Design Considerations for an Oracle Java Cloud Service Instance

Before creating a custom Oracle Java Cloud Service instance, there are details you should consider in order to create the service instance that best meets your requirements.

This figure illustrates the components that make up a typical service instance:

The next figure illustrates a service instance that has been configured to use Oracle Identity Cloud Service and an Oracle-managed load balancer running in Oracle Cloud Infrastructure Load Balancing or Oracle Cloud Infrastructure Load Balancing Classic.

Service Level

You can select one of these service levels.

  • Oracle Java Cloud Service

    This service level supports Oracle Java Cloud Service instance creation and monitoring; domain partitions; backup and restoration; patching; cloning; and scaling.

  • Oracle Java Cloud Service Virtual Image (BASIC)

    This service level supports Oracle Java Cloud Service instance creation and monitoring only. It does not support backup and restoration; patching; cloning; or scaling. You cannot provision a domain partition if you specify this service level.

    This service level is:

    • Not supported if you have a Universal Credits subscription. This option does not appear on the console.

    • Supported if you have a traditional metered or non-metered subscription

    • Not supported for Oracle Cloud Infrastructure regions

    Oracle recommends using Oracle Java Cloud Service rather than Oracle Java Cloud Service Virtual Image for better flexibility, administrative control, and availability of new features.

  • Oracle Java Cloud Service Fusion Middleware — Oracle WebCenter Portal

    Leverages your Oracle WebCenter Portal license on Oracle Java Cloud Service. Choosing this option downloads additional installation tools. You must install the product yourself after creating this service instance. This service level is supported on WebLogic Server release 12.2.1.3 only.

  • Oracle Java Cloud Service Fusion Middleware — Oracle Data Integrator

    Leverages your Oracle Data Integrator license on Oracle Java Cloud Service. Choosing this option downloads additional installation tools. You must install the product yourself after creating this service instance. This service level is supported on WebLogic Server release 12.2.1.3 only.

Patching is not supported for service instances where Oracle Java Cloud Service Fusion Middleware—Oracle WebCenter Portal, Oracle Java Cloud Service Fusion Middleware—Oracle Data Integrator, or any other product that modifies the MW_HOME directory are installed. If you attempt to patch a service instance where any of these products are installed, patching prechecks issue an error message and patching fails.

Software Release

You can select one of these Oracle WebLogic Server releases.

With Oracle Java Cloud Service you can easily apply patches to an existing service instance. You can also upgrade an existing service instance to a newer release of Oracle WebLogic Server.

For service instances in Oracle Cloud Infrastructure and Oracle Cloud Infrastructure Classic regions, Oracle WebLogic Server 12c (12.2.1.3) is the only release supported and is used automatically. For service instances on Oracle Cloud at Customer, the Fusion Middleware service level is supported only for Oracle WebLogic Server 12c (12.2.1.2).

The Virtual Image (BASIC) service level is not supported for service instances created for Oracle WebLogic Server 12.2.1.2 or 12.2.1.3

Oracle Java Cloud Service has a provisioning policy that aligns with the WebLogic Server error correction support policy. Service instance provisioning for a given release ends on the same day as the error correction end date for the corresponding WebLogic Server release. This policy is specific to the provisioning of WebLogic Server instances via Oracle Java Cloud Service, and has no impact on the use of these WebLogic Server releases within on-premises environments or within Oracle Cloud IaaS environments. See Oracle Fusion Middleware Lifetime Support Policy and Error Correction Support Dates for Oracle WebLogic Server.

Edition

You can choose one of these Oracle WebLogic Server editions.

  • Standard Edition

  • Enterprise Edition

  • Enterprise Edition with Coherence (Suite)

Certain WebLogic Server capabilities are only supported in specific editions. To learn about these editions see About Oracle WebLogic Server Editions Available for Oracle Java Cloud Service.

If you select the Oracle Java Cloud Service for Fusion Middleware service level, you cannot select Standard Edition.

License

When you create a service instance, you choose a license type based on the Oracle Java Cloud Service entitlements in your Oracle Cloud account.

The Bring Your Own License (BYOL) option enables you to bring your on-premises Oracle WebLogic Server licenses to Oracle Cloud. BYOL instances are billed at a lower rate than other instances. See Frequently Asked Questions: Oracle BYOL to PaaS.

Before you scale up or scale out a BYOL instance, you must have enough WebLogic Server licenses for the additional OCPUs that will be allocated to the instance after it is scaled.

You can also change the license type of an existing instance. (Not available on Oracle Cloud at Customer)

Region

If your identity domain is enabled for regions, you can select a region in which your Oracle Java Cloud Service instance will reside.

A region supports either Oracle Cloud Infrastructure or Oracle Cloud Infrastructure Classic. For a list of available regions, see Data Regions for Platform and Infrastructure Services.

When you select an Oracle Cloud Infrastructure region for a service instance, you must also select an Availability Domain. See Regions and Availability Domains in the Oracle Cloud Infrastructure Services documentation.

When you select an Oracle Cloud Infrastructure Classic region for a service instance, you can also select an IP Network and assign reserved IP addresses to your nodes. If you don’t explicitly select a region (No Preference), you cannot select an IP network or use reserved IPs.

Compute Shape

The available shapes for a service instance depend on the type of region that you select. The larger the compute shape, the greater the processing power and the more memory that is available.

Some shapes might not be available in all regions.

If you select an Oracle Cloud Infrastructure region, the VM.Standard and BM.Standard shapes are supported. The DenseIO and HighIO shapes are unsupported. See Overview of the Compute Service in the Oracle Cloud Infrastructure Services documentation.

If you select an Oracle Cloud Infrastructure Classic region, Oracle Java Cloud Service provides a set of compute shapes that are optimized for different use cases. Choose from a set of all-purpose and memory-intensive shapes.

All-purpose compute shapes in Oracle Cloud Infrastructure Classic include:

  • OC3: 1 OCPU and 7.5 GB memory

  • OC4: 2 OCPUs and 15 GB memory

  • OC5: 4 OCPUs and 30 GB memory

  • OC6: 8 OCPUs and 60 GB memory

  • OC7: 16 OCPUs and 120 GB memory

  • OC8: 24 OCPUs and 180 GB memory (Not available on Oracle Cloud at Customer)

  • OC9: 32 OCPUs and 240 GB memory (Not available on Oracle Cloud at Customer)

Memory-intensive compute shapes in Oracle Cloud Infrastructure Classic include:

  • OC1M: 1 OCPUs and 15 GB memory

  • OC2M: 2 OCPU and 30 GB memory

  • OC3M: 4 OCPUs and 60 GB memory

  • OC4M: 8 OCPUs and 120 GB memory

  • OC5M: 16 OCPUs and 240 GB memory

See About Shapes in Using Oracle Cloud Infrastructure Compute Classic and About JVM Heap Settings.

For a Universal Credits subscription, you will be billed at the Pay-as-you-go rate when you exceed your monthly or annual maximum credit.

WebLogic Cluster

A WebLogic cluster is defined by a compute shape and server count.

You select an initial cluster size of 1, 2, or 4 Managed Servers. In general, the larger the cluster the more application requests that can be processed by your service instance. However, with Oracle Java Cloud Service you can also scale in and out the cluster after you create the service instance.

Another design consideration when selecting the cluster size is continued availability during patching. If the cluster has 2 or more nodes, then during patching, at least 1 node continues to serve requests. This won't be possible with a 1-node cluster.

If you create a service instance with an Oracle-managed load balancer (Oracle Cloud Infrastructure Load Balancing or Oracle Cloud Infrastructure Load Balancing Classic), you can optionally create up to 8 clusters for the instance. You cannot create multiple clusters for service instances that include a user-managed load balancer (Oracle Traffic Director). You configure each cluster with its own compute shape and initial server count (1, 2, or 4 Managed Servers). You might consider creating multiple clusters if, for example, multiple applications or different tiers of your application have different capacity requirements. See Recommended Multi-Tier Architecture in Administering Clusters for Oracle WebLogic Server.

Optionally, you can specify a path prefix for a cluster, which is used to configure the load balancer. For example, the load balancer could route traffic from URLs with the prefix /mystore to the cluster cluster1. If you do not specify a path prefix, then the path prefix is the cluster name.

For more information about clusters see:

Availability Domain

This feature is specific to Oracle Cloud Infrastructure regions.

An availability domain consists of a set of data centers within an Oracle Cloud Infrastructure region.

A region can have multiple isolated availability domains with separate power and cooling, for example. The availability domains within a region are interconnected via a low-latency network. See Regions and Availability Domains in the Oracle Cloud Infrastructure Services documentation.

Subnet

This feature is specific to Oracle Cloud Infrastructure regions.

A subnet is a subdivision of a cloud network. Each subnet exists in a single availability domain and consists of a contiguous range of IP addresses that do not overlap with other subnets in the cloud network.

You can create your own subnet before you provision an Oracle Java Cloud Service instance. See VCNs and Subnets in the Oracle Cloud Infrastructure Services documentation.

For convenience, if you do not explicitly select a subnet (No Preference), then the service instance is assigned to a subnet in the predefined Virtual Cloud Network (VCN) named svc-vcn, which is found in the compartment named ManagedCompartmentForPaaS. You cannot modify these predefined subnets, such as assigning a custom security list. If you prefer more control over the network configuration for your service instance, then create a custom subnet.

You must satisfy certain subnet and policy prerequisites when you create a subnet for use with Oracle Java Cloud Service instances. See Prerequisites for PaaS Services on Oracle Cloud Infrastructure in the Oracle Cloud Infrastructure Services documentation.

IP Network

This feature is specific to Oracle Cloud Infrastructure Classic regions.

If you select a specific Oracle Cloud Infrastructure Classic region for your service instance, then you can also select an IP network in that region. Using an IP network gives you more control over the configuration of the network in which your service instance is placed.

By default, if you select an IP network, each underlying node is auto-assigned a public and private IP address. As a result, the IP address might change each time a service instance is started. To assign fixed public IP addresses to instances attached to the IP network, you can create and use IP reservations.

When you select an IP network during provisioning, you must also select a Oracle Database Cloud Service instance that is on an IP network. If the Oracle Java Cloud Service and Oracle Database Cloud Service are attached to different IP networks, then the two IP networks must be connected to the same IP network exchange. The required access rules for the Oracle Java Cloud Service instance and Oracle Database Cloud Service database deployment to communicate are created automatically.

If you want to create a service instance that uses an IP network and also includes an Oracle-managed load balancer running on Oracle Cloud Infrastructure Load Balancing Classic, you must first attach an Internet-facing load balancer to the IP network. A service instance uses an Oracle-managed load balancer when you enable authentication with Oracle Identity Cloud Service.

See:

Public IP Address

You can choose whether or not to assign public IP addresses to the nodes in your service instance.

By default, any node that is created during instance provisioning, or is later added as part of a scaling operation, will have a public IP address assigned to it. You will be able to directly access the nodes in the service instance, and the Java EE applications deployed to these nodes, from the public Internet.

If you choose not to assign public IP addresses, you will not be able to directly access the nodes in the service instance from the public Internet. This option is for use cases where you only intend to access your Java EE applications from within your private cloud network or from your on-premises data center over a VPN network.

The procedure for creating a service instance with no public IP addresses varies depending on the region type:

When you create a service instance in an Oracle Cloud Infrastructure Classic region, you can choose to create a public or private Oracle-managed load balancer for your service instance. A private load balancer in Oracle Cloud Infrastructure Load Balancing Classic cannot be accessed from the public Internet.

You can further control the nodes and port numbers in your service instance that are accessible from the Internet or other Oracle Cloud resources:

Reserved IP Address

This feature is specific to Oracle Cloud Infrastructure Classic regions.

If you select a specific region for your service instance, you can also assign reserved IP addresses to use for the nodes in your service instance.

Reserved IP addresses are specific to a region.

Reserved IP addresses are persistent. If you create a service instance that uses a set of reserved IP addresses, you can reuse the IP addresses after you delete the instance.

The number of IP addresses you create must match the number of nodes in your service instance cluster. You can either select individual IP addresses for every node or allow Oracle to assign them automatically.

If you have created multiple clusters, the number of IP addresses you create must match the total number of nodes in all the clusters.

See Reserve IP Addresses.

Domain Partition

A WebLogic Server 12c domain can optionally be organized into multiple partitions.

Each partition is dedicated to running specific applications and related resources, and is managed independently of other partitions in the same domain. You can define partitions when you create a service instance, and you can add or remove domain partitions after you create the service instance by using Fusion Middleware Control. These domain partitions will be created with a default resource management policy.

Domain partitions also enable you to create different security realms for the overall WebLogic Server domain and for each partition. Each security realm can have its own identity store with users, credentials and groups.

See About WebLogic Server MT in Using WebLogic Server Multitenant.

You cannot configure domain partitions if you select:
  • The Oracle Java Cloud Service Virtual Image (BASIC) service level

  • The Oracle Java Cloud Service Fusion Middleware — Oracle WebCenter Portal service level

  • The Oracle Java Cloud Service Fusion Middleware — Oracle Data Integrator service level

  • The Standard Edition of WebLogic Server

  • The 11g release of WebLogic Server

User Authentication

By default, the WebLogic Server domain in a service instance is configured to use the local WebLogic identity store to maintain administrators, application users, groups and roles. These security elements are used to authenticate users and to also authorize access to tools like the WebLogic Server Administration Console.

If your cloud account includes Oracle Identity Cloud Service, an Oracle Java Cloud Service instance can also use Oracle Identity Cloud Service for authentication. As a result, users that access your applications or the administration consoles in this service instance are authenticated against Oracle Identity Cloud Service if they are not found in the local WebLogic identity store. See Use Oracle Identity Cloud Service with Oracle Java Cloud Service.

You can also create a service instance within a specific identity domain in Oracle Identity Cloud Service (Not available on Oracle Cloud at Customer). Each identity domain has an independent set of users. For example, you might create separate identity domains for test users and production users. By default, service instances are created in the primary identity domain in Oracle Identity Cloud Service. See About Multiple Instances in Administering Oracle Identity Cloud Service.

You cannot configure a service instance to use Oracle Identity Cloud Service if you select:

  • The Oracle Java Cloud Service Virtual Image (BASIC) service level

  • The 11g release of WebLogic Server

Administrator Access

This feature is specific to Oracle Cloud Infrastructure Classic regions.

By default, remote access to the Administration Server is disabled in a service instance for security purposes.

This includes the use of the WebLogic Server Administration Console and Fusion Middleware Control Console, as well as remote WebLogic Scripting Tool (WLST) commands. You can enable console access either when you create a service instance, or later after it has been created.

Client Access

By default, a service instance can be accessed only over secure protocols like HTTPS and SSH.

If you plan to access an application through the HTTP port, you can enable this port manually after creating a service instance.

The HTTP port is disabled by default only when creating the service instance by using the Oracle Java Cloud Service console. The HTTP port is enabled by default if you create the service instance by using the REST API or CLI.

See About the Default Access Ports.

Coherence Data Tier

If you choose to provision an Oracle Coherence data tier in your service instance, Oracle Java Cloud Service creates a WebLogic Server cluster in the domain to host your in-memory data grid, or cache. This Coherence cluster provides your applications with fast, reliable, and scalable access to frequently used data.

You configure the data grid’s initial cache capacity by configuring the cluster size, the number of nodes, and the number of servers per node. After a service instance is created, you can increase cache capacity by adding more nodes to the data grid cluster. See About Cache Capacity for a Service Instance.

While you can create up to eight application clusters in a new service instance, you can create only one WebLogic Server cluster for the data grid.

Oracle Java Cloud Service can only provision a Coherence data tier in your service instance if you select Enterprise Edition with Coherence (Suite).

Database

Every service instance must be associated with an existing relational database in Oracle Cloud. Oracle Java Cloud Service provisions the required infrastructure schema on the selected database.

The supported database services in Oracle Cloud vary by region.

Region Type Infrastructure Schema Database Options
Oracle Cloud Infrastructure region (Not available on Oracle Cloud at Customer)
  • Oracle Cloud Infrastructure Database
  • Oracle Autonomous Transaction Processing
  • Oracle Database Cloud Service
Oracle Cloud Infrastructure Classic region
  • Oracle Database Cloud Service
  • Oracle Database Exadata Cloud Service

If you specify No Preference for region, or if you have an older Oracle Cloud account that doesn't include regions, then you can choose from the same database options as Oracle Cloud Infrastructure Classic.

All databases must be in an active state and not currently in the process of being provisioned. The WebLogic Server domain in a service instance uses Java Database Connectivity (JDBC) to access the databases.

When you associate a service instance with an Oracle Database Cloud Service or Oracle Database Exadata Cloud Service deployment for the infrastructure database schema, you can also associate the service instance with up to four additional database deployments in order to access your application schemas. This feature is not available for service instances that use other database services, but you can also manually configure JDBC data sources for your application schemas after creating the service instance. This feature is also not available for service instances that use the Virtual Image (BASIC) service level.

To ensure that you can restore the database for an Oracle Java Cloud Service instance without risking data loss for other service instances, Oracle recommends that you do not associate the same infrastructure schema database (or the same pluggable database) with multiple service instances. Backups of a database that is used with multiple Oracle Java Cloud Service instances contain data for all the instances. Therefore, if you restore the database from a backup, data for all the service instances is restored, which might not be the intended result.

The following limitations apply only to service instances that use Oracle Database Cloud Service as the infrastructure schema database.

  • When you create an Oracle Java Cloud Service instance on a secondary Oracle Identity Cloud Service domain, you can't use Oracle Database Cloud Service for the infrastructure schema. The only option is to use an Oracle Cloud Infrastructure Database or Autonomous Transaction Processing database. You can use an Oracle Database Cloud Service deployment for the infrastructure schema for the default Oracle Identity Cloud Service domain only.
  • You cannot use an Oracle Database Cloud Service deployment running Oracle Database 18c.
  • You can use an Oracle Database Cloud Service deployment running Oracle Database 12.2, but only for service instances running Oracle WebLogic Server 12.2.1 or later.
  • Create Oracle Database Cloud Service deployments with a backup option other than NONE. This configuration enables Oracle Java Cloud Service to coordinate backups across your service instance and the database. Coordinated backups are not supported for other database services.

The following limitations apply only to service instances on Oracle Cloud Infrastructure regions:

  • You must create a security policy in Oracle Cloud Infrastructure in order for your Oracle Autonomous Transaction Processing database or Oracle Cloud Infrastructure Database to be displayed in the Oracle Java Cloud Service web console. See Creating the Infrastructure Resources Required for Oracle Platform Services.
  • Database instances in Oracle Database Cloud Service and Oracle Cloud Infrastructure Database must be in the same region and virtual cloud network (VCN) as the Oracle Java Cloud Service instance. The database and service instance do not need to be in the same subnet or availability domain, but it might be necessary to create and assign security rules to the subnets in order to enable communication between them. The database and service instance can be on different VCNs only if you configure VCN peering. See VCNs and Subnets in the Oracle Cloud Infrastructure Services documentation.
  • To use Oracle Cloud Infrastructure Database, you must assign a custom subnet to your service instance. The default subnet is not supported.
  • To use a Bare Metal database in Oracle Cloud Infrastructure Database, you must create the service instance with the Oracle Java Cloud Service REST API or CLI. The web console supports only VM and Exadata databases in Oracle Cloud Infrastructure Database.
  • You can use an Oracle Cloud Infrastructure Database running Oracle Database 12.2, but only for service instances running Oracle WebLogic Server 12.2.1 or later.
  • Oracle Database Cloud Service does not support Real Application Cluster (RAC) databases containing multiple nodes on Oracle Cloud Infrastructure.
  • To use an Oracle Autonomous Transaction Processing database, the service instance must be running WebLogic Server 12.2.1.3 or later, and the service instance cannot use the Fusion Middleware — Oracle WebCenter Portal or Fusion Middleware — Oracle Data Integrator service levels.
  • The Oracle Java Cloud Service cloning feature is not supported for service instances that use databases in Oracle Cloud Infrastructure Database or Oracle Autonomous Transaction Processing.

The following limitations apply only to service instances on Oracle Cloud Infrastructure Classic regions:

  • The database must be in the same region as the Oracle Java Cloud Service instance.
  • If you specify an IP network for a service instance, the infrastructure schema database for the Oracle Java Cloud Service instance must also be attached to an IP network. If the service instance and the database are attached to different IP Networks, the two IP networks must be connected to the same IP network exchange. See Creating an IP Network in Using Oracle Cloud Infrastructure Compute Classic.
  • To use the Virtual Image (BASIC) service level of Oracle Database Cloud Service with the Virtual Image service level of Oracle Java Cloud Service, you must perform additional tasks before you create the Oracle Java Cloud Service instance. See Use a Database Cloud Service - Virtual Image Database Deployment.

For more information about the available database services in Oracle Cloud, see:

Load Balancer

A load balancer routes requests it receives from clients to the WebLogic Servers configured in a service instance.

Using a load balancer within your service instance is recommended if you are configuring more than one Managed Server or more than one cluster. A load balancer also gives you the ability to suspend access to a service instance temporarily to perform routine maintenance.

Oracle Java Cloud Service supports two load balancer options:

  • A user-managed load balancer that runs within your service instance. You can access, patch, and administer this type of load balancer like other nodes in your service instance.
  • An Oracle-managed load balancer that is automatically patched and maintained by Oracle. This load balancer is provisioned in Oracle Cloud Infrastructure Load Balancing or Oracle Cloud Infrastructure Load Balancing Classic, depending on the region where the service instance is created.

The user-managed load balancer in Oracle Java Cloud Service is an instance of Oracle Traffic Director (OTD) and is administered through the Load Balancer Console. A service instance can include zero, one or two load balancer nodes running OTD. Each load balancer node is assigned a separate public IP address.

The Oracle-managed load balancer is automatically deployed on multiple nodes to provide high availability and is accessed by clients using a single public IP address. The configuration options vary by region:

  • On Oracle Cloud Infrastructure regions, you can assign a regional subnet that will be shared by all the load balancer nodes. A regional subnet is not scoped to any particular availability domain, so the subnet contains resources in any of a region's availability domains. Oracle recommends assigning a regional subnet to enable high availability, with automatic failover from one availability domain to another if needed.
  • On Oracle Cloud Infrastructure regions, Oracle recommends that you assign a regional subnet, but you can assign a non-regional (availability domain-scoped) subnet to each load balancer node if needed. For high availability, Oracle recommends that each subnet be associated with a different availability domain in the selected region. If the selected region has one availability domain, you can specify only one subnet, which is assigned to both load balancer nodes.
  • On Oracle Cloud Infrastructure regions, if you configure the service instance to use Oracle Identity Cloud Service for authentication, then you must also provision an Oracle-managed load balancer. However, you can also create an instance with an Oracle-managed load balancer that does not use Oracle Identity Cloud Service.
  • On Oracle Cloud Infrastructure Classic regions, in order to provision an Oracle-managed load balancer, you must also configure the service instance to use Oracle Identity Cloud Service for authentication.
  • On Oracle Cloud Infrastructure Classic regions, if you specify an IP Network for your service instance, you can choose to create a public or private Oracle-managed load balancer. A private load balancer cannot be accessed from the public Internet. It is for use cases where you only intend to access your service instance from within your private cloud network or from your on-premises data center over a VPN network.

You cannot configure a service instance to use an Oracle-managed load balancer if you select:

  • The Oracle Java Cloud Service Virtual Image (BASIC) service level
  • The 11g release of WebLogic Server

See About the Load Balancer in Oracle Java Cloud Service.

Backup Location

When provisioning a service instance, you can choose to enable or disable automated backups.

If you do not enable backups, you will not be able to initiate on-demand backups as well. You can also configure backups for a service instance after its creation.

Backups are recorded to a specified object storage location in Oracle Cloud:

  • For a service instance in an Oracle Cloud Infrastructure region, you must create this storage bucket manually.

  • For a service instance in an Oracle Cloud Infrastructure Classic region, you can create this storage container manually, or Oracle Java Cloud Service can create one automatically while you are provisioning the service instance.

See Create an Object Storage Container.