Data Transfer Disk is one of Oracle's offline data transfer solutions that lets you migrate data to Oracle Cloud Infrastructure. You send your data as files on encrypted disks to an Oracle transfer site. Operators at the Oracle transfer site upload the files into the designated Object Storage bucket in your tenancy. You are then free to move the uploaded data to other Oracle Cloud Infrastructure services as needed.
The following concepts are essential to understanding Data Transfer Service.
- transfer job
- A transfer job is the logical representation of a data migration to Oracle Cloud Infrastructure. A transfer job consists of one or more transfer packages that each contain one or more transfer disks.
- transfer disk
- A transfer disk is an HDD that is specially prepared to copy and upload data to Oracle Cloud Infrastructure. You copy your data to one or more of these disks and ship the disks in a parcel to Oracle to upload your data.
- The following transfer disks are supported:
- SATA II/III 2.5" or 3.5" HDDs
- External USB 2.0/3.0 HDDs
- Data Transfer Utility
- The Data Transfer Utility is the command-line software that Oracle provides for you to prepare transfer disks for your data and for shipment to Oracle. In addition, you can use this software to manage transfer jobs and packages.
- The computer at your site on which you download the Data Transfer Utility to perform Data Transfer Service tasks.
- transfer package
- A transfer package is the logical representation of the parcel containing the transfer disks that you ship to Oracle to upload to Oracle Cloud Infrastructure.
- The logical container in Oracle Cloud Infrastructure Object Storage where Oracle operators upload your data. A bucket is associated with a single compartment in your tenancy that has An IAM document that specifies who has what type of access to your resources. It is used in different ways: to mean an individual statement written in the policy language; to mean a collection of statements in a single, named "policy" document (which has an Oracle Cloud ID (OCID) assigned to it); and to mean the overall body of policies your organization uses to control access to resources. that determine what actions a user can perform on a bucket and on all the objects in the bucket.
- data transfer administrator
- A new or existing IAM user that has the authorization and permissions to create and manage transfer jobs. See Preparing for Data Transfer.
- data transfer upload user
- A temporary IAM user that grants Oracle personnel the authorization and permissions to upload the data from your transfer disks to your designated Oracle Cloud Infrastructure Object Storage bucket. Delete this temporary user after your data is uploaded to Oracle Cloud Infrastructure. See Preparing for Data Transfer.
Task Flow for Data Transfer Disk
Here is a high-level overview of the tasks involved in transferring data to Oracle Cloud Infrastructure using Data Transfer Disk.
Performing prerequisite tasks in preparation for transfer data
An Oracle Cloud Infrastructure administrator must perform prerequisite tasks in preparation for data transfer. These tasks are covered in greater detail in Preparing for Data Transfer.
Create or designate a bucket in your tenancy where Oracle is to upload your data.
Create or use an existing IAM group for data transfer administrators with the authorization and permissions to create and manage transfer jobs and manage objects in Oracle Cloud Infrastructure Object Storage.
Create or use an existing IAM data transfer administrator user and add that user to the data transfer administrators group.
Create or use an existing IAM group for data transfer upload users with the authorization and permissions to upload data to Oracle Cloud Infrastructure Object Storage.
- Write the authorization policies to allow the data transfer administrator and upload user groups to perform the required data transfer tasks.
Important Security Consideration
For security reasons, we recommend that you create a unique IAM data transfer upload user for each transfer job and then delete that user after your data is uploaded to Oracle Cloud Infrastructure.
A data transfer administrator performs the remaining tasks. These tasks are covered in detail in Managing Disk Data Transfers.
Preparing for and copying your data
Attach HDDs to your host machine.
Copy your data to the transfer disks.
Finalizing the transfer disks in preparation for shipment
Generate a manifest for each transfer disk.
Generate the "dry run" report for each transfer disk
Preparing and shipping the package
Attach the transfer disks to the transfer packages.
Get the shipping address for the transfer packages.
Package the transfer disks into a box, and ship the box to Oracle using an approved shipping vendor.
This section highlights the security details of the Data Transfer Service process.
- The Data Transfer Utility uses the standard Linux dm-crypt and LUKS utilities to encrypt block devices.
- The dm-crypt software generates a master AES-256 bit encryption key that is used for all data written to or read from the disk. That key is protected by an encryption passphrase that the user must know to access the encrypted data.
- When the data transfer administrator uses the Data Transfer Utility to create disks, Oracle Cloud Infrastructure creates a strong encryption passphrase that is displayed to the user and passed to dm-crypt. The passphrase is displayed to standard output only once and cannot be retrieved again. Copy this passphrase to a durable, secure location for future reference.
- For additional security, you can also encrypt your own data with you own encryption keys. Before copying your data to the transfer disk, you can encrypt your data with a tool and encryption key of your choosing. After the data has been uploaded, you would need to use the same tool and encryption key to access the data.
- All network communication between the Data Transfer Utility and Oracle Cloud Infrastructure is encrypted in-transit using Transport Layer Security (TLS).
After copying your data to a transfer disk, generate a manifest file using the Data Transfer Utility. The manifest contains an index of all of the copied files and generated data integrity hashes. The Data Transfer Utility copies the
config_upload_userconfiguration file and referenced IAM credentials to the encrypted transfer disk. This configuration file describes the temporary IAM data transfer upload user. Oracle uses the credentials and entries defined in the
config_upload_userfile when processing the transfer disk and uploading files to Oracle Cloud Infrastructure Object Storage.Note
Data Transfer Service Does Not Support Passphrases on Private Keys
While we recommend encrypting a private key with a passphrase when generating API signing keys, Data Transfer does not support passphrases on the key file required for the
config_upload_user. If you use a passphrase, Oracle personnel cannot upload your data.
Oracle cannot upload data from a transfer disk without the correct credentials defined in this configuration file. See Installing and Configuring the Data Transfer Utility for more information about the required configuration files.
When you disconnect or lock a transfer disk using the Data Transfer Utility, the original encryption passphrase is required to once again access the disk. If the encryption passphrase is not known or lost, you cannot access the data on the transfer disk. To reuse a transfer disk, you must reformat the disk. Reformatting a disk removes all of the data.
Oracle retrieves the encryption passphrase for a transfer disk from Oracle Cloud Infrastructure. Oracle uses the passphrase to decrypt, mount the transfer disk, and upload the data to the designated bucket in the tenancy.
After processing a transfer package, Oracle returns all transfer disks attached to the transfer package using the return shipping label you provide.
To protect your data, we make the data on the disk unrecoverable before shipping the transfer disks back to you. To comply with customs regulations, we wipe the disks completely before shipping the transfer disks back to international shipping addresses.
We provide two ways to manage Data Transfer Services:
- The Data Transfer Utility is a full-featured command-line tool. For more information and installation instructions, see Installing and Configuring the Data Transfer Utility.
- The Console is an easy-to-use, partial-featured browser-based interface. For more information, see Signing In to the Console.
You can perform many data transfer tasks using either the Console or the Data Transfer Utility. However, there are some tasks you can only perform using the Data Transfer Utility (for example, creating and locking transfer disks). Managing Disk Data Transfers describes the management tasks in detail and guides you to the appropriate management interface to use for each task.
You are now ready to perform the prerequisite data transfer tasks. See Preparing for Data Transfer.