When configuring a network security group for Teradata software, set up the following port ranges for each VM to allow access to and from those ports. Although all outbound ports can be opened, ensure the outbound ports listed below are specifically designated. Add ports only for software being accessed. For example, do not add ports for Server Management unless it is being used.
Software | Protocol | Port Range | Description |
---|---|---|---|
Inbound | |||
Teradata Data Mover | TCP | 22 | SSH |
1025 | Access Vantage system | ||
1443 | Data Mover REST endpoint for job update notifications | ||
5180, 5190 | Server Management | ||
9090 | DSA REST endpoint for Data Mover DSA jobs | ||
25168 | ARC Server | ||
25268 | ARC Access Module | ||
25368 | Master Sync Service | ||
61616 | ActiveMQ. This port must also be open for outbound traffic from all TD systems that will be a source/target for Data Mover.
|
||
15401,15402 | For inbound/outbound BARNC traffic. Must be open on all TD systems that will be a source or target for Data Mover | ||
Teradata Data Stream Controller | TCP | 22 | SSH |
1025 | Access Vantage system | ||
9090 | DSA REST Services | ||
15401 | BARNC Data Traffic | ||
15402 | BARNC Web Service | ||
61616 | ActiveMQ | ||
Teradata Ecosystem Manager | TCP | 22 | SSH |
1025 | Vantage to Ecosystem Manager in the public cloud | ||
61616 | ActiveMQ | ||
61720 | EM control agent | ||
61820 | EM control | ||
8090 | EM REST endpoint | ||
9443 | EM REST endpoint HTTPS | ||
Teradata Parallel Upgrade Tool (PUT) | TCP | 22 | SSH |
3389 | RDP | ||
9000-9010, 8443 | Teradata ServiceConnectâ„¢ to connect to PUT [B, A, E only1] | ||
Teradata QueryGrid Manager | TCP | 22 | SSH |
9300-9303 | Custom rule | ||
7000-7001 | Custom rule | ||
9443-9445 | Custom rule | ||
443 | HTTPS | ||
Teradata Query Service | TCP | 22 | SSH |
1080 | REST Gateway | ||
1443 | HTTPS | ||
Teradata Server Management: Managed Instances | TCP | 22 | Allow SSH over the virtual subnet |
5190-5191 | For sm3gnode; same as 5180-5181 | ||
5180-5181 | 5180-5181 is also for sm3gnode; needs to be allowed only from the Server Management instance | ||
Teradata Server Management: CMIC Instances | TCP | 22 | SSH |
UDP | 5598-5599 | CMIC Heartbeat | |
TCP | 5599 | CMIC Heartbeat | |
TCP | 5988 | CIM | |
TCP | 5999 | CMIC software upgrade/downgrade | |
TCP | 7755 | Java Proxy Service for SM Client | |
TCP | 7757-7758 | Java RMI for SM Client | |
UDP | 7759 | SOV Ping for SM Client | |
UDP | 7946 | Serf | |
TCP | 7946 | Serf | |
TCP | 9981 | HTTPS (CMIC Web Services and REST) | |
TCP | 61618 | JMS | |
Teradata Tools and Utilities | TCP | 22 | SSH |
1025 | Vantage system | ||
Teradata Unity | TCP | 22 | SSH |
1025 | Access Vantage system | ||
1026 | Access repository2 | ||
5344 | unityadmin | ||
5344 | Unity management | ||
5345-5348 | Inter-process communication | ||
6001 | Deprecated; use unityadmin | ||
Teradata Viewpoint | TCP | 22 | SSH |
80 | HTTP for Viewpoint | ||
443 | HTTPS for Viewpoint | ||
5432 | Teradata Alerts | ||
61616 | ActiveMQ | ||
Outbound | |||
Teradata Query Service | TCP | 1025 | Single instance of Query Service to Vantage in the public cloud |
Teradata Server Management: CMIC Instance [B, A, E only1] |
TCP | 443 | HTTPS for ServiceConnect |
8009 | ServiceConnect to policy server | ||
Teradata Unity | TCP | 22 | Configuration and maintenance3 |
1025 | Access Vantage system | ||
1026 | Access repository4 | ||
5344 | Management connection | ||
5345-5348 | Inter-process communication | ||
Teradata Viewpoint | TCP | 1025 | Single VM of Viewpoint to Vantage from Azure |
|