Network Security Groups for Other Teradata Applications

Teradata Database on Azure Getting Started Guide

brand
Cloud
prodname
Teradata Software for Azure
vrm_release
5.0
category
Configuration
Installation
featnum
B035-2810-117K

When configuring a network security group for Teradata software applications, set up the following port ranges for each VM to allow access to and from those ports. Although all outbound ports can be opened, ensure the outbound ports listed below are specifically designated. Add ports only for software being accessed. For example, do not add ports for Server Management unless it is being used.

Software Direction Protocol Port Range Description
Parallel Upgrade Tool (PUT) Inbound
  • TCP
  • TCP
  • TCP
  • 22
  • 3389
  • 9000-9010, 8443
  • SSH
  • RDP
  • Axeda or Teradata Connect to connect to PUT

Open the ports listed under Teradata Server Management if applicable to your environment.

Teradata Data Mover Inbound
  • TCP
  • TCP
  • TCP
  • TCP
  • TCP
  • TCP
  • TCP
  • TCP
  • TCP
  • 22
  • 1025
  • 1443
  • 5180, 5190
  • 9090
  • 25168
  • 25268
  • 25368
  • 61616
  • SSH
  • Teradata Database Service
  • Data Mover REST endpoint for job update notifications
  • Server Management
  • DSA REST endpoint for Data Mover DSA jobs
  • ARC Server
  • ARC Access Module
  • Master Sync Service
  • ActiveMQ
Teradata Data Stream Controller Inbound
  • TCP
  • TCP
  • TCP
  • TCP
  • TCP
  • TCP
  • 22
  • 1025
  • 9090
  • 15401
  • 15402
  • 61616
  • SSH
  • Teradata Database Service
  • DSA REST Services
  • BARNC Data Traffic
  • BARNC Web Service
  • ActiveMQ
Teradata Ecosystem Manager Inbound
  • TCP
  • TCP
  • TCP
  • TCP
  • 22
  • 1025
  • 61616
  • 61720, 61820, 8090
  • SSH
  • Teradata Database to Ecosystem Manager in the public cloud
  • ActiveMQ
  • Agent packages
  • Ecosystem Manager Control Engine
Teradata QueryGrid Manager Inbound
  • TCP
  • TCP
  • TCP
  • TCP
  • TCP
  • 22
  • 9300-9303
  • 7000-7001
  • 9443-9445
  • 443
  • SSH
  • Custom rule
  • Custom rule
  • Custom rule
  • HTTPS
Teradata REST Services Inbound
  • TCP
  • TCP
  • TCP
  • 22
  • 1080
  • 1443
  • SSH
  • REST Gateway
  • HTTPS
Teradata REST Services Outbound TCP
  • 1025
  • Single instance of Teradata REST Services to Teradata Database in the public cloud
Teradata Server Management: Managed Instances Inbound
  • TCP
  • TCP
  • TCP
  • 22
  • 5180-5181
  • 5190-5191
  • Allow SSH over the virtual subnet.
  • For sm3gnode; needs to be allowed only from the Server Management (or CMIC) instance.
  • 5190-5191 is also for sm3gnode. Same as above.
Teradata Server Management: CMIC Instance Inbound
  • TCP
  • UDP
  • TCP
  • TCP
  • TCP
  • TCP
  • TCP
  • UDP
  • UDP
  • TCP
  • TCP
  • TCP
  • 22
  • 5598-5599
  • 5599
  • 5988
  • 5999
  • 7755
  • 7757-7758
  • 7759
  • 7946
  • 7946
  • 9981
  • 61618
  • SSH
  • CMIC Heartbeat
  • CMIC Heartbeat
  • CIM
  • CMIC Software upgrade/downgrade
  • Java Proxy Service for SM Client
  • Java RMI for SM Client
  • SOV Ping for SM Client
  • Serf
  • Serf
  • HTTPS (CMIC Web Services and REST)
  • JMS
Teradata Server Management Outbound
  • TCP
  • TCP
  • 443
  • 8009
  • HTTPS for ServiceConnect
  • ServiceConnect to policy server
Teradata Tools and Utilities Inbound
  • TCP
  • TCP
  • 22
  • 1025
  • SSH
  • Teradata Database Service
Teradata Viewpoint Inbound
  • TCP
  • TCP
  • TCP
  • TCP
  • TCP
  • 22
  • 80
  • 443
  • 5432
  • 61616
  • SSH
  • HTTP for Viewpoint
  • HTTPS for Viewpoint
  • Teradata Alerts
  • ActiveMQ
Teradata Viewpoint Outbound TCP
  • 1025
  • Single VM of Teradata Viewpoint to Teradata Database from Azure