A network security group (NSG) contains a list of Access Control List (ACL) rules that allow or deny network traffic to your VMs in a virtual network. NSGs can be associated with either subnets or individual VMs within that subnet. When an NSG is associated with a subnet, the ACL rules apply to all the VMs in that subnet. In addition, traffic to an individual VM can be restricted further by associating an NSG directly to that VM. Make sure the NSGs do not block outbound traffic to allow Internet access, ensuring all Azure public endpoints are accessible by default.
When you deploy Teradata products separately, you must create an NSG. When you deploy Teradata products using a solution template, an NSG is automatically created for you with a naming convention of vp-nsg for Viewpoint, sm-nsg for Server Management, and so on. If you deploy using a solution template, make sure to assign private IPs within the same VNet or VNet peering.
You can open a port to a VM by creating a network filter on a subnet or VM NIC. You can then place these filters, which control both inbound and outbound traffic, on an NSG attached to the resource that receives the traffic.