6.02 - Network Security Groups for Teradata Database - Teradata Software for Azure

Teradata Vantage™ on Azure (DIY) Installation and Administration Guide

Teradata Vantage on Azure
Release Number
Release Date
January 2019
Content Type
Publication ID
English (United States)

When configuring a network security group, set up the port ranges listed below for each Teradata Database VM so the Teradata Database can be locked down to the local host. If you deploy a Teradata ecosystem or deploy Teradata Database using a solution template, you must open inbound port 1025 as it is closed by default.

If you are purchasing Teradata Vantage (BYOL) or Teradata Vantage with IntelliSphere (BYOL), port 443 must be open to https://slem.teradata.com so Teradata can verify BYOL entitlement. See Teradata® Entitlement Management System (EMS) Customer User Guide.

When deploying a Teradata ecosystem from a solution template, Teradata uses a different set of security rules for the following software in the Teradata ecosystem and defines the network security group on the NICs of each of these VMs:
  • Teradata Data Mover
  • Teradata Data Stream Controller
  • Teradata Ecosystem Manager
  • Teradata Query Service
  • Teradata Server Management
  • Teradata Unity
  • Teradata Viewpoint

When deploying Teradata software separately from an image, you create a new or select an existing public IP address as well as a network security group when you configure the software.

If you are not deploying a Teradata Database MPP VM using a solution template, you must add inbound TCP 22 and UDP 1001-1002 ports.

Teradata Database
Direction Protocol Port Description
Inbound TCP 22 SSH
TCP 1025 Teradata Database Service to the public cloud
TCP 64432 If using mainframe connectivity
UDP 1001-1002 If using a non-traditional deployment method (internal only)
Outbound TCP 443 [BYOL only] To connect to https://slem.teradata.com so Teradata can verify BYOL entitlement