1. Migrating Oracle Java Cloud Service Instances to Oracle Cloud Infrastructure Using Migration Tools
  2. Migrate an Instance to Oracle Java Cloud Service Using Application Migration Service

5 Migrate an Instance to Oracle Java Cloud Service Using Application Migration Service

Use Application Migration in Oracle Cloud Infrastructure to migrate your Oracle WebLogic Server domain resources and applications from your existing Oracle Java Cloud Service instance in Oracle Cloud Infrastructure Classic to a new instance in Oracle Cloud Infrastructure.

Application Migration is available only in specific Oracle Cloud Infrastructure regions. See Overview of Application Migration in the Oracle Cloud Infrastructure documentation.

Application Migration does not support the migration of WebLogic Server domains that include these types of resources:

  • Custom Identity or Trust Keystore
  • Foreign JNDI Provider
  • Foreign JMS Server
  • JMS Bridge Destination
  • Storage-and-Forward (SAF) Context
  • JavaMail Session
  • WebLogic Diagnostic Framework (WLDF) REST Notification Endpoint

If your source Oracle Java Cloud Service instance uses these resource types, then Oracle recommends using the Oracle Cloud Infrastructure Classic Java Migration Tool instead of Application Migration. See Migrate an Instance to Oracle Java Cloud Service Using Classic Tools.

Before you begin the migration process, see Prepare to Migrate Oracle Java Cloud Service to Oracle Cloud Infrastructure.

When you migrate an Oracle Java Cloud Service instance, the following terms are used:

  • Source: The connection to your Oracle Cloud Infrastructure Classic account in Application Migration.
  • Source Instance: The Oracle Java Cloud Service instance in Oracle Cloud Infrastructure Classic.
  • Target Instance: The Oracle Java Cloud Service instance in Oracle Cloud Infrastructure.

Topics:

Perform Prerequisite Tasks for Oracle Java Cloud Service

Before you use Application Migration Service to create an Oracle Java Cloud Service instance in an Oracle Cloud Infrastructure region, you must create the required infrastructure resources.

Create the following Oracle Cloud Infrastructure resources if they don't already exist:

  • A compartment
  • A virtual cloud network (VCN) and at least one subnet
  • A storage bucket and user authentication token for backups (optional)
  • Policies that allow Oracle Java Cloud Service to access the resources in your compartment

See Prerequisites for Oracle Platform Services in the Oracle Cloud Infrastructure documentation.

Application Migration Service automatically creates an Oracle Cloud Infrastructure Database before it creates the target instance. Oracle Java Cloud Service provisions the required infrastructure schema to this database.

Create a Source

Use Application Migration to connect to your Oracle Cloud Infrastructure Classic account and region.

  1. From the Oracle Cloud Infrastructure console, navigate to Application Migration.
  2. Select the Compartment in which to create the source.
  3. Click Sources.
  4. Click Create Source.
  5. Enter a Name and Description for the source.
  6. For Source Type, select Oracle Cloud Infrastructure - Classic.
  7. For Account, enter the name of your Oracle Cloud Infrastructure Classic account.
  8. Select the Oracle Cloud Infrastructure Classic Region in which you created your source Oracle Java Cloud Service instance.
  9. Enter credentials for this Oracle Cloud Infrastructure Classic account that have access to Oracle Java Cloud Service.
  10. Click Create.

For more information, see Manage Sources in the Oracle Cloud Infrastructure documentation.

Create a Migration

Use Application Migration to connect to the WebLogic Server domain for the Oracle Java Cloud Service instance within your source.

  1. From the Oracle Cloud Infrastructure console, navigate to Application Migration.
  2. Select the Compartment that contains your source.
  3. Click Sources, and then select your source.
  4. Click Actions Actions icon with 3 dots for the Oracle Java Cloud Service instance that you want to migrate, and then click Create Migration.
  5. Enter a Name and Description for the migration.
  6. Enter the WebLogic Server administrator credentials for the Oracle Java Cloud Service instance.
  7. Set the Target Instance Type to Oracle Java Cloud Service.
  8. Click Create.

For more information, see Manage Migrations in the Oracle Cloud Infrastructure documentation.

Configure and Run a Migration

Use Application Migration to create the target Oracle Java Cloud Service instance in Oracle Cloud Infrastructure. Specify a network, databases, and other details.

  1. From the Oracle Cloud Infrastructure console, navigate to Application Migration.
  2. Select the Compartment that contains your migration.
  3. Click Migrations, and then select your migration.
  4. Click Configure.
  5. In the Configure Service section, click Configure.
  6. Select the Availability Domain in which you want to create the target instance.
  7. Select the Virtual Cloud Network and Subnet in which you want to create the target instance.
  8. Enter the System Database Administrator Password for the new Oracle Cloud Infrastructure Database.
  9. Upload or paste the public SSH Key to use for the target instance and database.
  10. Enter the WebLogic Server administrator credentials for the target instance.
  11. Click Configure to return to the Configure Migration page.
  12. If your source instance includes custom Java Database Connectivity (JDBC) data sources, then provide the location and password of the new application databases in Oracle Cloud Infrastructure.
    1. In the Configure Application section, click Configure.
    2. For each data source, enter the Connection String to the corresponding Oracle Cloud Infrastructure Database.

      The following table shows the URL format to use, depending on the Oracle Database version, and whether you created a Virtual Machine (VM) or Bare Metal database type.

      Database Version Database Type URL Format
      12c VM jdbc:oracle:thin:@//<db_hostname>-scan.<db_domain>:<db_port>/<pdb_name>.<db_domain>
      12c Bare Metal jdbc:oracle:thin:@//<db_hostname>.<db_domain>:<db_port>/<pdb_name>.<db_domain>
      11g VM jdbc:oracle:thin:@//<db_hostname>-scan.<db_domain>:<db_port>/<db_unique_name>.<db_domain>
      11g Bare Metal jdbc:oracle:thin:@//<db_hostname>.<db_domain>:<db_port>/<db_unique_name>.<db_domain>

      The following example shows a Virtual Machine database named myappdb, that is running Oracle Database 12c, and contains a PDB named pdb1: 

      jdbc:oracle:thin:@//myappdb-scan.mydbsubnet.myvcn.oraclevcn.com:1521/pdb1.mydbsubnet.myvcn.oraclevcn.com
    3. For each data source, set the Data Source Password.
    4. Click Configure to return to the Configure Migration page.
  13. Click Save and Run.
  14. When prompted for confirmation, click Start.

Use Application Migration to monitor the progress of your work request.

If the work request indicates that the import step of the migration failed, you can get additional information by connecting to the first node in the target instance. Access the log files found at /u01/weblogic-deploy and /u01/jcsmig. After correcting the problem, you can run the migration again.

For more information, see Manage Migrations in the Oracle Cloud Infrastructure documentation.

Copy Supporting Files to the Target Instance

Identify and copy any files to your target Oracle Java Cloud Service instance that are not automatically managed by Application Migration.

Application Migration migrates the following types of files from your source instance's domain configuration to your target instance's domain configuration:

  • Application deployments
  • Library deployments
  • Custom keystores

Other files that your applications or domain resources require are not automatically managed by Application Migration, including files that are located outside the DOMAIN_HOME directory. You must manually copy these files to the target instance.

  1. Use SSH to connect to the Administration Server node in your source instance.
    ssh -i <privatekey> opc@<source_admin_IP>
  2. Switch to the oracle user.
    sudo su - oracle
  3. Identify any supporting files that need to be copied to the target instance.
  4. Copy the files to the /tmp directory.
    Example:
    cp /u01/myfiles/app.properties /tmp

    Note:

    If you have multiple files to transfer, then consider adding them to a single archive file.
  5. Change the owner of the files to the opc user.
    Example:
    exit
sudo chown opc:opc /tmp/app.properties
  6. Disconnect from the node.
  7. Use SCP to download the files from the Administration Server node in your source instance to your local computer.
    Example:
    scp -i <privatekey> opc@<source_admin_IP>:/tmp/app.properties .
  8. Use SCP to upload the files to the Administration Server node in your target instance.
    Example:
    scp -i <privatekey> app.properties opc@<target_admin_IP>:/tmp
  9. Use SSH to connect to the Administration Server node in your target instance.
    ssh -i <privatekey> opc@<target_admin_IP>
  10. Change the owner of the files to the oracle user.
    Example:
    sudo chown oracle:oracle /tmp/app.properties
  11. Switch to the oracle user.
    sudo su - oracle
  12. Move the files to the same location that they were found on the source instance.
    Example:
    mkdir /u01/myfiles
mv /tmp/app.properties /u01/myfiles
  13. Disconnect from the node.

Recreate Oracle Fusion Middleware Security Resources

If you created any custom users, groups, roles or policies in your source Oracle Java Cloud Service instance, then you must recreate them in the target instance.

Application Migration does not automatically migrate any Oracle Fusion Middleware security resources that you created to support your applications, including users, roles and policies. Perform this task if your source domain includes applications that use Oracle Fusion Middleware (FMW), Oracle Platform Security Services (OPSS), Oracle Application Development Framework (ADF) or Oracle Web Services Manager (WSM).

  1. Access the Fusion Middleware Control Console for your source instance.
    https://<source_admin_ip>:7002/em
  2. Sign in to the console as your Oracle WebLogic Server system administrator.
  3. From a different browser window or tab, sign in to the Fusion Middleware Control Console for your target instance.
    https://<target_admin_ip>:7002/em
  4. Recreate users and groups.
    1. From both consoles, click WebLogic Domain, select Security, and then select Security Realms.
    2. From both consoles, click the realm, and then click Users and Groups.
    3. Identify any custom users in the source instance, and then recreate these users in the target instance.
    4. From both consoles, click Groups.
    5. Identify any custom groups in the source instance, and then recreate these groups in the target instance.
  5. Recreate roles and policies.
    1. From both consoles, click WebLogic Domain, select Security, and then select Application Roles.
    2. Identify any roles in the source instance, and then recreate these roles in the target instance.
    3. From both consoles, click WebLogic Domain, select Security, and then select Application Policies.
    4. Identify any policies in the source instance, and then recreate these policies in the target instance.
    5. From both consoles, click WebLogic Domain, select Security, and then select System Policies.
    6. Identify any system policies in the source instance, and then recreate these system policies in the target instance.
    7. For Name, select Includes, and then enter the text common/wsm-agent-core.
    8. Click Search System Security Grants Right arrow icon.
    9. Identify any custom permissions that you created for this system library in the source instance, and then recreate these permissions in the target instance.
      Repeat this process if you created custom permissions for other system libraries.
  6. Recreate keystores.
    1. From both consoles, click WebLogic Domain, select Security, and then select Keystore.
    2. Identify any custom keystores in the source instance, and then recreate these keystores in the target instance.

      If any of the following aliases are present in the system keystores, do not modify them:

      Keystore Aliases
      system/trust democa, idcs_root_ca
      system/demoidentity DemoIdentity
      system/castore democa
      system/publiccacerts <name> [jdk], idcs_root_ca
      opss/trustservice_ts trustservice, cloudca
      opss/trustservice_ks trustservice
      owsm/keystore oauth_<identity_domain>_trust_sign, cloudca, orakey

      For more information, see these topics in Securing Applications with Oracle Platform Security Services:

  7. Recreate credential maps.
    1. From both consoles, click WebLogic Domain, select Security, and then select Credentials.
    2. Identify any custom credential maps in the source instance, and then recreate these credential maps in the target instance.

      Do not modify the default credential maps, including oracle.wsm.security.

      For more information, see these topics in Securing Applications with Oracle Platform Security Services:

  8. Reconfigure security providers.
    1. From both consoles, click WebLogic Domain, select Security, and then select Security Provider Configuration.
    2. Compare the security provider configuration of the source and target instances, and then update the configuration of the target instance as necessary.

      Do not modify the Security Store.

  9. Reconfigure the audit service.
    1. From both consoles, click WebLogic Domain, select Security, and then select Audit Registration and Policy.
    2. Compare the audit policy settings of the source and target instances, and then update the settings of the target instance as necessary.
  10. Recreate Web Services Manager (WSM) policies.
    1. From both consoles, click WebLogic Domain, select Web Services, and then select WSM Policies.
    2. Identify any custom policies in the source instance, and then recreate these policies in the target instance.
      The default policies are read-only and identified with a lock icon.

      For more information, see these topics in Securing Web Services and Managing Policies with Oracle Web Services Manager:

    3. From both consoles, click WebLogic Domain, select Web Services, and then select WSM Policy Sets.
    4. Identify any policy sets in the source instance, and then recreate these policy sets in the target instance.

Migrate Oracle Identity Cloud Service Roles and Policies

If your source Oracle Java Cloud Service instance uses Oracle Identity Cloud Service for authentication, then you must migrate the administrator roles and web tier policy to the target instance.

The source and target instances are each associated with a security application in Oracle Identity Cloud Service. The security application grants administrative rights for the WebLogic Server domain to specific users and groups in Oracle Identity Cloud Service.

Your source and target instances must be in the same identity domain.

  1. Access the Oracle Identity Cloud Service console.
  2. Click the navigation drawer Navigation menu icon, and then select Applications.
  3. Export the administrator roles for your source instance.
    1. Click the security application for your source instance, JaaS_<source_instance_name>.
    2. Click Application Roles.
    3. Click Export, and then select Export All.
    4. When prompted for confirmation, click Export Application Roles.
    5. Click the job ID.
      If a job ID link is not displayed, click the navigation drawer Navigation menu icon, select Jobs, and then click the job.
    6. After the export job has finished, click Download. Save the file AppRoleExport_<id>.csv to your computer.
    7. Click the navigation drawer Navigation menu icon, and then select Applications.
  4. Export the web tier policy for your source instance.
    1. Click the security application for your source instance, JaaS_<source_instance_name>.
    2. Click Web Tier Policy.
    3. Click Export. Save the file CloudGatePolicy.txt to your computer.
    4. From the navigation links at the top of the page, click Applications.
  5. Import the administrator roles to your target instance.
    1. Click the security application for your target instance, JaaS_<target_instance_name>.
    2. Click Application Roles.
    3. Click Import.
    4. Select the file AppRoleExport_<id>.csv on your computer, and then click Import.
    5. Click the job ID link.
      If a job ID link is not displayed, click the navigation drawer Navigation menu icon, select Jobs, and then click the job.
    6. Verify that the import job has finished.
      You can ignore any error in the job with these messages:
      • "Grant already exists" - the same user or group is already assigned to the role
      • "Missing required attribute(s): Grantee" - no users or groups are assigned to the role
    7. Click the navigation drawer Navigation menu icon, and then select Applications.
  6. Import the web tier policy to your target instance.
    1. Click the security application for your target instance, JaaS_<target_instance_name>.
    2. Click Web Tier Policy.
    3. Click Import. Select the file CloudGatePolicy.txt on your computer.
      You might need to refresh your web browser in order to view the resources that you imported from the policy file.
    4. Click Validate.
    5. Verify that the web tier policy validation was successful.
    6. From the navigation links at the top of the page, click Applications.
  7. Assign any custom applications to the roles for your target instance.
    1. Click the security application for your source instance, JaaS_<source_instance_name>.
    2. Click Application Roles.
    3. If there is an Applications Assigned link for the first role, click this link, and then record the application names for this role.
    4. Repeat the previous step for all remaining roles in this application.
    5. From the navigation links at the top of the page, click Applications.
    6. Click the security application for your target instance, JaaS_<target_instance_name>.
    7. Click Application Roles.
    8. Click Menu Menu icon for the first role, and then select Assign Applications.
    9. Select the same applications that are assigned to this role in the source instance, and then click OK.
    10. Repeat the previous step for all remaining roles in this application.
    11. From the navigation links at the top of the page, click Applications.
  8. Configure any custom security settings for your target instance.
    1. Click the security application for your source instance, JaaS_<source_instance_name>.
      The Details page is displayed.
    2. From a different browser window or tab, view the security application for your target instance, JaaS_<target_instance_name>.
    3. Compare the Details page of the source and target applications, and then update the target application as necessary. Click Save.
    4. From both browser windows or tabs, click Configuration.
    5. Expand Resources on the Configuration page.
    6. Compare the Resources of the source and target applications, and then update the target application as necessary. Click Save.
      Ignore the resources named OCMSApp and LBAAS. You do not need to create these resources in the target instance.
    7. Expand Client Configuration on the Configuration page.
    8. Compare the Client Configuration of the source and target applications, and then update the target application as necessary.