Create an Oracle Java Cloud Service Instance Attached to a Private Subnet on Oracle Cloud Infrastructure

When you create an Oracle Java Cloud Service instance in an Oracle Cloud Infrastructure region, you can attach the instance to either a private subnet or a public subnet. If you attach the instance to a private subnet, then the nodes of the instance can’t have public IP addresses. They are isolated from the public Internet.

Note:

For the instructions to create an instance attached to a public subnet, see Create an Oracle Java Cloud Service Instance Attached to a Public Subnet on Oracle Cloud Infrastructure.

You can create an Oracle Java Cloud Service instance using Oracle WebCenter Portal and Oracle Data Integrator only through the REST API.

Create the Required Resources in Oracle Cloud Infrastructure

Before creating an Oracle Java Cloud Service instance attached to a private subnet, you must fulfill certain prerequisites, including creating the required identity, networking, and storage resources in Oracle Cloud Infrastructure.

  1. Generate an SSH key pair.

    See Generate a Key Pair with OpenSSH.

    Note the path and name of the files that contain the private and public keys. You’ll need the keys later.

  2. Complete the following steps from the tutorial Tutorial icon Creating the Infrastructure Resources Required for Oracle Platform Services:
    1. Create a compartment.
      If you want to create the Oracle Cloud Infrastructure resources in an existing compartment, then skip this step.
    2. Create a virtual cloud network (VCN) in the compartment you created or identified.
      If you want to use an existing VCN, then skip this step.
    3. Create a policy to allow Oracle Cloud platform services to use the networking resources in the compartment that you created or identified.
      If the required policy exists for the compartment that you want to use, then skip this step.
    4. Create a bucket in the Object Storage service to store backups of your Oracle Java Cloud Service instance.

      Note:

      The user creating the bucket must be either a local user in Oracle Cloud Infrastructure Identity and Access Management (IAM), or a synchronized user created automatically by a federated identity provider.

      If you’d like to use a bucket that was created previously, then skip this step.

      Note the name of the bucket. You’ll need it later while creating the service instances.

    5. Generate an authentication token for the user who created the bucket.

      If you have the required token already, then skip this step.

      Note the authentication token value. You’ll need it later while creating the service instances.

  3. In the VCN that you created or identified earlier, create the required networking resources:
    1. Create a service gateway.

      The service gateway is required for the Oracle Java Cloud Service instance to access Oracle Cloud Infrastructure Object Storage.

      See Setting Up a Service Gateway in the Oracle Cloud Infrastructure documentation.

    2. Create an internet gateway.

      The internet gateway enables communication between the public Internet and the bastion node.

      See Working with Internet Gateways in the Oracle Cloud Infrastructure documentation.

    3. (Optional) Create a NAT gateway.

      The NAT gateway is required for the nodes of the Oracle Java Cloud Service instance to access the public Internet. Such access would be useful when (for example) you want to allow the nodes to access the Oracle Yum server to download additional packages or OS patches.

      See Setting Up a NAT Gateway in the Oracle Cloud Infrastructure documentation.

    4. Create the following route table:

      See Working with Route Tables in the Oracle Cloud Infrastructure documentation.

      Route Table route.public for the Public Subnets
      Route Rule Destination Target
      To route traffic bound for the public Internet through the internet gateway CIDR: 0.0.0.0/0 Internet gateway
      Route Table route.private for the Private Subnet
      Route Rule Destination Target
      To route traffic bound for the Object Storage service through the service gateway Service: OCI region Object Storage Service gateway
      (Optional) To route traffic bound for the public Internet through the NAT gateway CIDR: 0.0.0.0/0 NAT gateway
    5. Create the following security lists:

      See Working with Security Lists in the Oracle Cloud Infrastructure documentation.

      Security List seclist.bastion for the Bastion Subnet
      Security Rule Source / Destination IP Protocol / Port
      (Ingress) To allow SSH connections to the bastion node Source CIDR: 0.0.0.0/0 SSH / 22
      (Egress) To allow all outbound traffic Destination CIDR: 0.0.0.0/0 All protocols / ports
      Security List seclist.lb for the Load Balancer Subnets
      Security Rule Source / Destination IP Protocol / Port
      (Ingress) To allow traffic from the other compute nodes in the VCN Source CIDR: 10.0.0.0/16 All protocols / ports
      (Egress) To allow all outbound traffic Destination CIDR: 0.0.0.0/0 All protocols / ports
      Security List seclist.private for the Private Subnet
      Security Rule Source / Destination IP Protocol / Port
      (Ingress) To allow traffic from the other compute nodes in the VCN Source CIDR: 10.0.0.0/16 All Protocols
      (Egress) To allow all outbound traffic Destination CIDR: 0.0.0.0/0 All Protocols
    6. Create the following subnets:

      See Working with VCNs and Subnets in the Oracle Cloud Infrastructure documentation.

      Subnet Purpose (Suggested Name) Availability Domain Attributes
      For the bastion host (subnet.bastion) AD1 Example CIDRFoot 1: 10.0.1.0/24

      Route table: route.public

      Subnet access: Public

      Security list: seclist.bastion

      For the primary load balancer node (subnet.lb1) AD1 Example CIDR: 10.0.2.0/24

      Route table: route.public

      Subnet access: Public

      Security list: seclist.lb

      (Relevant only if the region has multiple availability domains) For the standby load balancer node (subnet.lb2) AD2 Example CIDR: 10.0.3.0/24

      Route table: route.public

      Subnet access: Public

      Security list: seclist.lb

      For the service instances (subnet.private) AD1 Example CIDR: 10.0.4.0/24

      Route table: route.private

      Subnet access: Private

      Security list: seclist.private

      Footnote 1 Assuming the VCN’s CIDR is 10.0.0.0/16

      Note:

      Make a note of the OCIDs of the subnets. You’ll need them later while creating the bastion host and the service instances.
  4. Create a compute instance and attach it to the public subnet that you created for the bastion host.

    Through this node, administrators can access the administration console of the Oracle Java Cloud Service instance, and they can connect using ssh to the compute nodes of the instance.

    See Creating an Instance in the Oracle Cloud Infrastructure documentation.

    After creating the bastion compute instance, note its public IP address.

You’ve created the required resources in Oracle Cloud Infrastructure. You can now create the Oracle Cloud Infrastructure Database and Oracle Java Cloud Service instances.

Create an Oracle Cloud Infrastructure Database System Attached to a Private Subnet

Create an Oracle Cloud Infrastructure Database system that's attached to the private subnet that you plan to use for the Oracle Java Cloud Service instance.

  1. Create a DB system by following the steps in Managing Bare Metal and Virtual Machine DB Systems in the Oracle Cloud Infrastructure documentation.
    Note the following:
    • Select the required private subnet in the network settings.
    • You can use a DB system running Oracle Database 12.2 or later as the infrastructure schema database, but only for an Oracle Java Cloud Service instance running WebLogic Server 12.2.1 or later.
    • The PDB name field is optional. If you enter a name, then make a note of it. You'll need it in the next step.
  2. Wait for the DB system to be created. When the status displayed in the web console is AVAILABLE, construct the connection string. You'll need this string while creating the Oracle Java Cloud Service instance.
    The connection string is in the following format:
    • VM DB system: //hostNamePrefix-scan.hostDomainName:1521/pdbName.hostDomainName
    • Bare metal DB system: //hostNamePrefix.hostDomainName:1521/pdbName.hostDomainName

    hostNamePrefix and hostDomainName are the values displayed in the Hostname Prefix and Host Domain Name fields, respectively, in the Oracle Cloud Infrastructure web console.

    pdbName depends on the DB version and the DB shape.
    • 12c (any shape): The PDB name that you entered while creating the DB system (for example, PDB1).

      If you didn't enter a PDB name, then use dbName_PDB1, where dbName is the database name you specified (for example, dbforjcs_PDB1).

    • 11g (VM or bare metal): Database Unique Name displayed in the web console (for example, dbforjcs_yyz17v).
    • 11g (Exadata): The database name you specified (for example, dbforjcs).

    The following is an example of a connection string for a 12c VM DB system with the PDB name, pdb1:

    //dbforjcs-scan.privatesubnet.paasvcn.oraclevcn.com:1521/pdb1.privatesubnet.paasvcn.oraclevcn.com

Create an Oracle Java Cloud Service Instance Attached to a Private Subnet on Oracle Cloud Infrastructure Using the Wizard

Use the Create Instance wizard in the web console to create an Oracle Java Cloud Service instance attached to a private subnet.

The wizard guides you through a short series of screens that present all the parameters that you can configure for your instance, including the WebLogic Server settings, backup and recovery configuration, load balancer parameters, and so on.

Prerequisites

Before creating an Oracle Java Cloud Service instance:

Start the Create New Instance Wizard

Only Oracle Cloud Infrastructure This topic applies only to Oracle Cloud Infrastructure.

To create a service instance from the web console, you use the Create New Instance wizard.
To start the Create New Instance wizard:
  1. Access your service console.
  2. Click Create Instance.

Specify Basic Service Instance Information

Only Oracle Cloud Infrastructure This topic applies only to Oracle Cloud Infrastructure.

On the Instance page of the Instance Creation Wizard, enter basic information for your service instance, including service name, region, and software edition.

Note:

You cannot change any of the following options after you have created the service instance.

Complete the following fields:

Field Description

Instance Name

Specify a name for the Oracle Java Cloud Service instance.

The service instance name:

  • Must contain one or more characters.

  • Must not exceed 30 characters.

  • Must start with an ASCII letter: a to z , or A to Z.

  • Must contain only ASCII letters or numbers.

  • Must not contain a hyphen.

  • Must not contain any other special characters.

  • Must be unique within the identity domain.

Description

(Optional) Enter a short description of the Oracle Java Cloud Service instance.

Notification Email

(Optional) Specify an email address where you would like to receive a notification of any events occurring with the service instance, including whether provisioning has succeeded or failed.

Region

(Available only if your account has regions) Select a region if you want to create the service instance in a specific region.

A region supports either Oracle Cloud Infrastructure or Oracle Cloud Infrastructure Classic. For a list of available regions, see Data Regions for Platform and Infrastructure Services.

The database that you intend to associate with your Oracle Java Cloud Service instance must be in the same region (not applicable to Oracle Autonomous Database).

Availability Domain

Select an availability domain. A region can have multiple isolated availability domains, each with separate power and cooling. The availability domains within a region are interconnected using a low-latency network.

Note that the database that you intend to associate with your Oracle Java Cloud Service instance can be in a different availability domain within the selected region.

Subnet

Select Use Private Subnet to attach the nodes of the instance to a private subnet, and enter the OCID of the private subnet in the text field.

Note: You must use the OCID of the subnet that you noted when creating the subnet. See Create the Required Resources in Oracle Cloud Infrastructure.

Make sure that the database you are using to create the instance is reachable from the private subnet.

Database instances in Oracle Database Cloud Service and Oracle Cloud Infrastructure Database must be in the same region and virtual cloud network (VCN) as the Oracle Java Cloud Service instance. The database and service instance do not need to be in the same subnet. The database and service instance can be on different VCNs only if you configure VCN peering.

Tags

(Optional) Select existing tags or add tags to associate with the service instance.

To select existing tags, select one or more check boxes from the list of tags that are displayed on the pull-down menu.

To create tags, click Click to create a tag to display the Create Tags dialog box. In the New Tags field, enter one or more comma-separated tags that can be a key or a key:value pair.

If you do not assign tags during provisioning, you can create and manage tags after the service instance is created. See Creating, Assigning, and Unassigning Tags.

Identity Domain

(Not available on Oracle Cloud at Customer)

Select the identity domain in Oracle Identity Cloud Service in which to create this service instance. By default, the instance is created in the primary identity domain.

The service security administrator

(Not available on Oracle Cloud at Customer)

(Optional) Specify the username for the security administrator for the service instance in the selected identity domain. This user gets rights to administer security artifacts (roles, AppId, OAuth IDs, and so on). The username can be the administrator of the selected identity domain or a user in the selected identity domain. You can leave this field blank only if you are the administrator of the selected identity domain or a user in the selected identity domain.

License Type

Choose whether you want to leverage the Bring Your Own License (BYOL) option or use your Oracle Java Cloud Service license.

  • The Bring Your Own License (BYOL) option enables you to bring your on-premises Oracle WebLogic Server licenses to Oracle Cloud. BYOL instances are billed at a lower rate than other instances. See Frequently Asked Questions: Oracle BYOL to PaaS.

    You must own a Universal Credits subscription or Government subscription in order to use BYOL.

    Note: Before you scale up or scale out a BYOL instance, you must have enough WebLogic Server licenses for the additional OCPUs that will be allocated to the instance after it is scaled.

  • If you choose to use your Oracle Java Cloud Service license, your account will be charged for the new service instance according to your Oracle Java Cloud Service agreement.

If you have both BYOL and Oracle Java Cloud Service entitlements, BYOL is selected by default, but you can change the license type. If you have BYOL entitlements only, BYOL is selected and you cannot change the license type. If you do not have BYOL entitlements, the Oracle Java Cloud Service license option is selected and you cannot change the license type.

Software Edition

Select a WebLogic Server software edition:

  • Standard Edition

  • Enterprise Edition

  • High Performance Edition

Metering Frequency

This option appears only if you have a traditional metered subscription. If you have a Universal Credits subscription, this field is absent.

Select a metering frequency to determine how you are billed for this service instance:

  • Hourly—Pay only for the number of hours that this service instance was running during your billing period.

  • Monthly—Pay one price for the full month irrespective of the number of hours that this service instance was running.

For services that are started in the middle of a month, the price will be pro-rated; you pay only for the partial month from the day the service instance is created.

Specify the Service Instance Details

Only Oracle Cloud Infrastructure This topic applies only to Oracle Cloud Infrastructure.

You must configure the size, shape, and other important details for your Oracle Java Cloud Service instance.
Specify WebLogic Configuration

Only Oracle Cloud Infrastructure This topic applies only to Oracle Cloud Infrastructure.

On the second page of the Instance Creation Wizard (Service Details), you start by configuring the size and shape of the Oracle Java Cloud Service instance.

Note:

Two tabs, Simple and Advanced, control which fields appear on the page. Fields that appear when you select the Simple tab also appear when you select the Advanced tab, but some fields appear only when you select the Advanced tab.

Complete the following fields:

Size and Shape Details Description

WebLogic Clusters

(Advanced option) If you selected Oracle-Managed Load Balancer, you can add, edit, or delete up to 8 WebLogic clusters for the service instance, with a maximum of 8 servers per cluster. You specify the cluster name, compute shape, and server count. Optionally, you can specify a path prefix, which determines how the managed load balancer routes traffic to different clusters. If you do not specify a path prefix, the cluster name is used as the path prefix. After you specify these values, you can edit them:

  • Click Add to add a new cluster.

  • Select a cluster and click Edit to update its configuration.

  • Click Delete to delete the cluster.

If Oracle-Managed Load Balancer is not selected, then a single cluster is created during instance provisioning. You cannot add clusters using the console, but clusters can be added using the REST API.

Compute Shape

Select the compute shape to use for all Administration Server and Managed Server nodes. The compute shape is the number of Oracle Compute Units (OCPUs) and amount of memory (RAM) that you want to allocate to these nodes. The selected shape is not used for Coherence or Load Balancer nodes.

The standard shapes supported are VM.Standard and BM.Standard. The flexible shapes supported are VM.Standard.E3.Flex, VM.Standard.E4.Flex, and VM.Standard3.Flex. The flexible shapes are displayed based on your compute quota. If you want to customize the OCPU counts for the flexible shapes, you must use REST API to create the service instance. See Create a Service Instance in REST API for Oracle Java Cloud Service.

If you purchased a Universal Credits subscription for Oracle Java Cloud Service, you will pay at the Pay-As-You-Go rate when you exceed your monthly or annual maximum credit.

Server Count

Select the initial number of Managed Servers that you want to provision in this service instance. The choices are: 1, 2, 4.

  • If you configure more than one Managed Server in the cluster, Oracle recommends that you also enable the Load Balancer.

  • You can also perform scaling operations to increase or decrease the server count after provisioning the service instance.

Domain Partitions

(Advanced option) Select the initial number of WebLogic Server domain partitions that you want to provision in this service instance. The choices are 0, 1, 2, or 4.

Enable Access to Administration Consoles

(Advanced option) Select this check box if you want to enable access to the WebLogic Service Administration console, Fusion Middleware Control, and Load Balancer console for the service instance. If you do not select this option, these consoles will not be externally accessible, and also will not appear as choices in the service instance’s menu Menu icon.

If this check box is enabled, the This Source CIDR range field can access Admin Consoles option is displayed.

By default, the source CIDR range is 0.0.0.0/0, so the administration console is accessible from the public internet.

You can specify a source CIDR range so that only the IP addresses within the specified range can access the administration console.

If you create multiple service instances on a subnet, and you specify a source CIDR range for one service instance, and do not specify a source CIDR range for another service instance, the default source CIDR range that is used by the other service instance, where no CIDR range was specified, is used by both service instances, and you can access the consoles from the public internet.

For example:

You create two service instances, service 1 and service 2 on a subnet. You specify a source CIDR range, 10.0.1.0/24 for service 1, and do not specify a source CIDR range for service 2; the default source CIDR range 0.0.0.0/0, is used for service 2. In this case, 10.0.1.0/24 is nullified and 0.0.0.0/0 is used.

So, you will be able to access the WebLogic Service Administration Console through port 7002 from the public internet, and the Oracle Traffic Director and the Load Balancer console through port 8989 from the public internet.

Deploy Sample Application

(Advanced option) By default, a sample application, sample-app.war, is deployed automatically to the Managed Servers in your instance. If you do not want to automatically deploy the sample application, deselect this check box.

Configure WebLogic Server Access

Only Oracle Cloud Infrastructure This topic applies only to Oracle Cloud Infrastructure.

On the Service Details page of the Wizard, configure the administrator credentials for the WebLogic Servers.

Complete the following fields:

Access Details Description

Enable Authentication Using Identity Cloud Service

Select this check box if you want WebLogic Server to authenticate application users and administrators against Oracle Identity Cloud Service in addition to the local WebLogic Server identity store. This field appears only if your cloud account includes Oracle Identity Cloud Service.

By default, the WebLogic Server domain in the service instance is configured to use only the local WebLogic Server identity store to maintain administrators, application users, groups, and roles.

SSH Public Key

Specify the public key that will be used for authentication when connecting to a node in your instance by using a Secure Shell (SSH) client.

Click Edit to display the SSH Public Key for VM Access dialog, and then specify the public key using one of the following methods:

  • Select Key file name and use your web browser to select a file on your machine that contains the public key.

  • Select Key value and paste the value of the public key into the text area. Be sure the value does not contain line breaks or end with a line break.

  • Select Create a New Key if you want Oracle to generate a public/private key pair for you. You will be prompted to download these generated keys.

If you choose to create a new key, the generated private key file is in OpenSSH format. Before connecting to a node in this service instance with the PuTTY SSH client, you must first convert the key to PuTTY’s proprietary format.

Local Administrative User Name

Enter your choice of user name for the WebLogic Server administrator. The default is weblogic. This name is used to access the WebLogic Server Administration Console, Fusion Middleware Control, and Load Balancer Console for the service instance.

The name must be between 8 and 128 characters long and cannot contain any of the following characters:

  • Tab

  • Brackets

  • Parentheses

  • These special characters:

    • Left angle bracket (<)

    • Right angle bracket (>)

    • Ampersand (&)

    • Pound sign (#)

    • Pipe symbol (|)

    • Question mark (?)

You can also change the user name through the WebLogic Server Administration Console after the service instance is provisioned.

Password

Specify a password for the WebLogic Server administrator and confirm the password.

As a best practice, this password must start with a letter, be of 8 to 30 characters in length, and contain at least:

  • 1 uppercase character

  • 1 lower case character

  • 1 digit (0 through 9)

  • One of the following special characters: _ (underscore), - (hyphen), or # (pound sign or hash)

The following basic password criteria are acceptable, but Oracle does not recommend them:
  • Starts with a letter

  • Is between 8 and 30 characters long

  • Contains letters, at least one number, and, optionally, any number of these special characters:

    • Dollar sign ($)

    • Pound sign (#)

    • Underscore (_)

      No other special characters are allowed.

Configure the Coherence Data Tier

Only Oracle Cloud Infrastructure This topic applies only to Oracle Cloud Infrastructure.

If you want to create a Coherence Data Tier, provide details on the Service Details page of the Wizard.

Complete the following fields:

Coherence Data Tier Description

Provision Data Grid Cluster

(Advanced option) Select Yes to provision a Coherence data grid cluster in your service instance.

This option is only available if you selected High Performance Edition.

Compute Shape

Select the compute shape to use for all Managed Server nodes in the data grid cluster. The compute shape is the number of Oracle Compute Units (OCPUs) and amount of memory (RAM) that you want to allocate to these nodes.

The standard shapes supported are VM.Standard and BM.Standard. The flexible shapes supported are VM.Standard.E3.Flex, VM.Standard.E4.Flex, and VM.Standard3.Flex. The flexible shapes are displayed based on your compute quota. If you want to customize the OCPU counts for WebLogic Server nodes, you must use REST API to create the service instance. See Create a Service Instance in REST API for Oracle Java Cloud Service.

This option is displayed only if Provision Data Grid Cluster is set to Yes.

Cluster Size

Set the initial number of Managed Servers that you want to provision in the data grid cluster. Valid values are 1–4.

This option is displayed only if Provision Data Grid Cluster is set to Yes.

The number of nodes in the data grid cluster is determined by Cluster Size / Managed Servers Per Node. If this ratio is a fraction, the number of nodes is rounded up to the next integer.

You can also perform scaling operations to increase or decrease the number of Coherence nodes after provisioning the service instance.

You cannot specify multiple data grid clusters.

Managed Servers Per Node

Set the number of Coherence Managed Servers to run on each node in the data grid cluster. Valid values are 1–8.

This option is displayed only if Provision Data Grid Cluster is set to Yes.

Configure the Databases

Only Oracle Cloud Infrastructure This topic applies only to Oracle Cloud Infrastructure.

On the Service Details page of the Wizard, provide details about the database(s) to use for the Oracle Java Cloud Service instance.

In order for Oracle Autonomous Database (Oracle Autonomous Transaction Processing) and Oracle Cloud Infrastructure Database to be displayed in the Oracle Java Cloud Service web console, you must first create the appropriate policies.

For Oracle Autonomous Database:

  • Specify this policy if you created the database in a custom compartment:
    Allow service PSM to inspect autonomous-database in compartment compartment_name
  • Specify this policy if you created the database in the root compartment:
    Allow service PSM to inspect autonomous-database in tenancy

For Oracle Cloud Infrastructure Database:

  • Specify this policy if you created the database in a custom compartment:
    Allow service PSM to inspect database-family in compartment compartment_name
  • Specify this policy if you created the database in the root compartment:
    Allow service PSM to inspect database-family in tenancy

For information on creating policies, see Creating the Infrastructure Resources Required for Oracle Platform Services.

Complete the following fields:

Database Details Description

Database Type

Select the type of database you want to associate with your service instance:

  • Oracle Autonomous Transaction Processing
  • Oracle Cloud Infrastructure Database
  • Oracle Database Cloud Service (Classic)

Compartment Name

Select the compartment where the Oracle Autonomous Database or Oracle Cloud Infrastructure Database resides.

Database Instance Name

Select an Oracle Cloud Infrastructure Database or Oracle Database Cloud Service (Classic) deployment that you want to associate as the infrastructure schema database for your service instance.

The list only includes a database deployment if it is in an active state and not currently in the process of being provisioned.

Database instances in Oracle Database Cloud Service and Oracle Cloud Infrastructure Database must be in the same region and virtual cloud network (VCN) as the Oracle Java Cloud Service instance. The database and service instance do not need to be in the same subnet or availability domain. The database and service instance can be on different VCNs only if you configure VCN peering.

To ensure that you can restore the database for an Oracle Java Cloud Service instance without risking data loss for other service instances, Oracle recommends that you do not associate the same infrastructure schema database (or the same pluggable database) with multiple service instances. Backups of a database that is used with multiple Oracle Java Cloud Service instances contain data for all the instances. Therefore, if you restore the database from a backup, data for all the service instances is restored, which might not be the intended result.

Note the following additional constraints and limitations for Oracle Cloud Infrastructure databases:

  • To use a Bare Metal database, you must create the service instance with the Oracle Java Cloud Service REST API or CLI. The web console supports only VM and Exadata databases.
  • To use an Oracle Cloud Infrastructure Database running Oracle Database 12.2 or later, the service instance must be running WebLogic Server 12.2.1 or later.
  • You can select an Oracle Cloud Infrastructure 1-node virtual machine (VM) DB system that was created using the fast provisioning option. Oracle Java Cloud Service supports using Logical Volume Manager as the storage management software for a 1-node VM DB system.

Note the following additional constraints and limitations for Oracle Database Cloud Service (Classic) deployments:

  • You cannot use a database deployment running Oracle Database 18c as the infrastructure schema database.
  • You can use a database deployment running Oracle Database 12.2 as the infrastructure schema database, but only for service instances running Oracle WebLogic Server 12.2.1 or later.
  • Create Oracle Database Cloud Service deployments with a backup option other than NONE. This configuration enables Oracle Java Cloud Service to coordinate backups across your service instance and the database. Coordinated backups are not supported for other database services.

Database Instance

Select the PDB that you created for the Oracle Autonomous Database (Oracle Autonomous Transaction Processing).

You must use an Oracle Autonomous Database (Oracle Autonomous Transaction Processing) that is created with the serverless option. Oracle Java Cloud Service does not yet support using a dedicated deployment autonomous database.

PDB Name

Select the pluggable database the service instance will connect to.

  • For Oracle Cloud Infrastructure databases, the PDB name is populated. If you did not specify a PDB name when you created the Oracle Cloud Infrastructure database, the default PDB name populated in this field is <dbName>_pdb1.
  • For Oracle Database Cloud Service (Classic) databases, if you don't specify a PDB name, Oracle Java Cloud Service uses the default Oracle Database 12c PDB name that was provided when the Oracle Database Cloud Service (Classic) database deployment was originally created.

Administrator User Name

Specify the name of the database administrator that Oracle Java Cloud Service will use to connect to the selected database and to provision the required schemas for this service instance.

This value is set automatically for:

  • Oracle Autonomous Database (Oracle Autonomous Transaction Processing): ADMIN
  • Oracle Cloud Infrastructure Database: SYS

Password

Enter the password for the database administrator.

Add Application DB

(Advanced option) Add up to four Oracle Database Cloud Service (Classic) databases for your application schema. You cannot add Oracle Autonomous Database or Oracle Cloud Infrastructure databases.

Click Add if you want to specify a separate Oracle Database Cloud Service (Classic) database deployment dedicated for your application schema. When you add an application database, the Oracle Java Cloud Service creates an additional data source in your Oracle WebLogic Server domain to connect to this database.

Use the Add Database Configuration dialog to select the name of an existing Oracle Database Cloud Service (Classic) deployment, and to provide a user name and password for this database.

Click Add and repeat this process for up to three more database deployments.

Configure Backup and Recovery

Only Oracle Cloud Infrastructure This topic applies only to Oracle Cloud Infrastructure.

On the Service Details page of the Wizard, specify details on the storage used for backup and recovery.

Complete the following fields:

Backup and Recovery Details Description

Backup Destination

(Advanced option) Select Both Remote and Disk Storage if you want to enable automated and on-demand backups for this service instance. Backups will be saved to object storage and to block storage volumes that are attached to the nodes of the instance.

The default value is None, meaning that you cannot use Oracle Java Cloud Service to take backups of this service instance. You can configure backups on a service instance after creating it.

Object Storage Container

This field is displayed only if Backup Destination is set to Both Remote and Disk Storage.

Enter the object storage location where backups of the service instance must be stored.

Enter the URL of a bucket in Oracle Cloud Infrastructure Object Storage. See Prerequisites for PaaS Services on Oracle Cloud Infrastructure in the Oracle Cloud Infrastructure documentation.

Format: https://swiftobjectstorage.region.oraclecloud.com/v1/namespace/bucket

To find out your namespace, sign in to the Oracle Cloud Infrastructure web console, click the tenancy name, and look for the Object Storage Namespace field.

Example: https://swiftobjectstorage.us-phoenix-1.oraclecloud.com/v1/myCompany/myBucket

User Name

This field is displayed only if Backup Destination is set to Both Remote and Disk Storage.

Enter the user name of the Oracle Cloud Infrastructure Object Storage user who created the bucket you specified earlier.

Password

This field is displayed only if Backup Destination is set to Both Remote and Disk Storage.

Enter the Auth Token generated in Oracle Cloud Infrastructure for the user you specified. See Prerequisites for PaaS Services on Oracle Cloud Infrastructure in the Oracle Cloud Infrastructure documentation.

Configure the Load Balancer

Only Oracle Cloud Infrastructure This topic applies only to Oracle Cloud Infrastructure.

On the Service Details page of the Wizard, specify details to configure the load balancer(s) for the Oracle Java Cloud Service instance.

Complete the following fields:

Load Balancer Details Description

Load Balancer

Select the type of load balancer that you want to configure for your service instance:

  • Oracle-Managed Load Balancer: A dual-node, Oracle-managed instance of the Oracle Cloud Infrastructure Load Balancing service, providing active-passive high-availability. Failover from the active load-balancer node to the other node occurs automatically.

    You can't customize the default listeners, certificates, and so on for an Oracle Cloud Infrastructure Load Balancing instance that is provisioned by Oracle Java Cloud Service. If you need the ability to configure Oracle Cloud Infrastructure Load Balancing, then you must create the load balancer manually. See Set Up an Oracle Cloud Infrastructure Load Balancer.

  • Oracle Traffic Director: One or two Oracle Traffic Director nodes within your service instance.

    The dual-node configuration is in active-active mode, but failover to the second node is not automatic.

  • None: No load balancer will be configured for this instance.

Provisioning a load balancer is recommended if the cluster size is 2 or more. The default value is None.

If you selected Enable Authentication Using Identity Cloud Service, then you cannot configure a user-managed load balancer. You must select Oracle-Managed Load Balancer.

If you select Oracle Traffic Director and configure one Oracle Traffic Director node, you can also add a second Oracle Traffic Director node to a service instance after creating the service instance. If you configured two Oracle Traffic Director nodes during provisioning, you cannot add another Oracle Traffic Director node.

If you select None, then you can add an Oracle Traffic Director load balancer after creating the service instance.

Compute Shape

This option is displayed only if Oracle Traffic Director is selected as the load balancer.

Select the compute shape to use for all the load balancer nodes in the service instance. The compute shape is the number of Oracle Compute Units (OCPUs) and amount of memory (RAM) that you want to allocate to these nodes.

The standard shapes supported are VM.Standard and BM.Standard. The flexible shapes supported are VM.Standard.E3.Flex, VM.Standard.E4.Flex, and VM.Standard3.Flex. The flexible shapes are displayed based on your compute quota. For the flexible shape, move the slider to specify the number of OCPUs. The maximum number of OCPUs for VM.Standard.E3.Flex and VM.Standard.E4.Flex is 64 OCPUs, and the maximum number of OCPUs for VM.Standard3.Flex is 32 OCPUs. The amount of memory is calculated based on the number of OCPUs as n*16, where n is the number of OCPUs.

You are billed for Oracle Traffic Director nodes at the same price that you are billed for WebLogic Server nodes in your Oracle Java Cloud Service subscription. See About Oracle Java Cloud Service Subscriptions and Licenses.

Add Another Active OTD Node

This option is displayed only if Oracle Traffic Director is selected as the load balancer.

Select this check box to provision a second load balancer node running Oracle Traffic Director (OTD) in this service instance. Both load balancer nodes route traffic to the cluster of WebLogic Managed Servers.

You can also add a second load balancer node to a service instance after creating the service instance.

Load Balancing Policy

This option is displayed only if you selected Oracle-Managed Load Balancer or Oracle Traffic Director as the load balancer.

If you selected Oracle Traffic Director, choose one of the following policies:

  • Least Connection Count (default)—Passes each new request to the Managed Server with the least number of connections. This policy is useful for smoothing distribution when a Managed Server receives more requests than it can handle efficiently.

  • Least Response Time—Passes each new request to the Managed Server with the fastest response time.

  • Round Robin—Evenly distributes requests across all Managed Servers, regardless of the number of connections or response times.

If you selected Oracle-Managed Load Balancer, choose one of the following policies:

  • Round Robin— (default) Same as above.
  • IP Hash—The IP Hash policy uses an incoming request's source IP address as a hashing key to route traffic to the same backend server. The load balancer routes requests from the same client to the same backend server as long as that server is available.
  • Least Connection Count—Same as above.

Subnet for Load Balancer Node 1

Subnet for Load Balancer Node 2

This field is displayed only if Load Balancer is set to Oracle-Managed Load Balancer

Select the Use Regional Subnet check box to select regional subnet.

For regional subnets:

  • Oracle recommends that you specify a regional subnet OCID for the load balancer to support failover to another availability domain if needed.

  • You can only assign one regional subnet. If you specify a regional subnet OCID for either the Subnet for Load Balancer Node 1 or Subnet for Load Balancer Node 2 menu, the other menu is not displayed.

For non-regional (availability domain-scoped) subnets:

  • For each load balancer node, specify non-regional subnet OCID from a different availability domain. You must specify OCIDs for two non-regional subnets.

  • If the selected region has only one availability domain, Subnet for Load Balancer Node 2 is not shown. In this case, you can only specify one non-regional subnet OCID, which is assigned to both nodes.

  • For at least one of the nodes, Oracle recommends specifying a non-regional subnet OCID from the same availability domain as that of the service instance. This ensures that, as long as the service instance is running, the applications deployed on it remain accessible through the load balancer.

Confirm Your Oracle Java Cloud Service Instance Creation

Only Oracle Cloud Infrastructure This topic applies only to Oracle Cloud Infrastructure.

On the Confirmation page of the provisioning wizard, review the service details.

If you need to change the service details, use the navigation bar or Back button at the top of the wizard to step back through the pages in the wizard. Click Cancel to cancel out of the wizard without creating a new service instance. If you are satisfied with your choices on the Confirmation page, click Create.

Sample of Options Displayed

If you selected the Bring Your Own License option, the Confirmation page will display a message alerting you to the fact that you have chosen to use an existing license. Check to make sure you have the appropriate entitlements.

The compute shape and server count is displayed in the WebLogic Configuration section.

Download the Instance Attributes in JSON Format

(Not available on Oracle Cloud at Customer)

Click Download JSON download icon to download a JSON-format file containing the parameters you specified in the provisioning wizard. You can use the JSON-formatted file as a sample to construct the request body for creating instances using the REST API.

Note that the file contains placeholders for passwords.

After Confirmation

After the Confirmation page closes, the Oracle Java Cloud Service console opens. Optionally, you can click on the service instance name to view status messages. If provisioning of your service instance fails but there are no fatal errors, the software automatically retries provisioning, after a lag time of 60 minutes. Messages about the auto-retry process and failed compute resources are displayed.

If you provided your email address for the Notification Email option, you will receive an email notification when the service instance provisioning has succeeded or failed.

Next Steps

  • After the service instance has been created, you can view the system messages logged during the creation process, including error messages. Click Instance Create and Delete History, then click the service instance name or Details.

  • If the provisioning process retried provisioning automatically, some failed resources might still exist. To clean up these failed resources, click the Complete Cleanup button. If you click the button once and not all failed resources are cleaned up, the Complete Cleanup button will remain. If this is the case, click the button again and wait. Repeat this process until the button is not longer displayed and all failed resources are cleaned up.

  • If you selected the Enable Authentication with Oracle Identity Cloud Service option, you can use Oracle Identity Cloud Service to create additional WebLogic Server users. See Use Oracle Identity Cloud Service with Oracle Java Cloud Service.

  • If you selected the Deploy Sample Application option, and want to test the sample application, see About the Sample Application Deployed to an Oracle Java Cloud Service Instance.

Create an Oracle Java Cloud Service Instance Attached to a Private Subnet Using REST API

Use the REST API to create an Oracle Java Cloud Service instance attached to a private subnet.

  1. Create a request body in JSON format by using the following template, and save it in a plain-text file (for example, create-jcs-instance-on-oci.json).

    Note:

    This request-body template includes only the minimum set of fields required to create an instance of Oracle Java Cloud Service running Oracle WebLogic Server 12.2.1.3 Enterprise Edition. For information about all the supported fields, see Create a Service Instance in REST API for Oracle Java Cloud Service.
    {
      "serviceName"          : "name",
      "region"               : "region",
      "availabilityDomain"   : "ad",
      "subnet"               : "privateSubnetOCID",
      "vmPublicKeyText"      : "publicKey",
      "components": {
        "WLS": {
          "adminUserName"               : "user",
          "adminPassword"               : "password",
          "sampleAppDeploymentRequested": "true",
          "clusters": [
            {
              "clusterName"             : "name",
              "serverCount"             : "number",
              "shape"                   : "shape",
              "type"                    : "APPLICATION_CLUSTER"
            }
          ],
          "connectString"               : "dbConnectString",
          "dbaName"                     : "SYS",
          "dbaPassword"                 : "password"
        }
      },
      "configureLoadBalancer"           : true
      "loadbalancer": {
        "subnets": [
          "subnetOCID_primaryLBnode",
          "subnetOCID_standbyLBnode"
        ],
        "loadBalancingPolicy"           : "policy"
      },
      "cloudStorageContainer": "https://swiftobjectstorage.region.oraclecloud.com/v1/namespace/bucket",
      "cloudStorageUser"     : "OCIuser",
      "cloudStoragePassword" : "authToken"
    }
    • serviceName: A name that starts with a letter, includes only letters and numbers, and has not more than 30 characters.

    • region: The Oracle Cloud Infrastructure region in which you want to create the Oracle Java Cloud Service instance (for example, us-ashburn-1).

    • availabilityDomain: The Oracle Cloud Infrastructure availability domain in which you want the Oracle Java Cloud Service instance to be created (for example, QnsC:US-ASHBURN-AD-1).

    • subnet: The OCID of the private subnet to which you want to attach the Oracle Java Cloud Service instance.

    • vmPublicKeyText: The SSH public key that you want to use for the nodes of the instance.

    • adminUserName: The user name for the Oracle WebLogic Server administrator.

      The name must be between 8 and 128 characters long. It must not contain any of the following characters: tabs, brackets, parentheses, left angle bracket (<), right angle bracket (>), ampersand (&), pound sign (#), pipe symbol (|), and question mark (?).

    • adminPassword: The password for the Oracle WebLogic Server administrator.

      The password must start with a letter. It can contain from 8 to 30 characters, and must include at least one number.

    • sampleAppDeploymentRequested: true

    • clusterName: The name of the Oracle WebLogic Server cluster.

      The name must start with a letter and have not more than 50 characters. It can contain only alphabetical characters, underscores (_), and dashes (-).

    • serverCount: 1, 2, 4, or 8

    • shape: Any VM.Standard or BM.Standard shape that's available in the availability domain that you specified. Check the service limits displayed in the Oracle Cloud Infrastructure web console.

    • type: APPLICATION_CLUSTER

    • connectString: The connection string for the Oracle Cloud Infrastructure Database system that you created earlier.

    • dbaName: A database user with the SYSDBA privilege. For instances based on Oracle WebLogic Server 12c (any version), you can use the database user SYS.

    • dbaPassword: The password that you specified for the database administrator while creating the Oracle Cloud Infrastructure Database system.

    • configureLoadBalancer: true

      Note:

      If you need the ability to configure the load balancer (add or modify listeners, use your own certificates, and so on), then don't include this field in the request body. Don't include the fields under loadbalancer either. Create an instance of Oracle Cloud Infrastructure Load Balancing manually. See Set Up an Oracle Cloud Infrastructure Load Balancer.
    • loadbalancer.loadBalancingPolicy: Specify one of the following:
      • LEAST_CONN: Each new request is routed to the server with the least number of active connections.

      • IP_HASH: Requests from the same client are always routed to the same server, if the server is available.

      • ROUND_ROBIN: The load balancer selects the next server for each request by cycling through the available servers in a fixed order.

    • loadbalancer.subnets: The OCIDs of the subnets for the load-balancer nodes. If the region you've selected has only one availability domain, then specify only one subnet.

    • cloudStorageContainer: The URL of the Oracle Cloud Infrastructure Object Storage bucket (for example, https://swiftobjectstorage.us-ashburn-1.oraclecloud.com/v1/mynamespace/jcs_bucket).

    • cloudStorageUser: The user name of the user who created the bucket or has access to it.

    • cloudStoragePassword: The authentication token that you generated.

    The following example shows a completed request body.
    {
      "serviceName"          : "myJCS",
      "region"               : "us-ashburn-1",
      "availabilityDomain"   : "QnsC:US-ASHBURN-AD-1",
      "subnet"               : "ocid1.subnet.oc1.iad.aaaaaaaamgxfkk5... (truncated)",
      "vmPublicKeyText"      : "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEA... (truncated)",
      "components": {
        "WLS": {
          "adminUserName"               : "adminuser",
          "adminPassword"               : "password",
          "sampleAppDeploymentRequested": "true",
          "clusters": [
            {
              "clusterName"             : "myJCScluster",
              "serverCount"             : "2",
              "shape"                   : "VM.Standard2.1",
              "type"                    : "APPLICATION_CLUSTER"
            }
          ],
          "connectString"               : "//dbforjcs-scan.privatesubnet.paasvcn.oraclevcn.com:1521/pdb1.privatesubnet.paasvcn.oraclevcn.com",
          "dbaName"                     : "SYS",
          "dbaPassword"                 : "password"
        }
      },
      "configureLoadBalancer"           : true
      "loadbalancer": {
        "subnets": [
          "ocid1.subnet.oc1.iad.aaaaaaaa6j5... (truncated)",
          "ocid1.subnet.oc1.iad.aaaaaaaaj4t... (truncated)"
        ],
        "loadBalancingPolicy"           : "LEAST_CONN"
      },
      "cloudStorageContainer": "https://swiftobjectstorage.us-ashburn-1.oraclecloud.com/v1/mynamespace/jcs_bucket",
      "cloudStorageUser"     : "john.smith@example.com",
      "cloudStoragePassword" : "sometoken"
    }
  2. Send the REST API request.
    curl -X POST rest_endpoint/paas/api/v1.1/instancemgmt/identityServiceID/services/jaas/instances \
    -u user:password \
    -H 'X-ID-TENANT-NAME: identityServiceID' \
    -H 'Content-Type: application/json' \
    -d @requestBodyFile
    • restEndpoint: The REST endpoint URL of Oracle Java Cloud Service.

    • identityServiceID: The identity service ID of your Oracle Cloud account.

    • user: Your Oracle Cloud user name.

    • password: Your Oracle Cloud password.

    • requestBodyFile: The path and name of the file containing the request body.

    The following is an example of a REST API request to create an Oracle Java Cloud Service instance.
    curl -X POST https://jaas.oraclecloud.com/paas/api/v1.1/instancemgmt/idcs-33e8886d2e6666e7777d14ffa9999e83/services/jaas/instances \
    -u john.smith@example.com:password \
    -H 'X-ID-TENANT-NAME: idcs-33e8886d2e6666e7777d14ffa9999e83' \
    -H 'Content-Type: application/json' \
    -d @create-jcs-instance-on-oci.json
    A message similar to the following is displayed, indicating that the request was accepted.
    {
      "details": {
        "message": "Submitted job to create service [myJCS] in domain [idcs-33e8886d2e6666e7777d14ffa9999e83].",
        "jobId": "50572730"
      }
    }
  3. In the message, note the value in the jobId field.
  4. Wait for the instance to be created.

    You can check the status in the Oracle Java Cloud Service web console.

    Alternatively, you can send the following REST API request to find out the status of the job.

    curl rest_endpoint/paas/api/v1.1/activitylog/identityServiceID/job/ID \
    -u user:password \
    -H 'X-ID-TENANT-NAME: identityServiceID'
    • restEndpoint: The REST endpoint URL of Oracle Java Cloud Service.

    • identityServiceID: The identity service ID of your Oracle Cloud account.

    • ID: The job ID that you noted in the previous step.

    • user: Your Oracle Cloud user name.

    • password: Your Oracle Cloud password.

    The following is an example of a REST API request to check the status of a request to create an Oracle Java Cloud Service instance.
    curl https://jaas.oraclecloud.com/paas/api/v1.1/activitylog/idcs-33e8886d2e6666e7777d14ffa9999e83/job/50572730 \
    -u john.smith@example.com:password \
    -H 'X-ID-TENANT-NAME: idcs-33e8886d2e6666e7777d14ffa9999e83'

    In the output, look for the status field. It shows ready after the instance is created.

Note:

The compute nodes of Oracle Java Cloud Service instances that are attached to private subnets in Oracle Cloud Infrastructure have private IP addresses. So you can’t ssh to the nodes or access the administration consoles of such instances from the public Internet.

You can access the administration consoles and connect to the nodes of such instances through a bastion host attached to a public subnet. See Access the Administration Console for a Service Instance Attached to a Private Subnet.