1. Using Oracle WebLogic Server on Microsoft Azure IaaS (Oracle Linux x86-64)
  2. Deploy Oracle WebLogic Server Cluster on Microsoft Azure IaaS

3 Deploy Oracle WebLogic Server Cluster on Microsoft Azure IaaS

The offers described in this section provision several Azure Oracle Linux virtual machines and install Oracle WebLogic Server and its required dependencies on them. These virtual machines are configured to automatically form a WebLogic Server cluster and are set to start automatically when the virtual machines start or restart.

Deploy Oracle WebLogic Server N-Node Configured Cluster

This offer creates a highly available configured cluster of Oracle WebLogic Server virtual machines.

See WebLogic Server Clustering in Understanding Oracle WebLogic Server.

Note:

Before you proceed with the deployment process, ensure that you have obtained this offer either from the Azure Marketplace as described in Get the Required Oracle WebLogic Server Offer from Azure Marketplace, or by clicking on the offer link in Table 1-1.

The Azure portal uses a user interface concept called resource blades. They are similar to tab panels, but can cascade across the page flow.

To deploy an Oracle WebLogic Server configured cluster, provide the required information in the following resource blades:

Basics

Use the Basics blade to provide the basic configuration details for deploying Oracle WebLogic Server configured cluster. To do this, enter the values for the fields listed in Table 3-1.

Table 3-1 Fields in the Basics Blade

Section Field Description
Project details Subscription

Select a subscription to use for the charges accrued by this offer. You must have a valid active subscription associated with the Azure account that is currently logged in. If you don’t have it already, follow the steps described in Associate or add an Azure subscription to your Azure Active Directory tenant.

Resource group

A resource group is a container that holds related resources for an Azure solution. The resource group includes those resources that you want to manage as a group. You decide which resources belong in a resource group based on what makes the most sense for your organization. If you have an existing resource group into which you want to deploy this solution, you can enter its name here; however, the resource group must have no pre-existing resources in it. Alternatively, you can click the Create new, and enter the name so that Azure creates a new resource group before provisioning the resources.

For more information about resource groups, see Azure document.

Instance details Region

Select an Azure region from the drop-down list.
Oracle WebLogic Image

Select a version of Oracle WebLogic Server and JDK that you want to deploy on a preferred version of Oracle Linux. The available options are:

  • WebLogic Server 12.2.1.4.0 and JDK8 on Oracle Linux 7.6
  • WebLogic Server 14.1.1.0.0 and JDK8 on Oracle Linux 7.6
  • WebLogic Server 14.1.1.0.0 and JDK11 on Oracle Linux 7.6
  • WebLogic Server 12.2.1.4.0 and JDK8 on Oracle Linux 8.7
  • WebLogic Server 14.1.1.0.0 and JDK8 on Oracle Linux 8.7
  • WebLogic Server 14.1.1.0.0 and JDK11 on Oracle Linux 8.7
  • WebLogic Server 12.2.1.4.0 and JDK8 on Oracle Linux 9.1
  • WebLogic Server 14.1.1.0.0 and JDK8 on Oracle Linux 9.1
  • WebLogic Server 14.1.1.0.0 and JDK11 on Oracle Linux 9.1
Virtual machine size The default VM size is 1x Standard A1, 1 vcpu, 1.75 GB memory.

If you want to select a different VM size, click Change Size, select the size from the list (for example, A3) on the Select a VM size page, and click Select.

For more information about sizing the virtual machine, see Azure documentation on Sizes.

Credentials for Virtual Machines and WebLogic Username for admin account of VMs

Enter a user name for the administrator account for the virtual machine. Note this value, as you may need it when you access the virtual machine via SSH.
Authentication Type You can either use a Password or a SSH Public Key along with the username to authenticate the administrator account.

If you select Password, you must enter the values for the following fields:

  • Password: Enter a password for the administrator account for the virtual machine.
  • Confirm password: Re-enter the password to confirm.

If you select SSH Public Key, you must specify the value for the following fields:

  • SSH public key source: Specify the SSH public key for the administrator account for the virtual machine.
  • Key pair name: Enter a name for your SSH public key (for example, mysshkey1).
Username for WebLogic Administrator

Enter a user name to access the WebLogic Administration Console which is started automatically after the provisioning. For more information about the WebLogic Administration Console, see Overview of Administration Consoles in Understanding Oracle WebLogic Server.

Password for WebLogic Administrator

Enter a password to access the WebLogic Administration Console.
Confirm password

Re-enter the password to access the WebLogic Administration Console.
Number of VMs Enter the number of virtual machines (VMs) you want to create, with one WebLogic Server node per VM.
Optional Basic Configuration Accept defaults for optional configuration?

If you want to retain the default values for the optional configuration, such as DNS Label Prefix, WebLogic Domain Name, Virtual machine size, and Ports and port ranges to expose, set the toggle button to Yes, and click Next : TLS/SSL Configuration >.

If you want to specify different values for the optional configuration, set the toggle button to No, and enter the following details:

  • Managed Server prefix: Enter a prefix for the Managed Server name.
  • WebLogic Domain Name: Enter the name of the domain that will be created by the offer.
  • Enable HTTP Listen Port on WebLogic Administration Server?: Use this option to enable the HTTP listen port on the WebLogic Administration Server. Select Yes or No based on your preference.

    If you disable the HTTP listen port, then the WebLogic Server Administration Console will be accessible on the HTTPS port 7002 at https://admin-server-host:7002/console.

  • Cause a system assigned managed identity to be created for the VM(s).: This option causes any VM(s) created by this deployment to be given a system assigned managed identity. Select Yes or No based on your preference.

    For information about the managed identities for Azure resources, including the system assigned managed identities, see What are managed identities for Azure resources?.

After you specify the required details, click Next : TLS/SSL Configuration >.

TLS/SSL Configuration

The TLS/SSL Configuration blade enables you to configure Oracle WebLogic Server Administration Console on a secure HTTPS port, with your own TLS/SSL certificate provided by a Certifying Authority (CA).

Select Yes or No for the option Configure WebLogic Administration Console on HTTPS (Secure) port, with your own TLS/SSL Certificate? based on your preference. If you select No, you don't have to provide any details, and can proceed by clicking Next : Azure Application Gateway >. If you select Yes, you can choose to provide the required configuration details by either uploading existing keystores or by using keystores stored in Azure Key Vault.

If you want to upload existing keystores, select Upload existing KeyStores for the option How would you like to provide required configuration, and enter the values for the fields listed in Table 3-2.

Table 3-2 Fields in the TLS/SSL Configuration Blade for Uploading Existing Keystores

Field Description
Identity KeyStore Data file(.jks,.p12) Upload an identity keystore data file by doing the following:
  1. Click on the file icon.
  2. Navigate to the folder where the identity keystore file resides, and select the file.
  3. Click Open.
Password Enter the passphrase for the identity keystore.
Confirm password Re-enter the passphrase for the identity keystore.
The Identity KeyStore type (JKS,PKCS12) Select the type of identity keystore. The supported values are JKS and PKCS12.
The alias of the server's private key within the Identity KeyStore Enter the alias for the private key within the identity keystore.
The passphrase for the server's private key within the Identity KeyStore Enter the passphrase for the private key within the identity keystore.
Confirm passphrase Re-enter the passphrase for the private key.
Trust KeyStore Data file(.jks,.p12) Upload a custom trust keystore data file by doing the following:
  1. Click on the file icon.
  2. Navigate to the folder where the custom trust keystore file resides, and select the file.
  3. Click Open.
Password Enter the passphrase for the trust keystore.
Confirm password Re-enter the passphrase for the trust keystore.
The Trust KeyStore type (JKS,PKCS12) Select the type of the trust keystore. The supported values are JKS and PKCS12.

If you want to use keystores stored in Azure Key Vault, select Use KeyStores stored in Azure Key Vault for the option How would you like to provide required configuration, and enter the values for the fields listed in Table 3-3.

Table 3-3 Fields in the TLS/SSL Configuration Blade for Using Keystores Stored in Azure Key Vault

Field Description
Resource group name in current subscription containing the Key Vault Enter the name of the Resource Group containing the Key Vault that stores the TLS/SSL certificate.

An Azure Key Vault is a platform-managed secret store that can be used to safeguard secrets, keys, and TLS/SSL certificates. See About Azure Key Vault.

Name of the Azure Key Vault containing secrets for the SSL certificate Enter the name of the Azure Key Vault that stores the secrets for the TLS/SSL certificate.
The name of the secret in the specified Key Vault whose value is the Identity KeyStore Data Enter the name of the Azure Key Vault secret that holds the value of the identity keystore data.
The name of the secret in the specified Key Vault whose value is the passphrase for the Identity KeyStore Enter the name of the Azure Key Vault secret that holds the value of the identity keystore passphrase.
The Identity KeyStore type (JKS,PKCS12) Select the type of identity keystore from the drop-down list. The supported values are JKS and PKCS12.
The name of the secret in the specified Key Vault whose value is the Private Key Alias Enter the name of the Azure Key Vault secret that holds the value of the private key alias.
The name of the secret in the specified Key Vault whose value is the passphrase for the Private Key Enter the name of the Azure Key Vault secret that holds the value of the private key passphrase.
The name of the secret in the specified Key Vault whose value is the Trust KeyStore Data Enter the name of the Azure Key Vault secret that holds the value of the trust keystore data.
The name of the secret in the specified Key Vault whose value is the passphrase for the Trust KeyStore Enter the name of the Azure Key Vault secret that holds the value of the trust keystore passphrase.
The Trust KeyStore type (JKS,PKCS12) Select the type of the trust keystore from the drop-down list. The supported values are JKS and PKCS12.

After you provide the required details, click Next : Azure Application Gateway >.

Azure Application Gateway

The Azure Application Gateway blade enables you to create an Azure Application Gateway (WAF_v2 or later SKU), a public IP, and a backend pool consisting of the worker nodes for use with your WebLogic Server cluster. This Application Gateway is pre-configured with TLS termination using the provided SSL certificate and load balances across your cluster. This may also require some configuration post-deployment.

Select Yes or No for the option Connect to Azure Application Gateway? based on your preference. If you select No, you don't have to provide any details, and can proceed by clicking Next : Networking >. If you select Yes, you must specify the details required for the Application Gateway integration by entering the values for the fields listed in Table 3-4.

Note:

Obtaining the values for these parameters is beyond the scope of this document. For information about the same, see Tutorial: Migrate a WebLogic Server cluster to Azure with Azure Application Gateway as a load balancer.

Table 3-4 Fields in the Azure Application Gateway Blade

Field Description
Select desired TLS/SSL certificate option Azure Application Gateway integration requires an TLS/SSL certificate to enable the TLS/SSL termination at the gateway. Use this option to select how you want to provide the TLS/SSL certificate.

If you want to upload a pre-signed TLS/SSL certificate, select Upload a TLS/SSL certificate and enter the values for the following fields:

  • TLS/SSL certificate(.pfx): Upload the TLS/SSL certificate file by doing the following:
    1. Click on the file icon.
    2. Navigate to the folder where the TLS/SSL certificate file resides, and select the file.
    3. Click Open.
  • Password: Enter the password for the TLS/SSL certificate.
  • Confirm Password: Re-enter the password for the TLS/SSL certificate.

If you want to identify an Azure Key Vault that has the certificate and its password stored as secrets, select Identify an Azure Key Vault and enter the values for the following fields:

  • Resource group name in current subscription containing the Key Vault: Enter the name of the Resource Group containing the Key Vault that stores the application gateway TLS/SSL certificate and the data required for TLS/SSL termination.
  • Name of the Azure Key Vault containing secrets for the certificate for TLS/SSL Termination: Enter the name of the Azure Key Vault that stores the application gateway TLS/SSL certificate and the data required for TLS/SSL termination.
  • The name of the secret in the specified Key Vault whose value is the TLS/SSL certificate data: Enter the name of the Azure Key Vault secret that holds the value of the TLS/SSL certificate data.
  • The name of the secret in the specified Key Vault whose value is the password for the TLS/SSL certificate: Enter the name of the Azure Key Vault secret that holds the value of the TLS/SSL certificate password.

If you want to generate a self-signed TLS/SSL certificate, select Generate a self-signed certificate and do the following:

  1. Click + Add.
  2. In the Add user assigned managed identity window, select the Subscription and the User assigned managed identities from the list, and click Add.

Note:

An Azure Key Vault is a platform-managed secret store that can be used to safeguard secrets, keys, and TLS/SSL certificates. See About Azure Key Vault.

After you specify the required details, click Next : Networking >.

Networking

The Networking blade enables you to customize the virtual network in which the WebLogic Server created by this offer will be deployed and configure a custom DNS alias for this deployment.

First, you must decide whether or not to have the offer create a virtual network, or use an existing virtual network and subnet. There are two experiences for having the offer create a virtual network.
  • Create a new virtual network with optional DNS configuration
  • Select an existing virtual network

Create a new virtual network with optional DNS configuration

To have the offer create a virtual network with default settings for Virtual network, Subnet for WebLogic, and Subnet for Application Gateway, do as follows:
  • Select (new) wls-vnet from the Virtual network drop-down list.
  • Select (new) wls-subnet from the Subnet for WebLogic drop-down list.
  • Select (new) appgateway-subnet from the Subnet for Application Gateway drop-down list.

To customize the address space and subnet for the new virtual network, select the Create new link next to Virtual network. A sub-menu opens for further customization. For more details about what you can do with this sub-menu, see What is Azure Virtual Network?. You can specify the CIDR for the virtual network here.

Select an existing virtual network

To select an existing virtual network, select one of the virtual networks from the Virtual network drop-down list. The Subnet for WebLogic and Subnet for Application Gateway drop-down lists allows you to select a subnet within the existing virtual network. WLS will be deployed within the selected subnet.

Note:

When you select an existing virtual network, no public IP address will be created by the offer.

If you want to make the admin GUI accessible from the public internet, use the following steps:

  1. You must associate a public IP with the admin VM, as described in Associate a public IP address to a virtual machine.

  2. Create a Network Security Group whose inbound roles allows traffic from the expected source hosts to the admin VM on ports 7001 and 7002. For complete guidance on Network Security Groups, see Network security groups.

  3. Use the following steps to configure the Admin Server so that its FrontendHost is set to the public IP address:
    1. Connect to the admin VM using SSH. You may need to modify the Network Security Group inbound rules to allow this connection.
    2. Enter the sudo su - command and login as root user.
    3. Enter the su oracle command and switch to Oracle user.
    4. Execute the following command: 
      /u01/app/wls/install/oracle/middleware/oracle_home/oracle_common/common/bin/wlst.sh
    5. Enter the following WLST commands to configure FrontendHost:
      connect('<weblogic username>','<weblogic password>','t3://adminVM:7001')
edit()
startEdit()
cd('/Servers/admin/WebServer/admin')
cmo.setFrontendHost('<your public ip hostname>')
save()
activate()
    6. To restart the Admin Server, run the command systemctl restart wls_admin as a root user.

Deny public traffic for admin server?: Use this option to deny public traffic to the WebLogic Administration Server. The default selection is No which makes the ports 7001 and 7002 publicly accessible. Select Yes, if you want these ports to be publicly inaccessible.

Deny public traffic for managed server?: Select Yes to deny public traffic to the Managed Server. This configuration for port 8002 ~ 8001 + node number has a higher priority than the Ports and port ranges to expose (N or N-N, comma separated) field.

Configure Custom DNS Alias? : Select Yes or No based on your preference. If you select No, you don't have to provide any details, and can proceed by clicking Next : Database >. If you select Yes, you must choose either to configure a custom DNS alias based on an existing Azure DNS zone, or create an Azure DNS zone and a custom DNS alias. This can be done by selecting Yes or No for the option Use an existing Azure DNS Zone.

Note:

For more information about the DNS zones, see Overview of DNS zones and records.

DNS Label Prefix: Enter a value that must be added as a prefix to the Azure generated DNS name for the provisioned virtual machine. This value is combined with the Resource group name, the region of the resource group, and an Azure specific value. For example, if you specify wlsmycompany as the DNS Label Prefix, the DNS host name will be wlsmycompany-myrg.eastus.cloudapp.azure.com. The DNS Label Prefix must always start with a lowercase alphabet.

Ports and port ranges to expose (N or N-N, comma separated): Specify the ports that you want to allow in the Azure network group protocols. Ports entered here are exposed to the outside network.

You can either specify port numbers, port ranges, or a combination of both port numbers and ranges separated by comma. For example: 80,443,7001-9000.

If you choose to configure a custom DNS alias based on an existing Azure DNS zone, by selecting Yes for the option Use an existing Azure DNS Zone, you must specify the DNS configuration details by entering the values for the fields listed in Table 3-5.

Table 3-5 Fields in the DNS Configuration Blade

Field Description
DNS Zone Name Enter the DNS zone name.
Name of the resource group contains the DNS Zone in current subscription Enter the name of the resource group that contains the DNS zone in the current subscription.
Label for Oracle WebLogic Administration Console Enter a label to generate a sub-domain of the Oracle WebLogic Server Administration Console.

For example, if the domain is mycompany.com and the sub-domain is admin, then the WebLogic Server Administration Console URL will be admin.mycompany.com.

Label for Application Gateway This field appears if you chose to connect to the Azure Application Gateway in the Azure Application Gateway blade.

Enter a label to generate a sub-domain of the Application Gateway.
User assigned managed identity

(A section; not a field.)

 Click Add to add user assigned identities to grant resource access to the Azure resources. In the Add user assigned managed identities window, select the Subscription and the User assigned managed identities from the list, and click Add.

You must add at least one user assigned identity to access Azure resources.

If you choose to create an Azure DNS zone and a custom DNS alias, by selecting No for the option Use an existing Azure DNS Zone, you must specify the values for the following fields:

  • DNS Zone Name
  • Label for Oracle WebLogic Administration Console
  • Label for Application Gateway

See Table 3-5 for the description of these fields.

Note:

In case of creating an Azure DNS zone and a custom DNS alias, you must perform the DNS domain delegation at your DNS registry post deployment. See Delegation of DNS zones with Azure DNS.

After you specify the required details, click Next : Database >.

Database

The Database blade enables you to configure Oracle WebLogic Server to connect to an existing database. Select Yes or No for the option Connect to Database? based on your preference. If you select No, you don't have to provide any details, and can proceed by clicking Next : Coherence >. If you select Yes, you must specify the details of your database by entering the values for the fields listed in Table 3-6.

Note:

If you want to connect Oracle WebLogic Server to a database, ensure that all necessary network access have been granted.

Table 3-6 Fields in the Database Blade

Field Description
Choose database type

Select an existing database that you want Oracle WebLogic Server to connect to from the drop-down list. The available options are:

  • Azure Database for PostgreSQL
  • Oracle Database
  • Azure SQL
JNDI Name

Enter the JNDI name for your database JDBC connection.
DataSource Connection String

Enter the JDBC connection string for your database.

For information about obtaining the JDBC connection string, see Obtain the JDBC Connection String for Your Database.

Global transactions protocol
Select an existing global transactions protocol from the drop-down list. The available options are:
  • TwoPhaseCommit
  • LoggingLastResource
  • EmulateTwoPhaseCommit
  • OnePhaseCommit
  • None
Database Username

Enter the username of your database.
Database Password

Enter the password for the database user.
Confirm password

Re-enter the database password.

After you provide the required details, click Next : Coherence >.

Coherence

The Coherence blade enables you to deploy additional virtual machines (VMs) with Oracle Coherence*Web pre-installed and configured, for use as the HTTP session storage for web applications deployed in Oracle WebLogic Server. The Coherence cluster is configured as described in Setting Up a Coherence Cluster in Administering Clusters for Oracle WebLogic Server. For information about using Coherence with Oracle WebLogic Server, see Using Coherence*Web with WebLogic Server in Administering HTTP Session Management with Oracle Coherence*Web.

Select Yes or No for the option Use Coherence cache? based on your preference. If you select No, you don't have to provide any details, and can proceed by clicking Next : Review + create >. If you select Yes, you must specify the required details for Coherence integration by entering the values for the fields listed in Table 3-7.

Table 3-7 Fields in the Coherence Blade

Field Description
Coherence virtual machine size Select the Azure VM size for each of the servers in the Coherence cluster. The recommended size is Standard_A2_v2 or higher.

To change the VM size, click Change Size, select the preferred size from the list in the Select a VM size window, and then click Select.

Number of Coherence cache servers Enter the number of VMs in the Coherence cluster.
Coherence Web Local Storage enabled Use this to enable or disable the local storage for the Coherence*Web cluster tier. Select Yes or No based on your preference.

For information about the Coherence cluster member storage settings, see Configure Coherence Cluster Member Storage Settings in Administering Clusters for Oracle WebLogic Server

Click Next : Review + create > to continue.

Review + create

In the Review + create blade, review the details you provided for deploying an Oracle WebLogic Server configured cluster. If you want to make changes to any of the fields, click < previous or click on the respective blade and update the details.

If you want to use this template to automate the deployment, download it by clicking Download a template for automation.

Click Create to create this offer. This process may take 30 to 60 minutes. For more information about the IaaS offers, see Azure documentation on IaaS.

The WebLogic Administration Server starts automatically when the virtual machine starts.

After the provisioning is complete, the Oracle WebLogic Server Administration Console will be accessible or inaccessible depending on the options you selected in the Basics blade. Table 3-8 lists the ports on which the Administration Console will be accessible for different use cases.

Table 3-8 Ports on Which the WebLogic Server Administration Console is Accessible

Value Set for "Deny public traffic for admin server?" Value Set for "Enable HTTP Listen Port on WebLogic Administration Server?" WebLogic Administration Console Accessible or Inaccessible on the HTTP Port and Path :7001/console WebLogic Administration Console Accessible or Inaccessible on the HTTPS Port and Path :7002/console
No Yes Accessible Accessible
No No Inaccessible Accessible
Yes Yes or No

The Deny public traffic for admin server? field takes a higher priority.

Inaccessible Inaccessible

The HTTPS TLS/SSL certificate management is not handled by the offer and must be configured after installation. For more information about configuring certificates and keystores, see Configuring Keystores in Administering Security for Oracle WebLogic Server.

Deploy Oracle WebLogic Server N-Node Dynamic Cluster

This offer creates a highly available and a scalable dynamic cluster of Oracle WebLogic Server virtual machines.

For more information about Oracle WebLogic Server dynamic clustering, see Overview in Configuring Elasticity in Dynamic Clusters for Oracle WebLogic Server.

Note:

Before you proceed with the deployment process, ensure that you have obtained this offer either from the Azure Marketplace as described in Get the Required Oracle WebLogic Server Offer from Azure Marketplace, or by clicking on the offer link provided in Table 1-1.

The Azure portal uses a user interface concept called resource blades. They are similar to tab panels, but can cascade across the page flow.

To deploy an Oracle WebLogic Server dynamic cluster, provide the required information in the following resource blades:

Basics

Use the Basics blade to provide the basic configuration details for deploying an Oracle WebLogic Server dynamic cluster. To do this, enter the values for the fields listed in Table 3-9.

Table 3-9 Fields in the Basics Blade

Section Field Description
Project details Subscription

Select a subscription to use for the charges accrued by this offer. You must have a valid active subscription associated with the Azure account that is currently logged in. If you don’t have it already, follow the steps described in Associate or add an Azure subscription to your Azure Active Directory tenant.

Resource group

A resource group is a container that holds related resources for an Azure solution. The resource group includes those resources that you want to manage as a group. You decide which resources belong in a resource group based on what makes the most sense for your organization. If you have an existing resource group into which you want to deploy this solution, you can enter its name here; however, the resource group must have no pre-existing resources in it. Alternatively, you can click the Create new, and enter the name so that Azure creates a new resource group before provisioning the resources.

For more information about resource groups, see Azure document.

Instance details Region

Select an Azure region from the drop-down list.
Oracle WebLogic Image

Select a version of Oracle WebLogic Server and JDK that you want to deploy on a preferred version of Oracle Linux. The available options are:

  • WebLogic Server 12.2.1.4.0 and JDK8 on Oracle Linux 7.6
  • WebLogic Server 14.1.1.0.0 and JDK8 on Oracle Linux 7.6
  • WebLogic Server 14.1.1.0.0 and JDK11 on Oracle Linux 7.6
  • WebLogic Server 12.2.1.4.0 and JDK8 on Oracle Linux 8.7
  • WebLogic Server 14.1.1.0.0 and JDK8 on Oracle Linux 8.7
  • WebLogic Server 14.1.1.0.0 and JDK11 on Oracle Linux 8.7
  • WebLogic Server 12.2.1.4.0 and JDK8 on Oracle Linux 9.1
  • WebLogic Server 14.1.1.0.0 and JDK8 on Oracle Linux 9.1
  • WebLogic Server 14.1.1.0.0 and JDK11 on Oracle Linux 9.1
Virtual machine size The default VM size is 1x Standard A1, 1 vcpu, 1.75 GB memory.

If you want to select a different VM size, click Change Size, select the size from the list (for example, A3) on the Select a VM size page, and click Select.

For more information about sizing the virtual machine, see Azure documentation on Sizes.

Credentials for Virtual Machines and WebLogic Username for admin account of VMs

Enter a user name for the administrator account for the virtual machine. Note this value, as you may need it when you access the virtual machine via SSH.
Authentication Type You can either use a Password or a SSH Public Key along with the username to authenticate the administrator account.

If you select Password, you must enter the values for the following fields:

  • Password: Enter a password for the administrator account for the virtual machine.
  • Confirm password: Re-enter the password to confirm.

If you select SSH Public Key, you must specify the value for the following fields:

  • SSH public key source: Specify the SSH public key for the administrator account for the virtual machine.
  • Key pair name: Enter a name for your SSH public key (for example, mysshkey1).
Username for WebLogic Administrator

Enter a user name to access the WebLogic Administration Console which is started automatically after the provisioning. For more information about the WebLogic Administration Console, see Overview of Administration Consoles in Understanding Oracle WebLogic Server.

Password for WebLogic Administrator

Enter a password to access the WebLogic Administration Console.
Confirm password

Re-enter the password to access the WebLogic Administration Console.
Initial Dynamic Cluster Size Specify the initial number of Managed Servers that you want to configure in the dynamic cluster.
Maximum Dynamic Cluster Size Specify the maximum number of Managed Servers that you want to configure in the dynamic cluster.
Optional Basic Configuration Accept defaults for optional configuration?

If you want to retain the default values for the optional configuration, such as DNS Label Prefix, WebLogic Domain Name, Virtual machine size, and Ports and port ranges to expose, set the toggle button to Yes, and click Next : TLS/SSL Configuration >.

If you want to specify different values for the optional configuration, set the toggle button to No, and enter the following details:

  • Managed Server prefix: Enter a prefix for the Managed Server name.
  • WebLogic Domain Name: Enter the name of the domain that will be created by the offer.
  • Enable HTTP Listen Port on WebLogic Administration Server?: Use this option to enable the HTTP listen port on the WebLogic Administration Server. Select Yes or No based on your preference.

    If you disable the HTTP listen port, then the WebLogic Server Administration Console will be accessible on the HTTPS port 7002 at https://admin-server-host:7002/console.

  • Cause a system assigned managed identity to be created for the VM(s).: This option causes any VM(s) created by this deployment to be given a system assigned managed identity. Select Yes or No based on your preference.

    For information about the managed identities for Azure resources, including the system assigned managed identities, see What are managed identities for Azure resources?.

After you provide the required details, click Next : TLS/SSL Configuration >.

TLS/SSL Configuration

The TLS/SSL Configuration blade enables you to configure Oracle WebLogic Server Administration Console on a secure HTTPS port, with your own TLS/SSL certificate provided by a Certifying Authority (CA).

Select Yes or No for the option Configure WebLogic Administration Console on HTTPS (Secure) Port, with your own TLS/SSL Certificate? based on your preference. If you select No, you don't have to provide any details, and can proceed by clicking Next : Oracle HTTP Server Load Balancer >. If you select Yes, you can choose to provide the required configuration details by either uploading existing keystores or by using keystores stored in Azure Key Vault.

If you want to upload existing keystores, select Upload existing KeyStores for the option How would you like to provide required configuration, and enter the values for the fields listed in Table 3-10.

Table 3-10 Fields in the TLS/SSL Configuration Blade for Uploading Existing Keystores

Field Description
Identity KeyStore Data file(.jks,.p12) Upload an identity keystore data file by doing the following:
  1. Click on the file icon.
  2. Navigate to the folder where the identity keystore file resides, and select the file.
  3. Click Open.
Password Enter the passphrase for the identity keystore.
Confirm password Re-enter the passphrase for the identity keystore.
The Identity KeyStore type (JKS,PKCS12) Select the type of identity keystore. The supported values are JKS and PKCS12.
The alias of the server's private key within the Identity KeyStore Enter the alias for the private key within the identity keystore.
The passphrase for the server's private key within the Identity KeyStore Enter the passphrase for the private key within the identity keystore.
Confirm passphrase Re-enter the passphrase for the private key.
Trust KeyStore Data file(.jks,.p12) Upload a trust keystore data file by doing the following:
  1. Click on the file icon.
  2. Navigate to the folder where the custom trust keystore file resides, and select the file.
  3. Click Open.
Password Enter the passphrase for the trust keystore.
Confirm password Re-enter the passphrase for the trust keystore.
The Trust KeyStore type (JKS,PKCS12) Select the type of the trust keystore. The supported values are JKS and PKCS12.

If you want to use keystores stored in Azure Key Vault, select Use KeyStores stored in Azure Key Vault for the option How would you like to provide required configuration, and enter the values for the fields listed in Table 3-11.

Table 3-11 Fields in the TLS/SSL Configuration Blade for Using Keystores Stored in Azure Key Vault

Field Description
Resource group name in current subscription containing the Key Vault Enter the name of the Resource Group containing the Key Vault that stores the TLS/SSL certificate.

An Azure Key Vault is a platform-managed secret store that can be used to safeguard secrets, keys, and TLS/SSL certificates. See About Azure Key Vault.

Name of the Azure Key Vault containing secrets for the TLS/SSL certificate Enter the name of the Azure Key Vault that stores the secrets for the TLS/SSL certificate.
The name of the secret in the specified Key Vault whose value is the Identity KeyStore Data Enter the name of the Azure Key Vault secret that holds the value of the identity keystore data.
The name of the secret in the specified Key Vault whose value is the passphrase for the Identity KeyStore Enter the name of the Azure Key Vault secret that holds the value of the identity keystore passphrase.
The Identity KeyStore type (JKS,PKCS12) Select the type of identity keystore from the drop-down list. The supported values are JKS and PKCS12.
The name of the secret in the specified Key Vault whose value is the Private Key Alias Enter the name of the Azure Key Vault secret that holds the value of the private key alias.
The name of the secret in the specified Key Vault whose value is the passphrase for the Private Key Enter the name of the Azure Key Vault secret that holds the value of the private key passphrase.
The name of the secret in the specified Key Vault whose value is the Trust KeyStore Data Enter the name of the Azure Key Vault secret that holds the value of the trust keystore data.
The name of the secret in the specified Key Vault whose value is the passphrase for the Trust KeyStore Enter the name of the Azure Key Vault secret that holds the value of the trust keystore passphrase.
The Trust KeyStore type (JKS,PKCS12) Select the type of the trust keystore from the drop-down list. The supported values are JKS and PKCS12.

After you provide the required details, click Next : Oracle HTTP Server Load Balancer >.

Oracle HTTP Server Load Balancer

The Oracle HTTP Server Load Balancer blade enables you to provision an Oracle HTTP Server, set up a public IP, and configure it with WebLogic Server cluster address.

Select Yes or No for the option Connect to Oracle HTTP Server? based on your preference. If you select No, you don't have to provide any details, and can proceed by clicking Next : Networking >. If you select Yes, you must specify the Oracle HTTP Server configuration details by entering the values for the fields described in Table 3-12.

Table 3-12 Fields in the Oracle HTTP Server Load Balancer Blade

Field Description
Oracle HTTP Server image Select an image with your preferred versions of Oracle HTTP Server, JDK, and Oracle Linux. The available options are:
  • OHS 12.2.1.4.0 and JDK8 on Oracle Linux 7.3
  • OHS 12.2.1.4.0 and JDK8 on Oracle Linux 7.4
  • OHS 12.2.1.4.0 and JDK8 on Oracle Linux 7.6
Oracle HTTP Server Domain name Enter the domain name for Oracle HTTP Server.
Oracle HTTP Server Component name Enter the name for the Oracle HTTP Server component.
Oracle HTTP Server NodeManager username Enter the username for the Oracle HTTP Server Node Manager.
Oracle HTTP Server NodeManager Password Enter the password for Oracle HTTP Server Node Manager.
Confirm password Re-enter the password for Oracle HTTP Server Node Manager.
Oracle HTTP Server HTTP Port Enter the HTTP port for Oracle HTTP Server.
Oracle HTTP Server HTTPS Port Enter the HTTPS port for Oracle HTTP Server.
Oracle Vault Password Enter the password to configure TLS/SSL store Oracle Vault.
Confirm password Re-enter the password to configure TLS/SSL store Oracle Vault.

You can choose to provide the details required for configuring TLS/SSL in WebLogic Server by either uploading existing keystores or by using the keystores stored in Azure Key Vault. Select a preferred option for How would you like to provide required configuration, and enter the values for the fields described in Table 3-13.

Table 3-13 Fields in the Oracle HTTP Server Load Balancer Blade for TLS/SSL Configuration Settings

Option Field Description
Upload existing KeyStores TLS/SSL certificate Data file(.jks,.p12) Upload an existing keystore file for TLS/SSL configuration by doing the following:
  1. Click on the file icon.
  2. Select the keystore file (JKS or PKCS12 format).
  3. Click Open.
Password Enter the password for the TLS/SSL certificate.
Confirm password Re-enter the password for the TLS/SSL certificate.
Type of the certificate format(JKS,PKCS12) Select the type of the certificate format from the drop-down list. The supported certificate formats are JKS and PKCS12.
Use KeyStores stored in Azure Key Vault Certificate Type Select the type of the certificate format from the drop-down list. The supported certificate formats are JKS and PKCS12.
Resource group name in current subscription containing the Key Vault Enter the name of the Resource Group containing the Key Vault that stores the TLS/SSL certificate and the data required for TLS/SSL termination.

An Azure Key Vault is a platform-managed secret store that can be used to safeguard secrets, keys, and TLS/SSL certificates. See About Azure Key Vault.

Name of the Azure Key Vault containing secrets for the certificate for TLS/SSL Termination Enter the name of the Azure Key Vault that stores the secrets for the TLS/SSL certificate and the data required for TLS/SSL termination.
The name of the secret in the specified Key Vault whose value is the TLS/SSL certificate Data

Enter the name of the Azure Key Vault secret that holds the value of the TLS/SSL certificate data.
The name of the secret in the specified Key Vault whose value is the password for the TLS/SSL certificate Enter the name of the Azure Key Vault secret that holds the value of the TLS/SSL certificate password.

After you specify the required details, click Next : Networking >.

Networking

The Networking blade enables you to customize the virtual network in which the WebLogic Server created by this offer will be deployed and configure a custom DNS alias for this deployment.

Deny public traffic for admin server?: Use this option to deny public traffic to the WebLogic Administration Server. The default selection is No which makes the ports 7001 and 7002 publicly accessible. Select Yes, if you want these ports to be publicly inaccessible.

Deny public traffic for managed server?: Select Yes to deny public traffic to the Managed Server. This configuration for port 8002 ~ 8001 + node number has a higher priority than the Ports and port ranges to expose (N or N-N, comma separated) field in the Basics blade.

First, you must decide whether or not to have the offer create a virtual network, or use an existing virtual network and subnet. There are two experiences for having the offer create a virtual network.
  • Create a new virtual network with optional DNS configuration
  • Select an existing virtual network

Create a new virtual network with optional DNS configuration

To have the offer create a virtual network with default settings for Virtual network, Subnet for WebLogic, select (new) wls-vnet from the Virtual network drop-down list, then select (new) wls-subnet from the Subnet for WebLogic drop-down list.

Note:

If you select Yes against Connect to Oracle HTTP Server in the Oracle HTTP Server Load Balancer blade, OHS is also created in the same subnet.

To customize the address space and subnet for the new virtual network, select the Create new link next to Virtual network. A sub-menu opens for further customization. For more details about what you can do with this sub-menu, see What is Azure Virtual Network?. You can specify the CIDR for the virtual network here.

Select an existing virtual network

To select an existing virtual network, select one of the virtual networks from the Virtual network drop-down list. The Subnet for WebLogic drop-down list allows you to select a subnet within the existing virtual network. WLS will be deployed within the selected subnet.

Note:

When you select an existing virtual network, no public IP address will be created by the offer.

If you want to make the admin GUI accessible from the public internet, use the following steps:

  1. You must associate a public IP with the admin VM, as described in Associate a public IP address to a virtual machine.

  2. Create a Network Security Group whose inbound roles allows traffic from the expected source hosts to the admin VM on ports 7001 and 7002. For complete guidance on Network Security Groups, see Network security groups.

  3. Use the following steps to configure the Admin Server so that its FrontendHost is set to the public IP address:
    1. Connect to the admin VM using SSH. You may need to modify the Network Security Group inbound rules to allow this connection.
    2. Enter the sudo su - command and login as root user.
    3. Enter the su oracle command and switch to Oracle user.
    4. Execute the following command: 
      /u01/app/wls/install/oracle/middleware/oracle_home/oracle_common/common/bin/wlst.sh
    5. Enter the following WLST commands to configure FrontendHost:
      connect('<weblogic username>','<weblogic password>','t3://adminVM:7001')
edit()
startEdit()
cd('/Servers/admin/WebServer/admin')
cmo.setFrontendHost('<your public ip hostname>')
save()
activate()
    6. To restart the Admin Server, run the command systemctl restart wls_admin as a root user.

Configure Custom DNS Alias? : Select Yes or No based on your preference. If you select No, you don't have to provide any details, and can proceed by clicking Next : Database >. If you select Yes, you must choose either to configure a custom DNS alias based on an existing Azure DNS zone, or create an Azure DNS zone and a custom DNS alias. This can be done by selecting Yes or No for the option Use an existing Azure DNS Zone.

Note:

For more information about the DNS zones, see Overview of DNS zones and records.

DNS Label Prefix: Enter a value that must be added as a prefix to the Azure generated DNS name for the provisioned virtual machine. This value is combined with the Resource group name, the region of the resource group, and an Azure specific value. For example, if you specify wlsmycompany as the DNS Label Prefix, the DNS hostname will be wlsmycompany-myrg.eastus.cloudapp.azure.com. The DNS Label Prefix must always start with a lowercase alphabet.

Ports and port ranges to expose (N or N-N, comma separated): Specify the ports that you want to allow in the Azure network group protocols. Ports entered here are exposed to the outside network.

You can either specify port numbers, port ranges, or a combination of both port numbers and ranges separated by comma. For example: 80,443,7001-9000.

If you choose to configure a custom DNS alias based on an existing Azure DNS zone, by selecting yes for the option Use an existing Azure DNS Zone, you must specify the DNS configuration details by entering the values for the fields listed in Table 3-14.

Table 3-14 Fields in the DNS Configuration Blade

Field Description
DNS Zone Name Enter the DNS zone name.
Name of the resource group contains the DNS Zone in current subscription Enter the name of the resource group that contains the DNS zone in the current subscription.
Label for Oracle WebLogic Administration Console Enter a label to generate a sub-domain of the Oracle WebLogic Server Administration Console.

For example, if the domain is mycompany.com and the sub-domain is admin, then the WebLogic Administration Console URL will be admin.mycompany.com.

Label for Load Balancer This field appears if you chose to connect to the Oracle HTTP Server in the Oracle HTTP Server Load Balancer blade.

Enter a label to generate a sub-domain of the Oracle HTTP Server load balancer.
User assigned managed identity

(A section; not a field.)

 Click Add to add user assigned identities to grant resource access to the Azure resources. In the Add user assigned managed identities window, select the Subscription and the User assigned managed identities from the list, and click Add.

You must add at least one user assigned identity to access Azure resources.

If you choose to create an Azure DNS zone and a custom DNS alias, by selecting No for the option Use an existing Azure DNS Zone, you must specify the values for the following fields:

  • DNS Zone Name
  • Label for Oracle WebLogic Administration Console
  • Label for Load Balancer

See Table 3-14 for the description of these fields.

Note:

In case of creating an Azure DNS zone and a custom DNS alias, you must perform the DNS domain delegation at your DNS registry post deployment. See Delegation of DNS zones with Azure DNS.

After you specify the required details, click Next : Database >.

Database

The Database blade enables you to configure Oracle WebLogic Server to connect to an existing database. Select Yes or No for the option Connect to Database? based on your preference. If you select No, you don't have to provide any details, and can proceed by clicking Next : Coherence >. If you select Yes, you must provide the details of your database by entering the values for the fields listed in Table 3-15.

Note:

If you want to connect Oracle WebLogic Server to a database, ensure that all necessary network access have been granted.

Table 3-15 Fields in the Database Blade

Field Description
Choose database type

Select an existing database that you want Oracle WebLogic Server to connect to from the drop-down list. The available options are:

  • Azure Database for PostgreSQL
  • Oracle Database
  • Azure SQL
JNDI Name

Enter the JNDI name for your database JDBC connection.
DataSource Connection String

Enter the JDBC connection string for your database.

For information about obtaining the JDBC connection string, see Obtain the JDBC Connection String for Your Database.

Global transactions protocol
Select an existing global transactions protocol from the drop-down list. The available options are:
  • TwoPhaseCommit
  • LoggingLastResource
  • EmulateTwoPhaseCommit
  • OnePhaseCommit
  • None
Database Username

Enter the username of your database.
Database Password

Enter the password for the database user.
Confirm password

Re-enter the password for the database user..

After you provide the details, click Next : Coherence >.

Coherence

The Coherence blade enables you to deploy additional virtual machines (VMs) with Oracle Coherence*Web pre-installed and configured, for use as the HTTP session storage for web applications deployed in Oracle WebLogic Server. The Coherence cluster is configured as described in Setting Up a Coherence Cluster in Administering Clusters for Oracle WebLogic Server. For information about using Coherence with Oracle WebLogic Server, see Using Coherence*Web with WebLogic Server in Administering HTTP Session Management with Oracle Coherence*Web.

Select Yes or No for the option Use Coherence cache? based on your preference. If you select No, you don't have to provide any details, and can proceed by clicking Next : Review + create >. If you select Yes, you must specify the required details for Coherence integration by entering the values for the fields listed in Table 3-16.

Table 3-16 Fields in the Coherence Blade

Field Description
Coherence virtual machine size Enter the Azure VM size for each of the servers in the Coherence cluster. The recommended size is Standard_A2_v2 or higher.

To change the VM size, click Change Size, select the preferred size from the list in the Select a VM size window, and then click Select.

Number of Coherence cache servers Enter the number of VMs in the Coherence cluster.
Coherence Web Local Storage enabled Use this to enable or disable the local storage for the Coherence*Web cluster tier. Select Yes or No based on your preference.

For information about the Coherence cluster member storage settings, see Configure Coherence Cluster Member Storage Settings in Administering Clusters for Oracle WebLogic Server

Click Next : Review + create > to continue.

Review + create

In the Review + create blade, review the details you provided for deploying an Oracle WebLogic Server dynamic cluster. If you want to make changes to any of the fields, click < previous or click on the respective blade and update the details.

If you want to use this template to automate the deployment, download it by clicking Download a template for automation.

Click Create to create this offer. This process may take 30 to 60 minutes. For more information about the IaaS offers, see Azure documentation on IaaS.

The WebLogic Administration Server starts automatically when the virtual machine starts.

After the provisioning is complete, the Oracle WebLogic Server Administration Console will be accessible or inaccessible depending on the options you selected in the Basics blade. Table 3-17 lists the ports on which the Administration Console will be accessible for different use cases:

Table 3-17 Ports on Which the WebLogic Server Administration Console is Accessible

Value Set for "Deny public traffic for admin server?" Value Set for "Enable HTTP Listen Port on WebLogic Administration Server?" WebLogic Administration Console Accessible or Inaccessible on the HTTP Port and Path :7001/console WebLogic Administration Console Accessible or Inaccessible on the HTTPS Port and Path :7002/console
No Yes Accessible Accessible
No No Inaccessible Accessible
Yes Yes or No

The Deny public traffic for admin server? field takes a higher priority.

Inaccessible Inaccessible

The HTTPS TLS/SSL certificate management is not handled by the offer and must be configured after installation. For more information about configuring certificates and keystores, see Configuring Keystores in Administering Security for Oracle WebLogic Server.