Business Continuity for a Data Management Gateway

If you use the cloud for storing credentials for data sources associated with a gateway, you can restore the gateway on another computer when the computer on which the gateway is currently running becomes unavailable. When you restore the gateway on another computer, you will not need to re-enter credentials for data sources associated with the gateway again because the credentials are recovered automatically from the cloud by using the certificate.

By storing credentials for data sources associated with a gateway in the cloud credential store, you will also be able to migrate data sources from the gateway to another gateway that also uses the cloud credential store and the same certificate for encrypting data source credentials.

The following sections describe storing credentials securely in the cloud, updating a gateway to use the cloud credential store, restoring a gateway in case of a failure, and migrating data sources from one gateway to another.

Storing credentials securely in the cloud

When creating a new gateway, you can choose to store data source credentials locally on the gateway computer or in the cloud credential store. If you select Enable cloud credential store to achieve business continuity for the gateway option, you will have to specify the certificate that will be used to encrypt credentials within your corporate network before they are saved to the cloud store by using the Gateway Setup Wizard. The private key of the selected certificate is kept on the computer on which the gateway is installed. You can choose to back up the certificate to a network or any other safe location. See Create a Data Management Gateway for related steps.

 Important    Once you select Enable cloud credential store to achieve business continuity for the gateway setting and save the gateway in Admin Center, you will not be able to revert back to using the local store for storing credentials.

If you update an existing gateway that currently uses a local store to use the cloud store, you should use the Certificate page of the Settings tab in Data Management Gateway Configuration Manager to specify a certificate to be used to encrypt data source credentials before they are saved to the cloud. See the next section for details about updating an existing gateway.

Whether you choose the cloud store when creating a gateway or updating a gateway, we recommend that you export/backup the certificate to a network location or any other safe location. You will need this certificate to restore the gateway in case the current gateway computer becomes unusable.

You can use two types of certificates:

  1. A certificate (2048-bit certificate) generated with Power BI for Office 365.
  2. An existing certificate on the gateway computer.

 Note    You can only use a certificate under Local Machine that has an associated private key.

You can change the certificate using the Data Management Gateway Configuration Manager. When you change the certificate, all the data source credentials encrypted with the latest certificate.

Updating a gateway to use the cloud credential store

The following procedure contains steps to update a gateway that currently uses a local credential store to use the cloud credential store.

  1. On the Admin Center, switch to the gateways tab if the tab is not already active.
  2. Click on the name of the gateway or click … (ellipsis) next to your gateway name in the list of gateways and then click EDIT to edit the gateway.
  3. Select Enable cloud credential store to achieve business continuity option. Note that you will not be able to revert back to using the local store for storing credentials once you select this option and save the gateway.
  4. Click save to save the settings. You will see a message box about a certificate being generated by Power BI. This certificate is used for encrypting data source credentials stored in the cloud store. Click yes to continue.
  5. You will see messages about the status of the migration process from the bell icon.

Use the Certificate page of the Settings tab in Data Management Gateway Configuration Manager to specify a certificate to be used to encrypt data source credentials before they are saved to the cloud. Note that you may need refresh the Settings tab using the button in the top-left corner of the tab to see the Certificate page. See Update a Data Management Gateway for related steps.

Restoring the gateway on another computer

The following procedure lists the steps you can take to restore a gateway on another computer:

  1. Download and install the data management gateway on the new computer. In the Power BI Admin Center, click … (ellipses) next to the gateway on the gateways tab, and click Download gateway installation package here. When the Gateway Setup Wizard appears, keep the wizard open and switch to the Admin Center portal to perform the next step.
  2. Regenerate a key for the gateway in the Power BI Admin Center portal. In the Power BI Admin Center, click … (ellipses) next to the gateway on the gateways tab, and click Regenerate. You should see the new key in a read-only text box. Copy the key to the clipboard.
  3. Switch back to the Gateway Setup Wizard and use the key you copied in the previous step to register the gateway.
  4. On the specify certificate for credentials page of the Gateway Setup Wizard, select the same certificate that you had used when configuring the gateway on the old computer. If the certificate is not displayed in the list, you may need to import the certificate using the Windows Certificate Manager and choose Local Machine as the Store Location.
  5. Complete steps in the Gateway Setup Wizard to finish configuring the gateway on the new computer.

See Create a Data Management Gateway for detailed steps.

Migrating data sources from one gateway to another

A data source in the Power BI Admin Center is associated with a gateway. You can update a data source to use another gateway from the gateway that it currently uses as long as both the gateways meet the following conditions:

  • Both the source and destination gateways use the cloud credential store.
  • Both the source and destination gateways use the same certificate for credential encryption.

The following procedure provides steps to migrate a data source from one gateway to another:

  1. In the Power BI Admin Center, switch to the data sources tab.
  2. Click the data source in the data source list (or) click … (ellipsis) next to the data source and click EDIT to edit the data source.
  3. Switch to connection info page.
  4. In the Gateway drop down list, select the new gateway. Only gateways that use the cloud credential store and the same certificate as the existing gateway are shown in the list.
  5. Click save to save the setting.

See Also

 
 
Applies to:
Power BI for Office 365