When configuring a security group for other Teradata applications, set up the following port ranges for each software instance to allow access to and from those ports. Although all outbound ports can be opened, ensure the following outbound ports are specifically designated. Only add ports for accessed software. For example, do not add ports for Server Management unless it is used.
Software | Protocol | Port Range | Description |
---|---|---|---|
Inbound | |||
Parallel Upgrade Tool (PUT) | TCP | 22 | SSH |
3389 | RDP | ||
9000-9010, 8443 | Teradata ServiceConnectâ„¢ to connect to PUT [B, A, E only1] | ||
Teradata Data Mover | TCP | 22 | SSH |
1025 | Teradata Database Service | ||
1443 | Data Mover REST endpoint for job update notifications | ||
5180, 5190 | Server Management | ||
9090 | DSA REST endpoint for Data Mover DSA jobs | ||
25168 | ARC Server | ||
25268 | ARC Access Module | ||
25368 | Master Sync Service | ||
61616 | ActiveMQ | ||
Teradata Data Stream Controller | TCP | 22 | SSH |
1025 | Teradata Database Service | ||
9090 | DSA REST Services | ||
15401 | BARNC Data Traffic | ||
15402 | BARNC Web Service | ||
61616 | ActiveMQ | ||
Teradata Ecosystem Manager | TCP | 22 | SSH |
1025 | Teradata Database to Ecosystem Mgr in the public cloud | ||
61616 | ActiveMQ | ||
61720 | EM control agent | ||
61820 | EM control | ||
8090 | EM REST endpoint | ||
9443 | EM REST endpoint HTTPS | ||
Teradata QueryGrid Manager | TCP | 22 | SSH |
9300-9303 | Custom rule | ||
7000-7001 | Custom rule | ||
9443-9445 | Custom rule | ||
443 | HTTPS | ||
Teradata Query Service | TCP | 22 | SSH |
1080 | REST Gateway | ||
1443 | HTTPS | ||
Teradata Server Management: Managed Instances | TCP | 22 | Allow SSH over the virtual subnet |
5190-5191 | For sm3gnode; same as 5180-5181 | ||
5180-5181 | 5180-5181 is also for sm3gnode; needs to be allowed only from the Server Management instance | ||
Teradata Server Management: CMIC Instance | TCP | 22 | SSH |
UDP | 5598-5599 | CMIC Heartbeat | |
TCP | 5599 | CMIC Heartbeat | |
TCP | 5988 | CIM | |
TCP | 5999 | CMIC software upgrade/downgrade | |
TCP | 7755 | Java Proxy Service for SM Client | |
TCP | 7757-7758 | Java RMI for SM Client | |
UDP | 7759 | SOV Ping for SM Client | |
UDP | 7946 | Serf | |
TCP | 7946 | Serf | |
TCP | 9981 | HTTPS (CMIC Web Services and REST) | |
TCP | 61618 | JMS | |
Teradata Tools and Utilities | TCP | 22 | SSH |
1025 | Teradata Database Service | ||
Teradata Unity | TCP | 22 | Remote management |
22 | Configuration and maintenance | ||
1025 | Teradata Database system | ||
5344 | unityadmin | ||
5344 | Unity management | ||
5345-5348 | Inter-process communication | ||
6001 | Deprecated; use unityadmin | ||
Teradata Viewpoint | TCP | 22 | SSH |
80 | HTTP for Viewpoint | ||
443 | HTTPS for Viewpoint | ||
5432 | Teradata Alerts | ||
61616 | ActiveMQ | ||
Outbound | |||
Teradata Query Service | TCP | 1025 | Single instance of Teradata Query Service to Teradata Database in the public cloud |
Teradata Server
Management: CMIC Instance [B, A, E only1] |
TCP | 443 | HTTPS for ServiceConnect |
8009 | ServiceConnect to policy server | ||
Teradata Unity | TCP | 22 | Configuration and maintenance2 |
1025 | Access Teradata Database system | ||
1026 | Access repository3 | ||
5344 | Management connection | ||
5345-5348 | Inter-process communication | ||
Teradata Viewpoint | TCP | 1025 | Single instance of Teradata Viewpoint to Teradata Database from AWS |
|