| CPC H04L 9/0825 (2013.01) [G06F 16/214 (2019.01); G06F 16/258 (2019.01)] | 20 Claims |
|
1. A non-transitory, computer-readable medium storing program instructions capable of being executed within a first set of one or more computer systems within a first data center to perform operations to cause a migration of a set of data from the first data center to a second data center, the operations comprising the first set of computer systems:
receiving, from a migration policy engine executable to implement a set of data migration rules, approval for the migration;
accessing a public key of a key pair of the second data center from a key management system also accessible to the second data center;
generating a symmetric key using the public key of the key pair of the second data center, wherein the symmetric key is generated such that the symmetric key is unique for each migration;
encrypting the set of data using the symmetric key to produce an encrypted set of data;
requesting that the key management system sign a package including the encrypted set of data;
authenticating to a message broker system that is accessible by the second data center, wherein the authenticating includes establishing a secure connection with the message broker system; and
causing the migration of the set of data without a direct data connection between the first and second data centers by writing the signed package to the message broker system for retrieval and decryption by the second data center, wherein the writing includes additionally encrypting the signed package for communication via the secure connection to the message broker system, and wherein writing the package to the message broker system is performed without opening an inbound connection to the first data center from the message broker system.
|