When configuring a network security group for Teradata software, set up the following port ranges for each VM to allow access to and from those ports. Although all outbound ports can be opened, ensure the following outbound ports listed are specifically designated. Add ports only for software being accessed. For example, do not add ports for Server Management unless it is being used.
| Software | Protocol | Port Range | Description |
|---|---|---|---|
| Inbound | |||
| Teradata Data Mover | TCP | 22 | SSH |
| 1025 | Access Vantage system | ||
| 1443 | Data Mover REST endpoint for job update notifications | ||
| 5180, 5190 | Server Management | ||
| 9090 | DSA REST endpoint for Data Mover DSA jobs | ||
| 25168 | ARC Server | ||
| 25268 | ARC Access Module | ||
| 25368 | Master Sync Service | ||
| 61616 | ActiveMQ. This port must also be open for outbound traffic from all TD systems that will be a source/target for Data Mover.
|
||
| 15401,15402 | For inbound/outbound BARNC traffic Must be open on all TD systems that will be a source or target for Data Mover. |
||
| Teradata Data Stream Controller | TCP | 22 | SSH |
| 1025 | Access Vantage system | ||
| 9090 | DSA REST Services | ||
| 15401 | BARNC Data Traffic | ||
| 15402 | BARNC Web Service | ||
| 61616 | ActiveMQ | ||
| Teradata Parallel Upgrade Tool (PUT) | TCP | 22 | SSH |
| 3389 | RDP | ||
| 9000-9010, 8443 | Teradata ServiceConnect™ to connect to PUT [B, A, E only1] | ||
| Teradata QueryGrid Manager | TCP | 22 | SSH |
| 9300-9303 | Custom rule | ||
| 7000-7001 | Custom rule | ||
| 9443-9445 | Custom rule | ||
| 443 | HTTPS | ||
| Teradata Query Service | TCP | 22 | SSH |
| 1080 | REST Gateway | ||
| 1443 | HTTPS | ||
| Teradata Server Management: Managed Instances | TCP | 22 | Allow SSH over the virtual subnet |
| 5190-5191 | For sm3gnode; same as 5180-5181 | ||
| 5180-5181 | 5180-5181 is also for sm3gnode; needs to be allowed only from the Server Management instance | ||
| Teradata Server Management: PSIM Instances | TCP | 22 | SSH |
| UDP | 5598-5599 | PSIM Heartbeat | |
| TCP | 5599 | PSIM Heartbeat | |
| TCP | 5988 | CIM | |
| TCP | 5999 | PSIM software upgrade/downgrade | |
| TCP | 7755 | Java Proxy Service for SM Client | |
| TCP | 7757-7758 | Java RMI for SM Client | |
| UDP | 7759 | SOV Ping for SM Client | |
| UDP | 7946 | Serf | |
| TCP | 7946 | Serf | |
| TCP | 61618 | JMS | |
| Teradata Tools and Utilities | TCP | 22 | SSH |
| 1025 | Vantage system | ||
| Teradata Viewpoint | TCP | 22 | SSH |
| 80 | HTTP for Viewpoint | ||
| 443 | HTTPS for Viewpoint | ||
| 5432 | Teradata Alerts | ||
| 61616 | ActiveMQ | ||
| 61617 | Internal Alerts by ActiveMQ | ||
| Outbound | |||
| Teradata Query Service | TCP | 1025 | Single instance of Query Service to Vantage in the public cloud |
| Teradata Server Management: PSIM Instance [B, A, E only1] |
TCP | 443 | HTTPS for ServiceConnect |
| 8009 | ServiceConnect to policy server | ||
| Teradata Viewpoint | TCP | 1025 | Single VM of Viewpoint to Vantage from Azure |
|
|||