Securing WebLogic Management
WebLogic Management manages and monitors WebLogic domains in Oracle Cloud Infrastructure. Deployment of WebLogic Management service is per OCI region so data does not cross regional boundaries.
Pre-General Availability: 2024-10-11
The following legal notice applies to Oracle pre-GA releases. For copyright and other applicable notices, see Oracle Legal Notices.
Pre-General Availability Draft Documentation Notice
This documentation is in pre-General Availability status and is intended for demonstration and preliminary use only. It may not be specific to the hardware on which you are using the software. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to this documentation and will not be responsible for any loss, costs, or damages incurred due to the use of this documentation.
Follow these security best practices to secure WebLogic Management.
Security Responsibilities
To use WebLogic Management securely, learn about your security and compliance responsibilities.
In general, Oracle provides security of cloud infrastructure and operations, such as cloud operator access controls and infrastructure security patching. You are responsible for securely configuring your cloud resources. Security in the cloud is a shared responsibility between you and Oracle.
Oracle is responsible for the following security requirements:
- Physical Security: Oracle is responsible for protecting the global infrastructure that runs all services offered in Oracle Cloud Infrastructure. This infrastructure consists of the hardware, software, networking, and facilities that run Oracle Cloud Infrastructure services.
- Data Encryption: Oracle uses standard Oracle Cloud Infrastructure encryption for all data stored at rest in WebLogic Management. No additional configuration is necessary.
WebLogic Management users don't use encryption keys directly. Internally, WebLogic Management stores data in an autonomous database, which uses Oracle Cloud Infrastructure Vault to securely store encryption keys. Oracle manages and secures these resources.
For each WebLogic Server domain discovered by the WebLogic Management the following metadata is retrieved and stored:
- Identification
- Domain name and path
- UUID based on a hexdump of the domain's SerializedSystemIni.dat
- Networking
- Listen address of servers in the domain
- Listen address of node managers in the domain
- Port of node managers in the domain
- Port of the administration server for the domain
- Whether the node managers use SSL for internal communication
- Whether the administration server for the domain uses SSL for internal communication
- Software
- Path to and version of the JDK used by a domain
- Operating system of the compute instances on which the domain's files are placed
- Operating system architecture of the compute instances on which the domain's files are placed
- Middleware
- Path to the middleware used by a domain
- Index number of the path to the middleware used by a domain
- The type of the middleware used by a domain (Fusion Middleware, WebLogic Server)
- Version of the middleware used by a domain
- Patch IDs of patches applied to a middleware used by a domain
- The latest patch application date recorded by OPatch in the middleware used by a domain
- Servers
- The last time servers in the domain were started
- The type of each server on the domain (configured, dynamic, or coherence)
Important
The metadata stored does not cross regional boundaries. - Identification
- Data Durability: Oracle configures the autonomous database used by Oracle WebLogic Management Service for daily backups. No additional backup configuration by you is necessary.
Your security responsibilities are described on this page, which include the following areas:
- Access Control: Limit privileges as much as possible. Users should be given only the access necessary to perform their work.
- Agent Security: Configure the agent to only scan the wanted directories and with the wanted frequency. See Modifying Scan Settings and Overriding Scan Settings for a Managed Instance.
Initial Security Tasks
Use this checklist to identify the tasks you perform to secure WebLogic Management in a new Oracle Cloud Infrastructure tenancy.
| Task | More Information |
|---|---|
| Use IAM policies to grant access to users and resources | IAM Policies |
Routine Security Tasks
After getting started with WebLogic Management, use this checklist to identify security tasks that we recommend you perform regularly.
| Task | More Information |
|---|---|
| Monitor WebLogic Management Server domains | Patching Software |
| Check for missing security patches | Patching Software |
| Apply the latest security patches | Patching Software |
IAM Policies
Use policies to limit access to WebLogic Management.
A policy specifies who can access Oracle Cloud Infrastructure resources and how. For more information, see How Policies Work.
Assign a group the least privileges that are required to perform their responsibilities. Each policy has a verb that describes what actions the group is allowed to do. From the least amount of access to the most, the available verbs are: inspect, read, use, and manage.
For more information about WebLogic Management policies, see Policies and Permissions.
Patching Software
Ensure that WebLogic instances instances are running the latest security updates.
We recommend that you keep WebLogic instances software up-to-date with the latest security patches.