Table of Contents
This section provides an overview to planning an installation, and instructions for installing a secure system. It describes security-related deployment issues for each installed component; for example, MySQL database and Oracle WebLogic Server.
Oracle VM automatically installs into a secure state. This section explains any security implications for choices made in the installation procedure, and how to enable any high security options, such as SSL. As the installation instructions suggest, the user should avoid installing or running components that are not needed in a specific deployment.
Security measures applied in a default installation include:
Active software firewalls (iptables) which only open standard required ports.
NoteIf your firewall has been disabled prior to installation, you should enable the iptables service after installation to allow the firewall rules to take effect.
SSL encryption for all Oracle VM Agent communications.
NoteIf you are upgrading from an Oracle VM version older than build 3.1.1.165, some Oracle VM Agent communications that were previously unencrypted are automatically reconfigured. From this build forward, SSL encryption is set by default for all Oracle VM Agent communications.
HTTPS access to the Oracle VM Manager GUI.
User credentials and authentication managed by Oracle WebLogic Server security realms:
http://docs.oracle.com/cd/E21764_01/web.1111/e13710/realm_chap.htm#SCOVR186
Small footprint JeOS-like operating system: Oracle Linux without unused packages in order to minimize attack surface.