Security Groups for Other Teradata Applications

When configuring a security group for Teradata software applications, set up the following port ranges for each software instance to allow access to and from those ports. Although all outbound ports can be opened, ensure the outbound ports listed below are specifically designated. Only add ports for accessed software. For example, do not add ports for Server Management unless it is used.

SoftwareDirectionProtocolPort RangeDescription
Parallel Upgrade Tool (PUT)Inbound
  • TCP
  • TCP
  • TCP
  • 22
  • 3389
  • 9000-9010, 8443
  • SSH
  • RDP
  • Teradata ServiceConnect to connect to PUT [B, A, E* only]
Teradata AppCenterInbound
  • TCP
  • HTTPS
  • 22
  • 443
  • SSH
  • Web Interface
Teradata AppCenterOutbound
  • TCP
  • TCP
  • 1025
  • 2406
  • 8080
  • Teradata Database
  • Teradata Aster Database
  • Presto
Teradata Data MoverInbound
  • TCP
  • TCP
  • TCP
  • TCP
  • TCP
  • TCP
  • TCP
  • TCP
  • TCP
  • 22
  • 1025
  • 1443
  • 5180, 5190
  • 9090
  • 25168
  • 25268
  • 25368
  • 61616
  • SSH
  • Teradata Database Service
  • Data Mover REST endpoint for job update notifications
  • Server Management
  • DSA REST endpoint for Data Mover DSA jobs
  • ARC Server
  • ARC Access Module
  • Master Sync Service
  • ActiveMQ
Teradata Data Stream ControllerInbound
  • TCP
  • TCP
  • TCP
  • TCP
  • TCP
  • TCP
  • 22
  • 1025
  • 9090
  • 15401
  • 15402
  • 61616
  • SSH
  • Teradata Database Service
  • DSA REST Services
  • BARNC Data Traffic
  • BARNC Web Service
  • ActiveMQ
Teradata Ecosystem ManagerInbound
  • TCP
  • TCP
  • TCP
  • TCP
  • TCP
  • TCP
  • TCP
  • 22
  • 1025
  • 61616
  • 61720
  • 61820
  • 8090
  • 9443
  • SSH
  • Teradata Database to Ecosystem Manager in the public cloud
  • ActiveMQ
  • EM control agent
  • EM control
  • EM REST endpoint
  • EM REST endpoint HTTPS
Teradata QueryGrid ManagerInbound
  • TCP
  • TCP
  • TCP
  • TCP
  • TCP
  • 22
  • 9300-9303
  • 7000-7001
  • 9443-9445
  • 443
  • SSH
  • Custom rule
  • Custom rule
  • Custom rule
  • HTTPS
Teradata REST ServicesInbound
  • TCP
  • TCP
  • TCP
  • 22
  • 1080
  • 1443
  • SSH
  • REST Gateway
  • HTTPS
Teradata REST ServicesOutboundTCP
  • 1025
  • Single instance of Teradata REST Services to Teradata Database in the public cloud
Teradata Server Management: Managed InstancesInbound
  • TCP
  • TCP
  • TCP
  • 22
  • 5180-5181
  • 5190-5191
  • Allow SSH over the virtual subnet.
  • For sm3gnode; needs to be allowed only from the Server Management instance.
  • 5190-5191 is also for sm3gnode. Same as above.
Teradata Server Management: CMIC InstanceInbound
  • TCP
  • UDP
  • TCP
  • TCP
  • TCP
  • TCP
  • TCP
  • UDP
  • UDP
  • TCP
  • TCP
  • TCP
  • 22
  • 5598-5599
  • 5599
  • 5988
  • 5999
  • 7755
  • 7757-7758
  • 7759
  • 7946
  • 7946
  • 9981
  • 61618
  • SSH
  • CMIC Heartbeat
  • CMIC Heartbeat
  • CIM
  • CMIC software upgrade/downgrade
  • Java Proxy Service for SM Client
  • Java RMI for SM Client
  • SOV Ping for SM Client
  • Serf
  • Serf
  • HTTPS (CMIC Web Services and REST)
  • JMS
Teradata Server Management: CMIC Instance

[B, A, E* only]

Outbound
  • TCP
  • TCP
  • 443
  • 8009
  • HTTPS for ServiceConnect
  • ServiceConnect to policy server
Teradata Tools and UtilitiesInbound
  • TCP
  • TCP
  • 22
  • 1025
  • SSH
  • Teradata Database Service
Teradata ViewpointInbound
  • TCP
  • TCP
  • TCP
  • TCP
  • TCP
  • 22
  • 80
  • 443
  • 5432
  • 61616
  • SSH
  • HTTP for Viewpoint
  • HTTPS for Viewpoint
  • Teradata Alerts
  • ActiveMQ
Teradata ViewpointOutboundTCP
  • 1025
  • Single instance of Teradata Viewpoint to Teradata Database from AWS
*License tiers: D/Developer, B/Base, A/Advanced, E/Enterprise

results matching ""

    No results matching ""