About the Components of Oracle WebLogic Server for Oracle Cloud Infrastructure

Learn about the Oracle Cloud Infrastructure components that comprise Oracle WebLogic Server for Oracle Cloud Infrastructure.

Topics

The following diagram illustrates the components of a typical Oracle WebLogic Server for Oracle Cloud Infrastructure deployment.

Description of architecture_diagram.png follows
Description of the illustration architecture_diagram.png

Oracle WebLogic Server

An Oracle WebLogic Server domain consists of one administration server and one or more managed servers to host your Java application deployments.

Oracle WebLogic Server for Oracle Cloud Infrastructure supports these Oracle WebLogic Server editions:

  • Oracle WebLogic Server Standard Edition
  • Oracle WebLogic Server Enterprise Edition
    • Includes all features and benefits of Oracle WebLogic Server Standard Edition
    • Includes clustering for high availability and scalability of Java resources and applications
    • Includes Oracle Java SE Advanced (Java Mission Control and Java Flight Recorder) for diagnosing problems in development and production
  • Oracle WebLogic Suite
    • Includes all features and benefits of Oracle WebLogic Server Enterprise Edition
    • Includes Oracle Coherence for increased performance and scalability
    • Includes Active Gridlink for RAC for advanced database connectivity

Oracle WebLogic Server for Oracle Cloud Infrastructure does not provision a cluster in domains running WebLogic Server Standard Edition.

Oracle Cloud Infrastructure OS Management service is enabled on Oracle WebLogic Server for Oracle Cloud Infrastructure instance. See Getting Started with OS Management.

Oracle WebLogic Server for Oracle Cloud Infrastructure supports Oracle WebLogic Server 11g and 12c releases. See About Oracle WebLogic Server for Oracle Cloud Infrastructure for specific version information.

Oracle WebLogic Server for Oracle Cloud Infrastructure can create these domain configurations:

  • A basic domain that does not require a database (Oracle WebLogic 12c only).
  • A domain that includes the Java Required Files (JRF) components and also requires a database. A JRF-enabled domain:
    • Supports the Oracle Application Development Framework (ADF)
    • Can be administered and monitored using the Oracle Fusion Middleware Control console, as well as the standard Oracle WebLogic Server tools

All Oracle WebLogic Server 11g domains include JRF and require a database.

Marketplace

Oracle WebLogic Server for Oracle Cloud Infrastructure is accessed as a collection of applications in the Oracle Cloud Infrastructure Marketplace.

Oracle Cloud Infrastructure Marketplace is an online store that's available in the Oracle Cloud Infrastructure console. When you launch an Oracle WebLogic Server for Oracle Cloud Infrastructure application from Marketplace, it prompts you for some basic information, and then directs you to Resource Manager to complete the configuration of your Oracle WebLogic Server domain and supporting cloud resources.

Choose an Oracle WebLogic Server for Oracle Cloud Infrastructure application that meets your functional and licensing requirements.

See Overview of Marketplace in the Oracle Cloud Infrastructure documentation.

Resource Manager

Oracle WebLogic Server for Oracle Cloud Infrastructure uses Resource Manager in Oracle Cloud Infrastructure to provision the cloud instances and networks that support your Oracle WebLogic Server domain.

Resource Manager is an Oracle Cloud Infrastructure service that uses Terraform to provision, update, and destroy a collection of related cloud resources as a single unit called a stack. Resource Manager supports most resource types in Oracle Cloud Infrastructure, but a stack in Oracle WebLogic Server for Oracle Cloud Infrastructure is comprised of these components:

  • A compute instance running the administration server and the first managed server
  • A compute instance for each additional managed server in the domain
  • A bastion compute instance that provides administrative access to a domain on a private subnet
  • A virtual cloud network (VCN), including subnets, route tables, and security lists (optional)
  • A load balancer (optional)

See Overview of Resource Manager in the Oracle Cloud Infrastructure documentation.

Compute

The servers that make up an Oracle WebLogic Server domain run on one or more Oracle Cloud Infrastructure Compute instances.

Oracle WebLogic Server for Oracle Cloud Infrastructure creates Oracle Linux compute instances, and automatically installs the Oracle WebLogic Server software and creates the domain configuration on these instances.

You select the Oracle WebLogic Server edition and version you want to provision. If you plan to run Oracle WebLogic Server Standard Edition and require more than 4 nodes, then create a domain that runs Oracle WebLogic Server 12c Standard Edition. Oracle WebLogic Server for Oracle Cloud Infrastructure does not support more than 4 nodes if you use Oracle WebLogic Server 11g Standard Edition. For all other editions and versions, the maximum is 8 nodes, which can be scaled out to 30 when you edit the domain.

You assign a shape to a domain, which determines the number of CPUs and the amount of memory allocated to each compute instance in the domain. If you create a domain in a private subnet, you can assign a different shape to the bastion compute instance. Oracle Cloud Infrastructure offers a variety of bare metal (BM) and virtual machine (VM) shapes. However, Oracle WebLogic Server for Oracle Cloud Infrastructure only supports the VM.Standard2.x, VM.Standard.E2.x, BM.Standard2.x, and BM.Standard.E2.x shapes. Some shapes might not be available in all regions.

You also assign a secure shell (SSH) public key to the compute instances for a domain. You can access and administer the operating system on the compute instances by using an SSH client and the matching private key.

All of the compute instances for a domain are created in a single availability domain (AD). An availability domain represents a data center within an Oracle Cloud Infrastructure region. Each availability domain contains three fault domains. Oracle WebLogic Server for Oracle Cloud Infrastructure automatically distributes the compute instances across these availability domains for high availability. If a single AD is available, the VMs are spread across fault domains.

Note:

In a regional subnet, if you use shapes with service limits that are set for an availability domain, then for high availability the fault domains are used.

See Overview of the Compute Service and Regions and Availability Domains in the Oracle Cloud Infrastructure documentation.

Virtual Cloud Network

Oracle WebLogic Server for Oracle Cloud Infrastructure assigns compute instances and load balancers to specific subnets in a virtual cloud network (VCN).

A VCN in Oracle Cloud Infrastructure covers a single, contiguous CIDR block of your choice. A subnet is a subdivision of a VCN that consists of a contiguous range of IP addresses that do not overlap with other subnets in the VCN. A VCN includes one or more subnets, route tables, security lists, gateways, and DHCP options.

Oracle WebLogic Server for Oracle Cloud Infrastructure can automatically create a VCN and subnets for a new Oracle WebLogic Server domain, or you can create your own VCN and subnets before creating a domain. By default subnets span an entire region in Oracle Cloud Infrastructure. Alternatively, you can create subnets that are specific to one availability domain (AD) in a region.

By default subnets are public. Any compute instances assigned to a private subnet can not be directly accessed from outside of Oracle Cloud. To enable the administration of compute instances in a private subnet, Oracle WebLogic Server for Oracle Cloud Infrastructure can create a separate public subnet and bastion compute instance. Oracle WebLogic Server for Oracle Cloud Infrastructure can also create a service gateway in a VCN so that compute instances can access other cloud services like Key Management and Oracle Autonomous Transaction Processing, without using the public Internet.

If you already have an existing bastion to provide public access to the compute instances, or if you already have a VPN connection to your on-premise network, then you can delete the bastion instance created by Oracle WebLogic Server for Oracle Cloud Infrastructure.

Note:

Configuring a bastion is optional.

If you do not configure a bastion, no status is returned for provisioning. You must check the status of provisioning by connecting to each compute instance and confirm that the /u01/provStartMarker file exists with details found in the file /u01/logs/provisioning.log file. See Configure a Bastion.

See Overview of Networking in the Oracle Cloud Infrastructure documentation.

Load Balancer

Oracle Cloud Infrastructure Load Balancing routes requests it receives from clients to the managed servers in your Oracle WebLogic Server domain.

When you create a domain, Oracle WebLogic Server for Oracle Cloud Infrastructure can automatically create a load balancer in Oracle Cloud Infrastructure and configure it to distribute traffic across the servers in your domain. Using a load balancer is recommended if your cluster size is greater than one.

By default, the load balancer is public. If you create a domain in a private subnet, Oracle WebLogic Server for Oracle Cloud Infrastructure can provision a private load balancer instead of a public one. A private load balancer does not have a public IP address and cannot be accessed from outside of Oracle Cloud, unless you have configured a virtual private network (VPN) between your VCN and your on-premise data center.

A load balancer consists of primary and standby instances but it is accessible from a single public IP address. If the primary instance fails, traffic is automatically routed to the standby instance.

If your region includes multiple availability domains (AD), the load balancer supports two networking options:

  • Assign the load balancer to one regional subnet
  • Assign the load balancer to two AD-specific subnets

Session persistence is a method to direct all requests originating from a single logical client to a single backend server. By default, session persistence is enabled on the load balancer with the Enable Load balancer cookie persistence option, but you can update the load balancer after creating a domain.

See these topics in the Oracle Cloud Infrastructure documentation:

Database

To create an Oracle WebLogic Server domain that includes the Java Required Files (JRF) components, you must provide an existing database in Oracle Cloud Infrastructure.

Choose one of these database options:

  • Oracle Autonomous Transaction Processing
    • Not supported with Oracle WebLogic Server 11g
    • Both dedicated and shared infrastructure autonomous database options are supported.
    • See Overview of the Autonomous Database in the Oracle Cloud Infrastructure documentation.
  • Oracle Cloud Infrastructure Database
    • Bare metal, virtual machine (VM), and Exadata DB systems are supported.
    • For a 1-node VM DB system, you can use the fast provisioning option to create the database. Oracle WebLogic Server for Oracle Cloud Infrastructure supports using Logical Volume Manager as the storage management software for a 1-node VM DB system.
    • Oracle WebLogic Server 11g supports Oracle Database 11g and 12.1 only.
    • See Overview of the Database Service in the Oracle Cloud Infrastructure documentation.
Oracle WebLogic Server for Oracle Cloud Infrastructure supports the same database versions and drivers as those for on-premise WebLogic Server installations. Refer to the following documents at Oracle Fusion Middleware Supported System Configurations:
  • System Requirements and Supported Platforms for Oracle Fusion Middleware 12c (12.2.1.4.0)
  • System Requirements and Supported Platforms for Oracle Fusion Middleware 12c (12.2.1.3.0)
  • System Requirements and Supported Platforms for Oracle WebLogic Server 10.3

When you create a domain and associate it with an existing database, Oracle WebLogic Server for Oracle Cloud Infrastructure does the following:

  • Provisions the schemas to support the JRF components in the selected database
  • Provisions data sources in the domain that provide connectivity to the selected database
  • Deploys the JRF components and libraries to the domain

If you use an Oracle Cloud Infrastructure Database, the type of data sources that are created in the domain depend on the WebLogic Server edition and the number of database nodes.

  • GridLink data sources for Oracle WebLogic Suite and a 2-node RAC DB system
  • Multi data sources for Oracle WebLogic Server Enterprise Edition and a 2-node RAC DB system
  • Generic data sources for all other configurations

See Understanding JDBC Resources in WebLogic Server in Administering JDBC Data Sources for Oracle WebLogic Server.

If you use a private subnet for WebLogic Server and Oracle Autonomous Transaction Processing, Oracle WebLogic Server for Oracle Cloud Infrastructure uses a service gateway in the VCN to access the database. The service gateway provides network access to cloud service without using the public Internet. See Access to Oracle Services: Service Gateway in the Oracle Cloud Infrastructure documentation.

If your Oracle Cloud Infrastructure Database is on a different VCN than the VCN you want to use for WebLogic Server, then Oracle WebLogic Server for Oracle Cloud Infrastructure creates a Local Peering Gateway in each VCN so that they are able to communicate. Oracle WebLogic Server for Oracle Cloud Infrastructure also creates a separate public subnet and compute instance in each VCN to forward Domain Name Service (DNS) traffic across the VCNs.

This configuration is called local VCN peering, and it is illustrated by the following diagram.

Description of architecture_peering_diagram.png follows
Description of the illustration architecture_peering_diagram.png

If you want multiple JRF-enabled domains to use the same Oracle Cloud Infrastructure Database, then you cannot use local VCN peering. For this case, you must create the domains and the database in the same VCN.

Local VCN peering cannot be used to connect WebLogic Server to an Oracle Cloud Infrastructure Database in a different region. See Local VCN Peering in the Oracle Cloud Infrastructure documentation.

Vault

Oracle Cloud Infrastructure Vault (formerly known as Key Management) enables you to manage sensitive information using vaults, keys, and secrets when creating an Oracle WebLogic Server domain.

A vault is a container for encryption keys and secrets. A standard vault is hosted on a hardware security module (HSM) partition with multiple tenants, and uses a more cost-efficient, key-based metric for billing purposes. A virtual private vault provides greater isolation and performance by allocating a dedicated partition on an HSM.

Secrets store credentials such as required passwords for a new domain. You use an encryption key in a vault to encrypt and import secret contents to the vault. Secret contents are based64-encoded. Oracle WebLogic Server for Oracle Cloud Infrastructure uses the same key to retrieve and decrypt secrets when creating the domain.

Parameters for a new domain include:

  • The secret for the password for the default Oracle WebLogic Server administrator
  • The secret for the administrator password for an existing database, if you are creating a domain that includes the Java Required Files (JRF) components
  • The secret for the client secret for an existing confidential application, if you are creating a domain that uses Oracle Identity Cloud Service for authentication

By default, Oracle WebLogic Server for Oracle Cloud Infrastructure creates a dynamic group and root policy to allow compute instances to access your keys and secrets.

See:

Identity

Oracle Identity Cloud Service provides Oracle Cloud administrators with a central security platform to manage the relationships that users have with your applications.

By default, the Oracle WebLogic Server domain is configured to use the local WebLogic Server identity store to maintain administrators, application users, groups, and roles. These security elements are used to authenticate users, and to also authorize access to your applications and to tools like the WebLogic Server Administration Console.

Oracle WebLogic Server for Oracle Cloud Infrastructure can configure a domain running WebLogic Server 12c to use Oracle Identity Cloud Service for authentication. The following diagram illustrates this configuration.

Description of architecture_idcs_diagram.png follows
Description of the illustration architecture_idcs_diagram.png

This configuration is supported only for Oracle Cloud accounts that include Oracle Identity Cloud Service 19.2.1 or later.

Oracle WebLogic Server for Oracle Cloud Infrastructure configures an App Gateway in Oracle Identity Cloud Service. It also provisions each compute instance in the domain with the App Gateway software appliance. The App Gateway acts as a reverse proxy, intercepts HTTP requests to the domain, and ensures that the users are authenticated with Oracle Identity Cloud Service.

Oracle WebLogic Server for Oracle Cloud Infrastructure creates two security applications in Oracle Identity Cloud Service to support the domain. A confidential application allows the domain to securely access the identity provider using the OAuth protocol. An enterprise application defines the URLs that are protected by the App Gateway.

If you enable integration with Oracle Identity Cloud Service for a domain, then you must also enable a load balancer for the domain.

See About Oracle Identity Cloud Service Concepts in Administering Oracle Identity Cloud Service.