Security Groups for Other Teradata Applications | Teradata Vantage on AWS (DIY) - Security Groups for Other Teradata Applications - Teradata Vantage on AWS

Teradata Vantageâ„¢ on AWS (DIY) Installation and Administration Guide

Product
Teradata Vantage on AWS
Release Number
2.2
Published
May 2021
Language
English (United States)
Last Update
2021-05-17
dita:mapPath
cce1618343956965.ditamap
dita:ditavalPath
zaj1618344123658.ditaval
dita:id
B035-2800
lifecycle
previous
Product Category
Cloud

When configuring a security group for Teradata software applications, set up the following port ranges for each software instance to allow access to and from those ports. Although all outbound ports can be opened, ensure the outbound ports listed below are specifically designated. Only add ports for accessed software. For example, do not add ports for Server Management unless it is used.

Software Protocol Port Range Description
Inbound
Teradata Data Mover TCP 22 SSH
1025 Access Vantage system
1443 Data Mover REST endpoint for job update notifications
5181, 5191 Server Management
9090 DSA REST endpoint for Data Mover DSA jobs
5432 Master Sync Service
61616 ActiveMQ.
This port must also be open for outbound traffic from all TD systems that will be a source/target for Data Mover.
15401,15402 For inbound/outbound BARNC traffic

Must be open on all TD systems that will be a source or target for Data Mover.

Teradata Data Stream Controller TCP 22 SSH
1025 Access Vantage system
9090 DSA REST Services
15401 BARNC Data Traffic
15402 BARNC Web Service
61616 ActiveMQ
Teradata Ecosystem Manager TCP 22 SSH
1025 Vantage to Ecosystem Manager in the public cloud
61616 ActiveMQ
61720 EM control agent
61820 EM control
8090 EM REST endpoint
9443 EM REST endpoint HTTPS
Teradata Parallel Upgrade Tool (PUT) TCP 22 SSH
  3389 RDP
  9000-9010, 8443 Teradata ServiceConnectâ„¢ to connect to PUT [B, A, E only1]
Teradata QueryGrid Manager TCP 22 SSH
9300-9303 Custom rule
7000-7001 Custom rule
9443-9445 Custom rule
443 HTTPS
Teradata Query Service TCP 22 SSH
1080 REST Gateway
1443 HTTPS
Teradata Server Management: Managed Instances TCP 22 Allow SSH over the virtual subnet
5191 For sm3gnode; same as 5181
5181 5181 is also for sm3gnode; needs to be allowed only from the Server Management instance
Teradata Server Management: CMIC Instances TCP 22 SSH
UDP 5598-5599 CMIC Heartbeat
TCP 5599 CMIC Heartbeat
TCP 5988 CIM
TCP 5999 CMIC software upgrade/downgrade
TCP 7755 Java Proxy Service for SM Client
TCP 7757-7758 Java RMI for SM Client
UDP 7759 SOV Ping for SM Client
UDP 7946 Serf
TCP 7946 Serf
TCP 9981 HTTPS (CMIC Web Services and REST)
TCP 61618 JMS
Teradata Tools and Utilities TCP 22 SSH
1025 Vantage system
Teradata Viewpoint TCP 22 SSH
80 HTTP for Viewpoint
443 HTTPS for Viewpoint
5432 Teradata Alerts
61616 ActiveMQ
Outbound
Teradata Query Service TCP 1025 Single instance of Query Service to Vantage in the public cloud
Teradata Server Management: CMIC Instance

[B, A, E only1]

TCP 443 HTTPS for ServiceConnect
8009 ServiceConnect to policy server
Teradata Viewpoint TCP 1025 Single instance of Viewpoint to Vantage from AWS
  • 1 License tiers: D/Developer, B/Base, A/Advanced, E/Enterprise