Oracle Cloud Infrastructure Documentation

Data Import - Appliance

Learn how you can migrate data to Oracle Cloud Infrastructure using an Oracle-supplied transfer appliance.

Appliance-Based Data Import is one of Oracle's offline data transfer solutions that lets you migrate petabyte-scale datasets to Oracle Cloud Infrastructure. You send your data as files on one or more secure, high-capacity, Oracle-supplied Data Transfer Appliances to an Oracle transfer site. Operators at the Oracle transfer site upload the files into the designated Object Storage bucket in your tenancy. You are then free to move the uploaded data to other Oracle Cloud Infrastructure services as needed.

See Data Transfer Appliance Specifications for a table of appliance specifications by region.

Note

  • Consider using Disk-Based Data Import if the quantity of data you are importing is 34 TB or less. Using this option allows you to avoid waiting for Oracle to send you a data transfer appliance. See Data Import - Disk for more information.

  • Appliance-Based Data Import is not available for free trial or Pay As You Go accounts.

  • Data Transfer appliance availability is based on inventory per region. Oracle distributes appliances on a first come, first serve basis based on customer request. Appliances are not always immediately available. Because of inventory constraints, new Appliance-Based Data Import users are limited to a single appliance when it is their turn. Returning users are limited to two appliances.

Appliance-Based Data Import Concepts

TRANSFER JOB
A transfer job is the logical representation of a data migration to Oracle Cloud Infrastructure. A transfer job is associated with one or more import appliances.
DATA TRANSFER APPLIANCE
The Data Transfer Appliance (import appliance) is a high-storage capacity device that is specially prepared to copy and upload data to Oracle Cloud Infrastructure. You request an import appliance from Oracle, copy your data onto it, and then ship it back to Oracle for upload.
COMMAND LINE INTERFACE
The command line interface (CLI) is a small footprint tool that you can use on its own or with the Console to complete Oracle Cloud Infrastructure tasks, including Appliance-Based Data Import jobs.
Note

You can only run Oracle Cloud Infrastructure CLI commands from a Linux host. This differs from running CLI commands for other Oracle Cloud Infrastructure Services on a variety of host operating systems. Appliance-based commands require validation that is only available on Linux hosts.
HOST
A physical computer at the customer site on which one or more of the logical hosts (Control, Data, Terminal Emulation) is running. Depending on your computing environment, you can have any of the following:
  • A separate physical host for each logical host
  • All three logical hosts consolidated onto a single physical host
  • Two logical hosts on one physical host and the third logical host on a separate physical host
All physical hosts much be on network used for the data transfer.
CONTROL HOST
The logical representation of the host computer at your site from which you perform Data Transfer Service tasks. Depending on your needs, you may use one or more separate hosts (Control and Data) to run your Appliance-Based Data Importjob.
Note

You can only run Oracle Cloud Infrastructure CLI commands from a Linux-based Control Host machine. You can run Console tasks from a browser running on a Windows machine.

DATA HOST
The logical representation of the host computer on your site that stores the data you intend to copy to Oracle Cloud Infrastructure.
Note

Only Linux machines can be used as Data Hosts.

TERMINAL EMULATION HOST
The logical representation of the host computer that uses terminal emulation software to communicate with, and allow you to command, the import appliance.
BUCKET
The logical container in Oracle Cloud Infrastructure Object Storage where Oracle operators upload your data. A bucket is associated with a single compartment in your tenancy whose policies that determine what actions a user can perform on a bucket and on all the objects in the bucket.
DATA TRANSFER ADMINISTRATOR
A new or existing IAM user that has the authorization and permissions to create and manage transfer jobs.
DATA TRANSFER UPLOAD USER
A temporary IAM user that grants Oracle personnel the authorization and permissions to upload the data from the import appliance to your designated Oracle Cloud Infrastructure Object Storage bucket. Delete this temporary user after your data is uploaded to Oracle Cloud Infrastructure.
APPLIANCE MANAGEMENT SERVICE
Software running on the import appliance that provides management functions. Users interact with this service though the Oracle Cloud Infrastructure CLI.

Import File Constraints

All files being imported using the Data Transfer Appliance must conform to the following:

  • Maximum file size - 10 TB

  • Maximum file name length - 1024 characters

Roles and Responsibilities

Depending on your organization, the responsibilities of using and managing the data transfer may span multiple roles. Use the following set of roles as a guideline for how you can assign the various tasks associated with the data transfer.

  • Project Sponsor: Responsible for the overall success of the data transfer. Project Sponsors usually have complete access to their organization's Oracle Cloud Infrastructure tenancy. They coordinate with the other roles in the organization to complete the implementation of data transfer project. The Project Sponsor is also responsible for signing legal documentation and setting up notifications for the data import.

  • Infrastructure Engineer: Responsible for integrating the transfer appliance into the organization's IT infrastructure from where the data is being transferred. Tasks associated with this role include connecting the transfer appliance to power, placing it within the network, and setting the IP address through a serial console menu using the provided USB-to-Serial adapter.

  • Data Administrator: Responsible for identifying and preparing the data to be transferred to Oracle Cloud Infrastructure. This person usually has access to, and expertise with, the data being migrated.

These roles correspond to the various phases of the data transfer described in the following section. A specific role can be responsible for one or more phases.

Task Flow for Appliance-Based Data Import

Here is a high-level overview of the tasks involved in the Appliance-Based Data Import to Oracle Cloud Infrastructure. Complete one phase before proceeding to the next one. Use the roles previously described to distribute the tasks across individuals or groups within your organization.

Block chart of appliance transfer workflow

Secure Appliance Data Transfer to Oracle Cloud Infrastructure

This section highlights the security details of the Data Transfer Appliance process.

  • Appliances are shipped from Oracle to you with a tamper-evident security tie on the transit case. A second tamper-evident security tie is included in the import appliance transit case for you to secure the case when you ship the case back to Oracle. The number on the physical security ties must match the numbers logged by Oracle in the import appliance details.

  • When you configure the import appliance for the first time:

    • The import appliance generates a master AES-256 bit encryption key that is used for all data written to or read from the device. The encryption key never leaves the device.

    • The encryption key is protected by an encryption passphrase that you must know to access the encrypted data. The system securely fetches a provided encryption passphrase from Oracle Cloud Infrastructure and registers that passphrase on the import appliance.

      Note

      The encryption passphrase is never stored on the import appliance.

  • All data is encrypted as the data is copied to an import appliance.

  • For more security, you can also encrypt your own data with your own encryption keys. Before copying your data to the import appliance, you can encrypt your data with a tool and encryption key of your choosing. After the data has been uploaded, you would need to use the same tool and encryption key to access the data.

  • All network communication between your appliance-based data transfer environment and Oracle Cloud Infrastructure is encrypted in-transit using Transport Layer Security (TLS).

  • After copying your data to a transfer appliance, the data transfer system generates a manifest file. The manifest contains an index of all of the copied files and generated data integrity hashes. The system also encrypts and copies the config_upload_user configuration file to the transfer appliance. This configuration file describes the temporary IAM data transfer upload user. Oracle uses the credentials and entries defined in the config_upload_user file when processing the transfer appliance and uploading files to Oracle Cloud Infrastructure Object Storage.

    Note

    Data Transfer Service Does Not Support Passphrases on Private Keys

    While we recommend encrypting a private key with a passphrase when generating API signing keys, the Data Transfer Service does not support passphrases on the key file required for the config_upload_user configuration file. If you use a passphrase, Oracle personnel cannot upload your data.

    Oracle cannot upload data from a transfer appliance without the correct credentials defined in this configuration file. See Preparing Upload Configuration Files for more information about the required configuration files.

  • Oracle erases all of your data from the import appliance after it has been processed. The erasure process follows the NIST 800-88 standards.

  • Keep possession of the security tie after you have finished unpacking and connecting the import appliance. Include it when returning the import appliance to Oracle. Failure to include the security tie can result in a delay in the data migration process.