Disk-Based Data Transfer is one of Oracle's offline data transfer solutions that lets you migrate data to Oracle Cloud Infrastructure. You send your data as files on encrypted disks to an Oracle transfer site. Operators at the Oracle transfer site upload the files into the designated Object Storage bucket in your tenancy. You are then free to move the uploaded data to other Oracle Cloud Infrastructure services as needed.
The following concepts are essential to understanding Disk-Based Data Transfer.
- A disk is a user-supplied storage device that is specially prepared to copy and upload data to Oracle Cloud Infrastructure. You copy your data to one or more of these disks and ship the disks in a parcel to Oracle to upload your data.
- The following transfer disks are supported:
- SATA II/III 2.5" or 3.5" hard disk drives
- External USB 2.0/3.0 hard disk drives
- transfer disk
- A transfer disk is the logical representation of a disk that has been prepared to copy and upload data to Oracle Cloud Infrastructure.
- transfer job
- A transfer job is the logical representation of a data migration to Oracle Cloud Infrastructure. A transfer job consists of one or more transfer packages that each contain one or more transfer disks.
- data transfer utility
- The Data Transfer Utility is the command line software that Oracle provides for you to prepare transfer disks for your data and for shipment to Oracle. In addition, you can use this software to manage transfer jobs and packages.
- data host
- The host computer on your site that stores the data you intend to copy to the disk for migration to Oracle Cloud Infrastructure.
- transfer package
- A transfer package is the logical representation of the parcel containing the transfer disks that you ship to Oracle to upload to Oracle Cloud Infrastructure.
- The logical container in Oracle Cloud Infrastructure Object Storage where Oracle operators upload your data. A bucket is associated with a single compartment in your tenancy that has An IAM document that specifies who has what type of access to your resources. It is used in different ways: to mean an individual statement written in the policy language; to mean a collection of statements in a single, named "policy" document (which has an Oracle Cloud ID (OCID) assigned to it); and to mean the overall body of policies your organization uses to control access to resources. that determine what actions a user can perform on a bucket and on all the objects in the bucket.
- data transfer administrator
- A new or existing IAM user that has the authorization and permissions to create and manage transfer jobs. See .
- data transfer upload user
- A temporary IAM user that grants Oracle personnel the authorization and permissions to upload the data from your transfer disks to your designated Oracle Cloud Infrastructure Object Storage bucket. Delete this temporary user after your data is uploaded to Oracle Cloud Infrastructure. See .
Pin-code protected devices and physical-key protected devices are currently not supported.
Depending on your organization, the responsibilities of using and managing the data transfer may span multiple roles. Use the following set of roles as a guideline for how you can assign the various tasks associated with the data transfer.
Project Sponsor: Responsible for the overall success of the data transfer. Project Sponsors usually have complete access to their organization's Oracle Cloud Infrastructure tenancy. They coordinate with the other roles in the organization to complete the implementation of data transfer project.
Infrastructure Engineer: Responsible for integrating the transfer appliance into the organization's IT infrastructure from where the data is being transferred. Tasks associated with this role include connecting the transfer appliance to power, placing it within the network, and setting the IP address through a serial console menu using the provided USB-to-Serial adapter.
Data Administrator: Responsible for identifying and preparing the data to be transferred to Oracle Cloud Infrastructure. This person usually has access to, and expertise with, the data being migrated.
These roles correspond to the various phases of the data transfer described in the following section. A specific role can be responsible for one or more phases.
Task Flow for Disk-Based Data Transfer
Here is a high-level overview of the tasks involved in transferring data to Oracle Cloud Infrastructure using Data Transfer Disk organized by phase. Complete one phase before proceeding to the next one. You can click some of the boxes to get details on how to perform the associated task. Use the roles previously described to distribute the tasks across individuals or groups within your organization.
This section highlights the security details of the Data Transfer Service process.
- The Data Transfer Utility uses the standard Linux dm-crypt and LUKS utilities to encrypt block devices.
- The dm-crypt software generates a master AES-256 bit encryption key that is used for all data written to or read from the disk. That key is protected by an encryption passphrase that the user must know to access the encrypted data.
- When the data transfer administrator uses the Data Transfer Utility to create disks, Oracle Cloud Infrastructure creates a strong encryption passphrase that is displayed to the user and passed to dm-crypt. The passphrase is displayed to standard output only once and cannot be retrieved again. Copy this passphrase to a durable, secure location for future reference.
- For extra security, you can also encrypt your own data with your own encryption keys. Before copying your data to the transfer disk, you can encrypt your data with a tool and encryption key of your choosing. After the data has been uploaded, you would need to use the same tool and encryption key to access the data.
- All network communication between the Data Transfer Utility and Oracle Cloud Infrastructure is encrypted in-transit using Transport Layer Security (TLS).
After copying your data to a transfer disk, generate a manifest file using the Data Transfer Utility. The manifest contains an index of all of the copied files and generated data integrity hashes. The Data Transfer Utility copies the
config_upload_userconfiguration file and referenced IAM credentials to the encrypted transfer disk. This configuration file describes the temporary IAM data transfer upload user. Oracle uses the credentials and entries defined in the
config_upload_userfile when processing the transfer disk and uploading files to Oracle Cloud Infrastructure Object Storage.Note
Data Transfer Service Does Not Support Passphrases on Private Keys
While we recommend encrypting a private key with a passphrase when generating API signing keys, Data Transfer does not support passphrases on the key file required for the
config_upload_user. If you use a passphrase, Oracle personnel cannot upload your data.
Oracle cannot upload data from a transfer disk without the correct credentials defined in this configuration file. See Data Transfer Utility for more information about the required configuration files.
When you disconnect or lock a transfer disk using the Data Transfer Utility, the original encryption passphrase is required to once again access the disk. If the encryption passphrase is not known or lost, you cannot access the data on the transfer disk. To reuse a transfer disk, you must reformat the disk. Reformatting a disk removes all the data.
Oracle retrieves the encryption passphrase for a transfer disk from Oracle Cloud Infrastructure. Oracle uses the passphrase to decrypt, mount the transfer disk, and upload the data to the designated bucket in the tenancy.
After processing a transfer package, Oracle returns all transfer disks attached to the transfer package using the return shipping label you provide.
To protect your data, we make the data on the disk unrecoverable before shipping the transfer disks back to you. To comply with customs regulations, we wipe the disks completely before shipping the transfer disks back to international shipping addresses.
We provide two ways to manage disk-based data transfers:
- The Data Transfer Utility is a full-featured command line tool for disk-based data transfers only (appliance-based data transfers use a different command line tool). For more information and installation instructions, see Data Transfer Utility.
- The Console is an easy-to-use, partial-featured browser-based interface. For more information, see Signing In to the Console.
You can perform many data transfer tasks using either the Console or the Data Transfer Utility. However, there are some tasks you can only perform using the Data Transfer Utility (for example, creating and locking transfer disks). describes the management tasks in detail and guides you to the appropriate management interface to use for each task.
You are now ready to begin preparation for the Disk-Based Data Transfer. See Preparing for Disk Data Transfers.