Network Security Groups for Other Teradata Applications - Teradata Software for Azure

Teradata Vantageâ„¢ on Azure (DIY) Installation and Administration Guide

Product
Teradata Vantage on Azure
Release Number
5.01
Published
July 2018
Language
English (United States)
Last Update
2018-07-18
dita:mapPath
kmk1523992471627.ditamap
dita:ditavalPath
TeradataAzure_PubCloud_5.01_5.01.01.ditaval
dita:id
B035-2810
lifecycle
previous
Product Category
Cloud

When configuring a network security group for Teradata software applications, set up the following port ranges for each VM to allow access to and from those ports. Although all outbound ports can be opened, ensure the outbound ports listed below are specifically designated. Add ports only for software being accessed. For example, do not add ports for Server Management unless it is being used.

Software Protocol Port Range Description
Inbound
Parallel Upgrade Tool (PUT)
  • TCP
  • TCP
  • TCP
  • 22
  • 3389
  • 9000-9010, 8443
  • SSH
  • RDP
  • Teradata ServiceConnectâ„¢ to connect to PUT [B, A, E only1]
Teradata Data Mover
  • TCP
  • TCP
  • TCP
  • TCP
  • TCP
  • TCP
  • TCP
  • TCP
  • TCP
  • 22
  • 1025
  • 1443
  • 5180, 5190
  • 9090
  • 25168
  • 25268
  • 25368
  • 61616
  • SSH
  • Teradata Database Service
  • Data Mover REST endpoint for job update notifications
  • Server Management
  • DSA REST endpoint for Data Mover DSA jobs
  • ARC Server
  • ARC Access Module
  • Master Sync Service
  • ActiveMQ
Teradata Data Stream Controller
  • TCP
  • TCP
  • TCP
  • TCP
  • TCP
  • TCP
  • 22
  • 1025
  • 9090
  • 15401
  • 15402
  • 61616
  • SSH
  • Teradata Database Service
  • DSA REST Services
  • BARNC Data Traffic
  • BARNC Web Service
  • ActiveMQ
Teradata Ecosystem Manager
  • TCP
  • TCP
  • TCP
  • TCP
  • TCP
  • TCP
  • TCP
  • 22
  • 1025
  • 61616
  • 61720
  • 61820
  • 8090
  • 9443
  • SSH
  • Teradata Database to Ecosystem Mgr in the public cloud
  • ActiveMQ
  • EM control agent
  • EM control
  • EM REST endpoint
  • EM REST endpoint HTTPS
Teradata QueryGrid Manager
  • TCP
  • TCP
  • TCP
  • TCP
  • TCP
  • 22
  • 9300-9303
  • 7000-7001
  • 9443-9445
  • 443
  • SSH
  • Custom rule
  • Custom rule
  • Custom rule
  • HTTPS
Teradata REST Services
  • TCP
  • TCP
  • TCP
  • 22
  • 1080
  • 1443
  • SSH
  • REST Gateway
  • HTTPS
Teradata Server Management: Managed Instances
  • TCP
  • TCP
  • TCP
  • 22
  • 5190-5191
  • 5180-5181
  • Allow SSH over the virtual subnet.
  • For sm3gnode. Same as 5180-5181.
  • 5180-5181 is also for sm3gnode; needs to be allowed only from the Server Management instance.
Teradata Server Management: CMIC Instance
  • TCP
  • UDP
  • TCP
  • TCP
  • TCP
  • TCP
  • TCP
  • UDP
  • UDP
  • TCP
  • TCP
  • TCP
  • 22
  • 5598-5599
  • 5599
  • 5988
  • 5999
  • 7755
  • 7757-7758
  • 7759
  • 7946
  • 7946
  • 9981
  • 61618
  • SSH
  • CMIC Heartbeat
  • CMIC Heartbeat
  • CIM
  • CMIC software upgrade/downgrade
  • Java Proxy Service for SM Client
  • Java RMI for SM Client
  • SOV Ping for SM Client
  • Serf
  • Serf
  • HTTPS (CMIC Web Services and REST)
  • JMS
Teradata Tools and Utilities
  • TCP
  • TCP
  • 22
  • 1025
  • SSH
  • Teradata Database Service
Teradata Viewpoint
  • TCP
  • TCP
  • TCP
  • TCP
  • TCP
  • 22
  • 80
  • 443
  • 5432
  • 61616
  • SSH
  • HTTP for Viewpoint
  • HTTPS for Viewpoint
  • Teradata Alerts
  • ActiveMQ
Outbound
Teradata REST Services
  • TCP
  • 1025
  • Single instance of Teradata REST Services to Teradata Database in the public cloud
Teradata Server Management: CMIC Instance

[B, A, E only1]

  • TCP
  • TCP
  • 443
  • 8009
  • HTTPS for ServiceConnect
  • ServiceConnect to policy server
Teradata Viewpoint
  • TCP
  • 1025
  • Single VM of Teradata Viewpoint to Teradata Database from Azure
  • 1 License tiers: D/Developer, B/Base, A/Advanced, E/Enterprise