Permitting Public TCP Traffic to Oracle Compute Cloud Service Instances

Purpose

This tutorial shows how to permit TCP traffic on a port of your choice from the Internet to an Oracle Compute Cloud Service instance (VM), for the following scenario:

You've changed the SSL listen port of the Oracle WebLogic Server Administration Server (in the Oracle WebLogic Server Administration Console) from the default 7002 to another port, say 7004. You must now open port 7004 in Oracle Compute Cloud Service to allow TCP traffic on that port to the Oracle Java Cloud Service node that hosts the Oracle WebLogic Server Administration Server.

Note: You can adapt the steps in this tutorial to permit other traffic flow patterns, such as HTTP requests to all the managed servers in an Oracle Java Cloud Service instance.

Time to Complete

Approximately 15 minutes

Background

When you provision an Oracle Java Cloud Service or Oracle Database Cloud Service instance, by default, certain ports on the underlying Oracle Compute Cloud Service nodes are open. See the links at the end of this tutorial, in the Want to Learn More? section.

To permit traffic on an additional port, you must open that port in Oracle Compute Cloud Service.

What You Need

To perform the steps in this tutorial, you must be a service user with the Compute Monitor and Compute Operations roles.

A security application, in this context, is a mapping between a port number and port type (TCP, UDP, or ICMP).

To open port 7004, you must create a security application for that port in Oracle Compute Cloud Service.

1. Sign in to Oracle Cloud My Services and navigate to the Oracle Compute Cloud Service console.
2. Click the Network tab and then click the Security Applications tab in the left pane.
3. Click Create Security Application.
4. In the Create Security Application dialog box, do the following:
   • Name: Enter a name for the new security application (for example, tcp_7004). Note this name. You'll use it later in this tutorial.
   • Port Type: Select tcp.
   • Port Range Start and Port Range End: In both these fields, enter the port that you want to open (for example, 7004).
   • Description: Enter a description for the new security application (for example, TCP traffic to port 7004).

   

5. Click Create.

Next, create a security rule to allow TCP traffic from the Internet to the Oracle WebLogic Server Administration Server via port 7004.

1. Sign in to Oracle Cloud My Services and navigate to the Oracle Compute Cloud Service console.
2. Go to the Network tab.
3. Click the Security Rules tab in the left pane.
4. Click Create Security Rule, and do the following:
   • Name: Enter a name for the rule (for example, allow_p2admin_tcp_7004).
   • Status: Select Enabled.
   • Security Application: Select tcp_7004, which is the security application that you created earlier.
   • Source: From the Security IP Lists drop-down list, select public-internet.
   • Destination: Select ora_admin.
   • Description: Enter a description for the rule (for example, Allow TCP traffic to admin server on port 7004).

   

5. Click Create.

You can now access the Oracle WebLogic Server Administration Server via port 7004, by using the URL https://ip_address:7004/console, where ip_address is the public IP address of the Oracle Java Cloud Service node hosting the Oracle WebLogic Server Administration Server. It’s the same address as before the listen port of the administration server was changed. You can find this IP address in the Oracle Java Cloud Service console (Overview tile).

At any time, you can temporarily suspend security rules by disabling them. You can also delete security rules that you no longer need.

Disabling a Security Rule

1. Sign in to Oracle Cloud My Services and navigate to the Oracle Compute Cloud Service console.
2. Go to the Network tab.
3. Click the Security Rules tab in the left pane.
4. Identify the security rule you want to disable.
5. From the Actions menu, select Update.
6. In the resulting dialog box, change Status to Disabled.
7. Click Update.

Deleting a Security Rule

1. Sign in to Oracle Cloud My Services and navigate to the Oracle Compute Cloud Service console.
2. Go to the Network tab.
3. Click the Security Rules tab in the left pane.
4. Identify the security rule you want to delete.
5. From the Actions menu, select Delete.
6. At the confirmation prompt, click Yes.

• Understanding the Default Access Ports in Using Oracle Java Cloud Service

• Enabling Access to a Port in the Virtual Machine in Using Oracle Database Cloud Service (Database as a Service)

• Managing Security Rules in Using Oracle Compute Cloud Service (for PaaS)

• Managing Security Applications in Using Oracle Compute Cloud Service (for PaaS)

• Permitting Traffic Between Oracle Compute Cloud Service Instances OBE

• Permitting Ping Requests to Oracle Compute Cloud Service Instances OBE

• Lead Curriculum Developer: Kumar Dhanagopal

• Other Contributors: Octave Orgeron