Reference architectures
The following supported connectivity options can help you connect to Teradata VantageCloud Enterprise:
AWS Transit Gateway enables cloud-to-cloud connections.
AWS Site-to-Site VPN enables on-premises-to-cloud connections and cloud-to-cloud connections.
AWS PrivateLink enables cloud-to-cloud connections
AWS Direct Connect enables on-premises-to-cloud connections.
You can use Direct Connect (recommended option) and Site-to-Site VPN to connect your on-premises environment to Teradata VantageCloud Enterprise. Transit Gateway (recommended option), PrivateLink, and Site-to-Site VPN are the supported options for connecting your AWS account to Teradata VantageCloud Enterprise.
VPC connection options
Teradata supports the following virtual private connection (VPC) connection options.
Connection | Typical use case | Description |
Transit Gateway | Connecting a VPC in your AWS account to a VPC in a Teradata AWS account Connecting to multiple sites and multiple appliances from a VPC in your AWS account to a VPC in a Teradata AWS account | A good option if you require scaling and a single point of control while working with multiple AWS sites for Teradata, especially in a hybrid setup Offers more control when managing network traffic Doesn't support inter-Region connectivity |
Site-to-Site VPN | Connecting a VPC in your AWS account to a VPC in a Teradata AWS account Connecting an on-premises data center to a VPC in a Teradata AWS account Vantage must initiate a connection to one or more applications* in your VPC | Bidirectional connection initiation IP address abstraction that prevents the need for IP address planning |
PrivateLink | Connecting a VPC in your AWS account to a VPC in a Teradata AWS account Vantage must not initiate communication with any application* in your VPC | Unidirectional connection initiation Requires set up and maintenance of one reverse PrivateLink endpoint if LDAP is needed (from a Teradata VPC to your VPC) Number of PrivateLink endpoints required varies based on applications* |
Direct Connect | Connecting an on-premises data center to a VPC in a Teradata AWS account | Dependency on ISP for implementation |
*Application examples include another Teradata instance, Teradata QueryGrid
Transit Gateway architecture
A network architecture based on AWS Transit Gateway
You can use Transit Gateway to establish the following types of connections:
Teradata VantageCloud to Teradata VantageCloud Enterprise
Your VPC to Teradata VantageCloud Enterprise
Transit Gateway is owned and managed by you. The Transit Gateway-to-Teradata VantageCloud Enterprise VPC connection and data egress add additional costs that you're responsible for.
The following diagram shows how you can connect your data center to a VPC in your AWS account by using either Direct Connect or a VPN. You can use Transit Gateway to shut down the connection from your data center.

Note
VPCs for Teradata VantageCloud Enterprise deployments that are managed by Teradata are attached to Transit Gateway in your AWS account.
Site-to-site VPN architecture
A single AWS Site-to-Site VPN connection is included with a subscription to Teradata VantageCloud Enterprise. This type of connection is also known as an AWS managed VPN connection. The connection can support up to 1.25 gigabits (Gb) per second. Network egress fees apply as VPN traffic is routed over the internet.
Both hybrid and multi-cloud to AWS managed VPN options are supported. For Amazon VPC-to-Amazon VPC VPN connectivity, you can set up a software VPN. For more information, see Software VPN-to-AWS Site-to-Site VPN in the AWS Whitepaper documentation.
The following diagram shows a Site-to-Site VPN architecture that supports two VPN configurations. You can connect a Site-to-Site VPN from your data center to Teradata VantageCloud Enterprise VPCs. You can also connect a Site-to-Site VPN from your AWS account to the Teradata VantageCloud Enterprise VPCs.

PrivateLink architecture
AWS PrivateLink
PrivateLink allows only unidirectional network connectivity. Applications that require a connection to be initiated from both endpoints require two PrivateLink connections.
The following diagram shows a PrivateLink architecture where a private endpoint in an AWS account uses PrivateLink to connect to Teradata Vantage SQL Engine nodes. A private endpoint in the AWS account also uses PrivateLink to connect to a Teradata Viewpoint server. In the diagram, LDAP is configured with two PrivateLink connections in place for communication between the VPC in the Teradata AWS account and the VPC in the AWS account.

For more information, see AWS PrivateLink
Direct Connect architecture
You can use AWS Direct Connect
Direct Connect supports two architecture options. The first option is the recommended option and uses Direct Connect gateway and a virtual private gateway as the following diagram shows.

To build an architecture based on the preceding diagram, you must create a Direct Connect gateway in your AWS account and shut down the private virtual interface (VIF) to the Direct Connect gateway. You will then need to accept the association proposal for the virtual private gateway on the Teradata AWS account.
The second architecture option uses a hosted private VIF and a virtual private gateway as the following diagram shows.

To build an architecture based on the preceding diagram, you must create a hosted private VIF and share the VIF with Teradata VantageCloud Enterprise to establish connectivity. A private VIF is a network interface that enables you to use Direct Connect to connect with another AWS account, such as a Teradata VantageCloud Enterprise AWS account. Network egress fees apply on private VIFs.