Before you attempt to use WLS-VE, you need to establish a level of security to protect the integrity of your data and the safety of your transactions. This section describes the most critical security measures you should take before working with WLS-VE. These are:
To ensure the most secure environment for running WLS-VE, BEA recommends that you take the basic security measures required for a non-virtualized implementation of WebLogic Server. These measures are:
Please refer to Securing a Production Environment for complete information on setting up basic WLS security. Also see the manufacturer's security documentation for any application you plan to run on WLS-VE.
WARNING: | The following information is of critical importance. Please read this section in its entirety. |
WebLogic Server VE requires you to store WebLogic Server domain directories on NFS file servers and to create mount points that WebLogic Server VE uses to read and write domain data. The domain directories can contain sensitive data that must be protected in order to secure your WLS-VE environment.
To guard against attack, BEA recommends all of the following actions:
If you plan to use VMware's VirtualCenter, you should follow all of the security practices recommended by VMware. See the VMware Infrastructure Documentation for more information.
You should use SSL to connect to VirtualCenter, as described in Setting Up VMware and Enabling SSL.
In addition to taking the security measures recommended by VMware, you should also secure your VirtualCenter password by removing it (actually, the encrypted representation of it) from the bea.lvm.info
file. While the password is stored in an encrypted form to provide a high level of security, you still run the risk of it being compromised. To remove it from the .info
file, do the following:
Once the password is removed from the .info
file, you will need to supply it every time you try to create or start a WLS-VE instance.