Network Security Groups and Ports
A network security group (NSG) contains a list of Access Control List (ACL) rules that allow or deny network traffic to your VMs in a virtual network. NSGs can be associated with either subnets or individual VMs within that subnet. When an NSG is associated with a subnet, the ACL rules apply to all the VMs in that subnet. In addition, traffic to an individual VM can be restricted further by associating a NSG directly to that VM.
If you deploy Teradata Database products separately, you must create a network security group. If you deploy a Teradata ecosystem or deploy a Teradata Database using a solution template, a network security group is automatically created for you with a naming convention of vp-nsg for Viewpoint, sm-nsg for Server Management, and so on. If you deploy Teradata Database products using a solution template, assign private IPs within the same VNet or VNet peering. See VNets.
You can open a port to a VM by creating a network filter on a subnet or VM network interface. You can then place these filters, which control both inbound and outbound traffic, on an NSG attached to the resource that receives the traffic.
For information, see Azure Documentation Center and search for What is a Network Security Group, How to Manage NSGs Using the Azure Portal, and Opening Ports to a Linux VM.