U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology Laboratory

4.1 Copy Data Objects between Cloud-Providers

Share

****WORKING DOCUMENT****

4.1      Copy Data Objects between Cloud-Providers

Actors: cloud-subscriber, cloud-provider-1, cloud-provider-2, transport-agent

Goals: Copy data objects from a cloud-provider-1's system to a cloud-provider-2's system on the initiative of a cloud-subscriber.

Assumptions: Cloud-subscriber has established an account with cloud-provider-1 and cloud-provider-2.

Success Scenario (copy, IaaS):  A cloud-subscriber mutually authenticates to cloud-provider-1 (where the data object initially resides) using cloud-provider-1's mutual authentication mechanisms, and starts a command shell (or equivalent) on cloud-provider-1.  From cloud-provider-1, the cloud-subscriber may access other systems on the Internet.  The cloud-subscriber determines the object identifiers of the data objects that the cloud-subscriber wishes to copy from cloud-provider-1 to cloud-provider-2.  From the command shell on cloud-provider-1 the cloud-subscriber authenticates to cloud-provider-2 using cloud-provider-2's authentication mechanisms (note: this approach passes authentication through cloud-provider-1).  The cloud-subscriber locates a container (e.g., a directory) on cloud-provider-2 where the copied object will reside.  The cloud-subscriber may have to create a container.  For each data object that the cloud-subscriber wishes to copy, the cloud-subscriber: 1) downloads the contents of the object to the virtual machine the cloud-subscriber is using in cloud-provider-1 2) uploads the data as a new object in cloud-provider-2's object store, and 3) deletes the copy of the data just created in the virtual machine in cloud-provider-1. The copy of the data just created in virtual machine in cloud-provider-1 is deleted as described in Use Case 3.6 (Erase Data Objects in Clouds).

Failure Conditions: (1) The cloud-subscriber is unable to authenticate to cloud provider-1; (2) the cloud-subscriber has insufficient privileges for the requested actions.

Failure Handling:  The cloud-providers notify the subscriber of the failure and provide a description of the failure (e.g. expired certificate, insufficient privileges, etc.).

Credit: TBD

Note:  Success Scenario 3 or New Use Case – Version Control - : - idea of several versions of same data object copied across multiple clouds and version control – distributed CVS

Information technology, Cybersecurity and Cybersecurity
Created November 2, 2010, Updated March 23, 2018