Security Groups for Teradata Database

When configuring a security group for the Teradata Database, set up the port ranges listed below for each Teradata Database instance so the Teradata Database can be locked down to the local host. Port 1025 is blocked in the local instance until the DBC password is changed. If you are launching a Teradata ecosystem, do not delete or modify the self-reference rule that is created for internal security group communication.

For BYOL, port 443 must be open to connect to the Teradata EMS server to successfully deploy Teradata Database on AWS. For general licensing information, see Teradata Entitlement Management System (EMS) Customer User Guide.

If you use NTP, ensure the VPC ACL setting is not blocking UDP port 123 for both inbound and outbound traffic.

When launching a Teradata Database MPP instance using CloudFormation, access is restricted to IP addresses in the CIDR block specified in the Remote Access From parameter. If you have other Teradata software instances residing outside that IP range, you can edit the security group after launching to add the necessary IP addresses. Teradata software instances that may need access to the Teradata Database MPP instance include:
  • Teradata Data Mover
  • Teradata Data Stream Controller
  • Teradata Ecosystem Manager
  • Teradata REST
  • Teradata Server Management
  • Teradata Viewpoint

If you are not launching a Teradata Database MPP instance as described in Chapters 3 and 4, you must add inbound TCP 22 and UDP 1001-1002 ports.

Software Direction Protocol Port Range Description
Teradata Database Inbound
  • TCP
  • TCP
  • UDP
  • 22
  • 1025
  • 1001-1002
  • SSH
  • Teradata Database Service to AWS
  • If using non-traditional launch methods (internal only)
Teradata Database Outbound
  • TCP
  • TCP
  • 123
  • 443
  • NTP
  • [BYOL] To connect to the Teradata EMS server

results matching ""

    No results matching ""