Security for Vantage Components | Teradata Vantage - 2.2 - Vantage Component Security - Teradata Vantage

Configuring Teradata Vantage™ After Installation

Product
Teradata Vantage
Release Number
2.2
Release Date
January 2021
Content Type
Configuration
Implementation
Publication ID
B700-4014-011K
Language
English (United States)
Vantage Component Security Overview
Advanced SQL Engine See the rest of this section (starting at Vantage Security Overview) for an overview of Advanced SQL Engine security.
Machine Learning Engine
  • Access to Teradata Machine Learning Engine analytic functions is controlled by permissions on the coprocessor foreign server object and by permissions on individual function mappings.
  • Users on Machine Learning Engine are automatically provisioned on first access:
    • Users are automatically given their own private schema
    • Data is not shared between users on Machine Learning Engine
    • Data does not persist within the Machine Learning Engine

See Teradata Vantage™ User Guide, B700-4002.

QueryGrid
  • HTTPS based connections to QueryGrid Manager (TLSv1.2)
  • Communication policies can be defined at different security levels for data transfers between the initiating connector (the connector starting the query) and the target connector (the connector receiving the query). Security levels can be set for authentication, integrity, and encryption
  • Fabric supports encryption over the wire
  • Fabric communications between Advanced SQL Engine and Machine Learning Engine are authenticated
  • Fabric supports LAN and WAN communication policies
    • LAN Policy – Enables key based authentication, credentials are encrypted using AES-128 encryption standard
    • WAN Policy – Enables key based authentication, both credentials and data are encrypted using AES-256 encryption standard
  • Permissions in Viewpoint restrict the users who can modify the QueryGrid configuration

See Teradata® QueryGrid™ Installation and User Guide, B035-5991.

Viewpoint
  • Connections to portlets are secured using HTTPS (TLSv1.2)
  • Authentication and encryption (with certificates) enabled for Viewpoint services:
    • DCS, ActiveMQ, Postgres, tdNotification
  • External users are managed by connected LDAP servers:
    • LDAP authentication and group authorization
  • Enhanced password controls for local users
  • Automatic log off after a period of inactivity
  • Portlet access is controlled at different levels by setting permissions for Viewpoint users:
    • Global, Role, User
  • Role-based permissions are applied for different categories of users
  • Access logging

See Teradata® Viewpoint User Guide, B035-2206.