oracle java cloud service,Oracle Java Cloud Service Security

Oracle Java Cloud Service is a complete platform and infrastructure cloud solution for building,

deploying, and managing Java EE applications. You get the industry’s best application server running

on top of an enterprise-grade cloud infrastructure. The platform is powered by Oracle WebLogic

Server, the number one application server across conventional and cloud environments. You also

have the option of adding an Oracle Coherence caching and data grid tier to your deployment.

Your environment is preinstalled and preconfigured using Oracle best practices for application

deployment that maximize performance, scalability, and reliability. The infrastructure has the same

core security capabilities as those offered by Oracle Cloud Infrastructure as a Service. With features

like elastic compute and storage, you can run any workload in Oracle Java Cloud Service and grow

your environment when your application needs to grow.

You secure all applications deployed to an Oracle Java Cloud Service instance the same way you

secure an application environment and administer security for Oracle WebLogic Server in an on

premises instance. The default security configuration makes use of users, groups, security roles, and security policies that

are configured in the default authentication, authorization, credential mapping, and role mapping

security providers. By default, the WebLogic Server security providers are configured in the default

security realm, and the WebLogic Server embedded LDAP server is used as the data store for the

security providers.

To use the default security configuration in your Oracle Java Cloud Service instance, use the

WebLogic Server Administration Console to define users, groups, and security roles for the security

realm, and create security policies to protect the WebLogic Server resources in the domain.

If the default security configuration doesn’t meet your requirements, then you can create a new

security realm with any combination of WebLogic Server and custom security providers. Then, you set

the new security realm as the default security realm. Oracle recommends that you use an identity

management system such as Oracle Identity Management for your production applications instead of

the embedded LDAP server.

Users and Roles

Oracle Java Cloud Service uses roles to control access to tasks and resources. When the Oracle Java

Cloud Service account is set up, the service administrator is given the Java administrator role and

other service roles that are required to work with related Oracle Cloud services. Before anyone can

access and use Oracle Java Cloud Service, user accounts with the Java administrator role and other

service roles, as needed, must be created. Only the identity domain administrator can create user

accounts and assign roles.

The users with the Java administrator role can perform many operations on the service instance such

as create, delete, start, stop, scale, patch, back up, and restore. These users can also administer load

balancers for service instances as well as monitor and manage the service usage in Oracle Cloud.

When Oracle Coherence is enabled for a service instance, the Java administrator can remove an

Oracle Coherence data tier from a service instance (REST API only) and add an Oracle Coherence

data tier to an existing service instance (REST API only).

When you create an Oracle Java Cloud Service instance, the following Oracle Cloud Infrastructure

Compute Classic VM and Oracle WebLogic Server administrative user accounts are created:

35 ORACLE INFRASTRUCTURE AND PLATFORM CLOUD SERVICES SECURITY WHITE PAPER » The VM operating system user, opc, has root privileges on the operating system running on

a VM. The user can connect to a VM through SSH for direct VM-level access to an Oracle

Java Cloud Service instance. The opc user can create other OS accounts on a VM using the

appropriate OS tool through the SSH interface. The oracle user can’t be used to log in to a

machine. This user only has regular user permissions to start and stop Oracle products that

were installed on the machine.

» The WebLogic Server administrator can manage Oracle WebLogic Server in Oracle Java

Cloud Service, and can access and use the WebLogic Server Administration Console. The

WebLogic administrator can also manage users and groups in the embedded LDAP as well

as configure other identity providers.

Note that the WebLogic Sever administrator account and VM OS user accounts aren’t stored or

managed in Oracle Cloud. You provide the user name and password for the WebLogic Server

administrator when you create an Oracle Java Cloud Service instance. The credentials and

permissions for the WebLogic Server administrator and all user accounts that the administrator creates

are stored and managed in Oracle WebLogic Server. See the online WebLogic Server security

documents for details about securing your Oracle Java Cloud instances using the WebLogic Server

security capabilities.

你可能感兴趣的:(oracle,java,cloud,service)