Oracle Cloud Infrastructure Documentation

Appliance Data Transfer

Appliance-Based Data Transfer is one of Oracle's offline data transfer solutions that lets you migrate petabyte-scale datasets to Oracle Cloud Infrastructure. You send your data as files on one or more secure, high-capacity, Oracle-supplied storage appliances to an Oracle transfer site. Operators at the Oracle transfer site upload the files into the designated Object Storage bucket in your tenancy. You are then free to move the uploaded data to other Oracle Cloud Infrastructure services as needed.

Note

Appliance-Based Data Transfer is not available for free trial or Pay As You Go accounts.

Appliance-Based Data Transfer Concepts

The following concepts are essential to understanding Appliance-Based Data Transfer.

transfer job
A transfer job is the logical representation of a data migration to Oracle Cloud Infrastructure. A transfer job is associated with one or more appliances.
appliance
An appliance is high storage capacity device that is specially prepared to copy and upload data to Oracle Cloud Infrastructure. You request an appliance from Oracle, copy your data to the appliance, and then ship the appliance back to Oracle to upload your data.
command line interface
The command line interface (CLI) is a small footprint tool that you can use on its own or with the Console to complete Oracle Cloud Infrastructure tasks, including Appliance-Based Data Transfer jobs.

Note

You can only run Oracle Cloud Infrastructure CLI commands from a Linux host. This differs from running CLI commands for other Oracle Cloud Infrastructure Services on a variety of host operating systems. Appliance-based commands require validation that is only available on Linux hosts.

host
A physical computer on which one or more of the logical hosts (Control, Data, Terminal Emulation) is running. Depending on your computing environment, you can have a separate physical host for each logical host, consolidate all three logical hosts onto a single physical host, or have two logical hosts on one physical host and the thir logical host on a separate physical host. All physical hosts much be on network used for the data transfer.
control host
The logical representation of the host computer at your site from which you perform Data Transfer Service tasks. Depending on your needs, you may use one or more separate hosts (Control and Data) to run your Appliance-Based Data Transferjob.
data host
The logical representation of the host computer on your site that stores the data you intend to copy to Oracle Cloud Infrastructure.
terminal emulation host
The logical representation of the host computer that uses terminal emulation software to communicate with, and allow you to command, the appliance.
bucket
The logical container in Oracle Cloud Infrastructure Object Storage where Oracle operators upload your data. A bucket is associated with a single compartment in your tenancy that has An IAM document that specifies who has what type of access to your resources. It is used in different ways: to mean an individual statement written in the policy language; to mean a collection of statements in a single, named "policy" document (which has an Oracle Cloud ID (OCID) assigned to it); and to mean the overall body of policies your organization uses to control access to resources. that determine what actions a user can perform on a bucket and on all the objects in the bucket.
data transfer administrator
A new or existing IAM user that has the authorization and permissions to create and manage transfer jobs.
data transfer upload user
A temporary IAM user that grants Oracle personnel the authorization and permissions to upload the data from the appliance to your designated Oracle Cloud Infrastructure Object Storage bucket. Delete this temporary user after your data is uploaded to Oracle Cloud Infrastructure.
appliance management service
Software running on the appliance that provides management functions. Users interact with this service though the Oracle Cloud Infrastructure CLI.

Appliance Specifications

Use NFS versions 3, 4, or 4.1 to copy your data onto the appliance. Here are some details about the appliance:

Item Description Specification

Storage Capacity

150 TB of protected usable space

Network Interfaces

- 10 GbE - RJ45

- 10 GbE - SFP+

You are responsible for providing all network cables. If you want to use SFP+, your transceivers must be compatible with Intel X520 NICs.

Provided Cables

- NEMA 5–15 type B to C13

- C13 - 14 power

- USB - DB9 serial

Environmental

- Operational temperature: 50–95°F (10–35°C)

- Operational relative humidity: 8–90% non-condensing

- Acoustics: < 75 dB @ 73°F (23° C)

- Operational altitude: -1,000 ft - 10,000 ft (approx. -300–3048 m))

Power

- Consumption: 554 W

- Voltage: 100–240 VAC

- Frequency: 47–63 Hz

- Conversion efficiency: 89%

Weight

- Unit: 38 lbs (approx. 17 kg)

- Unit + Transit Case: 64 lbs (approx. 29 kg)

Height

3.5" (approx. 9 cm) (2U)

Width

17" (approx. 43 cm)

Depth 24" (approx. 61 cm)
Shipping Case 11" x 25" x 28" (approx. 28 x 63.5 x 71 cm)

Roles and Responsibilities

Depending on your organization, the responsibilities of using and managing the data transfer may span multiple roles. Use the following set of roles as a guideline for how you can assign the various tasks associated with the data transfer.

  • Project Sponsor: Responsible for the overall success of the data transfer. Project Sponsors usually have complete access to their organization's Oracle Cloud Infrastructure tenancy. They coordinate with the other roles in the organization to complete the implementation of data transfer project.

  • Infrastructure Engineer: Responsible for integrating the transfer appliance into the organization's IT infrastructure from where the data is being transferred. Tasks associated with this role include connecting the transfer appliance to power, placing it within the network, and setting the IP address through a serial console menu using the provided USB-to-Serial adapter.

  • Data Administrator: Responsible for identifying and preparing the data to be transferred to Oracle Cloud Infrastructure. This person usually has access to, and expertise with, the data being migrated.

These roles correspond to the various phases of the data transfer described in the following section. A specific role can be responsible for one or more phases.

Task Flow for Appliance-Based Data Transfer

Here is a high-level overview of the tasks involved in the Appliance-Based Data Transfer to Oracle Cloud Infrastructure using organized by phase. Complete one phase before proceeding to the next one. Use the roles previously described to distribute the tasks across individuals or groups within your organization.

Block chart of appliance transfer workflow

Secure Appliance Data Transfer to Oracle Cloud Infrastructure

This section highlights the security details of the Data Transfer Appliance process.

  • Appliances are shipped from Oracle to you with a tamper-evident security tie on the transit case. A second tamper-evident security tie is included in the appliance transit case for you to secure the case when you ship the case back to Oracle. The number on the physical security ties must match the numbers logged by Oracle in the appliance details.
  • When you configure the appliance for the first time:

    • The appliance generates a master AES-256 bit encryption key that is used for all data written to or read from the device. The encryption key never leaves the device.
    • The encryption key is protected by an encryption passphrase that you must know to access the encrypted data. The system securely fetches a provided encryption passphrase from Oracle Cloud Infrastructure and registers that passphrase on the appliance.

      Note

      The encryption passphrase is never stored on the appliance

  • All data is encrypted as the data is copied to an appliance.
  • For more security, you can also encrypt your own data with your own encryption keys. Before copying your data to the transfer appliance, you can encrypt your data with a tool and encryption key of your choosing. After the data has been uploaded, you would need to use the same tool and encryption key to access the data.
  • All network communication between your appliance-based data transfer environment and Oracle Cloud Infrastructure is encrypted in-transit using Transport Layer Security (TLS).
  • After copying your data to a transfer appliance, the data transfer system generates a manifest file. The manifest contains an index of all of the copied files and generated data integrity hashes. The system also encrypts and copies the config_upload_user configuration file to the transfer appliance. This configuration file describes the temporary IAM data transfer upload user. Oracle uses the credentials and entries defined in the config_upload_user file when processing the transfer appliance and uploading files to Oracle Cloud Infrastructure Object Storage.

    Note

    Data Transfer Service Does Not Support Passphrases on Private Keys

    While we recommend encrypting a private key with a passphrase when generating API signing keys, the Data Transfer Service does not support passphrases on the key file required for the config_upload_user configuration file. If you use a passphrase, Oracle personnel cannot upload your data.

    Oracle cannot upload data from a transfer appliance without the correct credentials defined in this configuration file. See Preparing Upload Configuration Files for more information about the required configuration files.

  • Oracle erases all of your data from the transfer appliance after it has been processed. The erasure process follows the NIST 800-88 standards.
  • Keep possession of the security tie after you have finished unpacking and connecting the appliance. Include it when returning the appliance to Oracle. Failure to include the security tie can result in a delay in the data migration process.

What's Next

You are now ready to prepare the host for the Appliance-Based Data Transfer. See Preparing for Appliance Data Transfers.