Security Groups for Other Teradata Applications

When configuring a security group for Teradata software applications, set up thefollowing port ranges for each software instance to allow access to and from thoseports. Although all outbound ports can be opened, ensure the outbound ports listedbelow are specifically designated. Only add ports for software being accessed. Forexample, do not add ports for Server Management unless it is being used.
Software Direction Protocol Port Range Description
Parallel Upgrade Tool (PUT) Inbound
  • TCP
  • TCP
  • TCP
  • 22
  • 3389
  • 9000-9010, 8080
  • SSH
  • RDP
  • Axeda or Teradata Connect to connect to PUT

Open the ports listed under Teradata Server Management if applicable to your environment.

Teradata Data Mover Inbound
  • TCP
  • TCP
  • TCP
  • TCP
  • TCP
  • TCP
  • TCP
  • TCP
  • 22
  • 1025
  • 1080
  • 5180, 5190
  • 25168
  • 25268
  • 25368
  • 61616
  • SSH
  • Teradata Database Service
  • REST
  • Server Management
  • ARC Server
  • ARC Access Module
  • Master Sync Service
  • ActiveMQ
Teradata Data Stream Controller Inbound
  • TCP
  • TCP
  • TCP
  • TCP
  • TCP
  • TCP
  • 22
  • 1025
  • 9090
  • 15401
  • 15402
  • 61616
  • SSH
  • Teradata Database Service
  • DSA REST Services
  • BarNC Data Traffic
  • BARNC Web Service
  • ActiveMQ
Teradata Ecosystem Manager Inbound
  • TCP
  • TCP
  • TCP
  • TCP
  • TCP
  • 22
  • 1025
  • 61616
  • 61720
  • 61820
  • SSH
  • Teradata Database to Ecosystem Manager in the public cloud
  • ActiveMQ
  • Agent packages
  • Ecosystem Manager Control Engine
Teradata QueryGrid See Teradata QueryGrid within the Public Cloud and Teradata QueryGrid between the Public Cloud and On-Premises.
Teradata REST Services Inbound
  • TCP
  • TCP
  • 22
  • 1080
  • SSH
  • REST
Teradata REST Services Outbound TCP
  • 1025
  • Single instance of Teradata REST Services to Teradata Database in the public cloud
Teradata Server Management: Managed Instances Inbound
  • TCP
  • TCP
  • TCP
  • 22
  • 5180-5181
  • 5190-5191
  • Allow SSH over the virtual subnet.
  • For sm3gnode; needs to be allowed only from the Server Management (or CMIC) instance.
  • 5190-5191 is also for sm3gnode. Same as above.
Teradata Server Management: CMIC to CMIC Communication Inbound
  • TCP
  • TCP
  • TCP
  • TCP
  • TCP
  • TCP
  • UDP
  • TCP
  • TCP
  • 22
  • 1080
  • 1443
  • 7755
  • 7757-7758
  • 7758
  • 7759
  • 9981
  • 61618
  • SSH
  • REST (http)
  • REST (https)
  • Java Proxy Tunnel
  • Java RMI
  • Java Connections Tunnel
  • SOV Ping
  • CMIC Web (https)
  • JMS
Teradata Server Management: CMIC Instance Inbound
  • TCP
  • TCP
  • UDP
  • TCP
  • TCP
  • TCP
  • TCP
  • TCP
  • UDP
  • UDP
  • TCP
  • TCP
  • TCP
  • TCP
  • 22
  • 1080
  • 5598-5599
  • 5599
  • 5988
  • 5999
  • 7755
  • 7757-7758
  • 7759
  • 7946
  • 7946
  • 9981
  • 9991
  • 61618
  • SSH
  • REST (http)
  • CMIC Heartbeat
  • CMIC Heartbeat
  • CIM
  • CMIC Software upgrade/downgrade
  • Java Proxy Service for SM Client
  • Java RMI for SM Client
  • SOV Ping for SM Client
  • Serf
  • Serf
  • HTTP (CMIC Web Services
  • REST (https)
  • JMS
Teradata Server Management Outbound
  • TCP
  • TCP
  • 443
  • 8009
  • NTP
  • HTTPS for ServiceConnect
  • ServiceConnect to policy server; only if policy server is being used
Teradata Tools and Utilities Inbound
  • TCP
  • TCP
  • 22
  • 1025
  • SSH
  • Teradata Database Service
Teradata Viewpoint Inbound
  • TCP
  • TCP
  • TCP
  • TCP
  • TCP
  • 22
  • 80
  • 443
  • 5432
  • 61616
  • SSH
  • HTTP for Viewpoint
  • HTTPS for Viewpoint
  • Teradata Alerts
  • ActiveMQ
Teradata Viewpoint Outbound TCP
  • 1025
  • Single instance of Teradata Viewpoint to Teradata Database from AWS

results matching ""

    No results matching ""