I was thinking of a possible power bi report server infrastructure deployed internally and shared with clients.
To put it simple : they access our report server, and thanks to their data they can see the dashboards we created internally.
That is to say using PBIRS as a software as a service model.
But different challenges are present :
authentication?
Possible to authenticate customers if we use a combination of VPN + new records in our internal AD.
access to customer's data ? Main challenge ...
The primary reason for everyone of using PBIRS is that we don't want cloud usage.
Is there a way in such an infrastructure to connect our PBIRS internal server directly to an other customer's network on premises data sources ?
Use case is as follow :
e.g : Client -> connect to provider with VPN -> authenticate in AD with provided credentials -> connect to PBIRS
with : PBIRS on Network 1 -> connecting directly with Customer's data on Network 2
Related
What pre-requisite services/subscriptions do I need to get to that point?
Right now, we have Azure AD Connect. Can that be used to authenticate users' access to the network shares of Azure Files?
I had to setup an Azure subscription first to access storage services. The azure subscription did not show pricing because it was a trial subscription. I did not know whether it would be per user subscription or not.
Azure Files supports identity-based authentication for Windows file shares over Server Message Block (SMB) using the Kerberos authentication protocol through the following three methods:
On-premises Active Directory Domain Services (AD DS)
Azure Active Directory Domain Services (Azure AD DS)
Azure Active Directory (Azure AD) Kerberos for hybrid user identities
For your use case where you want to use Azure AD Connect, you need to go with Azure AD Kerberos for Hybrid User Identities. You can find more information here- https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-azure-active-directory-enable?tabs=azure-portal
Here are details regarding a subscription in Microsoft Cloud- https://learn.microsoft.com/en-us/microsoft-365/enterprise/subscriptions-licenses-accounts-and-tenants-for-microsoft-cloud-offerings?view=o365-worldwide#subscriptions
Hope this helps. Please do let me know if you have further questions and I will be glad to assist you further. Thank you!
I have a PHP web app (Snipe-IT) that was previously working.
We went through a security review, and the recommendation was made to enable service endpoints (Microsoft.Sql) on the application subnet so that web apps connect to databases over the Azure backbone. Everything is working fine for the other MSSQL apps, except for our Snipe-IT application, which connects to a GP_Gen5_2 MySQL instance.
The error message says:
D'oh! Looks like we can't connect to your database. Please update your database settings in your .env file. Your database says:
SQLSTATE[HY000] [9009] Client connections to Basic tier servers through Virtual Network Service Endpoints are not supported. Virtual Network Service Endpoints are supported for General Purpose and Memory Optimized severs. (SQL: select 2 + 2)
This error message doesn't match the environment configuration because the database in question is a General Purpose, 2 vCore(s), 50 GB database.
There is no networking tab on the MySQL server, but in the Connection security tab we have tried enabling access to Azure resources, allowing the full public internet (0.0.0.0 - 255.255.255.255), enabling and disabling forced SSL, but nothing changes the result.
Azure won't let us create a Private Endpoint on the MySQL database because 'the subnet contains external resources'
I am hoping there is a way to resolve this without having to rebuild both the app and database in a different App Service Environment and subnet.
Thanks
I have a microsoft access database that I use to track client specifications. I would like store the front-end and back-end database in the cloud and use it in real time. What recommendations and cheap options are available
One option is to host the frontend and backend on an AWS t2.small instance running Windows:
AWS instance
Then access this via Remote Desktop as any other machine.
There is an option to use your Access database locally and update the data on the cloud, using Google Drive or other similar services to share this among several users, it is an asynchronous solution though.
deployment of a multi user Access app, among geographically separated users, is via Remote Desktop Server, aka citrix, aka terminal services...
in any multi user deployment the app is split, and each user has their own front end file - and all connect to the one single back end file. this remains true in an RDS deployment.
this is a main stream method to deploy, and very functional....lots of orgs do virtual desktop now, and then there are hosting companies that will do a single app... whether or not one views this as "cheap" however is in the eye of the beholder... but any other attempt/method is generally a kludge and is typically round-robin where only 1 user at a time can use the app... also - - one does not put the WAN in the middle... both the front and back end files are RDS and so the user simply has Win10 and does not need any Access or Office license on their local pc.
We have a need to build an EXE app that runs on a customer's server that accesses our Multi-Tenant SQL database.
We have a Column SubscriberId for each table that we use in our web app to limit users to just the records that belong to their SubscriberId - which works perfectly fine (on our servers).
We have an Exchange to SQL service that runs on our server that sync's Exchange Contacts and Appointments to our SQL tables. An issue is that we need customers to grant us the Exchange 'ApplicationImpersonation' role for us to access the data on their server - which means we have access to their whole Exchange database store.
Most customers have been willing to allow us that access level, but a few don't want us to have that level of access - and that's understandable.
Our sync app is a C# .NET console app, and we want to adapt it so we can have end-users install the app on their server and have it sync with our server remotely.
THE QUESTION: Is is possible to create a user on SQL Server 2008R2 that only has access to the rows for that user filtered WHERE SubscriberId = 201 (for example).
We would allow port 1433 access to their server and the user/password would be used in the connection string in the App.config.
If so, we can create an admin panel in an Windows exe app where they setup that SQL User/password and their Exchange Super-User. Then they can remotely sync - but only see their own records in our SQL database.
Otherwise, it seems we would need to re-work the app to use an API and an alternate security scheme. That would obviously be a lot more work :-(
Thanks, Charles
IMHO, I can suggest the following solution.
1. You create a unique token that you can use to identify the tenant via some config or during console app start up.
2. Each tenant will call your service by authenticating using the token.
3. Only valid tenant is allowed to call the services. Rest may be notified of such an attempts.
4. You can even set up the service and the web services to use a refresh token in case of being more secure.
I have a small problem, I am working on a project where I need to synchronize the databases to maintain the same data at diff locations, all have their own database the structure of all the database,tables,stored procedures,etc are the same. i.e. they are the copy of a single database but data is entered from different locations and I need to have data to be synchronized so that we can see the data from anywhere, will creating a windows service work?
C# code will be a nice help.
You can do this by two ways .....
1st way using combination of services
i) W CF Service with windows service Or Web service with Windows Service.
you will need a windows service which is installed on every client machince which will check the new data in local db and send that data to web or wcf service which will be installed on Server Machine for LAN.
but if client is on network then web service or w cf service should be on Static IP Address where Server Database is installed
and if client is offline in some case then u should use MSMQ or Rabbit MQ or any queuing mechanism for that ...to handle such case..
2nd way is using Replication in in sq l server 2008 go through this links:
http://www.codeproject.com/Articles/215093/Replication-in-MS-SQL-Server
http://www.informit.com/guides/content.aspx?g=sqlserver&seqNum=313) Database syncronization
Replication is what you need I guess, let SQL manage where you dont have write any code and is easy to configure.
have a look at http://www.codeproject.com/Articles/215093/Replication-in-MS-SQL-Server , or type SQL replication and there are loads of material available.