Chapter 2 Performing a Secure Oracle VM Installation

This section provides an overview to planning an installation, and instructions for installing a secure system. It describes security-related deployment issues for each installed component; for example, MySQL database and Oracle WebLogic Server.

Oracle VM Manager automatically installs into a secure state. This section explains any security implications for choices made in the installation procedure, and how to enable any high security options, such as SSL. As the installation instructions suggest, the user should avoid installing or running components that are not needed in a specific deployment.

Security measures applied in a default installation include:

  • Active software firewalls (iptables) which only open standard required ports.

    Note

    If your firewall has been disabled prior to installation, you should enable the iptables service after installation to allow the firewall rules to take effect.

  • SSL encryption for all Oracle VM Agent communications.

    Note

    If you are upgrading from an Oracle VM version older than build 3.1.1.165, some Oracle VM Agent communications that were previously unencrypted are automatically reconfigured. From this build forward, SSL encryption is set by default for all Oracle VM Agent communications.

  • HTTPS access to the Oracle VM Manager GUI.

  • User credentials and authentication managed by Oracle WebLogic Server security realms:

    https://docs.oracle.com/middleware/1213/wls/SCOVR/realm_chap.htm#SCOVR186

  • Small footprint JeOS-like operating system: Oracle Linux without unused packages in order to minimize attack surface.