Reporting Hub Architecture

The Reporting Hub is an Azure-based application that is installed and deployed within your Azure environment. It integrates with your existing Microsoft tenant and communicates with Power BI Embedded via Microsoft APIs. The following Azure services are required to run the Reporting Hub:

  1. Power BI Embedded or Fabric Capacity

  2. Azure App Service

  3. Azure SQL Database

Below is a diagram highlighting the high level architecture.

How it works with Power BI

The Reporting Hub communicates with Power BI Embedded via Microsoft APIs. The below list includes the key communication areas:

  • Connects to authorized Power BI Workspaces, Reports and Dashboards

  • Applies Row-level-security (RLS) based on authenticated user

  • Built-in capacity optimizer manages Power BI Embedded Capacity availability based on usage

  • Connections to data sources are established through Power BI

  • Works with all Power BI Embedded, Fabric and Power BI Premium Microsoft licenses

Component Functions

Microsoft Entra ID (B2B)

Microsoft Entra ID (formerly called Azure Active Directory or AAD) is the default authentication method for the Reporting Hub. Entra ID B2B allows you to add guest users (outside of your tenant). Users and Groups are managed in Entra ID and are used to provide access to navigation options, reports and row-level security.

Note: The Reporting Hub also supports Okta, OpenID Connect & Auth0 authentication schemes. See Authentication Adminfor more information.

Power BI Embedded

Power BI Embedded is the Microsoft license required to share Power BI content with un-licensed users. Your embedded capacity is applied to the Power BI workspaces you wish to make available to the Reporting Hub.

Azure App Service

The Reporting Hub is a stand-alone application instance installed directly within your Azure environment. An Azure App Service is required to 'host' the application.

Azure SQL Database

All the Reporting Hub application configuration data (logos, themes, navigation, report security, and audit logs) are stored in this Azure SQL Database.

Reporting Hub License Manager

The Reporting Hub license manager is a separate application that runs within the Reporting Hub Azure environment. Your locally deployed Reporting Hub application instance periodically communicates with the license manager to validate subscription.

Important: Communication between your application and the Reporting Hub license manager is a simple ping via strongly encrypted keys. No data of any kind is stored with the license manager. The Reporting Hub license manager can request and read the locally deployed Reporting Hub instance application log files by default. Read access to the application log files can be disabled and blocked by the customer if desired.

Log files made available to Reporting Hub license manager

The Reporting Hub application log has 2 types of entries:

Information:

  • Entries to show if the app can access the database --> checkdatabase information Returned: found org

  • Entries to show CapacityManager function

  • Entries to show number of active tenants

  • CapacityManagement function when started

when CapacityManagement/CapacityResume

when CapacityManagement/Pause

when CapacityManagment/Refresh Schedule

  • Entries for Cache Management

When it skipped and when it cleared Memory

  • Entries for Checking Ad App Secret

when was the app secrete checked /updated

Exceptions:

  • It records all the Exceptions and the functions involved along with debug information the application gets from Microsoft or the Reporting Hub App itself

Related Article

For more information on the Azure services required please reference:

Required Azure Services

Last updated