When configuring a security group for the Teradata Database, set up the port ranges listed below for each Teradata Database instance so the Teradata Database can be locked down to the local host. Port 1025 is blocked in the local instance until the DBC password is changed. If you are deploying a Teradata ecosystem, do not delete or modify the self-reference rule that is created for internal security group communication.
If you are purchasing Teradata Database or Teradata Database with IntelliSphere using BYOL, port 443 must be open to https://slem.teradata.com so Teradata can verify BYOL entitlement. See Teradata® Entitlement Management System (EMS) Customer User Guide.
By default, NTP uses the Amazon Time Sync Service on a local IP. If you must use different NTP servers, make sure the VPC ACL setting is not blocking UDP port 123 for outbound traffic.
- Teradata Data Mover
- Teradata Data Stream Controller
- Teradata Ecosystem Manager
- Teradata Query Service
- Teradata Server Management
- Teradata Unity
- Teradata Viewpoint
If you are not deploying a Teradata Database MPP instance using a Teradata ecosystem solution template or deploying Teradata Database separately, you must add inbound TCP 22 and UDP 1001-1002 ports.
| Software | Direction | Protocol | Port Range | Description |
|---|---|---|---|---|
| Teradata Database | Inbound | TCP | 22 | SSH |
| TCP | 1025 | Teradata Database Service to AWS | ||
| TCP | 64432 | If using mainframe connectivity | ||
| UDP | 1001-1002 | If using non-traditional deployment methods (internal only) | ||
| Teradata Database | Outbound | UDP | 123 | NTP, required when not using Amazon Time Sync Service |
| TCP | 443 | [BYOL only] To connect to https://slem.teradata.com so Teradata can verify BYOL entitlement |