Securely moving data across boundaries
First Claim
Patent Images
1. A computing system, comprising:
- at least one processor; and
memory storing instructions executable by the at least one processor, wherein the instructions, when executed, provide;
a first computing instance that has first access rights that enables the first computing instance to enumerate data items in a source data container but not access data in the data items,the first computing instance being configured to enumerate the source data container to obtain a first enumeration list enumerating the data items in the source data container;
a second computing instance that has second access rights that enables the second computing instance to read data in the data items in the source data container and to write to a target data container that is remote from the source data container,the second computing instance being configured to copy data, in a set of the data items, from the source data container to the target data container, based on the first enumeration list; and
a third computing instance that is configured to;
after the set of data items are copied by the second computing instance, compare data in the target data container to data in the source data container to determine whether any data items are still to be moved; and
obtain a second enumeration list indicative of the data items still to be moved,the second computing instance being configured to copy the data items still to be moved from the source data container to the target data container, based on the second enumeration list.
1 Assignment
0 Petitions
Accused Products
Abstract
Data to be moved from a source system to a target system, for a set of tenants, is first identified. The data is enumerated by a first computing instance in the source system to obtain an enumeration list. Data is copied from the source system to the target system based on the enumeration list by a second computing instance. The data in the source and target systems is then enumerated by a third computing instance to determine whether any data is still to be moved and another enumeration list is generated. The data still to be moved is then moved based on the other enumeration list.
84 Citations
20 Claims
-
1. A computing system, comprising:
-
at least one processor; and memory storing instructions executable by the at least one processor, wherein the instructions, when executed, provide; a first computing instance that has first access rights that enables the first computing instance to enumerate data items in a source data container but not access data in the data items, the first computing instance being configured to enumerate the source data container to obtain a first enumeration list enumerating the data items in the source data container; a second computing instance that has second access rights that enables the second computing instance to read data in the data items in the source data container and to write to a target data container that is remote from the source data container, the second computing instance being configured to copy data, in a set of the data items, from the source data container to the target data container, based on the first enumeration list; and a third computing instance that is configured to; after the set of data items are copied by the second computing instance, compare data in the target data container to data in the source data container to determine whether any data items are still to be moved; and obtain a second enumeration list indicative of the data items still to be moved, the second computing instance being configured to copy the data items still to be moved from the source data container to the target data container, based on the second enumeration list. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer implemented method of moving data from a source container to a target container, the method comprising:
-
enumerating, by a first compute instance, data items in the source container to obtain a first enumeration list, wherein the first compute instance has first access rights that enables the first compute instance to enumerate the data items but not access data in the data items; copying, by a second compute instance, data, in a set of the data items, from the source container to the target container based on the first enumeration list, wherein the second compute instance has second access rights that enables the second compute instance to read data in the data items in the source container and to write to the target container; and after the set of data items are copied by the second computing instance, comparing, by a third compute instance, data in the target container to data in the source container to determine whether any data is still to be moved;
based on the comparison, generating a second enumeration list indicative of the data items still to be moved;moving the data items still to be moved based on the second enumeration list. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A computing system, comprising:
-
at least one processor; and memory storing instructions executable by the at least one processor, wherein the instructions, when executed, provide; a first computing instance that has only enumeration rights to a source data container, the first computing instance enumerating the source data container to obtain a first enumeration list enumerating data in the source data container, wherein the first compute instance, stores the first enumeration list in a temporary, remote storage system that is remote from a running environment of a source computing system where the data is in the source data container; a second computing instance that has read only access to the source data container and write access to a target data container, that is remote from the source data container, and that copies data from the source data container to the target data container, based on the first enumeration list; a third computing instance that compares data in the target data container to data in the source data container, after data is copied by the second computing instance, to determine whether any data is still to be moved and obtain a second enumeration list indicative of the data still to be moved, the second computing instance copying the data still to be moved from the source data container to the target data container, based on the second enumeration list; and a difference volume identifier that is configured to determine whether a volume of data in the second enumeration list meets a threshold amount, and if not, places the source data container in read only mode and copies the data still to be moved from the source data container to the target data container. - View Dependent Claims (20)
-
Specification