2.2 - Proxy Server - Teradata Vantage on AWS

Teradata Vantage™ on AWS (DIY) Installation and Administration Guide

Product
Teradata Vantage on AWS
Release Number
2.2
Release Date
May 2021
Content Type
Administration
Configuration
Installation
Publication ID
B035-2800-041K
Language
English (United States)

Proxy server is a server application or appliance that acts as an intermediary for requests from clients seeking resources from servers that provide those resources. A proxy server provides a gateway between servers and the internet.

Proxy Server

How to enable Proxy support

While deploying the stack (teradata vantage eco system), User must provide proxy server details in proxy server parameter field. If user doesn’t provide any value in proxy server parameter, then no proxy configurations are performed on teradata eco system. User must provide the private ip address of proxy server. Proxy server and teradata eco system must be deployed in same vpc.

• Proxy support is not available to Server Management component.

• In Node failure recovery scenario, proxy server details need to be updated manually on newly node deployed.

• In Scale in/out operations, proxy configurations must be configured manually on new nodes.

• In case of non-proxy to proxy migration, proxy configuration on new node must be manually configured.

• In case of future migration of Vantage Ecosystem behind the proxy, all the proxy configurations should be applied manually to newly deployed components in the Private Subnet

How to configure proxy on Teradata eco system instances

Yast2 binary allows you to to configure system wide proxy.

Below are the commands to enable/disable proxy:

## Sets HTTP, HTTPS & FTP proxies to Proxy Server's Private IP from VPC
echo "OK" | yast2 proxy set {http,https,ftp}=http://<proxy_server_private_ip>:<proxy_server_port>
 
## Sets NO Proxy for AWS EC2 Metadata, AWS NTP Server, AWS ECS Metadata sites and VPC CIDR viz., 176.20.0.0/16
echo "OK" | yast2 proxy noproxy=localhost,127.0.0.1,169.254.169.254,169.254.169.123,169.254.170.2,<VPC_CIDR>
 
## Optional: Sets Proxy Authentication
echo "OK" | yast2 proxy authentication username=<proxy_server_username> password=<proxy_server_password>
 
## Enables System-wide Proxy
echo "OK" | yast2 proxy enable
 
## Check Proxy Status
yast2 proxy summary
 
## Disables System-wide Proxy
echo "OK" | yast2 proxy disable
Expected configuration of proxy server:

• Should allow re-directs from DNS to IP's of allow list domains

• Should allow both HTTP & HTTPS communications

• May use self-signed certificate for HTTPS communications.

• Should allow all amazon endpoints viz., *.amazonaws.com, *.amazon.com

• Should allow communication to Teradata sites like Service Connect, Artifactory.

• Should block explicit IP of AWS EC2 Meta-Data, as redirection of Metadata is restricted to instance itself. If allowed/redirected it will be invalid instance metadata data.

• Should consider all the ports of Vantage Components as either Safe or SSL corresponding, without blocking the component interaction

Web Services URL Regex End Points
AWS Endpoints

.amazonaws.com

.amazon.com

.amazontrust.com

.awsstatic.com

logs.us-west-2.amazonaws.com

ec2.us-west-2.amazonaws.com

dynamodb.us-west-2.amazonaws.com

autoscaling.us-west-2.amazonaws.com

lambda.us-west-2.amazonaws.com

tagging.us-west-2.amazonaws.com

Teradata Endpoints

.teradatacloud.com

.teradatacloud.io

.teradata.com

.labsteradata.net

.artportal.teradata.ws

*.logs.security.intellicloud.teradata.com

*.api.baas.teradatacloud.io

*.icaws.intellicloud.teradata.com

*.api.teradatacloud.io

*.intellicloud.teradata.com

*.migration.teradatacloud.io

artportal.teradata.ws

serviceconnect.teradata.com

NTP .ntp.org 0.pool.ntp.org
Python

.pypi.org

.pythonhosted.org

.python.org

 
Sophos Antivirus .sophos.com  
Tenable Vulnerability Scan .cloud.tenable.com  
Data Dog .datadoghq.com