This section will describe the basic architecture of an on-premises data gateway and list the different components that communicate with each other to provide secure messaging between cloud-hosted services and on-premises resources.
When you install and configure your instance of an on-premises data gateway on a server, it creates a gateway that runs under NT SERVICEPBIEgwService. With initial On-premise data gateway Setup NT SERVICEPBIEgwService gets log-on-as-service rights on the server and uses port 443 for outbound communicate with other Azure services.
Under the hood, after the installation/configuration of an on-premises data gateway, it is registered with the gateway-cloud service hosted on Azure with Azure Service Bus. The architecture is described in the following diagram:
Let's now analyze what happens when queries and data flow through an on-premises data gateway:
- When a query is created by the cloud service, the cloud service sends the query along with the encrypted credentials for the on-premises data source to the gateway to process.
- The gateway cloud service will then look into the query and send the request to the Azure Service Bus queue.
- The on-premises data gateway polls the Azure Service Bus queue for any new service requests.
- The gateway then gets the query, decrypts the credentials, and connects to the systems with those credentials.
- The gateway sends the message to the data source for execution.
- The results are sent from the data source back to the gateway, and then on to the cloud service. The service then uses the results returned from the on-premises data gateway.