2 Deploy Oracle WebLogic Server on a Single Node on Microsoft Azure IaaS

The offers described in this section provision a single Azure Oracle Linux virtual machine and install Oracle WebLogic Server and its dependencies on it. You can choose to deploy Oracle WebLogic Server with or without Administration Server.

Deploy Oracle WebLogic Server Without Administration Server on a Single Node

This offer provisions a single virtual machine and installs Oracle WebLogic Server on it. It neither creates a WebLogic domain nor starts the Administration Server.

Note:

Before you proceed with the deployment process, ensure that you have obtained this offer either from the Azure Marketplace as described in Get the Required Oracle WebLogic Server Offer from Azure Marketplace, or by clicking on the offer link in Table 1-1.

The Azure portal uses a user interface concept called resource blades. They are similar to tab panels, but can cascade across the page flow.

To deploy Oracle WebLogic Server without an Administration Server on a single node, provide the required information in the following resource blades:

Basics

Use the Basics blade to provide the basic configuration details for deploying Oracle WebLogic Server without an Administration Server. To do this, enter the values for the fields listed in Table 2-1.

Table 2-1 Fields in the Basics Blade

Section Field Description
Project details Subscription

Select a subscription to use for the charges accrued by this offer. You must have a valid active subscription associated with the Azure account that is currently logged in. If you don’t have it already, follow the steps described in Associate or add an Azure subscription to your Azure Active Directory tenant.

Resource group

A resource group is a container that holds related resources for an Azure solution. The resource group includes those resources that you want to manage as a group. You decide which resources belong in a resource group based on what makes the most sense for your organization. If you have an existing resource group into which you want to deploy this solution, you can enter its name here; however, the resource group must have no pre-existing resources in it. Alternatively, you can click the Create new, and enter the name so that Azure creates a new resource group before provisioning the resources.

For more information about resource groups, see Azure document.

Instance details Region

Select an Azure region from the drop-down list.

Oracle WebLogic Image

Select a version of Oracle WebLogic Server and JDK that you want to deploy on a preferred version of Oracle Linux. The available options are:

  • WebLogic Server 12.2.1.4.0 and JDK8 on Oracle Linux 7.6
  • WebLogic Server 14.1.1.0.0 and JDK8 on Oracle Linux 7.6
  • WebLogic Server 14.1.1.0.0 and JDK11 on Oracle Linux 7.6
  • WebLogic Server 12.2.1.4.0 and JDK8 on Oracle Linux 8.7
  • WebLogic Server 14.1.1.0.0 and JDK8 on Oracle Linux 8.7
  • WebLogic Server 14.1.1.0.0 and JDK11 on Oracle Linux 8.7
  • WebLogic Server 12.2.1.4.0 and JDK8 on Oracle Linux 9.1
  • WebLogic Server 14.1.1.0.0 and JDK8 on Oracle Linux 9.1
  • WebLogic Server 14.1.1.0.0 and JDK11 on Oracle Linux 9.1
Virtual machine size The default VM size is 1x Standard A1, 1 vcpu, 1.75 GB memory.

If you want to select a different VM size, click Change Size, select the size from the list (for example, A3) on the Select a VM size page, and click Select.

For more information about sizing the virtual machine, see Azure documentation on Sizes.

Credentials for Virtual Machines and WebLogic Username for admin account of VMs

Enter a user name for the administrator account for the virtual machine. Note this value, as you may need it when you access the virtual machine via SSH.

Authentication Type You can either use a Password or a SSH Public Key along with the username to authenticate the administrator account.

If you select Password, you must enter the values for the following fields:

  • Password: Enter a password for the administrator account for the virtual machine.
  • Confirm password: Re-enter the password to confirm.

If you select SSH Public Key, you must specify the value for the following fields:

  • SSH public key source: Specify the SSH public key for the administrator account for the virtual machine.
  • Key pair name: Enter a name for your SSH public key (for example, mysshkey1).
Optional Basic Configuration Accept defaults for optional configuration?

If you want to retain the default values for the optional configuration, such as DNS Label Prefix and Ports and port ranges to expose, set the toggle button to Yes, and click Next : Review + create >.

If you want to specify different values for the optional configuration, set the toggle button to No, and enter the following details:

  • DNS Label Prefix: Enter a value that must be added as a prefix to the Azure generated DNS name for the provisioned virtual machine. This value is combined with the Resource group name, the region of the resource group, and an Azure specific value. For example, if you specify wlsmycompany as the DNS Label Prefix, the DNS host name will be wlsmycompany-myrg.eastus.cloudapp.azure.com. Note that this value must start with a letter.
  • Ports and port ranges to expose (N or N-N, comma separated): Specify the ports that you want to allow in the Azure network group protocols. Ports entered here will be exposed to the outside network.

    You can either specify the port numbers, or the port ranges, or a combination of both separated by comma. For example:

    80,443,7001-9000

  • Cause a system assigned managed identity to be created for the VM(s).: This option causes any VM(s) created by this deployment to be given a system assigned managed identity. Select Yes or No based on your preference.

    For information about the managed identities for Azure resources, including the system assigned managed identities, see What are managed identities for Azure resources?.

After you specify the required details, click Next : Review + create >.

Review + create

In the Review + create blade, review the details you provided. If you want to make changes to any of the fields, click < previous and update the details.

If you want to use this template to automate the deployment, download it by clicking Download a template for automation.

Click Create to create this offer. This process may take 30 to 60 minutes. For more information about the IaaS offers, see Azure documentation on IaaS.

After the deployment is complete, to access the virtual machine, refer to Access a Virtual Machine via SSH.

To create a WebLogic Server domain, see Creating WebLogic Domains Using WLST Offline in Understanding the WebLogic Scripting Tool.

Deploy Oracle WebLogic Server With Administration Server on a Single Node

This offer provisions a single virtual machine and installs Oracle WebLogic Server on it. It creates a WebLogic domain and starts up the WebLogic Administration Server.

Note:

Before you proceed with the deployment process, ensure that you have obtained this offer either from the Azure Marketplace as described in Get the Required Oracle WebLogic Server Offer from Azure Marketplace, or by clicking on the offer link in Table 1-1.

The Azure portal uses a user interface concept called resource blades. They are similar to tab panels, but can cascade across the page flow.

To deploy Oracle WebLogic Server with an Administration Server on a single node, provide the required information in the following resource blades:

Basics

Use the Basics blade to provide the basic configuration details for deploying Oracle WebLogic Server with an Administration Server. To do this, enter the values for the fields listed in Table 2-2.

Table 2-2 Fields in the Basics Blade

Section Field Description
Project details Subscription

Select a subscription to use for the charges accrued by this offer. You must have a valid active subscription associated with the Azure account that is currently logged in. If you don’t have it already, follow the steps described in Associate or add an Azure subscription to your Azure Active Directory tenant.

Resource group

A resource group is a container that holds related resources for an Azure solution. The resource group includes those resources that you want to manage as a group. You decide which resources belong in a resource group based on what makes the most sense for your organization. If you have an existing resource group into which you want to deploy this solution, you can enter its name here; however, the resource group must have no pre-existing resources in it. Alternatively, you can click the Create new, and enter the name so that Azure creates a new resource group before provisioning the resources.

For more information about resource groups, see Azure document.

Instance details Region

Select an Azure region from the drop-down list.

Oracle WebLogic Image

Select a version of Oracle WebLogic Server and JDK that you want to deploy on a preferred version of Oracle Linux. The available options are:

  • WebLogic Server 12.2.1.4.0 and JDK8 on Oracle Linux 7.6
  • WebLogic Server 14.1.1.0.0 and JDK8 on Oracle Linux 7.6
  • WebLogic Server 14.1.1.0.0 and JDK11 on Oracle Linux 7.6
  • WebLogic Server 12.2.1.4.0 and JDK8 on Oracle Linux 8.7
  • WebLogic Server 14.1.1.0.0 and JDK8 on Oracle Linux 8.7
  • WebLogic Server 14.1.1.0.0 and JDK11 on Oracle Linux 8.7
  • WebLogic Server 12.2.1.4.0 and JDK8 on Oracle Linux 9.1
  • WebLogic Server 14.1.1.0.0 and JDK8 on Oracle Linux 9.1
  • WebLogic Server 14.1.1.0.0 and JDK11 on Oracle Linux 9.1
Virtual machine size The default VM size is 1x Standard A1, 1 vcpu, 1.75 GB memory.

If you want to select a different VM size, click Change Size, select the size from the list (for example, A3) on the Select a VM size page, and click Select.

For more information about sizing the virtual machine, see Azure documentation on Sizes.

Credentials for Virtual Machines and WebLogic Username for admin account of VMs

Enter a user name for the administrator account for the virtual machine. Note this value, as you may need it when you access the virtual machine via SSH.

Authentication Type You can either use a Password or a SSH Public Key along with the username to authenticate the administrator account.

If you select Password, you must enter the values for the following fields:

  • Password: Enter a password for the administrator account for the virtual machine.
  • Confirm password: Re-enter the password to confirm.

If you select SSH Public Key, you must specify the value for the following fields:

  • SSH public key source: Specify the SSH public key for the administrator account for the virtual machine.
  • Key pair name: Enter a name for your SSH public key (for example, mysshkey1).
Username for WebLogic Administrator

Enter a user name to access the WebLogic Administration Console which is started automatically after the provisioning. For more information about the WebLogic Administration Console, see Overview of Administration Consoles in Understanding Oracle WebLogic Server.

Password for WebLogic Administrator

Enter a password to access the WebLogic Administration Console.

Confirm password

Re-enter the password to access the WebLogic Administration Console.

Optional Basic Configuration Accept defaults for optional configuration?

If you want to retain the default values for the optional configuration, such as DNS Label Prefix, WebLogic Domain Name, Virtual machine size, and Ports and port ranges to expose, set the toggle button to Yes, and click Next : Database >.

If you want to specify different values for the optional configuration, set the toggle button to No, and enter the following details:

  • WebLogic Domain Name: Enter the name of the domain that will be created by the offer.
  • Enable HTTP Listen Port on WebLogic Administration Server?: Use this option to enable the HTTP listen port on the WebLogic Administration Server. Select Yes or No based on your preference.

    If you disable the HTTP listen port, then the WebLogic Server Administration Console will be accessible on the HTTPS port 7002 at https://admin-server-host:7002/console.

  • Create a system assigned managed identity to be created for the VM(s).: This option causes any VM(s) created by this deployment to be given a system assigned managed identity. Select Yes or No based on your preference.

    For information about the managed identities for Azure resources, including the system assigned managed identities, see What are managed identities for Azure resources?.

After you provide the required details, click Next : TLS/SSL Configuration >.

TLS/SSL Configuration

The TLS/SSL Configuration blade enables you to configure Oracle WebLogic Server Administration Console on a secure HTTPS port, with your own TLS/SSL certificate provided by a Certifying Authority (CA).

Select Yes or No for the option Configure WebLogic Administration Console on HTTPS (Secure) Port, with your own TLS/SSL certificate? based on your preference. If you select No, you don't have to provide any details, and can proceed by clicking Next : Networking >. If you select Yes, you can choose to provide the required configuration details by either uploading existing keystores or by using keystores stored in Azure Key Vault.

If you want to upload existing keystores, select Upload existing KeyStores for the option How would you like to provide required configuration, and enter the values for the fields listed in Table 2-3.

Table 2-3 Fields in the TLS/SSL Configuration Blade for Uploading Existing Keystores

Field Description
Identity KeyStore Data file(.jks,.p12) Upload an identity keystore data file by doing the following:
  1. Click on the file icon.
  2. Select the identity keystore file.
  3. Click Open.
Password Enter the passphrase for the identity keystore.
Confirm password Re-enter the passphrase for the identity keystore.
The Identity KeyStore type (JKS,PKCS12) Select the type of identity keystore. The supported values are JKS and PKCS12.
The alias of the server's private key within the Identity KeyStore Enter the alias for the private key within the identity keystore.
The passphrase for the server's private key within the Identity KeyStore Enter the passphrase for the private key within the identity keystore.
Confirm passphrase Re-enter the passphrase for the private key.
Trust KeyStore Data file(.jks,.p12) Upload a trust keystore data file by doing the following:
  1. Click on the file icon.
  2. Select the custom trust keystore file.
  3. Click Open.
Password Enter the passphrase for the trust keystore.
Confirm password Re-enter the passphrase for the trust keystore.
The Trust KeyStore type (JKS,PKCS12) Select the type of trust keystore. The supported values are JKS and PKCS12.

If you want to use keystores stored in Azure Key Vault, select Use KeyStores stored in Azure Key Vault for the option How would you like to provide required configuration, and enter the values for the fields listed in Table 2-4.

Table 2-4 Fields in the TLS/SSL Configuration Blade for Using KeyStores Stored in Azure Key Vault

Field Description
Resource group name in current subscription containing the Key Vault Enter the name of the Resource Group containing the Key Vault that stores the TLS/SSL certificate.

An Azure Key Vault is a platform-managed secret store that can be used to safeguard secrets, keys, and TLS/SSL certificates. See About Azure Key Vault.

Name of the Azure Key Vault containing secrets for the TLS/SSL certificate Enter the name of the Azure Key Vault that stores the secrets for the TLS/SSL certificate.
The name of the secret in the specified Key Vault whose value is the Identity KeyStore Data Enter the name of the Azure Key Vault secret that holds the value of the identity keystore data.
The name of the secret in the specified Key Vault whose value is the passphrase for the Identity KeyStore Enter the name of the Azure Key Vault secret that holds the value of the identity keystore passphrase.
The Identity KeyStore type (JKS,PKCS12) Select the type of identity keystore from the drop-down list. The supported values are JKS and PKCS12.
The name of the secret in the specified Key Vault whose value is the Private Key Alias Enter the name of the Azure Key Vault secret that holds the value of the private key alias.
The name of the secret in the specified Key Vault whose value is the passphrase for the Private Key Enter the name of the Azure Key Vault secret that holds the value of the private key passphrase.
The name of the secret in the specified Key Vault whose value is the Trust KeyStore Data Enter the name of the Azure Key Vault secret that holds the value of the trust keystore data.
The name of the secret in the specified Key Vault whose value is the passphrase for the Trust KeyStore Enter the name of the Azure Key Vault secret that holds the value of the trust keystore passphrase.
The Trust KeyStore type (JKS,PKCS12) Select the type of trust keystore from the drop-down list. The supported values are JKS and PKCS12.

After you provide the required details, click Next : Networking >.

Networking

The Networking blade enables you to customize the virtual network in which the WebLogic Server created by this offer will be deployed.

Select Yes or No based on your preference. If you select No, the offer will create a VNET using the 10.0.0.0 address space, and you don't have to provide any details and can proceed by clicking Next : Database >. If you select Yes, you have some options to configure the networking aspects of the deployment.

First, you must decide whether or not to have the offer create a virtual network, or use an existing virtual network and subnet. There are two experiences for having the offer create a virtual network.
  • Create a new virtual network with optional DNS configuration
  • Select an existing virtual network

Create a new virtual network with optional DNS configuration

To have the offer create a virtual network with default settings for address space and subnet, select (new) VirtualNetwork from the Virtual network drop-down list, then select (new) Subnet-1 from the Subnet drop-down list.

To customize the address space and subnet for the new virtual network, select the Create new link next to Virtual network. A sub-menu opens for further customization. For more details about what you can do with this sub-menu, see What is Azure Virtual Network?. You can specify the CIDR for the virtual network here.

Select an existing virtual network

To select an existing virtual network, select one of the virtual networks from the Virtual network drop-down list. The Subnet drop-down list allows you to select a subnet within the existing virtual network. WLS will be deployed within the selected subnet. For more advanced configuration of the subnet, select Manage subnet configuration. To return to the WLS deployment experience, use the breadcrumbs navigator at the top of the Portal.

Note:

When you select an existing virtual network, no public IP address will be created by the offer.
If you want to make the admin Graphical User Interface (GUI) accessible from the public internet, use the following steps:
  1. You must associate a public IP with the admin virtual machine (VM), as described in Associate a public IP address to a virtual machine.

  2. Create a Network Security Group whose inbound roles allows traffic from the expected source hosts to the admin VM on ports 7001 and 7002. For complete guidance on Network Security Groups, see Network security groups.

  3. Use the following steps to configure the Admin Server so that its FrontendHost is set to the public IP address:
    1. Connect to the admin VM using SSH. You may need to modify the Network Security Group inbound rules to allow this connection.
    2. Enter the sudo su - command and login as root user.
    3. Enter the su oracle command and switch to Oracle user.
    4. Execute the following command:
      /u01/app/wls/install/oracle/middleware/oracle_home/oracle_common/common/bin/wlst.sh
    5. Enter the following WLST commands to configure FrontendHost:
      connect('<weblogic username>','<weblogic password>','t3://adminVM:7001')
      edit()
      startEdit()
      cd('/Servers/admin/WebServer/admin')
      cmo.setFrontendHost('<your public ip hostname>')
      save()
      activate()
    6. To restart the Admin Server, run the command systemctl restart wls_admin as a root user.

Deny public traffic for admin server?: Use this option to deny public traffic to the WebLogic Administration Server. The default selection is No which makes the ports 7001 and 7002 publicly accessible. Select Yes, if you want these ports to be publicly inaccessible.

Configure Custom DNS Alias? : Select Yes or No based on your preference. If you select No, you don't have to provide any details, and can proceed by clicking Next : Database >. If you select Yes, you must choose either to configure a custom DNS alias based on an existing Azure DNS zone, or create an Azure DNS zone and a custom DNS alias. This can be done by selecting Yes or No for the option Use an existing Azure DNS Zone.

Note:

For more information about the DNS zones, see Overview of DNS zones and records.

DNS Label Prefix: Enter a value that must be added as a prefix to the Azure generated DNS name for the provisioned virtual machine. This value is combined with the Resource group name, the region of the resource group, and an Azure specific value. For example, if you specify wlsmycompany as the DNS Label Prefix, the DNS host name will be wlsmycompany-myrg.eastus.cloudapp.azure.com. The DNS Label Prefix must always start with a lowercase alphabet.

Ports and port ranges to expose (N or N-N, comma separated): Specify the ports that you want to allow in the Azure network group protocols. Ports entered here are exposed to the outside network.

You can either specify port numbers, port ranges, or a combination of both port numbers and ranges separated by comma. For example: 80,443,7001-9000

If you choose to configure a custom DNS alias based on an existing Azure DNS zone, by selecting Yes for the option Use an existing Azure DNS Zone, you must specify the DNS configuration details by entering the values for the fields listed in Table 2-5.

Table 2-5 Fields in the DNS Configuration Blade

Field Description
DNS Zone Name Enter the DNS zone name.
Name of the resource group which contains the DNS Zone in current subscription Enter the name of the resource group that contains the DNS zone in the current subscription.
Label for Oracle WebLogic Administration Console Enter a label to generate a sub-domain of the Oracle WebLogic Server Administration Console.

For example, if the domain is mycompany.com and the sub-domain is admin, then the WebLogic Server Administration Console URL will be admin.mycompany.com.

User assigned managed identity

(A section; not a field.)

Click Add to add user assigned identities to grant resource access to the Azure resources. In the Add user assigned managed identities window, select the Subscription and the User assigned managed identities from the list, and click Add.

You must add at least one user assigned identity to access Azure resources.

If you choose to create an Azure DNS zone and a custom DNS alias, by selecting No for the option Use an existing Azure DNS Zone, you must specify the values for the following fields:

  • DNS Zone Name: Specify the DNS zone name.
  • Label for Oracle WebLogic Administration Console: Specify a label to generate a sub-domain of the Oracle WebLogic Server Administration Console.

Note:

In case of creating an Azure DNS zone and a custom DNS alias, you must perform the DNS domain delegation at your DNS registry post deployment. See Delegation of DNS zones with Azure DNS.

After you specify the required details, click Next : Database >.

Database

The Database blade enables you to configure Oracle WebLogic Server to connect to an existing database. Select Yes or No for the option Connect to Database? based on your preference. If you select No, you don't have to provide any details, and can proceed by clicking Next : Review + create >. If you select Yes, you must specify the details of your database by entering the values for the fields listed in Table 2-6.

Note:

If you want to connect Oracle WebLogic Server to a database, ensure that all necessary network access have been granted.

Table 2-6 Fields in the Database Blade

Field Description
Choose database type

Select an existing database that you want Oracle WebLogic Server to connect to from the drop-down list. The available options are:

  • Azure Database for PostgreSQL
  • Oracle Database
  • Azure SQL
JNDI Name

Enter the JNDI name for your database JDBC connection.

DataSource Connection String

Enter the JDBC connection string for your database.

For information about obtaining the JDBC connection string, see Obtain the JDBC Connection String for Your Database.

Global transactions protocol
Select an existing global transactions protocol from the drop-down list. The available options are:
  • TwoPhaseCommit
  • LoggingLastResource
  • EmulateTwoPhaseCommit
  • OnePhaseCommit
  • None
Database Username

Enter the username of your database.

Database Password

Enter the password for the database user.

Confirm password

Re-enter the database password.

After you provide the details, click Next : Review + create >.

Review + create

In the Review + create blade, review the details you provided for deploying Oracle WebLogic Server with Administration Server on a single node. If you want to make changes to any of the fields, click < previous or click on the respective blade and update the details.

If you want to use this template to automate the deployment, download it by clicking Download a template for automation.

Click Create to create this offer. This process may take 30 to 60 minutes. For more information about the IaaS offers, see Azure documentation on IaaS.

The WebLogic Administration Server starts automatically when the virtual machine starts.

After the provisioning is complete, the Oracle WebLogic Server Administration Console will be accessible or inaccessible depending on the options you selected in the Basics blade. Table 2-7 lists the ports on which the Administration Console will be accessible for different use cases.

Table 2-7 Ports on Which the WebLogic Server Administration Console is Accessible

Value Set for "Deny public traffic for admin server?" Value Set for "Enable HTTP Listen Port on WebLogic Administration Server?" WebLogic Administration Console Accessible or Inaccessible on the HTTP Port and Path :7001/console WebLogic Administration Console Accessible or Inaccessible on the HTTPS Port and Path :7002/console
No Yes Accessible Accessible
No No Inaccessible Accessible
Yes Yes or No

The Deny public traffic for admin server? field takes a higher priority.

Inaccessible Inaccessible