Monitoring Oracle Fusion Middleware

 Overview of Monitoring Oracle Fusion Middleware

Monitoring the health of your Oracle Fusion Middleware environment and ensuring that it performs optimally is an important task for the administrator.

Oracle Fusion Middleware provides the following methods for monitoring the status of your environment:

• You can monitor the status of Oracle WebLogic Server domains, clusters, servers, Java components, and applications using Oracle WebLogic Server Administration Console. From the Administration Console, navigate to the entity's page. See "Overview of the Administration Console" in theOracle Fusion Middleware Introduction to Oracle WebLogic Server for information on monitoring using the console.
• You can monitor the status of Oracle WebLogic Server domains, clusters, servers, Java components, system components, and applications using Fusion Middleware Control. Navigate to the entity's home page, for example, to the home page for an Oracle HTTP Server instance.
• You can monitor the status of your environment using the command line.
  To monitor the status of Java components with the command line, use the WLST state command, using the following format:

  state(name, type)
  

  For example, to get the status of the Managed Server server1, use the following command:

  wls:/mydomain/serverConfig> state('server1','Server')
  Current state of "server1": SUSPENDED
  

  To monitor the status of system components with the command line, use the opmnctl status command, using the following format:

  opmnctl status  [scope] [options]
  

  For example, to view the status of all processes monitored by OPMN, use the following command:

  opmnctl status 
  

5.2 Monitoring the Status of Oracle Fusion Middleware

You can monitor the status of Oracle Fusion Middleware using the Oracle WebLogic Server Administration Console. The Administration Console provides details about the health and performance of the domain.

See Also:

Overview of the Administration Console in the Oracle Fusion Middleware Introduction to Oracle WebLogic Server for information about monitoring servers using the Administration Console

You can also view the overall status of the farm and the status of individual servers and components using Fusion Middleware Control, as described in the following topics:

• Viewing General Information
• Monitoring an Oracle WebLogic Server Domain
• Monitoring an Oracle WebLogic Server Administration Server or Managed Server
• Monitoring a Component
• Monitoring Applications

5.2.1 Viewing General Information

You can view the overall status of the Oracle Fusion Middleware environment from the home page of the farm using Fusion Middleware Control. This page lists the availability of all components, an application deployment summary, including SOA composites, if any SOA composite applications are deployed.

To view the status, from the navigation pane, select the farm.

The farm home page is displayed, as shown in the following figure:

Description of the illustration status.gif

5.2.2 Monitoring an Oracle WebLogic Server Domain

You can view the status of a domain, including the servers, clusters, and deployments in the domain from the domain home page of Fusion Middleware Control

To view the status of a domain:

1. From the navigation pane, expand the farm, then WebLogic Domain.
2. Select the domain.
   The domain home page is displayed, as shown in the following figure:
   
   Description of the illustration domainpage.gif
   

This page shows the following:

• A general summary of the domain, along with a link to the Oracle WebLogic Server Administration Console
• Information about the servers, both the Administration Server and the Managed Servers in the domain
• Information about the clusters in the domain
• Information about the deployments in the domain
• A Resource Center, which provides links to more information

See Also:

"Overview of the Administration Console" in the Oracle Fusion Middleware Introduction to Oracle WebLogic Server for information about monitoring an Oracle WebLogic Server domain using the Oracle WebLogic Server Administration Console. The Administration Console provides details about the health and performance of the domain.

5.2.3 Monitoring an Oracle WebLogic Server Administration Server or Managed Server

You can view the status of an Oracle WebLogic Server Administration Server or Managed Server using Fusion Middleware Control.

To view the status of an Administration Server or a Managed Server:

1. From the navigation pane, expand the farm, then WebLogic Domain. Then expand the domain.
2. Select the server.
   The server home page is displayed.
   The following figure shows the home page for a Managed Server:
   
   Description of the illustration serverpage.gif
   

This page shows the following:

• A general summary of the server, including its state, and information about the servlets, JSPs, and EJBs running in the server
• Response and load
• Information about the applications deployed to the server

See Also:

"Overview of the Administration Console" in the Oracle Fusion Middleware Introduction to Oracle WebLogic Server for information about monitoring servers using the Oracle WebLogic Server Administration Console. The Administration Console provides details about the health and performance of the server.

5.2.4 Monitoring a Component

You can view the status of a component, including whether the component is started or not, in the component home page in Fusion Middleware Control.

To monitor a Java component, such as WebCenter Spaces:

1. From the navigation pane, expand the farm, then the type of component, such as WebCenter, then the component, such as WebCenter Spaces.
2. Select the component. For example, select WebCenter Spaces.
   The component home page is displayed, as shown in the following figure:
   
   Description of the illustration comppage.gif
   

See Also:

"Overview of the Administration Console" in the Oracle Fusion Middleware Introduction to Oracle WebLogic Server for information about using the Oracle WebLogic Server Administration Console to monitor Java components.

To view the status of a system component:

1. From the navigation pane, expand the farm, then the installation type, such as Web Tier.
2. Select the component, such as webcache1.
   The component home page is displayed, as shown in the following figure:
   
   Description of the illustration opmn_comppage.gif
   

5.2.5 Monitoring Applications

You can monitor any type of application, such as a Java EE application, a SOA Composite application, or an ADF application.

To view the status of a Java EE application using Fusion Middleware Control:

1. From the navigation pane, expand Application Deployments, then select the application to monitor.
   The application's home page is displayed.
2. In this page, you can view a summary of the application's status, entry points to the application, Web Services and modules associated with the application, and the response and load.
   The following figure shows a portion of the application's home page:
   
   Description of the illustration app_home.gif
   

This page shows the following:

• A summary of the application, including its state, the Managed Server on which it is deployed, and information about active sessions, active requests, and request processing time
• Entry points, including any Web modules and Web services
• A list of modules with the type of module for each
• Response and load, which shows the requests per second and the request processing time
• A list of most requested servlets and JSPs

5.3 Monitoring the Performance of Oracle Fusion Middleware Components

If you encounter a problem, such as an application that is running slowly or is hanging, you can view more detailed performance information, including performance metrics for a particular target, to find out more information about the problem.

Oracle Fusion Middleware automatically and continuously measures run-time performance. The performance metrics are automatically enabled; you do not need to set options or perform any extra configuration to collect them.

Note that Fusion Middleware Control provides real-time data. If you are interested in viewing historical data, consider using Oracle Enterprise Manager 10g Grid Control.

To view the performance of an Oracle Web Logic Managed Server:

1. From the navigation pane, expand the farm, then WebLogic Domain, and then the domain.
2. Select the server to monitor.
   The server home page is displayed.
3. From the WebLogic Server menu, choose Performance Summary.
   The Performance Summary page is displayed. It shows performance metrics, as well as information about response time and request processing time for applications deployed to the Oracle WebLogic Server.
4. To see additional metrics, click Show Metric Palette and expand the metric categories.
   The following figure show the Performance Summary page with the Metric Palette displayed:
   
   Description of the illustration metrics.gif
   
5. Select a metric to add it to the performance summary.
6. To overlay another target, click Overlay, and select the target. The target is added to the charts, so that you can view the performance of more than one target at a time, comparing their performance.
7. To customize the time frame shown by the charts, you can:
   • Click Slider to display a slider tool that lets you specify that more or less time is shown in the charts. For example, to show the past 10 minutes, instead of the past 15 minutes, slide the left slider control to the right until it displays the last 10 minutes.
   • Select the calendar and clock icon. Then, enter the Start Time and End Time.

You can also view the performance of a components, such as Oracle HTTP Server or Oracle SOA Suite. Navigate to the component and selectMonitoring, then Performance Summary from the dynamic target menu.

5.4 Viewing the Routing Topology

Fusion Middleware Control provides a Topology Viewer for the farm. The Topology Viewer is a graphical representation of routing relationships across components and elements of the farm. You can easily determine how requests are routed across components. For example, you can see how requests are routed from Oracle Web Cache, to Oracle HTTP Server, to a Managed Server, to a data source.

The Topology Viewer enables you to easily monitor your Oracle Fusion Middleware environment. You can see which entities are up and which are down.

You can also print the topology or save it to a .png file.

To view the topology:

1. Click Topology.
   The Topology Viewer is displayed in a separate window.
2. To see information about a particular target, place your mouse over the target. To view additional information, click More.
   The following shows the Topology Viewer window, with information about the Oracle Web Cache component webcache1:
   
   Description of the illustration topoview.gif
   
3. From the View menu, you can save or print the image, expand or collapse all of the nodes, or change the orientation of the topology to be left to right or top to bottom.
   In addition, you can refresh the status and the metrics or update the topology. To refresh the status and metrics, click Refresh Target Status and Metrics. To update the topology shown in the viewer, click Update Topology. If a target has been added or deleted, the target list and relationships are updated. This option also updates the status and metrics.
4. From the Auto Refresh dropdown, you can enable or disable automatically refreshing the status and metrics. When you enable auto-refresh, the Topology Viewer refreshes the metrics every 60 seconds.
5. With Topology Viewer, you can also:
   • Search for a target within the topology. This makes it easier to find a target if you have many targets. Enter the name in the Find box. The target is highlighted and the topology is repositioned so you can see the target if it was not previously visible in the viewing area.
   • View the status of the targets. Choose Up, Down, or Unknown from the Target Status at the top of the page.
   • Navigate to the home page of a target. Right-click the target, and select Home.
   • Hide or show the status or metrics. Click Status or Metrics in the Overlays section.
     If you select Metrics, one key performance metric for the component is displayed. (You cannot change the metric that is displayed.)
   • View the routing relationships between components. For example, you can view the routing from Oracle Web Cache to Oracle HTTP Server to Oracle WebLogic Server. Clicking on the line between the two targets displays the URLs used.
   • You can perform operations directly on the target by right-clicking. The right-click target menu is displayed. For example, from this menu, you can start or stop an Oracle WebLogic Server or view additional performance metrics.
6. To change what is visible in the topology view, drag the shaded section in the navigator window, which is located in the bottom right.

Notes:

• If you use Mozilla Firefox, when you click an entity in Topology Viewer to take you back to the main Fusion Middleware Control window, focus is not returned to the main window. For example, if you right-click an entity and select logs from menu, the focus remains on the Topology Viewer window. (If you go back to the main window, the Logs page is correctly displayed.)
  To work around this problem, make the following change in Firefox:
  From the Tools menu, select Options, and then Content. Click Advanced. In the Advanced JavaScript Settings dialog box, select Raise and lower windows.
• If you use Internet Explorer, turn off the Always Open Popups in New Tab option.

5.5 Viewing Port Numbers

By default, Oracle Fusion Middleware assigns port numbers to various components and services during installation or when you create a component. (You can specify particular ports during installation and configuration.) You can view the assigned port numbers from the Port Usage page of Fusion Middleware Control.

You can view the port numbers of the Oracle WebLogic Server domain, the Administration Server, Managed Servers, or components, such as the SOA Infrastructure and Oracle Web Cache, using Fusion Middleware Control.

To view the port numbers that are currently used by a WebLogic domain:

1. From the navigation pane, expand the farm, then WebLogic Domain.
2. Select the domain.
3. From the WebLogic Domain menu, choose Port Usage.
   The Port Usage page is displayed, as shown in the following figure:
   
   Description of the illustration ports.gif
   
   
   Optionally, you can filter the ports shown by selecting a Managed Server from Show.

The Port Usage detail table shows the ports that are in use, the IP Address, the component, the channel, and the protocol.

You can also view similar pages for the Administration Server, Managed Servers, and components, such as the SOA Infrastructure and Oracle Web Cache, by navigating to the target and choosing Port Usage from the target's menu.

Commands:

OPMN command:

opmnctl status l

WLST commands:

get('AdministrationPort')
get('ListenPort')

Configuring Security In Soa Admin

Oracle Fusion Middleware provides many security features, including accounts specifically for administrative purposes. This chapter describes how to create additional administrative accounts, create application roles, change passwords for those accounts, and how to configure SSL.

Creating Additional Administrative Users

During the Oracle Fusion Middleware installation and configuration, you must specify an administrative user and a password for the user. By default, the user name is weblogic. You can use this administrative account to log in to Fusion Middleware Control and the Oracle WebLogic Server Administration Console.

You can create additional administrative users using the Oracle WebLogic Server Administration Console.

To create a new administrative user with full privileges:

1. Navigate to the Oracle WebLogic Server Administration Console. (For example, from the home page of the domain in Fusion Middleware Control, select To configure and managed this WebLogic Domain, use the Oracle WebLogic Server Administration Console.)
2. From the navigation pane, select Security Realms.
   The Summary of Security Realms page is displayed.
3. Select a realm, such as myrealm.
   The Settings for the realm page is displayed.
4. Select the Users and Groups tab, then the Users tab. Click New.
   The Create a New User page is displayed.
5. For Name, enter the new user name. In this case, enter admin2.
6. Optionally, add a description for the account.
7. For Password, enter a password for the account. Then, for Confirm Password, reenter the password.
   Any passwords you assign to Oracle Fusion Middleware users:
   • Must contain at least five characters, but not more than 30 characters.
   • Must begin with an alphabetic character. It cannot begin with a number, the underscore (_), the dollar sign ($), or the number sign (#).
   • At least one of the characters must be a number.
   • Can contain only numbers, letters, and the following special characters: US dollar sign ($), number sign (#), or underscore (_).
   • Cannot contain any Oracle reserved words, such as VARCHAR.
8. Click OK.
9. Select the newly created user in the Users table.
   The Setting for user page is displayed.
10. Select the Groups tab.
11. From the Available groups, select the group. In this case, to give the new user full privileges, select Administrator and move it to the Chosen list, as shown in the following figure:
    
    Description of the illustration create_user.gif
    
12. Click Save.

You now have a user named admin2 that has the Administrator role for the Oracle WebLogic Server domain.

You may want to give only minimal privileges to another user, allowing the user to only monitor Oracle Fusion Middleware, not to change any of the configuration.

6.2 Creating Additional Users with Specific Roles

You can create additional users and give them limited access. For example, you can create a user with privileges to deploy applications.

To create an additional user who can deploy applications:

1. Navigate to the Oracle WebLogic Server Administration Console. (For example, from the home page of the domain in Fusion Middleware Control, select To configure and managed this WebLogic Domain, use the Oracle WebLogic Server Administration Console.)
2. From the navigation pane, select Security Realms.
   The Summary of Security Realms page is displayed.
3. Select a realm, such as myrealm.
   The Settings for the realm page is displayed.
4. Select the Users and Groups tab, then the Users tab. Click New.
   The Create a New User page is displayed.
5. For Name, enter the new user name. In this case, enter app_deployer.
6. Optionally, add a description for the account.
7. For Password, enter a password for the account. Then, for Confirm Password, reenter the password.
   Any passwords you assign to Oracle Fusion Middleware users:
   • Must contain at least five characters, but not more than 30 characters.
   • Must begin with an alphabetic character. It cannot begin with a number, the underscore (_), the dollar sign ($), or the number sign (#).
   • At least one of the characters must be a number.
   • Can contain only numbers, letters, and the following special characters: US dollar sign ($), number sign (#), or underscore (_).
   • Cannot contain any Oracle reserved words, such as VARCHAR.
8. Click OK.
9. Select the newly created user in the Users table.
   The Setting for user page is displayed.
10. Select the Groups tab.
11. From the Available groups, select the group. In this case, to give the new user privileges only to deploy applications, select Deployers and move it to the Chosen list.
12. Click Save.

6.3 Changing the Administrative User Password

You can change the password of users using the Oracle WebLogic Server Administration Console.

To change the password of an administrative user:

1. Navigate to the Oracle WebLogic Server Administration Console. (For example, from the home page of the domain in Fusion Middleware Control, select To configure and managed this WebLogic Domain, use the Oracle WebLogic Server Administration Console.)
2. From the navigation pane, select Security Realms.
   The Summary of Security Realms page is displayed.
3. Select a realm, such as myrealm.
   The Settings for the realm page is displayed.
4. Select the Users and Groups tab, then the Users tab. Select the user.
   The Settings for user page is displayed.
5. Select the Passwords tab.
6. Enter the new password, then enter it again to confirm it.
7. Click Save.

6.4 Configuring SSL

Secure Sockets Layer (SSL) is the most widely used protocol for securing the Internet. It uses public key cryptography to enable authentication, encryption, and data integrity. Using these tools, SSL also enables secure session key management by encrypting a unique one-time session password for use by both server and client. After this password is securely sent and received, it is used to encrypt all subsequent communications between server and client, making it infeasible for others to decipher those messages.

You can configure components, such as Oracle Web Cache, Oracle HTTP Server, Oracle WebLogic Server, Oracle Internet Directory, Oracle Virtual Directory and the Oracle Database to enable secure communications over SSL.

This section describes the following topics:

• Understanding Keystores and Wallets
• Enabling SSL Between a Browser and Oracle HTTP Server

6.4.1 Understanding Keystores and Wallets

In Oracle Fusion Middleware, all Java components and applications use the JKS keystore. Thus all Java components and applications running on Oracle WebLogic Server use the JKS-based KeyStore and TrustStore.

The Oracle Virtual Directory system component uses a JKS keystore to store keys and certificates. Configuring SSL for Oracle Virtual Directory thus requires setting up and using JKS keystores.

Other components use the Oracle wallet as their storage mechanism. An Oracle wallet is a container that stores your credentials, such as certificates, trusted certificates, certificate requests, and private keys. You can store Oracle wallets on the file system or in LDAP directories such as Oracle Internet Directory. Oracle wallets can be auto-login or password-protected wallets.

• Oracle HTTP Server
• Oracle Web Cache
• Oracle Internet Directory

6.4.2 Enabling SSL Between a Browser and Oracle HTTP Server

You can enable SSL on the communication path between a client browser and a Web server. In this case, you configure the virtual host for Oracle HTTP Server to listen in SSL mode, as described in the following topics:

• Enabling SSL for Inbound Traffic to Oracle HTTP Server Virtual Hosts
• Enabling SSL for Outbound Traffic from Oracle HTTP Server Virtual Hosts

6.4.2.1 Enabling SSL for Inbound Traffic to Oracle HTTP Server Virtual Hosts

To enable SSL for inbound traffic to Oracle HTTP Server virtual hosts:

1. Create an Oracle wallet:
   1. In the navigation pane, expand the farm, then Web Tier. Select an Oracle HTTP Server instance.
   2. From the Oracle HTTP Server menu, choose Security, then Wallets.
   3. Click Create.
      The Create Wallet page is displayed, as shown in the following figure:
      
      Description of the illustration create_wallet.gif
      
   4. For Wallet Name, enter a descriptive wallet name.
   5. Check or uncheck Autologin, depending on whether your wallet is an auto-login wallet. The default is an auto-login wallet. If you do not check Autologin, for Wallet Password, enter a password, then enter the same password in Confirm Password.
   6. Click OK to create the wallet.
      A confirmation box is displayed.
   7. The confirmation box asks if you want to create a certificate request. Click Yes.
      The Create Wallet: Add Certificate Request page is displayed.
   8. For Common Name, enter a name for the certificate request.
   9. Enter information about your organization.
   10. For Key Size, select a size.
   11. Click OK.
   12. To get the certificate signed by a certificate authority (CA), you must export the certificate request out of the wallet and send it to your CA. After the issued certificate is returned, you must import it back into your wallet. Now your wallet is ready to use.
2. From the HTTP Server menu, choose Administration, then Virtual Hosts.
3. Select a virtual host and choose Configure, then SSL Configuration.
   The SSL Configuration page is displayed, as shown in the following figure:
   
   Description of the illustration ohsssl3.gif
   
4. Select Enable SSL.
5. For Server Wallet Name, select the wallet.
6. From the Server SSL properties, select the SSL Authentication type, Cipher Suites to use, and the SSL protocol version.
7. Click OK.
8. Restart Oracle HTTP Server. (From the Oracle HTTP Server menu, choose Control, then Restart.)
9. Now, you can test this by visiting the OHS page over SSL in a browser. Use a URL of the form https://host:port/, where you replace the host and port with values relevant to your own environment.

6.4.2.2 Enabling SSL for Outbound Traffic from Oracle HTTP Server Virtual Hosts

Outbound requests from Oracle HTTP Server are handled by configuring mod_wl_ohs.

To configure outbound requests for SSL:

1. Generate a custom keystore for Oracle WebLogic Server containing a certificate, using the Oracle WebLogic Server Administration Console:
   1. In the left pane of the Console, expand Environment and select Servers.
   2. Select Configuration, then Keystores.
   3. Define the keystore. See the online help for information about each field.
2. Import the certificate used by Oracle WebLogic Server into the Oracle HTTP Server wallet as a trusted certificate. You can use any available utility such as WLST or Fusion Middleware Control for this task.
3. Edit the Oracle HTTP Server configuration file ORACLE_INSTANCE/config/OHS/ohs1/ssl.conf and add the following line to the SSL configuration under mod_weblogic:

   WlSSLWallet  "ORACLE_INSTANCE}/config/COMPONENT_TYPE/COMPONENT_NAME/default"
   

   In the line, default is the name of the Oracle HTTP Server wallet in Step 2.
   Here is how the configuration should look:

   <IfModule mod_weblogic.c>
         WebLogicHost myhost.example.com
         WebLogicPort 7002
         Debug ALL
         WLLogFile /tmp/weblogic.log
         MatchExpression *.jsp
         SecureProxy On
         WlSSLWallet "$(ORACLE_INSTANCE)/config/OHS/ohs1/keystores/default"
   </IfModule>
   

   Save the file and exit.
4. Restart Oracle HTTP Server to activate the changes.
5. Ensure that your Oracle WebLogic Server instance is configured to use the custom keystore generated in Step 1, and that the alias points to the alias value used in generating the certificate. Restart the Oracle WebLogic Server instance.

6.5 Learn More

For more information about the topics covered in this chapter and other security topics, see:

• Oracle Fusion Middleware Administrator's Guide for information about the following topics:
  • Secure Sockets Layer (SSL), which is an industry standard for securing communications. See "Configuring SSL."
  • Keystores, wallets, and certificates. See "Managing Keystores, Wallets, and Certificates."
• Oracle Fusion Middleware Security Guide for information about the following topics:
  • Oracle Platform Security, which is a security framework that runs on Oracle WebLogic Server. It provides application developers, system integrators, security administrators, and independent software vendors with a portable, integrated, and comprehensive security platform framework for Java SE and Java EE applications.
  • Common Audit Framework, which provides a uniform system for administering audits across a range of components, flexible audit policies, and prebuilt compliance-reporting features.
  • Identity, Policy, and Credential stores, which provide secure storage and management of user and role information, policies, and credentials.