When configuring a security group for Teradata software applications, set up the following port ranges for each software instance to allow access to and from those ports. Although all outbound ports can be opened, ensure the followig outbound ports listed are specifically designated. Only add ports for accessed software. For example, do not add ports for Server Management unless it is used.
Software | Protocol | Port Range | Description |
---|---|---|---|
Inbound | |||
Teradata Data Mover (DIY) | TCP | 22 | SSH |
1025 | Access Vantage system | ||
1443 | Data Mover REST endpoint for job update notifications | ||
5181, 5191 | Server Management | ||
9090 | DSA REST endpoint for Data Mover DSA jobs | ||
5432 | Master Sync Service | ||
61616 | ActiveMQ. This port must also be open for outbound traffic from all TD systems that will be a source/target for Data Mover.
|
||
15401,15402 | For inbound/outbound BARNC traffic Must be open on all TD systems that will be a source or target for Data Mover. |
||
Teradata Data Stream Controller (DIY) | TCP | 22 | SSH |
1025 | Access Vantage system | ||
9090 | DSA REST Services | ||
15401 | BARNC Data Traffic | ||
15402 | BARNC Web Service | ||
61616 | ActiveMQ | ||
Teradata Parallel Upgrade Tool (PUT) | TCP | 22 | SSH |
3389 | RDP | ||
9000-9010, 8443 | Teradata ServiceConnect™ to connect to PUT [B, A, E only1] | ||
Teradata QueryGrid Manager (DIY) | TCP | 22 | SSH |
9300-9303 | Custom rule | ||
7000-7001 | Custom rule | ||
9443-9445 | Custom rule | ||
443 | HTTPS | ||
Teradata Query Service (DIY) | TCP | 22 | SSH |
1080 | REST Gateway | ||
1443 | HTTPS | ||
Teradata Server Management (DIY): Managed Instances | TCP | 22 | Allow SSH over the virtual subnet |
5191 | For sm3gnode; same as 5181 | ||
5181 | 5181 is also for sm3gnode; needs to be allowed only from the Server Management instance | ||
Teradata Server Management (DIY): PSIM Instances | TCP | 22 | SSH |
UDP | 5598-5599 | PSIM Heartbeat | |
TCP | 5599 | PSIM Heartbeat | |
TCP | 5988 | CIM | |
TCP | 5999 | PSIM software upgrade/downgrade | |
TCP | 7755 | Java Proxy Service for SM Client | |
TCP | 7757-7758 | Java RMI for SM Client | |
UDP | 7759 | SOV Ping for SM Client | |
UDP | 7946 | Serf | |
TCP | 7946 | Serf | |
TCP | 61618 | JMS | |
Teradata Tools and Utilities | TCP | 22 | SSH |
1025 | Vantage system | ||
Teradata Viewpoint | TCP | 22 | SSH |
80 | HTTP for Viewpoint | ||
443 | HTTPS for Viewpoint | ||
5432 | Teradata Alerts | ||
61616 | ActiveMQ | ||
61617 | Internal Alerts by ActiveMQ | ||
Outbound | |||
Teradata Query Service | TCP | 1025 | Single instance of Query Service to Vantage in the public cloud |
Teradata Server Management: CMIC Instance [B, A, E only1] |
TCP | 443 | HTTPS for ServiceConnect |
8009 | ServiceConnect to policy server | ||
Teradata Viewpoint | TCP | 1025 | Single instance of Viewpoint to Vantage from AWS |
|