Sometimes you need to copy or move vast amounts of data out of the cloud faster than you can do it over the internet. Perhaps you have media content or processed datasets that you need to send to a customer or a business partner’s site. Or, a disaster disrupted your business, and you need to recover cloud-stored data and have it delivered to your on-premises location. Maybe you’re in a regulated industry that mandates you have “exit management” practices in place for service providers, including the expedient return of your data to your on-premises sites.
Now, you can do all that securely with the Oracle Cloud Infrastructure Data Transfer service, which has been extended to offer both import and export services through the Oracle-supplied Data Transfer Appliance. You make a request, and we send you a storage appliance with your data encrypted on it. You send it back after you’ve copied your data. It’s that simple.
If you’ve established an Oracle Cloud Infrastructure tenancy by using Universal Credits—Monthly Flex, you’re eligible to use the Data Transfer Appliance to import or export your data.
Here’s how the process works, in 10 steps.
Customers don’t want random people in their organization ordering appliances, so you need to request access to this service. We call this step “entitlement.” It’s a one-click process that sends the Terms and Conditions document to the buyer of your tenancy for a signature.
To help key people in your organization know when important events are triggered, such as when an export job is created and when Oracle ships the export appliance, you set up some notifications for them to receive.
To tell Oracle what objects (files) you want to download from your Object Storage bucket to the appliance, you generate a manifest. If you want only certain object names included in the export job, you can use boundary parameters that specify the prefix, start, or end of names.
The export job identifies two main items:
For each export job, you can export up to 150 TB of data from the same bucket. If you need to export more than 150 TB, or if you need to export from more than one bucket, you can create more export jobs and request more appliances. (Ensure that your tenancy service limits are set appropriately before you request multiple transfer appliances.)
Adding Oracle Cloud Infrastructure IAM policy language to your tenancy temporarily grants Oracle read-only access to the bucket where your data resides. The Data Transfer service provides these policies to make it easy to configure. This access is revoked after your data has been downloaded to the appliance.
Now you’re ready to request that an appliance containing your data is delivered to the address that you provided in the export job.
After Oracle receives and approves your request, your data is ready for Oracle to start the export process.
Obviously, data transfers need to be secure. Let’s talk about how we do that.
The appliance is protected with AES-256-bit encryption for all data written to or read from the data export appliance. This encryption ensures that data is never stored “in the clear.”
Oracle encrypts the appliance before downloading the data to it. Access to the encryption key is controlled by IAM policies. All of this means that if your appliance is intercepted during shipment, unauthorized parties can’t access your data.
The 2U form-factor-sized Data Transfer Appliance that contains your data in its encrypted format is shipped to you in a ruggedized, wheeled shipping case. Both the appliance and the case are tamper-proof and tamper-evident. A security tag with a unique number is used to prevent—and indicate—unauthorized opening of the case. Furthermore, the appliance itself is welded shut with only the serial port and network ports exposed.
After you receive the appliance, you connect it to your local network.
Using a laptop connected to the serial port of the appliance, you run a command to configure the appliance to your local network. Using the Oracle Cloud Infrastructure CLI from your local network, you can unlock the appliance.
You can then mount the NFS dataset on the appliance, and use standard Linux commands (for example, cp and rsync) to copy your data to your own systems.
You have a full month to copy your data from the appliance and send it back in its case. If you need more time, you can open a Support Request to ask for more. Before you return the appliance, delete all your data from the appliance and use the provided shipping label and security tie for the return shipment. After Oracle receives the appliance, we follow the NIST SP 800-88 standards to ensure that all your data has been fully wiped from the appliance.