Leveraging Web Application Proxy in Windows Server 2016 to provide secure access to your SQL Server Reporting Services environment

 

A common ask from customers is around how to make their Reporting Services environment available to users outside of their internal corporate network.  This is especially important for them when they’re trying to use the Power BI mobile apps to view mobile reports and KPI’s while on the go.  Today, we’re pleased to announce that we’ve made updates to both SQL Server 2016 Reporting Services and the Power BI mobile apps to give companies some additional options to enable this in their organizations.

First introduced in Windows Server 2012, Web Application Proxy (WAP)provides reverse proxy functionality for web applications inside your corporate network to allow users on any device to access them from outside the corporate network. WAP pre-authenticates access to web applications using Active Directory Federation Services (ADFS), and also functions as an ADFS proxy.  Below is a typical network topology when using WAP.

Web Application Proxy Topology

While we’ve provided ad hoc guidance in the past around taking advantage of this functionality, we’ve not had official support for it in the mobile apps, nor did we have full support for viewing mobile report content in the browser for many scenarios using this setup.

ADFS Support using WAP now available in the Power BI mobile apps

As first announced on the Power BI blog today, there is now support to access your mobile reports and KPI’s through the mobile app when used in conjunction with the Web Application Proxy functionality in Windows Server 2016.  Currently in preview for both iOS and Android devices, this will allow organizations using Kerberos in their corporate environment to access the mobile apps outside of that environment using ADFS.  The apps now also support modern security features that can be enabled in WAP like multifactor authentication, providing additional security options for organizations that can be tailored to their specific needs.

Keep in mind that though you must use Windows Server 2016 to enable the functionality, you don’t need to run your Reporting Services instances on servers running WS2016 machines, nor do you need to update your entire ADFS infrastructure to the latest release.  There is a detailed walkthrough available for you to setup and enable this in your organization posted in the Power BI documentation.

We’ve also made accessing your reports through your web browser using WAP more flexible with the recently released Cumulative Update for SQL Server 2016 SP1.  In this update, a bug that had prevented certain customers from accessing mobile reports through their web browser using WAP was addressed.  If you want to access reports through your web browser using WAP, make sure you have this update applied to your SQL Server Reporting Services environment.  Please note – you can use the WAP functionality found in either Windows Server 2016 OR Windows Server 2012 R2 when accessing reports through the browser.  There is a walkthrough guide of setting up WAP in the context of an application you can access through the browser.  We’ll be putting together a specific walkthrough for Reporting Services for this scenario in the coming weeks as well.

Try it now and send us your feedback

Thanks for all the feedback so far around the need for this capability, which allowed us to prioritize it accordingly.  As always, let us know if you have any questions or comments about the functionality in the blog comments.