Configuring and Managing WebLogic Server
Configurable WebLogic Server resources, including network channels and domain-wide administration ports, help you effectively utilize the network features of the machines that host your applications and manage quality of service.
For many development environments, configuring WebLogic Server network resources is simply a matter of identifying a Managed Server's listen address and listen port. However, in most production environments, administrators must balance finite network resources against the demands placed upon the network. The task of keeping applications available and responsive can be complicated by specific application requirements, security considerations, and maintenance tasks, both planned and unplanned.
WebLogic Server allows you to control the network traffic associated with your applications in a variety of ways, and configure your environment to meet the varied requirements of your applications and end users. You can:
You specify these and other connection characteristics by defining a network channel—the primary configurable WebLogic Server resource for managing network connections. You configure a network channel with the Servers-->Protocols-->Channels tab of the Administration Console or by using
In this version of WebLogic Server, the functionality of network channels is enhanced to simplify the configuration process. Network channels now encompass the features that, in WebLogic Server 7.x, required both network channels and network access points. In this version of WebLogic Server, network access points are deprecated. The use of
NetworkChannelMbean is deprecated in favor of
If you do not assign a channel to a server instance, it uses WebLogic Server's default channel, which is automatically configured by WebLogic Server, based on the attributes in
SSLMBean. The default channel is described in The Default Network Channel.
SSLMBean represent a server instance and its SSL configuration. When you configure a server instance's Listen Address, Listen Port, and SSL Listen port, using the Server-->Configuration-->General tab, those values are stored in the
SSLMBean for the server instance.
If you do not specify a particular connection attribute in a custom channel definition, the channel inherits the value specified for the attribute in
ServerMBean. For example, if you create a channel, and do not define its Listen Address, the channel uses the Listen Address defined in
ServerMBean. Similarly, if a Managed Server cannot bind to the Listen Address or Listen Port configured in a channel, the Managed Server uses the defaults from
You can use network channels to manage quality of service, meet varying connection requirements, and improve utilization of your systems and network resources. For example, network channels allow you to:
You can also segregate instance administration and application traffic by configuring a domain-wide administration port or administration channel. For more information, see Administration Port and Administrative Channel.
If you use a network channel with a server instance on a multi-homed machine, you must enter a valid Listen Address either in
ServerMBean or in the channel. If the channel and
ServerMBean Listen Address are blank or specify the localhost address (IP address 0.0.0.0 or 127.*.*.*), the server binds the network channel listen port and SSL listen ports to all available IP addresses on the multi-homed machine. See The Default Network Channel for information on setting the listen address in
When initiating a connection to a remote server, and multiple channels with the same required destination, protocol and quality of service exist, WebLogic Server will try each in turn until it successfully establishes a connection or runs out of channels to try.
For RMI lookups only, WebLogic Server may upgrade the service level of an outgoing connection. For example, if a T3 connection is required to perform an RMI lookup, but an existing channel supports only T3S, the lookup is performed using the T3S channel.
This upgrade behavior does not apply to server requests that use URLs, since URLs embed the protocol itself. For example, the server cannot send a URL request beginning with
http:// over a channel that supports only
Every WebLogic Server domain has a default channel that is generated automatically by WebLogic Server. The default channel is based on the Listen Address and Listen Port defined in the
SSLMBean. It provides a single Listen Address, one port for HTTP communication (7001 by default), and one port for HTTPS communication (7002 by default). You can configure the Listen Address and Listen Port using the Configuration-->General tab in the Administration Console; the values you assign are stored in attributes of the
Using the default configuration ensures that third-party administration tools remain compatible with the new installation, because network configuration attributes remain stored in
Even if you define and use custom network channels for your domain, the default channel settings remain stored in
SSLMBean, and are used if necessary to provide connections to a server instance.
Note: Messages sent via the default channel can contain DNS information about the hosts they originate on or are destined to. If a T3 connection is established across a firewall that has network address translation (NAT) enabled, it is possible that some information about the network configuration behind the firewall will be revealed. Using the firewall to prevent T3 connections through the firewall will prevent this problem.
You can define an optional administration port for your domain. When configured, the administration port is used by each Managed Server in the domain exclusively for communication with the domain's Administration Server.
weblogic.Admincommand line utility. If you do not configure an administration port, administrative commands such as
SHUTDOWNwill not work on deadlocked server instances.
The administration port requires SSL, which is enabled by default when you install WebLogic Server. If SSL has been disabled for any server instance in your domain, including the Administration Server and all Managed Servers, re-enable it using the Server--> Configuration-->General tab in the Administration Console.
Ensure that each server instance in the domain has a configured default listen port or default SSL listen port. The default ports are those you assign on the Server-->Configuration-->General tab in the Administration Console. A default port is required in the event that the server cannot bind to its configured administration port. If an additional default port is available, the server will continue to boot and you can change the administration port to an acceptable value.
By default WebLogic Server is configured to use demonstration certificate files. To configure production security components, follow the steps in Configuring the SSL Protocol in Managing WebLogic Security.
Enable the administration port as described in Enabling the Domain-Wide Administration Port in Administration Console Online Help.
If you reboot Managed Servers at the command line or using a start script, specify the Administration Port in the port portion of the URL. The URL must specify the
https:// prefix, rather than
http://, as shown below.
Note: If you use Node Manager for restarting the Managed Servers, it is not necessary to modify startup settings or arguments for the Managed Servers. Node Manager automatically obtains and uses the correct URL to start a Managed Server.
If the standard WebLogic Server administrative channel does not satisfy your requirements, you can configure a custom channel for administrative traffic. For example, a custom administrative channel allows you to segregate administrative traffic on a separate NIC.
To configure a custom channel for administrative traffic, configure the channel as described in Configuring a Channel, and select "admin" as the channel protocol. Note the configuration and usage guidelines described in:
For instructions to configure a channel for a non-clustered Managed Server, see Configuring a Network Channel in Administration Console Online Help. To configure a channel for clustered Managed Servers see, Configuring Network Channels with a Cluster.
For a summary of key facts about network channels, and guidelines related to their configuration, see Configuring Channels: Facts and Rules.
.WLDefaultAdminChanneland reserves the
.WLprefix for channel names. do not begin the name of a custom channel with the string
If your configuration includes a a firewall between a proxy web server and a cluster (as described in Firewall Between Proxy Layer and Cluster, in Using WebLogicServer Clusters, and the clustered servers are configured with two custom channels for segregating https and http traffic, those channels must share the same listen address. Furthermore if both http and https traffic needs to be supported there must be a custom channel for each—it is not possible to use the default configuration for one or the other.
To configure a channel for clustered Managed Servers, note the information in Configuring Channels: Facts and Rules, and follow the guidelines described in the following sections.
For information and guidelines about configuring a WebLogic Server cluster, see Before You Start in Using WebLogic Clusters.
Use the instructions in Configuring a Network Channel in Administration Console Online Help to create a new network channel for each Managed Server in the cluster. When creating the new channels:
Use of more than about twenty channels in a cluster can result in the formation of multicast header transmissions that exceed the default maximum packet size. The
MTUSize attribute in the
Server element of
config.xml sets the maximum size for packets sent using the associated network card to 1500. Sending packets that exceed the value of
MTUSize can result in a j
ava.lang.NegativeArraySizeException. You can avoid exceptions that result from packet sizes in excess of
MTUSize by increasing the value of
MTUSize from its default value of 1500.