Security Groups for Other Teradata Applications - Teradata Software for AWS

Teradata Vantageâ„¢ on AWS (DIY) Quick Deployment Guide

Product
Teradata Vantage on AWS
Release Number
5.08
Published
November 2018
Language
English (United States)
Last Update
2018-11-07
dita:mapPath
uxv1521735824743.ditamap
dita:ditavalPath
TeradataAWS_PubCloud_5.08.ditaval
dita:id
B035-2801
Product Category
Cloud

When configuring a security group for other Teradata applications, set up the following port ranges for each software instance to allow access to and from those ports. Although all outbound ports can be opened, ensure the following outbound ports are specifically designated. Only add ports for accessed software. For example, do not add ports for Server Management unless it is used.

Software Protocol Port Range Description
Inbound
Parallel Upgrade Tool (PUT) TCP 22 SSH
3389 RDP
9000-9010, 8443 Teradata ServiceConnectâ„¢ to connect to PUT [B, A, E only1]
Teradata Data Mover TCP 22 SSH
1025 Teradata Database Service
1443 Data Mover REST endpoint for job update notifications
5180, 5190 Server Management
9090 DSA REST endpoint for Data Mover DSA jobs
25168 ARC Server
25268 ARC Access Module
25368 Master Sync Service
61616 ActiveMQ
Teradata Data Stream Controller TCP 22 SSH
1025 Teradata Database Service
9090 DSA REST Services
15401 BARNC Data Traffic
15402 BARNC Web Service
61616 ActiveMQ
Teradata Ecosystem Manager TCP 22 SSH
1025 Teradata Database to Ecosystem Mgr in the public cloud
61616 ActiveMQ
61720 EM control agent
61820 EM control
8090 EM REST endpoint
9443 EM REST endpoint HTTPS
Teradata QueryGrid Manager TCP 22 SSH
9300-9303 Custom rule
7000-7001 Custom rule
9443-9445 Custom rule
443 HTTPS
Teradata Query Service TCP 22 SSH
1080 REST Gateway
1443 HTTPS
Teradata Server Management: Managed Instances TCP 22 Allow SSH over the virtual subnet
5190-5191 For sm3gnode; same as 5180-5181
5180-5181 5180-5181 is also for sm3gnode; needs to be allowed only from the Server Management instance
Teradata Server Management: CMIC Instance TCP 22 SSH
UDP 5598-5599 CMIC Heartbeat
TCP 5599 CMIC Heartbeat
TCP 5988 CIM
TCP 5999 CMIC software upgrade/downgrade
TCP 7755 Java Proxy Service for SM Client
TCP 7757-7758 Java RMI for SM Client
UDP 7759 SOV Ping for SM Client
UDP 7946 Serf
TCP 7946 Serf
TCP 9981 HTTPS (CMIC Web Services and REST)
TCP 61618 JMS
Teradata Tools and Utilities TCP 22 SSH
1025 Teradata Database Service
Teradata Unity TCP 22 Remote management
22 Configuration and maintenance
1025 Teradata Database system
5344 unityadmin
5344 Unity management
5345-5348 Inter-process communication
6001 Deprecated; use unityadmin
Teradata Viewpoint TCP 22 SSH
80 HTTP for Viewpoint
443 HTTPS for Viewpoint
5432 Teradata Alerts
61616 ActiveMQ
Outbound
Teradata Query Service TCP 1025 Single instance of Teradata Query Service to Teradata Database in the public cloud
Teradata Server Management: CMIC Instance

[B, A, E only1]

TCP 443 HTTPS for ServiceConnect
8009 ServiceConnect to policy server
Teradata Unity TCP 22 Configuration and maintenance2
1025 Access Teradata Database system
1026 Access repository3
5344 Management connection
5345-5348 Inter-process communication
Teradata Viewpoint TCP 1025 Single instance of Teradata Viewpoint to Teradata Database from AWS
  • 1 License tiers: D/Developer, B/Base, A/Advanced, E/Enterprise
  • 2 The primary Unity instance configures the standby Unity instance using outbound port 22
  • 3 The primary Unity instance synchronizes with the standby Unity repository using outbound port 1026