Learn about the Oracle Cloud Infrastructure components that comprise Oracle WebLogic Server for OCI.
- Oracle WebLogic Server
- Resource Manager
- Virtual Cloud Network
- Load Balancer
The following diagram illustrates the components of a typical Oracle WebLogic Server for OCI deployment.
Figure 1-1 Components of a Typical Deployment
Description of "Figure 1-1 Components of a Typical Deployment"
Oracle WebLogic Server
An Oracle WebLogic Server domain consists of one administration server and one or more managed servers to host your Java application deployments.
Oracle WebLogic Server for OCI supports these Oracle WebLogic Server editions:
- Oracle WebLogic Server Standard Edition
- Oracle WebLogic
Server Enterprise Edition
- Includes all features and benefits of Oracle WebLogic Server Standard Edition
- Includes clustering for high availability and scalability of Java resources and applications
- Includes Oracle Java SE Advanced (Java Mission Control and Java Flight Recorder) for diagnosing problems in development and production
- Oracle WebLogic
- Includes all features and benefits of Oracle WebLogic Server Enterprise Edition
- Includes Oracle Coherence for increased performance and scalability
- Includes Active Gridlink for RAC for advanced database connectivity
Oracle WebLogic Server for OCI does not provision a cluster in domains running WebLogic Server Standard Edition.
Oracle Cloud Infrastructure OS Management service is enabled on Oracle WebLogic Server for OCI instance. See Getting Started with OS Management.
Oracle WebLogic Server for OCI supports Oracle WebLogic Server 188.8.131.52.0 and 184.108.40.206.0 releases. See About Oracle WebLogic Server for OCI for specific version information.
Oracle WebLogic Server for OCI can create these domain configurations:
- A basic domain that does not require a database (Oracle WebLogic 12c only).
- A domain that includes the Java Required Files (JRF)
components and also requires a database. A JRF-enabled domain:
- Supports the Oracle Application Development Framework (ADF)
- Can be administered and monitored using the Oracle Fusion Middleware Control console, as well as the standard Oracle WebLogic Server tools
Oracle WebLogic Server for OCI is accessed as a collection of applications in the Oracle Cloud Infrastructure Marketplace.
Oracle Cloud Infrastructure Marketplace is an online store that's available in the Oracle Cloud Infrastructure console. When you launch an Oracle WebLogic Server for OCI application from Marketplace, it prompts you for some basic information, and then directs you to Resource Manager to complete the configuration of your Oracle WebLogic Server domain and supporting cloud resources.
Choose an Oracle WebLogic Server for OCI application that meets your functional and licensing requirements.
See Overview of Marketplace in the Oracle Cloud Infrastructure documentation.
Oracle WebLogic Server for OCI uses Resource Manager in Oracle Cloud Infrastructure to provision the cloud instances and networks that support your Oracle WebLogic Server domain.
Resource Manager is an Oracle Cloud Infrastructure service that uses Terraform to provision, update, and destroy a collection of related cloud resources as a single unit called a stack. Resource Manager supports most resource types in Oracle Cloud Infrastructure, but a stack in Oracle WebLogic Server for OCI is comprised of these components:
- A compute instance running the administration server and the first managed server
- A compute instance for each additional managed server in the domain
- A bastion compute instance that provides administrative access to a domain on a private subnet
- A virtual cloud network (VCN), including subnets, route tables, and security lists (optional)
- A load balancer (optional)
See Overview of Resource Manager in the Oracle Cloud Infrastructure documentation.
The servers that make up an Oracle WebLogic Server domain run on one or more Oracle Cloud Infrastructure Compute instances.
Oracle WebLogic Server for OCI creates Oracle Linux compute instances, and automatically installs the Oracle WebLogic Server software and creates the domain configuration on these instances.
You select the Oracle WebLogic Server edition and version you want to provision. If you plan to run Oracle WebLogic Server Standard Edition and require more than 4 nodes, then create a domain that runs Oracle WebLogic Server 12c Standard Edition. For all other editions and versions, the maximum is 8 nodes, which can be scaled out to 30 when you edit the domain.
Attention:Some shapes might not be available in all regions.
You also assign a secure shell (SSH) public key to the compute instances for a domain. You can access and administer the operating system on the compute instances by using an SSH client and the matching private key.
All of the compute instances for a domain are created in a single availability domain (AD). An availability domain represents a data center within an Oracle Cloud Infrastructure region. Each availability domain contains three fault domains. Oracle WebLogic Server for OCI automatically distributes the compute instances across these availability domains for high availability. If a single AD is available, the VMs are spread across fault domains.
Note:In a regional subnet, if you use shapes with service limits that are set for an availability domain, then for high availability the fault domains are used.
Virtual Cloud Network
Oracle WebLogic Server for OCI assigns compute instances and load balancers to specific subnets in a virtual cloud network (VCN).
A VCN in Oracle Cloud Infrastructure covers a single, contiguous CIDR block of your choice. A subnet is a subdivision of a VCN that consists of a contiguous range of IP addresses that do not overlap with other subnets in the VCN. A VCN includes one or more subnets, route tables, security lists, gateways, and DHCP options.
Oracle WebLogic Server for OCI can automatically create a VCN and subnets for a new Oracle WebLogic Server domain, or you can create your own VCN and subnets before creating a domain. By default subnets span an entire region in Oracle Cloud Infrastructure.
By default subnets are public. Any compute instances assigned to a private subnet can not be directly accessed from outside of Oracle Cloud. To enable the administration of compute instances in a private subnet, Oracle WebLogic Server for OCI can create a separate public subnet and bastion compute instance. Oracle WebLogic Server for OCI can also create a service gateway in a VCN so that compute instances can access other cloud services like Key Management and Oracle Autonomous Database, without using the public Internet.
If you already have an existing bastion to provide public access to the compute instances, or if you already have a VPN connection to your on-premise network, then you can delete the bastion instance created by Oracle WebLogic Server for OCI.
Configuring a bastion is optional.
If you do not configure a bastion, no status is returned for provisioning. You must check the status of provisioning by connecting to each compute instance and confirm that the
/u01/provStartMarker file exists with details found in the file
/u01/logs/provisioning.log file. See Configure a Bastion.
See Overview of Networking in the Oracle Cloud Infrastructure documentation.
Oracle Cloud Infrastructure Load Balancing routes requests it receives from clients to the managed servers in your Oracle WebLogic Server domain.
When you create a domain, Oracle WebLogic Server for OCI can automatically create a load balancer in Oracle Cloud Infrastructure and configure it to distribute traffic across the servers in your domain. Using a load balancer is recommended if your cluster size is greater than one.
By default, the load balancer is public. You can also provision a public load balancer with a reserved public IP. If you create a domain in a private subnet, then you can provision a public or private load balancer.
A private load balancer does not have a public IP address and cannot be accessed from outside of Oracle Cloud, unless you have configured a virtual private network (VPN) between your VCN and your on-premise data center.
A load balancer consists of primary and standby instances but it is accessible from a single public IP address. If the primary instance fails, traffic is automatically routed to the standby instance.
If your region includes multiple availability domains (AD), the load balancer supports two networking options:
- Assign the load balancer to one regional subnet
- Assign the load balancer to two AD-specific subnets
Session persistence is a method to direct all requests originating from a single logical client to a single backend server. By default, session persistence is enabled on the load balancer with the
Enable Load balancer cookie persistence option, but you can update the load balancer after creating a domain.
See these topics in the Oracle Cloud Infrastructure documentation:
To create an Oracle WebLogic Server domain that includes the Java Required Files (JRF) components, you must provide an existing database in Oracle Cloud Infrastructure.
- You cannot create an Oracle WebLogic Server domain that includes the Java Required Files (JRF) components for Oracle WebLogic Server 220.127.116.11 as this version does not support JRF.
- Oracle Application Express (APEX) is not supported.
Choose one of these database options:
- Oracle Autonomous Database
- Both dedicated and shared infrastructure autonomous database options are supported.
- See Overview of the Autonomous Database in the Oracle Cloud Infrastructure documentation.
Note:From 22.1.2 release (February 24, 2022) onwards, Free-Tier autonomous database is supported.
- Oracle Cloud Infrastructure
- Bare metal, virtual machine (VM), and Exadata DB systems are supported.
- For a 1-node VM DB system, you can use the fast provisioning option to create the database. Oracle WebLogic Server for OCI supports using Logical Volume Manager as the storage management software for a 1-node VM DB system.
- For Oracle WebLogic Server 12c, you can also specify a database connection string. This database connection string can be used only with existing VCN. To know the database connection string details, see Database Connect String for Database Version and Type in Configure Database Parameters.
- See Overview of the Database Service in the Oracle Cloud Infrastructure documentation.
- System Requirements and Supported Platforms for Oracle Fusion Middleware 14c (18.104.22.168.0)
- System Requirements and Supported Platforms for Oracle Fusion Middleware 12c (22.214.171.124.0)
Note:From release 21.4.3 (December 9, 2021) onwards, you cannot provision a domain in Oracle Oracle WebLogic Server for OCI for Oracle WebLogic server versions 11g (10.3.6.0) and 12c (126.96.36.199) from the Marketplace. However, you can provision a domain for Oracle WebLogic server version 12c (188.8.131.52) using the terraform scripts See Create a Domain for Oracle WebLogic Server 184.108.40.206.0 Using Terraform. The WebLogic binaries for 220.127.116.11 are also available in the public images.
When you create a domain and associate it with an existing database, Oracle WebLogic Server for OCI does the following:
- Provisions the schemas to support the JRF components in the selected database
- Provisions data sources in the domain that provide connectivity to the selected database
- Deploys the JRF components and libraries to the domain
- GridLink data sources for Oracle WebLogic Suite and a 2-node RAC DB system
- Multi data sources for Oracle WebLogic Server Enterprise Edition and a 2-node RAC DB system
- Generic data sources for all other configurations
See Understanding JDBC Resources in WebLogic Server in Administering JDBC Data Sources for Oracle WebLogic Server.
Note:If you use database connect string, then Oracle WebLogic Server for OCI creates a single instance datasource. However, you can update the data source for Oracle WebLogic Suite with Active GridLink data source and data source for Oracle WebLogic Server Enterprise Edition with multi data source. See Configuring Active GridLink Connection Pool Features and Configuring JDBC Multi Data Sources.
If you use a private subnet for WebLogic Server and Oracle Autonomous Database, Oracle WebLogic Server for OCI uses a service gateway in the VCN to access the database. The service gateway provides network access to cloud service without using the public Internet. See Access to Oracle Services: Service Gateway in the Oracle Cloud Infrastructure documentation.
If your Oracle Cloud Infrastructure Database is on a different VCN than the VCN you want to use for WebLogic Server, then Oracle WebLogic Server for OCI creates a Local Peering Gateway in each VCN so that they are able to communicate. Oracle WebLogic Server for OCI also creates a separate public subnet and compute instance in each VCN to forward Domain Name Service (DNS) traffic across the VCNs.
This configuration is called local VCN peering, and it is illustrated by the following diagram.
Description of the illustration architecture_peering_diagram.png
If you use Oracle Cloud Infrastructure Database with connect string, you must peer the VCNs manually before creating the stack if your database VCN is on a different VCN than the WebLogic Server VCN.
If you want multiple JRF-enabled domains to use the same Oracle Cloud Infrastructure Database, then you cannot use local VCN peering. For this case, you must create the domains and the database in the same VCN.
If you choose to create a virtual cloud network for an Oracle WebLogic Server domain, use Oracle WebLogic Server for OCI to create a Local Peering Gateway, else create a network with VCN peering and then use this existing network to provision the domain.
Local VCN peering cannot be used to connect WebLogic Server to an Oracle Cloud Infrastructure Database in a different region. See Local VCN Peering in the Oracle Cloud Infrastructure documentation.
Oracle Cloud Infrastructure Vault (formerly known as Key Management) enables you to manage sensitive information using vaults, keys, and secrets when creating an Oracle WebLogic Server domain.
A vault is a container for encryption keys and secrets. A standard vault is hosted on a hardware security module (HSM) partition with multiple tenants, and uses a more cost-efficient, key-based metric for billing purposes. A virtual private vault provides greater isolation and performance by allocating a dedicated partition on an HSM.
Secrets store credentials such as required passwords for a new domain. You use an encryption key in a vault to encrypt and import secret contents to the vault. Secret contents are based64-encoded. Oracle WebLogic Server for OCI uses the same key to retrieve and decrypt secrets when creating the domain.
Parameters for a new domain include:
- The secret for the password for the default Oracle WebLogic Server administrator
- The secret for the administrator password for an existing database, if you are creating a domain that includes the Java Required Files (JRF) components
- The secret for the client secret for an existing confidential application, if you are creating a domain that uses Oracle Identity Cloud Service for authentication
By default, Oracle WebLogic Server for OCI creates a dynamic group and root policy to allow compute instances to access your keys and secrets.
Oracle Identity Cloud Service provides Oracle Cloud administrators with a central security platform to manage the relationships that users have with your applications.
By default, the Oracle WebLogic Server domain is configured to use the local WebLogic Server identity store to maintain administrators, application users, groups, and roles. These security elements are used to authenticate users, and to also authorize access to your applications and to tools like the WebLogic Server Administration Console.
Oracle WebLogic Server for OCI can configure a domain running WebLogic Server 12c to use Oracle Identity Cloud Service for authentication. The following diagram illustrates this configuration.
Description of the illustration architecture_idcs_diagram.png
This configuration is supported only for Oracle Cloud accounts that include Oracle Identity Cloud Service 19.2.1 or later.
Oracle WebLogic Server for OCI configures an App Gateway in Oracle Identity Cloud Service. It also provisions each compute instance in the domain with the App Gateway software appliance. The App Gateway acts as a reverse proxy, intercepts HTTP requests to the domain, and ensures that the users are authenticated with Oracle Identity Cloud Service.
Oracle WebLogic Server for OCI creates two security applications in Oracle Identity Cloud Service to support the domain. A confidential application allows the domain to securely access the identity provider using the OAuth protocol. An enterprise application defines the URLs that are protected by the App Gateway.
If you enable integration with Oracle Identity Cloud Service for a domain, then you must also enable a load balancer for the domain.
See About Oracle Identity Cloud Service Concepts in Administering Oracle Identity Cloud Service.