About the Components of Oracle WebLogic Cloud

Learn about the Oracle Cloud Infrastructure components that comprise Oracle WebLogic Cloud.

Oracle WebLogic Server

An Oracle WebLogic Server domain consists of one administration server and one or more managed servers to host your Java application deployments.

Oracle WebLogic Cloud supports these Oracle WebLogic Server editions:

  • Oracle WebLogic Server Standard Edition
  • Oracle WebLogic Server Enterprise Edition
    • Includes all features and benefits of Oracle WebLogic Server Standard Edition
    • Includes clustering for high availability and scalability of Java resources and applications
    • Includes Oracle Java SE Advanced (Java Mission Control and Java Flight Recorder) for diagnosing problems in development and production
  • Oracle WebLogic Suite
    • Includes all features and benefits of Oracle WebLogic Server Enterprise Edition
    • Includes Oracle Coherence for increased performance and scalability
    • Includes Active Gridlink for RAC for advanced database connectivity

Oracle WebLogic Cloud does not provision a cluster in domains running WebLogic Server Standard Edition.

Oracle WebLogic Cloud supports these Oracle WebLogic Server releases:

Oracle WebLogic Cloud can create these domain configurations:

  • A basic domain that does not require a database (Oracle WebLogic 12c only).
  • A domain that includes the Java Required Files (JRF) components and also requires a database. A JRF-enabled domain:
    • Supports the Oracle Application Development Framework (ADF)
    • Can be administered and monitored using the Oracle Fusion Middleware Control console, as well as the standard Oracle WebLogic Server tools

All Oracle WebLogic Server 11g domains include JRF and require a database.

Marketplace

Oracle WebLogic Cloud is accessed as a collection of applications in the Oracle Cloud Infrastructure Marketplace.

Oracle Cloud Infrastructure Marketplace is an online store that's available in the Oracle Cloud Infrastructure console. When you launch an Oracle WebLogic Cloud application from Marketplace, it prompts you for some basic information, and then directs you to Resource Manager to complete the configuration of your Oracle WebLogic Server domain and supporting cloud resources.

Choose an Oracle WebLogic Cloud application that meets your functional and licensing requirements.

See Overview of Marketplace in the Oracle Cloud Infrastructure documentation.

Resource Manager

Oracle WebLogic Cloud uses Resource Manager in Oracle Cloud Infrastructure to provision the cloud instances and networks that support your Oracle WebLogic Server domain.

Resource Manager is an Oracle Cloud Infrastructure service that uses Terraform to provision, update, and destroy a collection of related cloud resources as a single unit called a stack. Resource Manager supports most resource types in Oracle Cloud Infrastructure, but a stack in Oracle WebLogic Cloud is comprised of these components:

  • A compute instance running the administration server and the first managed server
  • A compute instance for each additional managed server in the domain
  • A bastion compute instance that provides administrative access to a domain on a private subnet
  • A virtual cloud network (VCN), including subnets, route tables, and security lists (optional)
  • A load balancer (optional)

See Overview of Resource Manager in the Oracle Cloud Infrastructure documentation.

Compute

The servers that make up an Oracle WebLogic Server domain run on one or more Oracle Cloud Infrastructure Compute instances.

Oracle WebLogic Cloud creates Oracle Linux compute instances, and automatically installs the Oracle WebLogic Server software and creates the domain configuration on these instances.

You assign a shape to a domain, which determines the number of CPUs and the amount of memory allocated to each compute instance in the domain. If you create a domain in a private subnet, you can assign a different shape to the bastion compute instance. Oracle Cloud Infrastructure offers a variety of bare metal (BM) and virtual machine (VM) shapes. However, Oracle WebLogic Cloud only supports the VM.Standard2.x, VM.Standard.E2.x, BM.Standard2.x, and BM.Standard.E2.x shapes. Some shapes might not be available in all regions.

You also assign a secure shell (SSH) public key to the compute instances for a domain. You can access and administer the operating system on the compute instances by using an SSH client and the matching private key.

All of the compute instances for a domain are created in a single availability domain (AD). An availability domain represents a data center within an Oracle Cloud Infrastructure region. Each availability domain contains three fault domains. Oracle WebLogic Cloud automatically distributes the compute instances across these fault domains for high availability.

See Overview of the Compute Service and Regions and Availability Domains in the Oracle Cloud Infrastructure documentation.

Virtual Cloud Network

Oracle WebLogic Cloud assigns compute instances and load balancers to specific subnets in a virtual cloud network (VCN).

A VCN in Oracle Cloud Infrastructure covers a single, contiguous CIDR block of your choice. A subnet is a subdivision of a VCN that consists of a contiguous range of IP addresses that do not overlap with other subnets in the VCN. A VCN includes one or more subnets, route tables, security lists, gateways, and DHCP options.

By default subnets span an entire region in Oracle Cloud Infrastructure. Alternatively, you can create subnets that are specific to one availability domain (AD) in a region.

Oracle WebLogic Cloud can automatically create a VCN and subnets for a new Oracle WebLogic Server domain, or you can create your own VCN and subnets before creating a domain. Oracle WebLogic Cloud supports both regional and AD-scoped subnets.

By default subnets are public. Any compute instances assigned to a private subnet can not be directly accessed from outside of Oracle Cloud. To enable the administration of compute instances in a private subnet, Oracle WebLogic Cloud can create a separate public subnet and bastion compute instance.

See Overview of Networking in the Oracle Cloud Infrastructure documentation.

Load Balancer

Oracle Cloud Infrastructure Load Balancing routes requests it receives from clients to the managed servers in your Oracle WebLogic Server domain.

When you create a domain, Oracle WebLogic Cloud can automatically create a load balancer in Oracle Cloud Infrastructure and configure it to distribute traffic across the servers in your domain. Using a load balancer is recommended if your cluster size is greater than one.

By default, the load balancer is public. If you create a domain in a private subnet, Oracle WebLogic Cloud can provision a private load balancer instead of a public one. A private load balancer does not have a public IP address and cannot be accessed from outside of Oracle Cloud, unless you have configured a virtual private network (VPN) between your VCN and your on-premise data center.

A load balancer consists of primary and standby instances but it is accessible from a single public IP address. If the primary instance fails, traffic is automatically routed to the standby instance.

If your region includes multiple availability domains (AD), the load balancer supports two networking options:

  • Assign the load balancer to one regional subnet
  • Assign the load balancer to two AD-specific subnets

See these topics in the Oracle Cloud Infrastructure documentation:

Database

To create an Oracle WebLogic Server domain that includes the Java Required Files (JRF) components, you must provide an existing database in Oracle Cloud Infrastructure.

Choose one of these database options:

  • Oracle Autonomous Transaction Processing
  • Oracle Cloud Infrastructure Database
    • Bare metal, virtual machine, and Exadata DB systems
    • Oracle WebLogic Server 11g supports Oracle Database 11g and 12.1 only.
    • See Overview of the Database Service in the Oracle Cloud Infrastructure documentation.

When you create a domain and associate it with an existing database, Oracle WebLogic Cloud does the following:

  • Provisions the schemas to support the JRF components in the selected database
  • Provisions data sources in the domain that provide connectivity to the selected database
  • Deploys the JRF components and libraries to the domain

Key Management

Oracle Cloud Infrastructure Key Management enables you to manage sensitive information when creating an Oracle WebLogic Server domain.

A vault is a container for encryption keys. You encrypt the required passwords for a new domain using a key, and then Oracle WebLogic Cloud uses the same key to decrypt the passwords when creating the domain.

Parameters for a new domain include:

  • The password for the default Oracle WebLogic Server administrator
  • The administrator password for an existing database, if you are creating a domain that includes the Java Required Files (JRF) components
  • The client secret for an existing confidential application, if you are creating a domain that uses Oracle Identity Cloud Service for authentication

Key Management offers virtual vaults and virtual private vaults. A virtual private vault provides greater isolation and performance by allocating a dedicated partition on a hardware security module (HSM). A virtual vault is hosted on a partition with multiple tenants, and uses a more cost-efficient, key-based metric for billing purposes.

Oracle is offering customers the opportunity to try out virtual vaults in our limited availability release. When requesting a service limit increase, you can also indicate that you want to try virtual vaults.

See:

Identity

Oracle Identity Cloud Service provides Oracle Cloud administrators with a central security platform to manage the relationships that users have with your applications.

By default, the Oracle WebLogic Server domain is configured to use the local WebLogic Server identity store to maintain administrators, application users, groups, and roles. These security elements are used to authenticate users, and to also authorize access to your applications and to tools like the WebLogic Server Administration Console.

Oracle WebLogic Cloud can configure a domain running WebLogic Server 12c to use Oracle Identity Cloud Service for authentication. The following diagram illustrates this configuration.

Description of architecture_idcs_diagram.png follows
Description of the illustration architecture_idcs_diagram.png

This configuration is supported only for Oracle Cloud accounts that include Oracle Identity Cloud Service 19.2.1 or later.

Oracle WebLogic Cloud configures an App Gateway in Oracle Identity Cloud Service. It also provisions each compute instance in the domain with the App Gateway software appliance. The App Gateway acts as a reverse proxy, intercepts HTTP requests to the domain, and ensures that the users are authenticated with Oracle Identity Cloud Service.

Oracle WebLogic Cloud creates two security applications in Oracle Identity Cloud Service to support the domain. A confidential application allows the domain to securely access the identity provider using the OAuth protocol. An enterprise application defines the URLs that are protected by the App Gateway.

If you enable integration with Oracle Identity Cloud Service for a domain, then you must also enable a load balancer for the domain.

See About Oracle Identity Cloud Service Concepts in Administering Oracle Identity Cloud Service.