Reporting Hub Architecture

The Reporting Hub is an Azure-based application that is installed and deployed within your Azure environment. It integrates with your existing Microsoft tenant and communicates with Power BI Embedded via Microsoft APIs. The following Azure services are required to run the Reporting Hub:

  1. Power BI Embedded or Fabric Capacity

  2. Azure App Service

  3. Azure SQL Database

Below is a diagram highlighting the high level architecture.

How it works with Power BI

The Reporting Hub communicates with Power BI Embedded via Microsoft APIs. The below list includes the key communication areas:

  • Connects to authorized Power BI Workspaces, Reports and Dashboards

  • Applies Row-level-security (RLS) based on authenticated user

  • Built-in capacity optimizer manages Power BI Embedded Capacity availability based on usage

  • Connections to data sources are established through Power BI

  • Works with all Power BI Embedded, Fabric and Power BI Premium Microsoft licenses

Important: Your data is NEVER accessed by, made available to, or, stored within the Reporting Hub web application.

Component Functions

Azure Active Directory B2B

Azure AD is the default authentication method for the Reporting Hub. Azure AD B2B allows you to add guest users (outside of your tenant). Users and Groups are managed in Azure AD and are used to provide access to navigation options, reports and row-level security.

Note: The Reporting Hub also supports Okta, OpenID Connect & Auth0 authentication schemes. See Authentication Adminfor more information.

Power BI Embedded

Power BI Embedded is the Microsoft license required to share Power BI content with un-licensed users. Your embedded capacity is applied to the Power BI workspaces you wish to make available to the Reporting Hub.

Azure App Service

The Reporting Hub is a stand-alone application instance installed directly within your Azure environment. An Azure App Service is required to 'host' the application.

Azure SQL Database

All the Reporting Hub application configuration data (logos, themes, navigation, report security, and audit logs) are stored in this Azure SQL Database.

Reporting Hub License Manager

The Reporting Hub license manager is a separate application that runs within the Reporting Hub Azure environment. Your locally deployed Reporting Hub application instance periodically communicates with the license manager to validate subscription.

Important: Communication between your application and the Reporting Hub license manager is a simple ping via strongly encrypted keys. No data of any kind is shared with the license manager.

Related Article

For more information on the Azure services required please reference:

pageRequired Azure Services
PreviousAzure Portal AdministrationNextAaaS end-to-end Architecture

Last updated