Network Security Groups for Teradata Database

When configuring a network security group, set up the port ranges listed below for each Teradata Database VM so the Teradata Database can be locked down to the local host. In particular, note the following:

  • If you deploy a Teradata ecosystem or deploy Teradata Database using a solution template, incoming port 1025 is closed by default.
  • Port 1025 is blocked in Teradata Database MPP VMs until the dbc password is changed.

If you are purchasing software using BYOL, Port 443 must be open to connect to the Teradata EMS server to successfully deploy Teradata Database on Azure. See Teradata Entitlement Management System (EMS) Customer User Guide.

When deploying a Teradata ecosystem from a solution template, Teradata uses a different set of security rules for the following software in the Teradata ecosystem and defines the network security group on the NICs of each of these VMs:
  • Teradata Data Mover
  • Teradata Data Stream Controller
  • Teradata Ecosystem Manager
  • Teradata REST Services
  • Teradata Server Management
  • Teradata Viewpoint

When deploying Teradata software separately from an image, you create a new or select an existing public IP address as well as a network security group when you configure the software.

If you are not launching a Teradata Database MPP VM as described in Chapters 3 and 4, you must add inbound TCP 22 and UDP 1001-1002 ports.

SoftwareDirectionProtocolPortDescription
Teradata DatabaseInbound
  • TCP
  • TCP
  • UDP
  • 22
  • 1025
  • 1001-1002
  • SSH
  • Teradata Database Service to the public cloud
  • If using non-traditional launch methods (internal only)
Teradata DatabaseOutbound
  • TCP
  • 443
  • [BYOL only] To connect to the Teradata EMS server

results matching ""

    No results matching ""