TDV Security Group

This section covers how to review and make additional changes to your TDV Security Group.

Review Security Group (TDV Ports for inbound/outbound traffic)

2. Click on the “EC2 Dashboard” displayed on the left vertical menu.

3. Click on the “Security groups” link under the “Resources” area of the EC2 Dashboard.

5. At the bottom of the page there will be an overview of your security group.

6. Click on the "Inbound rules" or "Outbound rules" tab to see a specific rule set.

a. In the windows instance, modifying the inbound ports require OS level firewall changes. Refer to Additional Firewall changes for more information.

b. All outbound traffic is allowed by default. No restrictions are in place.

c. The TDV Security group for Linux has more inbound ports open than the Windows. This is because the MPP Engine feature is only available on Linux TDV Server installations.

If you need additional inbound or outbound ports (for example, data source) to your TDV instance, then you will need to modify your TDV Security Group.

For data sources that do not reside in your AWS instance that you want to access with your TDV AWS instance, it is a good idea to verify network connectivity as follows:

1. Make sure your data source IP and port are open to connections from the AWS network.

2. Test connectivity from your TDV AWS instance using the following command:

openssl s_client -connect <DATA_SOURCE_IP>:<DATA_SOURCE_PORT>

The section describes the additional security configuration you can do, if you require your TDV Server to only provide secure client connections.

To review TDV Port definitions, refer to Port Requirements.

Follow these steps to disable HTTP port (i.e. Web services port):

1. Connect to your TDV Server using the TDV Studio. Login as the “admin” user.

3. In the search window, search for the option "Disable HTTP".

8. From outside of the Amazon environment, run a network port check to verify only secure ports are open.

- openssl s_client -connect <PUBLIC_IP>:9400 # should NOT be open

- openssl s_client -connect <PUBLIC_IP>:9402 # should be open

- TDV Studio test -> connect to your TDV Server with port=9400 and click on the “Encrypt” check box. This should allow a secure connection via port 9402 to the TDV Server. Connecting without the “Encrypt” check box enabled (i.e. port 9400) should not be allowed anymore.

1. If you are using a standalone TDV without being in a TDV Cluster then you can remove port 9407 from your security group.

Note: Changing the security group ports requires additional OS configuration of the firewall settings if you are on the Windows platform. Refer to Additional Firewall changes for more information.

To further secure your TDV Security Group, change your Source IPs to match only known IPs.

This will allow you to ensure that only specific IPs access your TDV instances.

Refer Review Security Group (TDV Ports for inbound/outbound traffic) for how to access your security group to make that type of modification.

This section is to be used when you need to make port changes after already starting your DV instance. After you make the appropriate port changes in your security group, follow the steps given below to activate those changes.

Note: Review your respective security group in your Cloud console before performing the steps below. Your security group inbound ports must always match (i.e. a one to one mapping) with the underlying OS firewall inbound port rules.

Open a Remote Desktop Connection to your instance and follow the steps below:

4. Click “Advanced settings” link on left hand side vertical menu area

5. Select “Inbound Rules” on left hand side vertical menu area

6. In the “Name” column, select “TDV Ports” and double click it.