When configuring a security group for Vantage, set up the port ranges listed here for each VantageCloud instance so VantageCloud can be locked down to the local host. Port 1025 is blocked in the local instance until the DBC password is changed. If you are deploying a Teradata ecosystem, do not delete or modify the self-reference rule that is created for internal security group communication.
By default, NTP uses the Amazon Time Sync Service on a local IP. If you must use different NTP servers, make sure the VPC ACL setting is not blocking UDP port 123 for outbound traffic.
- Teradata Data Mover (DIY)
- Teradata Data Stream Controller (DIY)
- Teradata Query Service (DIY)
- Teradata Server Management (DIY)
- Teradata Viewpoint (DIY)
If you are not deploying a VantageCloud MPP instance using a Teradata ecosystem solution template or deploying VantageCloud separately, you must add inbound TCP 22 and UDP 1001-1002 ports.
| Direction | Protocol | Port Range | Description |
|---|---|---|---|
| Inbound | TCP | 22 | SSH |
| TCP | 1025 | VantageCloud Service to AWS | |
| 3015 | Access to the CNS subsystem | ||
| TCP | 64432 | If using mainframe connectivity | |
| UDP | 1001-1002 | If using non-traditional deployment methods (internal only) | |
| Outbound | UDP | 123 | NTP, required when not using Amazon Time Sync Service |