the system. When an authenticated user connects to the Power BI Service, the connection and any request by the client is accepted and managed by the Gateway Role and Azure API Management, which then interacts on the user’s behalf with the rest of the Power BI Service. For example, when a client attempts to view a dashboard, the Gateway Role accepts that request then separately sends a request to the Presentation Role to retrieve the data needed by the browser to render the dashboard.

The Gateway role
Back End cluster Gateway Role

Top questions asked by customers

Where is my data stored?

The data that you upload along with Power BI Report (PBIX) is stored in Azure Blob Storage. The metadata – data about dashboards, reports, refresh cycles etc. is stored in Azure SQL Database.

The data is stored in the region same as the Power BI tenant’s region.

Read more here: https://docs.microsoft.com/en-us/power-bi/whitepaper-powerbi-security#data-storage-and-movement

Is my data encrypted?

In the Power BI service, data is either at rest (data available to a Power BI user that is not currently being acted upon), or it is in process (for example: queries being run, data connections and models being acted upon, data and/or models being uploaded into the Power BI service, and other actions that users or the Power BI service may take on data that is actively being accessed or updated). Data that is in process is referred to as data in process. Data at rest in Power BI is encrypted. Data that is in transit, which means data being sent or received by the Power BI service, is also encrypted.The data at rest and in transit is encrypted.

Source: Power BI Whitepaper

Is Power BI Pro secure?

Power BI Pro is a shared environment. The Frontend and backend clusters could be shared between customers. Azure Blob Storage and Azure SQL Database could be shared between customers.

Is Power BI Premium secure?

When you initiate a Power BI Premium subscription, behind the scenes the back-end clusters are deployed to dedicated VMs. These VMs are dedicated to you and should not be shared between customers.

What happens when I login to app.powerbi.com?

Check this section in the whitepaper to know what happens behind the scenes when you try to access app.powerbi.com

All Power BI features in one page?

Check out this blog to see all Power BI features in one page!

Planning to migrate to Power BI?

Read this first: https://bigintsolutions.com/2020/04/21/migrate-to-power-bi/

What licensing options does Power BI support?

Power BI supports Power BI Pro and Power BI Premium licensing options. It also has a free version. If you need to know more about different licensing options, check out our Power BI Licensing guide.

I have more questions on security:

Read more here: https://docs.microsoft.com/en-us/power-bi/whitepaper-powerbi-security#power-bi-security-questions-and-answers

Conclusion

Power BI is a great Modern BI tool. When evaluating Power BI for Enterprises, we walk them through the architecture and security implementations in Power BI. This boosts enterprise customer confidence to take next big step in modernizing their reporting and analytics.


Next Steps?

Don’t hesitate to contact us today if you are looking for Power BI Enterprise deployment or want us to evaluate Power BI as your go to modern Enterprise BI tool.

Power BI Premium or Power BI Pro – the answer is here!

Power BI comes with multiple licensing model

  1. Power BI Pro
  2. Power BI Premium
  3. Power BI Embedded
  4. Power BI Free

In this post we will cover Power BI Pro and Power BI Premium licensing model.

The licensing model to go with is determined by following three factors:

  1. Cost
  2. Number of users (creators, viewers, occasional viewers)
  3. Features required

The first two factors are the most critical in deciding the licensing model.

It’s a choice between multiple Pro licenses or multiple Premium licenses.

What is Power BI Pro/Power BI Premium?

A Power BI Pro is a per user license currently costing around $10 per user per month, while Power BI Premium is a capacity license currently costing around $5000 per capacity node per month.

Yes, the cost difference is huge. But, wait, there are lots of things hidden in that $5000.

  1. Power BI Premium is a capacity license. It can support 450 users report viewing needs (see example below)
  2. Power BI Premium is for content consumption rather than content creation
  3. Large number of external readers (out of org users with no Power BI license)
  4. AI, Paginated reports, XMLA read/write and many other features
  5. Note: With 1 Premium capacity node you get 8 cores, 25 GB RAM and 6 parallel refreshes.

What does all this mean?

If you want to create, author and publish reports, you definitely need Power BI Pro licenses. You cannot get away with that. Whether to go with Power BI Premium or not, it depends.

Scenarios

Say, if you have 500 users in your org and out of 500 users

  1. 50 users will be creating content
  2. 200 users will be frequently accessing the content
  3. 250 users will be occasionally accessing the content

Then, you require

  1. 50 Power BI Pro licenses
  2. 1 Premium capacity node

With the premium capacity node we can serve the “consumption” needs for 450 users.

How did we come up with that conclusion? A simple Power BI Premium calculator is available to help us decide number of licenses (link below).

But, say your org has 100 users with 50 creating content and 50 viewing, it’s recommended to go with 100 Pro licenses (total cost $1000 per month) than a premium capacity node unless you need additional features like AI, external readers etc.


Power BI Premium vs Power BI Pro – Which licensing model should I choose? The answer is here!


Next steps?

If you are still not sure of the licensing model or worst, if you are not sure if Power BI is fit for your organization’s BI needs then you may request a free consultation.

You may fill the form below or directly setup a call

Or, fill up this form and we will get back to you with time slots within 12-24 business hours.

Notes

Power BI Premium Calculator: https://powerbi.microsoft.com/en-us/calculator/

Power BI premium also comes with additional feature sets including AI, Incremental refresh, Power BI Report Server, Paginated (SSRS types) reports, XMLA read/write and others – or better to say Enterprise features.

Power BI Pro vs Power BI Premium

If you need a quick comparison between Power BI Pro and Power BI Premium feature sets, please check this table provided by Microsoft. (Click the image to view the entire table)

https://powerbi.microsoft.com/en-us/pricing/#powerbi-comparison-table