A machine represents the physical machine that hosts one or more WebLogic Server instances. WebLogic Server uses configured machine names to determine the optimum server in a cluster to which certain tasks, such as HTTP session replication, are delegated. The Administration Server uses the machine definition in conjunction with the Node Manager application to start remote WebLogic Server instances.
Tasks
Configuring a Machine
Click the Machines node. The Machines table displays in the right pane showing all the machines defined in the domain.
Click the Configure a New Machine link (or, if you are configuring a UNIX machine, click the Configure a New Unix Machine link). A dialog displays in the right pane showing the tabs associated with the new machine.
Enter a name for the new machine in the Name attribute field. This name is used to identify the machine within the WebLogic Server domain; it does not have to correspond to the machine's network name.
Note: Assign a unique name to the machine. Each configurable resource in your WebLogic Server environment should have a unique name.
Click Create to create a machine instance with the name you specified. The new instance is added to the Machines node in the left pane.
Click the Node Manager tab to define the Node Manager connection and authentication attributes for the machine. Click Apply to apply your changes.
Click the Servers tab to identify which Managed Servers reside on this machine. To assign an existing server to this machine, select the server name in the Available column, and click the appropriate arrow to move the server to the Chosen column.
Click Apply to apply your changes. The new machine entry now specifies the attributes required to connect to the Node Manager process running on the machine, as well as identify which WebLogic Server instances reside on the machine.
Cloning a Machine
Click the Machines node. The Machines table displays in the right pane showing all the machines defined in the domain.
Click the Clone icon in the row of the machine you want to clone. A dialog displays in the right pane showing the tabs associated with cloning a machine.
Enter a name for the new machine in the Name attribute field.
Click Clone to create a machine instance with the name you specified in the Name field. The new instance is added under the Machines node in the left pane.
Click the Node Manager tab and modify the connection information as needed.
Click the Servers tab and modify the list of servers that this machine hosts.
Click Apply to save the changes.
Deleting a Machine
Click the Machines node. The Machines table displays in the right pane showing all the machines defined in the domain.
Click the Delete icon in the row of the machine you want to delete. A dialog displays in the right pane asking you to confirm your deletion request.
Click Yes to delete the machine. The machine instance is deleted from the Machines node in the left pane.
Assign a WebLogic Server Instance to a Machine
Click the instance node in the left pane under Machines for the machine that host the WebLogic Server instance. A dialog displays in the right pane showing the tabs associated with this instance.
Click the Servers Tab in the right pane.
Select a server from the Available box.
Click the right arrow to move the server to the Chosen box.
Click Apply.
Binding to Protected Ports on UNIX
On UNIX systems, only processes that run under a privileged user account (in most cases, root) can bind to ports lower than 1024. However, long-running processes like WebLogic Server should not run under these privileged accounts.
If you want a WebLogic Server instance to bind to protected ports (such as port 80), do either of the following:
Start WebLogic Server instances from a non-privileged account and configure your firewall to use Network Address Translation (NAT) software to map protected ports to unprotected ones. BEA does not provide NAT software.
For each WebLogic Server instance that needs access to privileged ports, configure the server to start under a privileged user account, bind to privileged ports, and change its user ID to a non-privileged account.
Note: WebLogic Server uses native code to change user IDs. To verify that this feature is supported for your UNIX platform, refer to "Supported Configurations."
To configure a server instance to bind to protected ports on UNIX:
Stop the server instances that you want to configure.
Create a UNIX machine and assign the server to the machine:
In the Administration Console, in the left pane, click on the Machines folder.
In the right pane, select the Configure a New Unix Machine link.
On the Create a New UNIX Machine page, in the Name field, enter a name for the new machine.
A machine represents the physical machine that hosts one or more WebLogic Server instances. BEA recommends that you create one UNIX machine for each UNIX host that runs instances of WebLogic Server.
The machine name is used for identification within the WebLogic Server domain; it does not have to correspond to the machine's network name.
Note: Assign a unique name to the machine. Each configurable resource in your WebLogic Server environment should have a unique name.
To specify a non-privileged user account under which the server instance runs, place a check mark in the Enable Post-bind UID field and enter the user ID in the Post-Bind UID field.
The user ID that you enter must have read, write, and execute privileges within the BEA Home directory, the WebLogic Server product directory tree, and your domain directory.
The default value of the Post-Bind UID field, nobody, is a standard UNIX account that provides the least possible privileges. While the nobody account is acceptable for use in a development environment, in a production environment, BEA recommends that you create an operating-system user account specifically for running instances of WebLogic Server. See "Securing the WebLogic Server Host."
To specify a non-privileged group instead of (or in addition to) providing a user ID, place a check mark in the Enable Post-bind GID field and enter the group ID in the Post-Bind GID field.
Click Create.
Select the Servers tab. Move each server instance that you want to run on this UNIX machine from the Available list to the Chosen list. Then click Apply.
If you want to use the Node Manager to start server instances on this UNIX machine, click the Node Manager tab and specify the address and listen port through which the Node Manager can be reached.
The WebLogic Server instance starts under the privileged user ID. After it binds to ports, it invokes native code to change its user or group ID to the one you specified in the UNIX machine configuration.
Binding to Protected Ports with Servers That a Node Manager Starts
Node Manager is a small Java application that runs on WebLogic Server hosts and can start and stop instances of WebLogic Server. When Node Manager starts a server instance, the server instance starts under the same user account under which the Node Manager is running.
If you Node Manager to start server instances that bind to protected ports, you must run the Node Manager under a privileged account. If you configure a post-bind user ID or group for a server instance, after Node Manager starts a server, the server binds to ports and then changes the user account under which it runs.
In a production environment, BEA recommends that you do the following to secure Node Manager:
Configure the Node Manager to listen on a port that is secured by SSL.
In the Node Manager's nodemanager.hosts file, specify the host name of the Administration Server only.
