Oracle Cloud Infrastructure Documentation

Disk-Based Data Transfer

Disk-Based Data Transfer is one of Oracle's offline data transfer solutions that lets you migrate data to Oracle Cloud Infrastructure. You send your data as files on encrypted disks to an Oracle transfer site. Operators at the Oracle transfer site upload the files into the designated Object Storage bucket in your tenancy. You are then free to move the uploaded data to other Oracle Cloud Infrastructure services as needed.

Disk-Based Data Transfer Concepts

The following concepts are essential to understanding Disk-Based Data Transfer.

disk
A disk is a user-supplied storage device that is specially prepared to copy and upload data to Oracle Cloud Infrastructure. You copy your data to one or more of these disks and ship the disks in a parcel to Oracle to upload your data.
The following transfer disks are supported:
  • SATA II/III 2.5" or 3.5" hard disk drives
  • External USB 2.0/3.0 hard disk drives

Note

Pin-code protected devices and physical-key protected devices are not supported at this time.

transfer disk
A transfer disk is the logical representation of a disk that has been prepared to copy and upload data to Oracle Cloud Infrastructure.
transfer job
A transfer job is the logical representation of a data migration to Oracle Cloud Infrastructure. A transfer job consists of one or more transfer packages that each contain one or more transfer disks.
data transfer utility
The Data Transfer Utility is the command line software that Oracle provides for you to prepare transfer disks for your data and for shipment to Oracle. In addition, you can use this software to manage transfer jobs and packages.
host
The computer at your site on which you perform Data Transfer Service tasks. Depending on your needs, you may use one or more separate hosts to run your transfer job.
transfer package
A transfer package is the logical representation of the parcel containing the transfer disks that you ship to Oracle to upload to Oracle Cloud Infrastructure.
bucket
The logical container in Oracle Cloud Infrastructure Object Storage where Oracle operators upload your data. A bucket is associated with a single compartment in your tenancy that has An IAM document that specifies who has what type of access to your resources. It is used in different ways: to mean an individual statement written in the policy language; to mean a collection of statements in a single, named "policy" document (which has an Oracle Cloud ID (OCID) assigned to it); and to mean the overall body of policies your organization uses to control access to resources. that determine what actions a user can perform on a bucket and on all the objects in the bucket.
data transfer administrator
A new or existing IAM user that has the authorization and permissions to create and manage transfer jobs. See Preparing for Data Transfer.
data transfer upload user
A temporary IAM user that grants Oracle personnel the authorization and permissions to upload the data from your transfer disks to your designated Oracle Cloud Infrastructure Object Storage bucket. Delete this temporary user after your data is uploaded to Oracle Cloud Infrastructure. See Preparing for Data Transfer.

Task Flow for Disk-Based Data Transfer

Here is a high-level overview of the tasks involved in transferring data to Oracle Cloud Infrastructure using Disk-Based Data Transfer.

Performing prerequisite tasks in preparation for transfer data

An Oracle Cloud Infrastructure administrator must perform prerequisite tasks in preparation for data transfer. These tasks are covered in greater detail in Preparing for Data Transfer.

  1. Create or designate a bucket in your tenancy where Oracle is to upload your data.

  2. Create or use an existing IAM group for data transfer administrators with the authorization and permissions to create and manage transfer jobs and manage objects in Oracle Cloud Infrastructure Object Storage.

  3. Create or use an existing IAM data transfer administrator user and add that user to the data transfer administrators group.

  4. Create or use an existing IAM group for data transfer upload users with the authorization and permissions to upload data to Oracle Cloud Infrastructure Object Storage.

  5. Create a temporary IAM data transfer upload user and add that user to data transfer upload user group.

  6. Write the authorization policies to allow the data transfer administrator and upload user groups to perform the required data transfer tasks.
Note

Important Security Consideration

For security reasons, we recommend that you create a unique IAM data transfer upload user for each transfer job and then delete that user after your data is uploaded to Oracle Cloud Infrastructure.

A data transfer administrator performs the remaining tasks. These tasks are covered in detail in Managing Disk Data Transfers.

Preparing for and copying your data

  1. Create a transfer job.

  2. Attach the disks to your host machine.

  3. Create transfer disks for your disks.

  4. Copy your data to the disks.

Finalizing the transfer disks in preparation for shipment

  1. Generate a manifest for each transfer disk.

  2. Generate the "dry run" report for each transfer disk

  3. Lock each transfer disk.

Preparing and shipping the package

  1. Create one or more transfer packages.

  2. Attach the transfer disks to the transfer packages.

  3. Get the shipping address for the transfer packages.

  4. Package the transfer disks into a box, and ship the box to Oracle using an approved shipping vendor.

  5. Update the transfer package with tracking information.

Secure Disk Data Transfer to Oracle Cloud Infrastructure

This section highlights the security details of the Data Transfer Service process.

  • The Data Transfer Utility uses the standard Linux dm-crypt and LUKS utilities to encrypt block devices.
  • The dm-crypt software generates a master AES-256 bit encryption key that is used for all data written to or read from the disk. That key is protected by an encryption passphrase that the user must know to access the encrypted data.
  • When the data transfer administrator uses the Data Transfer Utility to create disks, Oracle Cloud Infrastructure creates a strong encryption passphrase that is displayed to the user and passed to dm-crypt. The passphrase is displayed to standard output only once and cannot be retrieved again. Copy this passphrase to a durable, secure location for future reference.
  • For additional security, you can also encrypt your own data with you own encryption keys. Before copying your data to the transfer disk, you can encrypt your data with a tool and encryption key of your choosing. After the data has been uploaded, you would need to use the same tool and encryption key to access the data.
  • All network communication between the Data Transfer Utility and Oracle Cloud Infrastructure is encrypted in-transit using Transport Layer Security (TLS).
  • After copying your data to a transfer disk, generate a manifest file using the Data Transfer Utility. The manifest contains an index of all of the copied files and generated data integrity hashes. The Data Transfer Utility copies the config_upload_user configuration file and referenced IAM credentials to the encrypted transfer disk. This configuration file describes the temporary IAM data transfer upload user. Oracle uses the credentials and entries defined in the config_upload_user file when processing the transfer disk and uploading files to Oracle Cloud Infrastructure Object Storage.

    Note

    Data Transfer Service Does Not Support Passphrases on Private Keys

    While we recommend encrypting a private key with a passphrase when generating API signing keys, Data Transfer does not support passphrases on the key file required for the config_upload_user. If you use a passphrase, Oracle personnel cannot upload your data.

    Oracle cannot upload data from a transfer disk without the correct credentials defined in this configuration file. See Installing the Data Transfer Utility for Disk-Based Data Transfers for more information about the required configuration files.

  • When you disconnect or lock a transfer disk using the Data Transfer Utility, the original encryption passphrase is required to once again access the disk. If the encryption passphrase is not known or lost, you cannot access the data on the transfer disk. To reuse a transfer disk, you must reformat the disk. Reformatting a disk removes all of the data.

  • Oracle retrieves the encryption passphrase for a transfer disk from Oracle Cloud Infrastructure. Oracle uses the passphrase to decrypt, mount the transfer disk, and upload the data to the designated bucket in the tenancy.

  • After processing a transfer package, Oracle returns all transfer disks attached to the transfer package using the return shipping label you provide.

  • To protect your data, we make the data on the disk unrecoverable before shipping the transfer disks back to you. To comply with customs regulations, we wipe the disks completely before shipping the transfer disks back to international shipping addresses.

Ways to Manage Disk Data Transfers

We provide two ways to manage disk-based data transfers:

Note

You can perform many data transfer tasks using either the Console or the Data Transfer Utility. However, there are some tasks you can only perform using the Data Transfer Utility (for example, creating and locking transfer disks). Managing Disk Data Transfers describes the management tasks in detail and guides you to the appropriate management interface to use for each task.

What's Next

You are now ready to install the Data Transfer Utility. See Installing the Data Transfer Utility for Disk-Based Data Transfers.