1. Migrate Oracle Cloud Infrastructure volume data across tenancies
  2. About Migrating Oracle Cloud Infrastructure Volume Data Across Tenancies

About Migrating Oracle Cloud Infrastructure Volume Data Across Tenancies

Migrating data aross tenancies can be a challenging task, but with proper planning and by using well-tested processes, you can migrate data from one tenancy to another safely, securely, and with little downtime.

This document provides an overview of options you can use to migrate data stored on Oracle Cloud Infrastructure (OCI) volumes across OCI tenancies. It is intended solely to help customers who are looking to migrate data from one tenancy to another tenancy and will show you how to:
  • Migrate data across multiple customer tenancies.
  • Migrate data to new tenancies for operational/business reasons, such as moving service providers.
  • Protect against ransomware attacks.

Understand Migration Methods

You can use either of the following options to migrate data stored on your OCI volumes, including both boot and block volumes.

  • Cross Tenancy Cloning; for data migrations within an Availability Domain (AD)
  • Cross Tenancy Restore; for data migrations across ADs
By using these options, data can be migrated safely and securely and with very little downtime.

Cross Tenancy Cloning

With cross tenancy cloning users can clone their boot and data volumes stored in one tenancy to another tenancy. A cloned volume is a point-in-time direct disk-to-disk deep copy of the source volume. The Volumes in OCI are availabilty domin (AD) local. When cloned, the AD for the new volume will be automatically inferred from the original volume. If you want to migrate to a specific AD in the same region, you can use cross tenancy restore instead of cloning.

OCI only exposes logical ADs to customers. Logical AD to actual physical AD mapping is defined per tenancy and can vary between tenancies. So, even though a volume is listed as stored in AD1 in old tenancy, the cross tenancy cloned volume could be in AD3 in the new tenancy. Thus, after cloning, it will feel as if the volume has moved between ADs, where, in fact, it actually resides on the same physical AD. If you want to migrate to a specific AD in the same region, you can use cross tenancy restore instead of cloning.

Cross Tenancy Restore

With cross tenancy restore, you can restore OCI volume backups for migrations across ADs. OCI volume backups are regional and thus are available in all ADs in a region to restore. This option can be used over clones if customers want to migrate their volumes across ADs in the same region. At this time, users cannot copy the backups from one tenancy to another tenancy; they can only restore the backups to another tenancy in the same region.

Understand Required Permissions

The permissions required to perform these operations are strictly controlled by OCI identity policies. The Admit policy should be defined in the old tenancy and the corresponding Endorse policy should be defined in the new tenancy. This will allow users to run cross tenancy operations.

  • You should only configure cross-tenancy identities for other tenancy users on an on-demand basis and then with utmost care. You should then remove these identities immediately after the cross-tenancy operations are completed.
  • Only grant permissions that are required for running the cross-tenancy operations.
  • Never grant write, update, or delete permissions to cross-tenancy users and add conditions for all incoming requests based in IAM policies.
For details on different conditions available to validate each incoming request, refer to General Variables for All Requests, which you can access from the Explore More topic, elsewhere in this playbook..