Data Import - Disk
Learn about how to import your data to Oracle Cloud Infrastructure using a customer-provided commercial hard disk drive.
Disk-Based Data Import is one of Oracle's offline data transfer solutions that lets you migrate data to Oracle Cloud Infrastructure. You send your data as files on an encrypted disk to an Oracle transfer site. Operators at the Oracle transfer site upload the files into the designated Object Storage bucket in your tenancy. You are then free to move the uploaded data to other Oracle Cloud Infrastructure services as needed.
Disk-based data transfer is not supported for regions with FedRAMP authorization and regions with US Federal Cloud with DISA Impact Level 5 authorization.
Oracle does not certify or test disks you intend to use for disk import jobs. Calculate your disk capacity requirements and disk I/O to determine what USB 2.0/3.0 disk works best for your data transfer needs.
Disks with a PIN code are not supported.
Disk-Based Data Import Concepts
- IMPORT DISK
- An import disk is a user-supplied storage device that is specially prepared to copy and upload data to Oracle Cloud Infrastructure. You copy your data to the import disk and ship it in a parcel to Oracle to upload your data.
- Disk-Based Data Import supports external USB 2.0/3.0 hard disk drives.
Pin-code protected devices and physical-key protected devices are currently not supported.
- TRANSFER DISK
- A transfer disk is the logical representation of an import disk that has been prepared to copy and upload data to Oracle Cloud Infrastructure.
The terms transfer disk and import disk both represent the disk being used to move your data to Oracle Cloud Infrastructure. Transfer disk is used in the context of configuring the disk within the transfer job and transfer package. Import disk is used when physically handling the disk, such as connecting it to the Data Host or mailing it to Oracle.
- TRANSFER JOB
- A transfer job is the logical representation of a data migration to Oracle Cloud Infrastructure. A transfer job consists of one or more transfer packages that each contain a single transfer disk.
- DATA TRANSFER UTILITY
- The Data Transfer Utility is the command line software that Oracle provides for you to prepare the transfer disk for your data and for shipment to Oracle. In addition, you can use this software to manage transfer jobs and packages.
You can only run Data Transfer Utility tasks for a supported Linux machine. Windows-based machines are not supported in disk-based transfer jobs.
- DATA HOST
- The host computer on your site that stores the data you intend to copy to the disk for migration to Oracle Cloud Infrastructure.
Only Linux machines can be used as Data Hosts.
- TRANSFER PACKAGE
- A transfer package is the logical representation of the parcel containing the transfer disk that you ship to Oracle to upload to Oracle Cloud Infrastructure.
- The logical container in Object Storage where Oracle operators upload your data. A bucket is associated with a single compartment in your tenancy whose policies that determine what actions a user can perform.
- DATA TRANSFER ADMINISTRATOR
- A new or existing IAM user that has the authorization and permissions to create and manage transfer jobs.
- DATA TRANSFER UPLOAD USER
- A temporary IAM user that grants Oracle personnel the authorization and permissions to upload the data from your transfer disk to your designated Object Storage bucket. Delete this temporary user after your data is uploaded to Oracle Cloud Infrastructure.
Roles and Responsibilities
Depending on your organization, the responsibilities of using and managing the data transfer may span multiple roles. Use the following set of roles as a guideline for how you can assign the various tasks associated with the data transfer.
Project Sponsor: Responsible for the overall success of the data transfer. Project Sponsors usually have complete access to their organization's Oracle Cloud Infrastructure tenancy. They coordinate with the other roles in the organization to complete the implementation of data transfer project. The Project Sponsor is also responsible for signing legal documentation and setting up notifications for the data import.
Infrastructure Engineer: Responsible for integrating the transfer appliance into the organization's IT infrastructure from where the data is being transferred. Tasks associated with this role include connecting the transfer appliance to power, placing it within the network, and setting the IP address through a serial console menu using the provided USB-to-Serial adapter.
Data Administrator: Responsible for identifying and preparing the data to be transferred to Oracle Cloud Infrastructure. This person usually has access to, and expertise with, the data being migrated.
These roles correspond to the various phases of the data transfer described in the following section. A specific role can be responsible for one or more phases.
Task Flow for Disk-Based Data Import
Here is a high-level overview of the tasks involved in transferring data to Oracle Cloud Infrastructure using Data Transfer Disk. Complete one phase before proceeding to the next one. Use the roles previously described to distribute the tasks across individuals or groups within your organization.
Secure Disk Data Transfer to Oracle Cloud Infrastructure
This section highlights the security details of the Data Transfer Service process.
The Data Transfer Utility uses the standard Linux dm-crypt and LUKS utilities to encrypt block devices.
The dm-crypt software generates a master AES-256 bit encryption key that is used for all data written to or read from the disk. That key is protected by an encryption passphrase that the user must know to access the encrypted data.
When the data transfer administrator uses the Data Transfer Utility to create a disk, Oracle Cloud Infrastructure creates a strong encryption passphrase that is displayed to the user and passed to dm-crypt. The passphrase is displayed to standard output only once and cannot be retrieved again. Copy this passphrase to a durable, secure location for future reference.
For extra security, you can also encrypt your own data with your own encryption keys. Before copying your data to the transfer disk, you can encrypt your data with a tool and encryption key of your choosing. After the data has been uploaded, you would need to use the same tool and encryption key to access the data.
All network communication between the Data Transfer Utility and Oracle Cloud Infrastructure is encrypted in-transit using Transport Layer Security (TLS).
After copying your data to a transfer disk, generate a manifest file using the Data Transfer Utility. The manifest contains an index of all of the copied files and generated data integrity hashes. The Data Transfer Utility copies the
config_upload_userconfiguration file and referenced IAM credentials to the encrypted transfer disk. This configuration file describes the temporary IAM data transfer upload user. Oracle uses the credentials and entries defined in the
config_upload_userfile when processing the transfer disk and uploading files to Oracle Cloud Infrastructure Object Storage.Note
Data Transfer Service Does Not Support Passphrases on Private Keys
While we recommend encrypting a private key with a passphrase when generating API signing keys, Data Transfer does not support passphrases on the key file required for the
config_upload_user. If you use a passphrase, Oracle personnel cannot upload your data.
Oracle cannot upload data from a transfer disk without the correct credentials defined in this configuration file. See Installing the Data Transfer Utility for more information about the required configuration files.
When you disconnect or lock a transfer disk using the Data Transfer Utility, the original encryption passphrase is required to once again access the disk. If the encryption passphrase is not known or lost, you cannot access the data on the transfer disk. To reuse a transfer disk, you must reformat the disk. Reformatting a disk removes all the data.
Oracle retrieves the encryption passphrase for a transfer disk from Oracle Cloud Infrastructure. Oracle uses the passphrase to decrypt, mount the transfer disk, and upload the data to the designated bucket in the tenancy.
After processing a transfer package, Oracle returns the transfer disk attached to the transfer package using the return shipping label you provide.
To protect your data, we make the data on the disk unrecoverable before shipping the transfer disk back to you. To comply with customs regulations, we wipe the disk completely before shipping it back to international shipping addresses.
Ways to Manage Disk Data Transfers
We provide two ways to manage disk-based data transfers:
The Data Transfer Utility is a full-featured command line tool for disk-based data transfers only (appliance-based data transfers use a different command line tool). For more information and installation instructions, see Installing the Data Transfer Utility.
The Console is an easy-to-use, partial-featured browser-based interface. For more information, see Sign In for the First Time.
You can perform many data transfer tasks using either the Console or the Data Transfer Utility. However, there are some tasks you can only perform using the Data Transfer Utility (for example, creating and locking the transfer disk). describes the management tasks in detail and guides you to the appropriate management interface to use for each task.
You are now ready to begin preparation for the Disk-Based Data Import. See Preparing for Disk Data Transfers for more information.