Access the Administration Consoles for Oracle Java Cloud Service
You can use various consoles to administer the software that an Oracle Java Cloud Service Software instance is running, and to also administer related Oracle Cloud services.
Topics:
Note:
Security check warnings are displayed at the top of the console. See About the Security Checkup Tool for the warnings and how to handle them.About the Security Checkup Tool
Oracle WebLogic Server Administration console includes a security checkup tool that displays security check warnings. These security check warnings are displayed for Oracle Java Cloud Service instances that are created using WebLogic Server versions 12.2.1.3 and 12.2.1.4.
In case of Oracle Java Cloud
Service instances created after July 20, 2021, or the instances on which the July 2021 PSUs
are applied, the message Security warnings detected. Click here to view the
report and recommended remedies
is displayed at the top of the Oracle
WebLogic Server Administration console. When you click the message, a list of security
warnings are displayed as listed in the following table.
The warning messages listed in the table are examples.
Security Warnings
Warning Message | Resolution |
---|---|
Note: This warning is displayed only for existing Oracle Java Cloud Service instances created before release 22.1.1 (January 31, 2022) on which the October 2021 PSUs are applied. |
Disable tunneling on |
|
Disable the anonymous RMI T3 and IIOP requests in the WebLogic Server Administration Console as soon as possible unless your deployment requires anonymous T3 or IIOP (not typical). See Disable Remote Anonymous RMI T3 and IIOP Requests. Note: These attribute settings are also applicable to Oracle Traffic Director, but only for service instances running Oracle Traffic Director 12.2.1.4. |
Note:
For existing Oracle Java Cloud Service instances created before release 21.3.2 (August 26, 2021), you see the SSL host name verification and the umask warnings. See Security Checkup Tool Warnings.After you address the warnings, you must click Refresh Warnings to see the warnings removed in the console.
For Oracle Java Cloud Service instances created after July 20, 2021, though the java properties to disable anonymous requests for preventing anonymous RMI access are configured, the warnings still appear. This is a known issue in Oracle WebLogic Server.
If you want to perform anonymous RMI requests,, you must set the java properties for anonymous RMI T3 and IIOP requests. See Set the Java Properties.
Configure the Wildcard Host Name Verifier
To address the SSL hostname verification warnings, you must configure the wildcard host name verifier in the Administration console.
Update Administration Server Startup Properties
To address the SSL hostname verification warnings, you must update the
startup.properties
file for the administration server.
Restart Managed Server Using Node Manager
To address the SSL hostname verification warnings, you must restart the managed sever using node manager.
Set the Java Properties
You can perform anonymous RMI requests by setting the java properties for anonymous RMI T3 and IIOP requests.
To set the java properties to disable the Remote Anonymous RMI T3 and IIOP Requests in the WebLogic Server Administration console:
- Locate the Change Center and click Lock & Edit to lock the editable configuration hierarchy for the domain.
- Under Domain structure, select Environment and then select Servers.
- In the Servers table, select the server instance you want to configure.
- On the Configuration tab, select Server Start.
- Remove the following properties from Arguments:
Dweblogic.security.remoteAnonymousRMIT3Enabled=false
Dweblogic.security.remoteAnonymousRMIIIOPEnabled=false
Disable Remote Anonymous RMI T3 and IIOP Requests
You can disable the anonymous requests from clients.
To disable the remote anonymous RMI T3 and IIOP requests in the WebLogic Server Administration console:
- Locate the Change Center and click Lock & Edit to lock the editable configuration hierarchy for the domain.
- Under Domain structure, select the domain name, and then select the Security tab.
- Expand Advanced and deselect Remote anonymous RMI access via IIOP and Remote anonymous RMI access via T3.
Access an Administration Console for a Service Instance
From an Oracle Java Cloud Service instance, you can access the administration consoles for the software that the service instance is running.
You can access these consoles:
-
WebLogic Server Administration Console
-
Fusion Middleware Control Console
-
Load Balancer Console (Oracle Traffic Director only)
Note:
By default, if you created your service instance in an Oracle Cloud Infrastructure Classic region, external access to these administration consoles is disabled for security purposes. If you did not enable console access while provisioning your service instance, see Enabling Console Access in an Oracle Java Cloud Service Instance. If you created your service instance in an Oracle Cloud Infrastructure region, this procedure is not necessary. Access to the administration consoles is enabled by default in these regions.Note:
If you created your service instance and chose not to assign public IP addresses, then these administration consoles are not directly accessible from the Internet. They are accessible only from within your private IP network, or from your on-premises data center over a VPN network.Note:
Prior to modifying the default configuration of these software components, see Administration Best Practices. For example, if you disable a console or modify the default port number used to access it, the shortcuts described here may not work.Access the Console of a Related Oracle Cloud Service
You can access the consoles for related Oracle Cloud services, such as Oracle Database Cloud Service, from the Oracle Java Cloud Service console.
Access the Administration Console for a Service Instance Attached to a Private Subnet
You can access the administration compute instance of an Oracle Java Cloud Service instance through a bastion host attached to a public subnet.
Note:
For this procedure to work, you must have created a bastion host and configured security rules in Oracle Cloud Infrastructure to allow SSH connections from the public internet to the bastion host, and to allow TCP traffic from the bastion host to the other compute nodes in the VCN.