1. Administering Oracle Java Cloud Service
  2. Secure an Oracle Java Cloud Service Instance
  3. Configure Network Security
  4. Enable Communication Between Service Instances

Enable Communication Between Service Instances

Not Oracle Cloud Infrastructure This topic does not apply to Oracle Cloud Infrastructure. Identify the Cloud Infrastructure Used by a Service Instance.

The default access rules in an Oracle Java Cloud Service instance only permit communication between Managed Server nodes and the database, and between Managed Server nodes and the load balancer (if enabled). Use custom access rules to enable communication between the Managed Servers of different service instances.

If you provisioned this service instance in an Oracle Cloud Infrastructure region, instead you must use the Oracle Cloud Infrastructure Console to create security lists instead of access rules. See Security Lists in the Oracle Cloud Infrastructure Services documentation.

The architecture of a business application may span multiple tiers, where each application tier is a separate Oracle Java Cloud Service instance. Similarly, certain integration features of Oracle WebLogic Server enable applications to easily communicate across multiple domains, such as Foreign JNDI Providers and Foreign JMS Servers. In these scenarios, you must use access rules to explicitly permit network communication between service instances.

You must identify the host names of the nodes in your first service instance. The host names typically use the format domainName-wls-number.

For example, if your domain name is myjcs1 and this domain consists of 3 nodes, the host names would typically be:

  • myjcs1–wls-1

  • myjcs1–wls-2

  • myjcs1–wls-3

You can also identify these host names using the Instance Overview page in the Oracle Java Cloud Service Console. Locate the Host Name property of each node.

Before you begin, use a secure shell (SSH) client to connect to the Administration Server node of the first service instance.

  1. From your SSH session on the Administration Server node, use the nslookup command to identify the corresponding private IP address of each host name.

    For example:

    nslookup myjcs1-wls-2

Name:   myjcs1-wls-2.compute-myaccount.oraclecloud.internal
Address: 203.0.113.13
  2. Access the Oracle Java Cloud Service Console.
  3. Beside your second service instance, click Manage this instance Menu icon, and then select Access Rules.
  4. On the Access Rules page, click Create Rule.
  5. Enter a Rule Name, such as myjcs1–to-myjcs2.
  6. For Source, select <custom>. Enter the private IP addresses for the first service instance as a comma-separated list.

    For example: 203.0.113.13,203.0.113.14,203.0.113.15

    You can also specify multiple IP addresses in CIDR format, such as 203.0.113.1/24.

  7. For Destination, select WLS_MS
  8. For Destination Port(s), enter 8001.

    Note:

    If you configured your Managed Servers to listen on additional ports, you can specify them as a comma-separated list such as 8001,9001.
  9. Accept the default Protocol (TCP).
  10. Click Create.

To return to either the Instances page or the Overview page for the selected service instance, click the locator links at the top of the page.

If you restart a node in the first service instance, the private IP address of the node might change. In order to keep communication open between the restarted node and the second service instance, take one of the following actions:

  • (Not available on Oracle Cloud at Customer) If your service instance is attached to an IP network, use the REST API to restart the node and assign the same private IP address. See Stop and Start a Service Instance and Individual VMs in REST API for Oracle Java Cloud Service.

  • Create a new access rule with the latest private IP address.