Oracle Cloud Infrastructure Documentation

Appliance-Based Data Transfer

Appliance-Based Data Transfer is one of Oracle's offline data transfer solutions that lets you migrate petabyte-scale datasets to Oracle Cloud Infrastructure. You send your data as files on one or more secure, high-capacity, Oracle-supplied storage appliances to an Oracle transfer site. Operators at the Oracle transfer site upload the files into the designated Object Storage bucket in your tenancy. You are then free to move the uploaded data to other Oracle Cloud Infrastructure services as needed.

Appliance-Based Data Transfer Concepts

The following concepts are essential to understanding Appliance-Based Data Transfer.

transfer job
A transfer job is the logical representation of a data migration to Oracle Cloud Infrastructure. A transfer job is associated with one or more transfer appliances.
transfer appliance
A transfer appliance is high storage capacity device that is specially prepared to copy and upload data to Oracle Cloud Infrastructure. You request a transfer appliance from Oracle, copy your data to the appliance, and then ship the appliance back to Oracle to upload your data.
command line interface
The command line interface (CLI) is a small footprint tool that you can use on its own or with the Console to complete Oracle Cloud Infrastructure tasks, including transfer appliance-based jobs.
host
The computer at your site on which you to perform Data Transfer Appliance tasks. Depending on your needs, you may use one or more separate hosts to run your transfer job.
bucket
The logical container in Oracle Cloud Infrastructure Object Storage where Oracle operators upload your data. A bucket is associated with a single compartment in your tenancy that has An IAM document that specifies who has what type of access to your resources. It is used in different ways: to mean an individual statement written in the policy language; to mean a collection of statements in a single, named "policy" document (which has an Oracle Cloud ID (OCID) assigned to it); and to mean the overall body of policies your organization uses to control access to resources. that determine what actions a user can perform on a bucket and on all the objects in the bucket.
data transfer administrator
A new or existing IAM user that has the authorization and permissions to create and manage transfer jobs. See Preparing for Data Transfer.
data transfer upload user
A temporary IAM user that grants Oracle personnel the authorization and permissions to upload the data from your transfer devices to your designated Oracle Cloud Infrastructure Object Storage bucket. Delete this temporary user after your data is uploaded to Oracle Cloud Infrastructure. See Preparing for Data Transfer.
data transfer appliance management service
Software running on the transfer appliance that provides management functions. Users interact with this service though the Data Transfer Utility.

Transfer Appliance Specifications

You use NFSv3 to copy your data onto the Oracle data transfer appliance. Here are some details about the appliance:

Item Description Specification

Storage Capacity

150 TB of protected usable space

Network Interfaces

- 10 GbE - RJ45

- 10 GbE - SFP+

You are responsible for providing all network cables. If you want to use SFP+, your transceivers must be compatible with Intel X520 NICs.

Provided Cables

- NEMA 5-15 type B to C13

- C13-14 power

- USB-DB9 serial

Environmental

- Operational temperature: 10–35°C

- Operational relative humidity: 8–90% non-condensing

- Acoustics: < 75 dB @ 23° C

- Operational altitude: -300–3048 m (10,000 ft)

Power

- Consumption: 554 W

- Voltage: 100–240 VAC

- Frequency: 47–63 Hz

- Conversion efficiency: 89%

Weight

- Unit: 38 lbs (17.2365 kg)

- Unit + Transit Case: 64 lbs (29.0299 kg)

Height

3.5" (2U)

Width

17"

Depth 24"

Task Flow for Appliance-Based Data Transfer

Here is a high-level overview of the tasks involved in transferring data to Oracle Cloud Infrastructure using Appliance-Based Data Transfer.

Performing prerequisite tasks in preparation for data transfer

An Oracle Cloud Infrastructure administrator must perform prerequisite tasks in preparation for data transfer. These tasks and are covered in detail in Preparing for Data Transfer.

  1. Create or designate a bucket in your tenancy where Oracle is to upload your data.
  2. Create or use an existing IAM group for data transfer administrators with the authorization and permissions to create and manage transfer jobs and manage objects in Oracle Cloud Infrastructure Object Storage.
  3. Create or use an existing IAM data transfer administrator user and add that user to the data transfer administrators' group.
  4. Create or use an existing IAM group for data transfer upload users with the authorization and permissions to upload data to Oracle Cloud Infrastructure Object Storage.
  5. Create a temporary IAM data transfer upload user and add that user to data transfer upload user group.
  6. Write the authorization policies to allow the data transfer administrator and upload user groups to perform the required data transfer tasks.
Note

Important Security Consideration

For security reasons, we recommend creating a unique IAM data transfer upload user for each transfer job and then deleting that user after your data is uploaded to Oracle Cloud Infrastructure.

A data transfer administrator performs the remaining tasks. These tasks are covered in detail in Managing Appliance Data Transfers.

Preparing for and copying your data

  1. Create a transfer job.
  2. Request a transfer appliance.
  3. Monitor your transfer appliance request.
  4. Set up your host machine.
  5. Unpack and prepare your transfer appliance.
  6. Configure networking on your transfer appliance.
  7. Write data to your transfer appliance.

Preparing your appliances for shipment

  1. Finalize your transfer appliance.
  2. Package and ship the transfer appliance to Oracle.

Post shipment tasks

  1. Optionally, cancel a transfer appliance if you don't want Oracle to upload your data.
  2. Monitor your transfer appliance return shipment.
  3. Review transfer appliance log files.
  4. Close the transfer job.

Roles and Responsibilities

Secure Appliance Data Transfer to Oracle Cloud Infrastructure

This section highlights the security details of the Data Transfer Appliance process.

  • Appliances are shipped from Oracle to you with a tamper-evident security tie on the transit case. A second tamper-evident security tie is included in the appliance transit case for you to secure the case when you ship the case back to Oracle. The number on the physical security ties must match the numbers logged by Oracle in the transfer appliance details.
  • When you configure the transfer appliance for the first time:

    • The transfer appliance generates a master AES-256 bit encryption key that is used for all data written to or read from the device. The encryption key never leaves the device.
    • The encryption key is protected by an encryption passphrase that you must know to access the encrypted data. The system securely fetches a provided encryption passphrase from Oracle Cloud Infrastructure and registers that passphrase on the transfer appliance.
  • All data is encrypted as the data is copied to an Oracle transfer appliance.
  • For more security, you can also encrypt your own data with your own encryption keys. Before copying your data to the transfer appliance, you can encrypt your data with a tool and encryption key of your choosing. After the data has been uploaded, you would need to use the same tool and encryption key to access the data.
  • All network communication between your appliance-based data transfer environment and Oracle Cloud Infrastructure is encrypted in-transit using Transport Layer Security (TLS).
  • After copying your data to a transfer appliance, the data transfer system generates a manifest file. The manifest contains an index of all of the copied files and generated data integrity hashes. The The system also encrypts and copies the config_upload_user configuration file to the transfer appliance. This configuration file describes the temporary IAM data transfer upload user. Oracle uses the credentials and entries defined in the config_upload_user file when processing the transfer appliance and uploading files to Oracle Cloud Infrastructure Object Storage.

    Note

    Data Transfer Service Does Not Support Passphrases on Private Keys

    While we recommend encrypting a private key with a passphrase when generating API signing keys, Data Transfer does not support passphrases on the key file required for the config_upload_user. If you use a passphrase, Oracle personnel cannot upload your data.

    Oracle cannot upload data from a transfer appliance without the correct credentials defined in this configuration file. See Preparing Your Host for Appliance-based Data Transfers for more information about the required configuration files.

  • Oracle erases all of your data from the transfer appliance after it has been processed. The erasure process follows the NIST 800-88 standards.

What's Next

You are now ready to prepare the host for the application-based data transfer. See Preparing Your Host for Appliance-based Data Transfers.