Microsoft Azure Data Box offline data transfer solution allows you to send petabytes of data into Azure Storage in a quick, inexpensive, and reliable manner. The secure data transfer is accelerated by hardware transfer devices that enable offline data ingestion to Azure.
We’re excited to announce several new service capabilities including:
- General availability of self-encrypted drives Azure Data Box Disk SKU that features AES 256-bit hardware-based encryption and improved transfer rates from Linux systems.
- Data Box (80 TB) now generally available in Azure in China.
- Zero downtime migration for active data sources with Azure Data Box and Azure Storage Mover integration.
- Preview of cross-region data transfers for seamless data ingest from source country or region to select Azure destinations in a different country or region.
Additionally, we’re happy to share the Azure Data Box cloud service is Health Insurance Portability and Accountability Act (HIPAA)/Business Associate Agreement (BAA), Payment Card Industry 3-D Secure (PCI 3DS), and Payment Cards Industry Data Security Standard (PCI DSS) certified. More details on each of these new capabilities can be found below.
Azure Data Box Disk: Self-encrypted drives
Azure Data Box Disk is now generally available in a hardware-encrypted option in select countries and regions. These Data Box Disk self-encrypting drives (SEDs) offer a highly-secure platform via native hardware on the disk, removing the need for any software dependencies on the host machine. With always-on, hardware-level encryption, the data remains protected even in the very rare case of the host operating system being compromised and is shielded from commonly seen attacks like brute force, cold boot, and constantly evolving malware.
The use of a dedicated processor for encryption also speeds up the process without burdening the host system’s main central processing unit (CPU), which helps us achieve higher performance with this offering (at the solid state disk (SSD) performance level). Additionally, hardware encryption requires no additional software or driver installation on the host system, making it easier to use and robust. These SEDs are very well suited for data transfers from Linux systems and support similar data transfer rates to BitLocker-encrypted Data Box Disks on Windows.
The Azure Data Box Disk SED is popular with some of our automotive customers building advanced driver-assist systems (ADAS) capabilities, as it connects directly to in-car Linux-based data loggers via SATA. This eliminates the need for a secondary data copy from another in-car storage, enabling both time and secondary storage costs savings for customers. Here is how Xylon, manufacturer of automotive data loggers uses Data Box Disk SEDs to migrate advanced driver-assistance systems (ADAS) sensor data to Azure:
Through the cooperation with the Microsoft Azure team, we have enabled direct data logging to the hardware-encrypted Data Box Disks plugged into our logiRECORDER Automotive HIL Video Logger. It enables our common customers to transfer precious data from the test fleet to the cloud in the simplest and fastest possible way, without wasting time on unnecessary data copying and reformatting along the way.”
—Jura Ivanovic, Product Director, Automotive HIL Video Logger, Xylon
Learn more about Data Box Disk SEDs and get started migrating your on-premises data to Microsoft Azure. If you would like to use Data Box Disk SEDs in another country or region, please write to DataBox@microsoft.com.
Multi-access tier ingestion support
You can now transfer data to different blob access tiers including Azure Blob Storage Cold Tier in a single Data Box order. The new single-step process avoids both the extra data management overheads and the storage data transfer charges which were previously incurred to manually move data to the desired access tier after upload.
Previously, Azure Data Box only supported transferring data to the default access tiers of Azure Storage accounts. For example, if you wanted to move data to the cool tier in an Azure Storage Account that has the default set to hot, you would have had to first move the data to hot tier via Azure Data Box and then leverage life cycle management to move the data to the cool tier after it’s uploaded to Azure. To enable multi-access tier data ingest, we have now introduced new access tier folders in the folder hierarchy on the device. For example, all data that you copy to the cool folder will have its access tier set as cool, irrespective of the default access tier of the destination Storage account, and similarly for data copied to other folders representing the various access tiers. Learn more about multi-access tier ingestion support here.
Zero downtime migration for active data sources with Azure Storage Mover integration
Customers with frequently changing data sources are challenged with completing the migration to Cloud without downtime. We’re happy to announce that you can now combine the Azure Storage Mover and Data Box services to form an effective file and folder migration solution to move such data sources without downtime. Storage Mover jobs can detect differences between your on-premises and cloud storage to effectively transfer any updates and new files not previously captured by your Data Box transfer. For example, if only a file’s metadata (such as permissions) has changed, Azure Storage Mover will upload only the new metadata instead of the entire file content.
Learn more about how catch-up copies with Azure Storage Mover’s merge and mirror copy mode can help transfer only the delta data to Azure.
Cross-region data transfer to select Azure regions
We’re excited to share that Azure Data Box cross-region data transfer capabilities, now in preview, supports seamless ingest of on-premises data from a source country or region to select Azure destinations in a different country or region. This capability makes it possible for globally distributed organizations to directly upload and consolidate data into a single target region. For example, with this capability you can now copy on-premises data from Singapore or India to the western United States Azure destination region.
Note that the Azure Data Box device isn’t shipped across commerce boundaries. Instead, it’s transported to and from an Azure data center within the originating country or region where the on-premises data resides. Data transfer to the destination Azure region takes place across the Azure network without incurring additional charges beyond the existing Data Box service fees.
Learn more about this capability and the supported country or region combinations for Azure Data Box, Azure Data Box Disk, and Azure Data Box Heavy, respectively.
Certifications
The Azure Data Box cloud service has achieved HIPAA/BAA, PCI 3DS, and PCI DSS certifications. These certifications have been key requests from many of our customers across the healthcare and financial sectors respectively, and we’re happy to have achieved the compliance status to enable our customers’ data transfer needs.
Additional product updates
- Support for up to 4 TB Azure files across the product family.
- The Azure Data Box 80 TB SKU is now available in Azure in China. Learn more here.
- Support for data transfer to Poland Central and Italy North Azure regions.
- Transfers to premium Azure Files and Blob Archive tiers are now supported with Data Box Disk.
- The data copy service, which significantly improves the ingestion and upload time for small files, is now generally available.
Our goal is to continually enhance the simplicity of your offline data transfers, and your input is invaluable. Should you have any questions or feedback regarding Azure Data Box, feel free to reach out via email at DataBox@microsoft.com. We look forward to you reviewing your feedback and comments.
Note: This post was updated on 9/27/2024 to include the availability of the Azure Data Box 80 TB SKU in Azure in China, and additional details about hardware encryption with SED and the associated benefits.