2 Deploy Oracle WebLogic Server on a Single Node on Microsoft Azure IaaS
The offers described in this section provision a single Azure Oracle Linux virtual machine and install Oracle WebLogic Server and its dependencies on it. You can choose to deploy Oracle WebLogic Server with or without Administration Server.
Deploy Oracle WebLogic Server Without Administration Server on a Single Node
This offer provisions a single virtual machine and installs Oracle WebLogic Server on it. It neither creates a WebLogic domain nor starts the Administration Server.
Note:
Before you proceed with the deployment process, ensure that you have obtained this offer either from the Azure Marketplace as described in Get the Required Oracle WebLogic Server Offer from Azure Marketplace, or by clicking on the offer link in Table 1-1.
The Azure portal uses a user interface concept called resource blades. They are similar to tab panels, but can cascade across the page flow.
To deploy Oracle WebLogic Server without an Administration Server on a single node, provide the required information in the following resource blades:
Basics
Use the Basics blade to provide the basic configuration details for deploying Oracle WebLogic Server without an Administration Server. To do this, enter the values for the fields listed in Table 2-1.
Table 2-1 Fields in the Basics Blade
Section | Field | Description |
---|---|---|
Project details | Subscription |
Select a subscription to use for the charges accrued by this offer. You must have a valid active subscription associated with the Azure account that is currently logged in. If you don’t have it already, follow the steps described in Associate or add an Azure subscription to your Azure Active Directory tenant. |
Resource group |
A resource group is a container that holds related resources for an Azure solution. The resource group includes those resources that you want to manage as a group. You decide which resources belong in a resource group based on what makes the most sense for your organization. If you have an existing resource group into which you want to deploy this solution, you can enter its name here; however, the resource group must have no pre-existing resources in it. Alternatively, you can click the Create new, and enter the name so that Azure creates a new resource group before provisioning the resources. For more information about resource groups, see Azure document. |
|
Instance details | Region |
Select an Azure region from the drop-down list. |
Oracle WebLogic Image |
Select a version of Oracle WebLogic Server and JDK that you want to deploy on a preferred version of Oracle Linux. The available options are:
|
|
Virtual machine size | The default VM size is 1x Standard A1, 1 vcpu, 1.75 GB memory .
If you want to select a different VM size, click Change Size, select the size from the list (for example, For more information about sizing the virtual machine, see Azure documentation on Sizes. |
|
Credentials for Virtual Machines and WebLogic | Username for admin account of VMs |
Enter a user name for the administrator account for the virtual machine. Note this value, as you may need it when you access the virtual machine via SSH. |
Authentication Type | You can either use a Password or a SSH Public Key along with the username to authenticate the administrator account.
If you select Password, you must enter the values for the following fields:
If you select SSH Public Key, you must specify the value for the following fields:
|
|
Optional Basic Configuration | Accept defaults for optional configuration? |
If you want to retain the default values for the optional configuration, such as DNS Label Prefix and Ports and port ranges to expose, set the toggle button to Yes, and click Next : Review + create >. If you want to specify different values for the optional configuration, set the toggle button to No, and enter the following details:
|
After you specify the required details, click Next : Review + create >.
Review + create
In the Review + create blade, review the details you provided. If you want to make changes to any of the fields, click < previous and update the details.
If you want to use this template to automate the deployment, download it by clicking Download a template for automation.
Click Create to create this offer. This process may take 30 to 60 minutes. For more information about the IaaS offers, see Azure documentation on IaaS.
After the deployment is complete, to access the virtual machine, refer to Access a Virtual Machine via SSH.
To create a WebLogic Server domain, see Creating WebLogic Domains Using WLST Offline in Understanding the WebLogic Scripting Tool.
Deploy Oracle WebLogic Server With Administration Server on a Single Node
This offer provisions a single virtual machine and installs Oracle WebLogic Server on it. It creates a WebLogic domain and starts up the WebLogic Administration Server.
Note:
Before you proceed with the deployment process, ensure that you have obtained this offer either from the Azure Marketplace as described in Get the Required Oracle WebLogic Server Offer from Azure Marketplace, or by clicking on the offer link in Table 1-1.The Azure portal uses a user interface concept called resource blades. They are similar to tab panels, but can cascade across the page flow.
To deploy Oracle WebLogic Server with an Administration Server on a single node, provide the required information in the following resource blades:
Basics
Use the Basics blade to provide the basic configuration details for deploying Oracle WebLogic Server with an Administration Server. To do this, enter the values for the fields listed in Table 2-2.
Table 2-2 Fields in the Basics Blade
Section | Field | Description |
---|---|---|
Project details | Subscription |
Select a subscription to use for the charges accrued by this offer. You must have a valid active subscription associated with the Azure account that is currently logged in. If you don’t have it already, follow the steps described in Associate or add an Azure subscription to your Azure Active Directory tenant. |
Resource group |
A resource group is a container that holds related resources for an Azure solution. The resource group includes those resources that you want to manage as a group. You decide which resources belong in a resource group based on what makes the most sense for your organization. If you have an existing resource group into which you want to deploy this solution, you can enter its name here; however, the resource group must have no pre-existing resources in it. Alternatively, you can click the Create new, and enter the name so that Azure creates a new resource group before provisioning the resources. For more information about resource groups, see Azure document. |
|
Instance details | Region |
Select an Azure region from the drop-down list. |
Oracle WebLogic Image |
Select a version of Oracle WebLogic Server and JDK that you want to deploy on a preferred version of Oracle Linux. The available options are:
|
|
Virtual machine size | The default VM size is 1x Standard A1, 1 vcpu, 1.75 GB memory .
If you want to select a different VM size, click Change Size, select the size from the list (for example, For more information about sizing the virtual machine, see Azure documentation on Sizes. |
|
Credentials for Virtual Machines and WebLogic | Username for admin account of VMs |
Enter a user name for the administrator account for the virtual machine. Note this value, as you may need it when you access the virtual machine via SSH. |
Authentication Type | You can either use a Password or a SSH Public Key along with the username to authenticate the administrator account.
If you select Password, you must enter the values for the following fields:
If you select SSH Public Key, you must specify the value for the following fields:
|
|
Username for WebLogic Administrator |
Enter a user name to access the WebLogic Administration Console which is started automatically after the provisioning. For more information about the WebLogic Administration Console, see Overview of Administration Consoles in Understanding Oracle WebLogic Server. |
|
Password for WebLogic Administrator |
Enter a password to access the WebLogic Administration Console. |
|
Confirm password |
Re-enter the password to access the WebLogic Administration Console. |
|
Optional Basic Configuration | Accept defaults for optional configuration? |
If you want to retain the default values for the optional configuration, such as DNS Label Prefix, WebLogic Domain Name, Virtual machine size, and Ports and port ranges to expose, set the toggle button to Yes, and click Next : Database >. If you want to specify different values for the optional configuration, set the toggle button to No, and enter the following details:
|
After you provide the required details, click Next : TLS/SSL Configuration >.
TLS/SSL Configuration
The TLS/SSL Configuration blade enables you to configure Oracle WebLogic Server Administration Console on a secure HTTPS port, with your own TLS/SSL certificate provided by a Certifying Authority (CA).
Select Yes or No for the option Configure WebLogic Administration Console on HTTPS (Secure) Port, with your own TLS/SSL certificate? based on your preference. If you select No, you don't have to provide any details, and can proceed by clicking Next : Networking >. If you select Yes, you can choose to provide the required configuration details by either uploading existing keystores or by using keystores stored in Azure Key Vault.
If you want to upload existing keystores, select Upload existing KeyStores for the option How would you like to provide required configuration, and enter the values for the fields listed in Table 2-3.
Table 2-3 Fields in the TLS/SSL Configuration Blade for Uploading Existing Keystores
Field | Description |
---|---|
Identity KeyStore Data file(.jks,.p12) | Upload an identity keystore data file by doing the following:
|
Password | Enter the passphrase for the identity keystore. |
Confirm password | Re-enter the passphrase for the identity keystore. |
The Identity KeyStore type (JKS,PKCS12) | Select the type of identity keystore. The supported values are JKS and PKCS12 .
|
The alias of the server's private key within the Identity KeyStore | Enter the alias for the private key within the identity keystore. |
The passphrase for the server's private key within the Identity KeyStore | Enter the passphrase for the private key within the identity keystore. |
Confirm passphrase | Re-enter the passphrase for the private key. |
Trust KeyStore Data file(.jks,.p12) | Upload a trust keystore data file by doing the following:
|
Password | Enter the passphrase for the trust keystore. |
Confirm password | Re-enter the passphrase for the trust keystore. |
The Trust KeyStore type (JKS,PKCS12) | Select the type of trust keystore. The supported values are JKS and PKCS12 .
|
If you want to use keystores stored in Azure Key Vault, select Use KeyStores stored in Azure Key Vault for the option How would you like to provide required configuration, and enter the values for the fields listed in Table 2-4.
Table 2-4 Fields in the TLS/SSL Configuration Blade for Using KeyStores Stored in Azure Key Vault
Field | Description |
---|---|
Resource group name in current subscription containing the Key Vault | Enter the name of the Resource Group containing the Key Vault that stores the TLS/SSL certificate.
An Azure Key Vault is a platform-managed secret store that can be used to safeguard secrets, keys, and TLS/SSL certificates. See About Azure Key Vault. |
Name of the Azure Key Vault containing secrets for the TLS/SSL certificate | Enter the name of the Azure Key Vault that stores the secrets for the TLS/SSL certificate. |
The name of the secret in the specified Key Vault whose value is the Identity KeyStore Data | Enter the name of the Azure Key Vault secret that holds the value of the identity keystore data. |
The name of the secret in the specified Key Vault whose value is the passphrase for the Identity KeyStore | Enter the name of the Azure Key Vault secret that holds the value of the identity keystore passphrase. |
The Identity KeyStore type (JKS,PKCS12) | Select the type of identity keystore from the drop-down list. The supported values are JKS and PKCS12 .
|
The name of the secret in the specified Key Vault whose value is the Private Key Alias | Enter the name of the Azure Key Vault secret that holds the value of the private key alias. |
The name of the secret in the specified Key Vault whose value is the passphrase for the Private Key | Enter the name of the Azure Key Vault secret that holds the value of the private key passphrase. |
The name of the secret in the specified Key Vault whose value is the Trust KeyStore Data | Enter the name of the Azure Key Vault secret that holds the value of the trust keystore data. |
The name of the secret in the specified Key Vault whose value is the passphrase for the Trust KeyStore | Enter the name of the Azure Key Vault secret that holds the value of the trust keystore passphrase. |
The Trust KeyStore type (JKS,PKCS12) | Select the type of trust keystore from the drop-down list. The supported values are JKS and PKCS12 .
|
After you provide the required details, click Next : Networking >.
Networking
The Networking blade enables you to customize the virtual network in which the WebLogic Server created by this offer will be deployed.
Select Yes or No based on your preference. If you select No, the offer will create a VNET using the 10.0.0.0 address space, and you don't have to provide any details and can proceed by clicking Next : Database >. If you select Yes, you have some options to configure the networking aspects of the deployment.
- Create a new virtual network with optional DNS configuration
- Select an existing virtual network
Create a new virtual network with optional DNS configuration
To have the offer create a virtual network with default settings for address space and subnet, select (new) VirtualNetwork from the Virtual network drop-down list, then select (new) Subnet-1 from the Subnet drop-down list.
To customize the address space and subnet for the new virtual network, select the Create new link next to Virtual network. A sub-menu opens for further customization. For more details about what you can do with this sub-menu, see What is Azure Virtual Network?. You can specify the CIDR for the virtual network here.
Select an existing virtual network
To select an existing virtual network, select one of the virtual networks from the Virtual network drop-down list. The Subnet drop-down list allows you to select a subnet within the existing virtual network. WLS will be deployed within the selected subnet. For more advanced configuration of the subnet, select Manage subnet configuration. To return to the WLS deployment experience, use the breadcrumbs navigator at the top of the Portal.
Note:
When you select an existing virtual network, no public IP address will be created by the offer.-
You must associate a public IP with the admin virtual machine (VM), as described in Associate a public IP address to a virtual machine.
-
Create a Network Security Group whose inbound roles allows traffic from the expected source hosts to the admin VM on ports
7001
and7002
. For complete guidance on Network Security Groups, see Network security groups. -
Use the following steps to configure the Admin Server so that its FrontendHost is set to the public IP address:
- Connect to the admin VM using SSH. You may need to modify the Network Security Group inbound rules to allow this connection.
- Enter the
sudo su -
command and login asroot
user. - Enter the
su oracle
command and switch toOracle
user. - Execute the following command:
/u01/app/wls/install/oracle/middleware/oracle_home/oracle_common/common/bin/wlst.sh
- Enter the following WLST commands to configure FrontendHost:
connect('<weblogic username>','<weblogic password>','t3://adminVM:7001') edit() startEdit() cd('/Servers/admin/WebServer/admin') cmo.setFrontendHost('<your public ip hostname>') save() activate()
- To restart the Admin Server, run the command
systemctl restart wls_admin
as aroot
user.
Deny public traffic for admin server?: Use this option to deny public traffic to the WebLogic Administration Server. The default selection is No which makes the ports 7001
and 7002
publicly accessible. Select Yes, if you want these ports to be publicly inaccessible.
Configure Custom DNS Alias? : Select Yes or No based on your preference. If you select No, you don't have to provide any details, and can proceed by clicking Next : Database >. If you select Yes, you must choose either to configure a custom DNS alias based on an existing Azure DNS zone, or create an Azure DNS zone and a custom DNS alias. This can be done by selecting Yes or No for the option Use an existing Azure DNS Zone.
Note:
For more information about the DNS zones, see Overview of DNS zones and records.DNS Label Prefix: Enter a value that must be added as a prefix to the Azure generated DNS name for the provisioned virtual machine. This value is combined with the Resource group name, the region of the resource group, and an Azure specific value. For example, if you specify wlsmycompany
as the DNS Label Prefix, the DNS host name will be wlsmycompany-myrg.eastus.cloudapp.azure.com
. The DNS Label Prefix must always start with a lowercase alphabet.
Ports and port ranges to expose (N or N-N, comma separated): Specify the ports that you want to allow in the Azure network group protocols. Ports entered here are exposed to the outside network.
You can either specify port numbers, port ranges, or a combination of both port numbers and ranges separated by comma. For example: 80,443,7001-9000
If you choose to configure a custom DNS alias based on an existing Azure DNS zone, by selecting Yes for the option Use an existing Azure DNS Zone, you must specify the DNS configuration details by entering the values for the fields listed in Table 2-5.
Table 2-5 Fields in the DNS Configuration Blade
Field | Description |
---|---|
DNS Zone Name | Enter the DNS zone name. |
Name of the resource group which contains the DNS Zone in current subscription | Enter the name of the resource group that contains the DNS zone in the current subscription. |
Label for Oracle WebLogic Administration Console | Enter a label to generate a sub-domain of the Oracle WebLogic Server Administration Console.
For example, if the domain is |
User assigned managed identity (A section; not a field.) |
Click Add to add user assigned identities to grant resource access to the Azure resources. In the Add user assigned managed identities window, select the Subscription and the User assigned managed identities from the list, and click Add.
You must add at least one user assigned identity to access Azure resources. |
If you choose to create an Azure DNS zone and a custom DNS alias, by selecting No for the option Use an existing Azure DNS Zone, you must specify the values for the following fields:
- DNS Zone Name: Specify the DNS zone name.
- Label for Oracle WebLogic Administration Console: Specify a label to generate a sub-domain of the Oracle WebLogic Server Administration Console.
Note:
In case of creating an Azure DNS zone and a custom DNS alias, you must perform the DNS domain delegation at your DNS registry post deployment. See Delegation of DNS zones with Azure DNS.After you specify the required details, click Next : Database >.
Database
The Database blade enables you to configure Oracle WebLogic Server to connect to an existing database. Select Yes or No for the option Connect to Database? based on your preference. If you select No, you don't have to provide any details, and can proceed by clicking Next : Review + create >. If you select Yes, you must specify the details of your database by entering the values for the fields listed in Table 2-6.
Note:
If you want to connect Oracle WebLogic Server to a database, ensure that all necessary network access have been granted.Table 2-6 Fields in the Database Blade
Field | Description |
---|---|
Choose database type |
Select an existing database that you want Oracle WebLogic Server to connect to from the drop-down list. The available options are:
|
JNDI Name |
Enter the JNDI name for your database JDBC connection. |
DataSource Connection String |
Enter the JDBC connection string for your database. For information about obtaining the JDBC connection string, see Obtain the JDBC Connection String for Your Database. |
Global transactions protocol |
Select an existing global transactions protocol from the drop-down list. The available options are:
|
Database Username |
Enter the username of your database. |
Database Password |
Enter the password for the database user. |
Confirm password |
Re-enter the database password. |
After you provide the details, click Next : Review + create >.
Review + create
In the Review + create blade, review the details you provided for deploying Oracle WebLogic Server with Administration Server on a single node. If you want to make changes to any of the fields, click < previous or click on the respective blade and update the details.
If you want to use this template to automate the deployment, download it by clicking Download a template for automation.
Click Create to create this offer. This process may take 30 to 60 minutes. For more information about the IaaS offers, see Azure documentation on IaaS.
The WebLogic Administration Server starts automatically when the virtual machine starts.
After the provisioning is complete, the Oracle WebLogic Server Administration Console will be accessible or inaccessible depending on the options you selected in the Basics blade. Table 2-7 lists the ports on which the Administration Console will be accessible for different use cases.
Table 2-7 Ports on Which the WebLogic Server Administration Console is Accessible
Value Set for "Deny public traffic for admin server?" | Value Set for "Enable HTTP Listen Port on WebLogic Administration Server?" | WebLogic Administration Console Accessible or Inaccessible on the HTTP Port and Path :7001/console |
WebLogic Administration Console Accessible or Inaccessible on the HTTPS Port and Path :7002/console |
---|---|---|---|
No | Yes | Accessible | Accessible |
No | No | Inaccessible | Accessible |
Yes | Yes or No The Deny public traffic for admin server? field takes a higher priority. |
Inaccessible | Inaccessible |