Security Responsibilities

To use WebLogic Management securely, learn about your security and compliance responsibilities.

In general, Oracle provides security of cloud infrastructure and operations, such as cloud operator access controls and infrastructure security patching. You are responsible for securely configuring your cloud resources. Security in the cloud is a shared responsibility between you and Oracle.

Oracle is responsible for the following security requirements:

• Physical Security: Oracle is responsible for protecting the global infrastructure that runs all services offered in Oracle Cloud Infrastructure. This infrastructure consists of the hardware, software, networking, and facilities that run Oracle Cloud Infrastructure services.
• Data Encryption: Oracle uses standard Oracle Cloud Infrastructure encryption for all data stored at rest in WebLogic Management. No additional configuration is necessary.

  WebLogic Management users don't use encryption keys directly. Internally, WebLogic Management stores data in an autonomous database, which uses Oracle Cloud Infrastructure Vault to securely store encryption keys. Oracle manages and secures these resources.

  For each WebLogic Server domain discovered by the WebLogic Management the following metadata is retrieved and stored:

  • Identification
    • Domain name and path
    • UUID based on a hexdump of the domain's SerializedSystemIni.dat
  • Networking
    • Listen address of servers in the domain
    • Listen address of node managers in the domain
    • Port of node managers in the domain
    • Port of the administration server for the domain
  • Software
    • Path to and version of the JDK used by a domain
    • Operating system of the compute instances on which the domain's files are placed
    • Operating system architecture of the compute instances on which the domain's files are placed
  • Middleware
    • Path to the middleware used by a domain
    • Index number of the path to the middleware used by a domain
    • The type of the middleware used by a domain (Fusion Middleware, WebLogic Server)
    • Version of the middleware used by a domain
    • Patch IDs of patches applied to a middleware used by a domain
    • The latest patch application date recorded by OPatch in the middleware used by a domain
  • Servers
    • The last time servers in the domain were started
    • The type of each server on the domain (configured, dynamic, or coherence)
  Important
  
  The metadata stored does not cross regional boundaries.
• Data Durability: Oracle configures the autonomous database used by Oracle WebLogic Management Service for daily backups. No additional backup configuration by you is necessary.

Your security responsibilities are described on this page, which include the following areas:

• Access Control: Limit privileges as much as possible. Users should be given only the access necessary to perform their work.
• Agent Security: Configure the agent to only scan the wanted directories and with the wanted frequency. See Modifying Scan Settings and Overriding Scan Settings for a Managed Instance.