Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Learn from the best! Meet the four finalists headed to the FINALS of the Power BI Dataviz World Championships! Register now

Reply
XhevahirMehalla
Helper III
Helper III

On-premise Gateway - Data Encryption from Oracle

‎01-13-2026 01:07 AM

Hello -

 

I have a hybrid solution:

  1. Data Source Oracle OCI 
  2. Using azure synapse analytics to extract data from Oracle and save them to Data Lake - will migrate at some point
  3. Using azure SQL db as DWH
  4. using a VM in azure to install Self-hosted IR and installed an oracle certificate to help with data encryption on Oracle port 2484. This works fine.
  5. Using PBI service and desktop to produce reports (some real time reports - hence using another azure VM to install on-premise Gateway on that machine). 
  6.  We want to make sure that data is encrypted while using on-premise gateway VM. How can I implement something similar with as step 4 (Self-hosted IR VM). How do I make sure that Data extracted from Oracle OCI db using Pbi direct access make sure that data is protected on-transit?

Please can you help!

 

Thanks

Labels:
Message 1 of 6
348 Views
1 ACCEPTED SOLUTION
SavioFerraz
Kudo Kingpin
Kudo Kingpin

‎01-13-2026 11:15 AM

Hi @XhevahirMehalla,

 

This concern arises because Power BI Gateway encryption works differently from Azure Data Factory or Self-hosted Integration Runtime. In ADF/Synapse, you explicitly control Oracle network encryption using TCPS (port 2484) and Oracle Wallets. With Power BI, the gateway itself does not terminate or manage database-level encryption; it relies on the data source connection configuration to ensure data is encrypted in transit.

 

From a technical perspective, to protect Oracle data accessed through the On-premises Data Gateway, you must enforce Oracle native network encryption (TCPS) end to end. This means configuring the Oracle client on the gateway VM to use TCPS with Oracle Wallet, ensuring Power BI connects via the encrypted Oracle protocol. Power BI Desktop → Power BI Service → Gateway traffic is already encrypted using Azure Service Bus over TLS, so the remaining responsibility is securing the Oracle-to-Gateway leg.

 

Key point:
Power BI Gateway traffic is always encrypted to the Power BI Service, but Oracle-to-Gateway encryption must be enforced at the Oracle client and listener level using TCPS (SSL/TLS).

 

Helpful sources:

Power BI Gateway security

https://learn.microsoft.com/power-bi/connect-data/service-gateway-onprem

https://learn.microsoft.com/power-bi/enterprise/service-admin-gateway

Oracle network encryption (TCPS / SSL)

https://docs.oracle.com/en/database/oracle/oracle-database/19/dbseg/configuring-secure-sockets-layer...

Power BI + Oracle connectivity

https://learn.microsoft.com/power-bi/connect-data/desktop-connect-oracle-database

Microsoft Learn (recommended):

https://learn.microsoft.com/training/modules/power-bi-security-model/

 

Savio Ferraz | Microsoft Ambassador Edurocks and MinecraftEdu | Microsoft Learning Consulting | Google Certified Trainer and GEG Community Manager Diadema

 

Did my answer help? Mark my post as a solution or like it if you found it useful.

View solution in original post

Message 4 of 6
293 Views
5 REPLIES 5
v-pgoloju
Community Support
Community Support

‎01-22-2026 07:39 PM

Hi @XhevahirMehalla,

 

Just following up to see if the Response provided by community members were helpful in addressing the issue. if the issue still persists Feel free to reach out if you need any further clarification or assistance.

 

Best regards,
Prasanna Kumar

Message 6 of 6
236 Views
0
v-pgoloju
Community Support
Community Support

‎01-18-2026 09:18 PM

Hi @XhevahirMehalla,

 

Thank you for reaching out to the Microsoft Fabric Forum Community, and special thanks to @Jaywant-Thorat and @SavioFerraz  for prompt and helpful responses.

Just following up to see if the Response provided by community members were helpful in addressing the issue. if the issue still persists Feel free to reach out if you need any further clarification or assistance.

 

Best regards,
Prasanna Kumar

 

Message 5 of 6
273 Views
0
SavioFerraz
Kudo Kingpin
Kudo Kingpin

‎01-13-2026 11:15 AM

Hi @XhevahirMehalla,

 

This concern arises because Power BI Gateway encryption works differently from Azure Data Factory or Self-hosted Integration Runtime. In ADF/Synapse, you explicitly control Oracle network encryption using TCPS (port 2484) and Oracle Wallets. With Power BI, the gateway itself does not terminate or manage database-level encryption; it relies on the data source connection configuration to ensure data is encrypted in transit.

 

From a technical perspective, to protect Oracle data accessed through the On-premises Data Gateway, you must enforce Oracle native network encryption (TCPS) end to end. This means configuring the Oracle client on the gateway VM to use TCPS with Oracle Wallet, ensuring Power BI connects via the encrypted Oracle protocol. Power BI Desktop → Power BI Service → Gateway traffic is already encrypted using Azure Service Bus over TLS, so the remaining responsibility is securing the Oracle-to-Gateway leg.

 

Key point:
Power BI Gateway traffic is always encrypted to the Power BI Service, but Oracle-to-Gateway encryption must be enforced at the Oracle client and listener level using TCPS (SSL/TLS).

 

Helpful sources:

Power BI Gateway security

https://learn.microsoft.com/power-bi/connect-data/service-gateway-onprem

https://learn.microsoft.com/power-bi/enterprise/service-admin-gateway

Oracle network encryption (TCPS / SSL)

https://docs.oracle.com/en/database/oracle/oracle-database/19/dbseg/configuring-secure-sockets-layer...

Power BI + Oracle connectivity

https://learn.microsoft.com/power-bi/connect-data/desktop-connect-oracle-database

Microsoft Learn (recommended):

https://learn.microsoft.com/training/modules/power-bi-security-model/

 

Savio Ferraz | Microsoft Ambassador Edurocks and MinecraftEdu | Microsoft Learning Consulting | Google Certified Trainer and GEG Community Manager Diadema

 

Did my answer help? Mark my post as a solution or like it if you found it useful.

Message 4 of 6
294 Views
Jaywant-Thorat
Super User
Super User

‎01-13-2026 10:39 AM

How to ensure Oracle >> Power BI data is encrypted via On-prem Gateway?

1. Oracle → Gateway VM (YOU configure this)

  • Use TCPS (SSL) on port 2484

  • Oracle Wallet + certificate installed on Gateway VM

  • Oracle client configured with:

    • ENCRYPTION_CLIENT = REQUIRED

    • AES256

  • Power BI connects using TCPS connection string

Result: Data is encrypted in transit from Oracle to Gateway

2. Gateway VM → Power BI Service (AUTO)

  • Always encrypted by Microsoft

  • Uses TLS 1.2+

  • Outbound-only connection

  • No configuration needed

Result: Data is encrypted in transit to Power BI

3.  DirectQuery or Import

  • Import → encrypted once, stored securely

  • DirectQuery → encrypted on every query (TCPS is mandatory)

Final Answer : If Oracle uses TCPS (2484) and Power BI uses the On-prem Gateway, then data is fully encrypted in transit end-to-end.

You already have the right setup — just document TCPS for audits.


=================================================================
Did I answer your question? Mark my post as a solution! This will help others on the forum!

Appreciate your Kudos!!

Jaywant Thorat | MCT | Data Analytics Coach
LinkedIn: https://www.linkedin.com/in/jaywantthorat/
Join #MissionPowerBIBharat = https://shorturl.at/5ViW9
#MissionPowerBIBharat
LIVE with Jaywant Thorat from 10 Jan 2026
8 Days | 8 Sessions | 1 hr daily | 100% Free

Message 2 of 6
300 Views
XhevahirMehalla
Helper III
Helper III
In response to Jaywant-Thorat

‎01-30-2026 07:37 AM

Hi Jay,

 

 

Please can you help me what I need to for this.

 

I need the steps which are required to setup this.

 

I have DBAs which can help me and I have access to Power BI service (admin) role.

 

Please can you let me know the steps what each need to do?

 Each of the steps below I need more information.

 

Pls can you help me!

 

  • Use TCPS (SSL) on port 2484

  • Oracle Wallet + certificate installed on Gateway VM

  • Oracle client configured with:

    • ENCRYPTION_CLIENT = REQUIRED

    • AES256

  • Power BI connects using TCPS connection string

Message 3 of 6
194 Views
0

Helpful resources

Announcements
Join our Fabric User Panel

Join our Fabric User Panel

Share feedback directly with Fabric product managers, participate in targeted research studies and influence the Fabric roadmap.

February Power BI Update Carousel

Power BI Monthly Update - February 2026

Check out the February 2026 Power BI update to learn about new features.

FabCon Atlanta 2026 carousel

FabCon Atlanta 2026

Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.

View All