Preparations - Data Online Migration - Alibaba Cloud Documentation Center

This topic describes the operations that you must perform before you migrate data.

Step 1: Create a source NAS file system

File Storage NAS
- Create a mount target for your file system. For more information, see Manage mount points.
- If you configure a permission group for the File Storage NAS file system, you must allow all IP addresses in the virtual private cloud (VPC) to which the NAS file system is mounted to access the NAS file system. For more information, see Manage permission groups.
Third-party NAS
- Connect your NAS server to an Alibaba Cloud VPC.
  - To allow access to your NAS server over an Alibaba Cloud VPC, you can connect the NAS server to the VPC by using an Express Connect circuit. For information about how to deploy an Express Connect circuit, contact Alibaba Cloud Technical Support.
  - You can also connect your NAS server to the VPC over a VPN gateway.
- If you configure a permission group for the third-party NAS file system, you must allow all IP addresses in the VPC to which the NAS file system is mounted to access the NAS file system.

Step 2: Create a destination bucket

Create a destination bucket in the OSS console to store the migrated data. For more information, see Create a bucket.

Step 3: Create a RAM user

To ensure data security, we recommend that you create a Resource Access Management (RAM) user and grant permissions to the RAM user based on the principle of least privilege.

Note

If you want to migrate data across Alibaba Cloud accounts, you must create RAM users for the Alibaba Cloud account to which the source bucket belongs and the Alibaba Cloud account to which the destination bucket belongs. Then, you must grant the required permissions to both RAM users. Save the logon name, password, AccessKey ID, and AccessKey secret generated for each RAM user by the corresponding Alibaba Cloud account.

Log on to the RAM console.
In the left-side navigation pane, choose Identities > Users.
On the Users page, click Create User.
In the User Account Information section of the Create User page, configure the Logon Name and Display Name parameters.
In the Access Mode section, select Console Access and OpenAPI Access. Then, save the generated logon name, password, AccessKey ID, and AccessKey secret.
- Console Access: If you select this option, you must configure the console password, password reset settings, and multi-factor authentication (MFA) settings.
- OpenAPI Access: If you select this option, an AccessKey pair is automatically created for the RAM user. The RAM user can call API operations or use other development tools to access Alibaba Cloud resources.

Step 4: Grant permissions to the RAM user

After the RAM user is created, go to the Users page in the RAM console. Find the RAM user that you want to manage and click Add Permissions in the Actions column to grant permissions to the RAM user. Grant the required permissions to the RAM user based on the migration scenario.

Migrate data from File Storage NAS to OSS

Migrate data within the same Alibaba Cloud account

If you want to migrate data within the same Alibaba Cloud account, you must grant the following permissions to the RAM user:

System policy: AliyunMGWFullAccess
Custom policy:
- Permissions on Object Storage Service (OSS) resources
  Note
  The following policy is used to grant full control permissions to the RAM user on the bucket in which the migrated data is stored. mybucket indicates the name of the destination bucket. Replace <mybucket> with the name of the destination bucket.
  For more information about RAM policies for OSS, see Common examples of RAM policies.
```
{
    "Version": "1",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "oss:*",
            "Resource": [
                "acs:oss:*:*:mybucket",
                "acs:oss:*:*:mybucket/*"
            ]
        }
    ]
}
```
- Permissions on File Storage NAS
  Grant the RAM user the permission to read source data. For more information about RAM policies for File Storage NAS, see Perform access control based on RAM policies.

Migrate data across Alibaba Cloud accounts

If you want to migrate data across Alibaba Cloud accounts, you must grant the following permissions to the RAM users:

RAM user that is created within the source Alibaba Cloud account
- System policy: AliyunMGWFullAccess
- Custom policy:
  Grant the RAM user the permission to read source data. For more information about RAM policies for File Storage NAS, see Perform access control based on RAM policies.
RAM user that is created within the destination Alibaba Cloud account
- System policy: AliyunMGWFullAccess
- Custom policy:
  Note
  The following policy is used to grant full control permissions to the RAM user on the bucket in which the migrated data is stored. mybucket indicates the name of the destination bucket. Replace <mybucket> with the name of the destination bucket.
  For more information about RAM policies for OSS, see Common examples of RAM policies.
```
{
    "Version": "1",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "oss:*",
            "Resource": [
                "acs:oss:*:*:mybucket",
                "acs:oss:*:*:mybucket/*"
            ]
        }
    ]
}
```

Migrate data from third-party NAS to OSS

If you want to you migrate data from third-party NAS to OSS, you must grant the following permissions to the RAM users:

System policy: AliyunMGWFullAccess
Custom policy: Grant the RAM user full control permissions on the bucket in which the migrated data is stored.
Note
- The following policy is for reference only. Replace mybucket with the name of the destination bucket.
- For more information about RAM policies for OSS, see Common examples of RAM policies.
```
{
    "Version": "1",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "oss:*",
            "Resource": [
                "acs:oss:*:*:mybucket",
                "acs:oss:*:*:mybucket/*"
            ]
        }
    ]
}
```