Security Groups for Other Teradata Applications | Teradata VantageCloud Enterprise on AWS (DIY) - Security Groups for Other Teradata Applications - Teradata® VantageCloud Enterprise on AWS

VantageCloud Enterprise on AWS (DIY) Installation and Administration Guide - 2.4

Deployment
VantageCloud
Edition
Enterprise
Product
Teradata® VantageCloud Enterprise on AWS
Release Number
2.4
Published
April 2024
Language
English (United States)
Last Update
2024-07-15
dita:mapPath
kma1662437965174.ditamap
dita:ditavalPath
nat1649317391363.ditaval
dita:id
jnv1467245119674
Product Category
Cloud

When configuring a security group for Teradata software applications, set up the following port ranges for each software instance to allow access to and from those ports. Although all outbound ports can be opened, ensure the followig outbound ports listed are specifically designated. Only add ports for accessed software. For example, do not add ports for Server Management unless it is used.

Software Protocol Port Range Description
Inbound
Teradata Data Mover (DIY) TCP 22 SSH
1025 Access Vantage system
1443 Data Mover REST endpoint for job update notifications
5181, 5191 Server Management
9090 DSA REST endpoint for Data Mover DSA jobs
5432 Master Sync Service
61616 ActiveMQ.
This port must also be open for outbound traffic from all TD systems that will be a source/target for Data Mover.
15401,15402 For inbound/outbound BARNC traffic

Must be open on all TD systems that will be a source or target for Data Mover.

Teradata Data Stream Controller (DIY) TCP 22 SSH
1025 Access Vantage system
9090 DSA REST Services
15401 BARNC Data Traffic
15402 BARNC Web Service
61616 ActiveMQ
Teradata Parallel Upgrade Tool (PUT) TCP 22 SSH
  3389 RDP
  9000-9010, 8443 Teradata ServiceConnect™ to connect to PUT [B, A, E only1]
Teradata QueryGrid Manager (DIY) TCP 22 SSH
9300-9303 Custom rule
7000-7001 Custom rule
9443-9445 Custom rule
443 HTTPS
Teradata Query Service (DIY) TCP 22 SSH
1080 REST Gateway
1443 HTTPS
Teradata Server Management (DIY): Managed Instances TCP 22 Allow SSH over the virtual subnet
5191 For sm3gnode; same as 5181
5181 5181 is also for sm3gnode; needs to be allowed only from the Server Management instance
Teradata Server Management (DIY): PSIM Instances TCP 22 SSH
UDP 5598-5599 PSIM Heartbeat
TCP 5599 PSIM Heartbeat
TCP 5988 CIM
TCP 5999 PSIM software upgrade/downgrade
TCP 7755 Java Proxy Service for SM Client
TCP 7757-7758 Java RMI for SM Client
UDP 7759 SOV Ping for SM Client
UDP 7946 Serf
TCP 7946 Serf
TCP 61618 JMS
Teradata Tools and Utilities TCP 22 SSH
1025 Vantage system
Teradata Viewpoint TCP 22 SSH
80 HTTP for Viewpoint
443 HTTPS for Viewpoint
5432 Teradata Alerts
61616 ActiveMQ
61617 Internal Alerts by ActiveMQ
Outbound
Teradata Query Service TCP 1025 Single instance of Query Service to Vantage in the public cloud
Teradata Server Management: CMIC Instance

[B, A, E only1]

TCP 443 HTTPS for ServiceConnect
8009 ServiceConnect to policy server
Teradata Viewpoint TCP 1025 Single instance of Viewpoint to Vantage from AWS
  • 1 License tiers: D/Developer, B/Base, A/Advanced, E/Enterprise