On-Premise Data Gateway security and service accounts

Question

Hi

I'm thinking of using on-premise data gateway to pull some data into Azure. The source is a SQL database on a workstation that is in a workgroup on a standard Internet connection.

My question is around the O365 account that I would use to register the data gateway so that it can connect to the Azure Service Bus.

Once I have registered, are these credentials stored on the gateway, or is used one time only purely to register with the Service Bus?

I'm just thinking of security and trying to work out if I need to use an Azure service account or not and this aspect is not covered in depth in the documentation, as far as I can see.

Cheers
Matt

Answer 1

The credentials requested while installing a gateway are used to setup the cloud services required, assign yourself as its admin, and use the recovery key you provide to generate additional keys to encrypt data source and connection credentials. These credentials are used to get a short-lived access token which isn't stored as opening the local UI prompts to re-login on every launch.

Once installed, the gateway runs in the context of a service account local to the machine where you installed the gateway, which can be changed if required.

You could opt to use a service principal (using the DataGateway PowerShell Cmdlets) as an admin or even add gateway admins to allow multiple users to manage the gateway.