How to transfer your cloud data free of charge when your contract ends or you switch to another cloud
Are you an Open Telekom Cloud customer and no longer wish to use your service in the Open Telekom Cloud or want to transfer your data to another provider? You can easily request the switch using our form. We will then ensure that your data transfer is carried out free of charge and that your reserved packages are handled accordingly. Please read the information provided here carefully.
To the application form
- Fill out the application form – at least 30 days before the planned switch – and inform us of the scope.
- We will review the request and get back to you.
- You have 30 days from the specified date to make the switch. You will receive, for example, Internet outbound traffic free of charge to carry out the switch.
IMPORTANT INFORMATION FOR OPEN TELEKOM CLOUD (ACCORDING TO ART. 26, 28, AND 29, PARA. 4, 5 DATA ACT)
According to Regulation (EU) 2023/2854 of the European Parliament and the European Council dated December 13, 2023 regarding harmonized requirements for fair data access and fair data usage and to amend Regulation (EU) 2017/2394 and Directive (EU) 2020/1828 (“Data Act”), Open Telekom Cloud customers may migrate to other equivalent services and export their customer data from the Open Telekom Cloud. The following information assists our customers in case of such a migration or data export.
AVAILABLE MIGRATION AND TRANSFER METHODS (ACCORDING TO ART. 26 LIT. A DATA ACT)
- We shall provide you and your authorized third parties with adequate assistance during your migration.
- In order to export your customer data to migrate to another service provider or for your own information and communication technology infrastructure, we provide you with different methods to do so, which you may learn about at https://docs.otc.t-systems.com/. There you will also find detailed documentation that will assist you with using the respective process for exporting your customer content.
- If, for your cloud service and migration exit strategy, you require additional assistance that you do not already have by other means, please contact our customer service at service@open-telekom-cloud.com.
AVAILABLE MIGRATION AND TRANSFER FORMATS (ACCORDING TO ART. 26 LIT. A DATA ACT)
The customer content shall be provided to the customer in format described in the documentation, see https://docs.otc.t-systems.com/. We have provided you with additional information under Infrastructure & data processing services.
RESTRICTIONS AND TECHNICAL LIMITATIONS (ACCORDING TO ART. 26 LIT. A DATA ACT)
The following restrictions and technical limitations may be present during a migration or when customer content is exported:
- Integrity problems
- Software incompatibility
- Proprietary formats
- Bandwidth restrictions
- Storage limitations
- Size limitations (e.g., even for individual processes)
- Transfer and maintenance windows
- Encryption requirements or required manual steps
We have provided you with additional information under Infrastructure & data processing services.
ONLINE REGISTER (ACCORDING TO ART. 26 LIT. B DATA ACT)
At https://docs.otc.t-systems.com/, customers can receive additional, individual details on all data structures and data formats and on the applicable standards and open interoperability specifications, in which the exportable data is available. We have provided you with additional information under Infrastructure & data processing services.
INFRASTRUCTURE AND DATA PROCESSING SERVICES
Infrastructure services
The following Open Telekom Cloud services are infrastructure elements according to the Data Act. Please consult the links for functional descriptions and openly documented interfaces.
Autoscaling Dedicated Host Direct ConnectDomain Name ServiceElastic Cloud ServerElastic IPElastic Load BalancingEnterprise RouterFirewall-as-a-service Nat GatewayVirtual Private CloudVirtual Private NetworkVPC Endpoint Data processing services
The following Open Telekom Cloud services are data processing services according to the Data Act. Please find attached information on export and migration options as well as openly documented interfaces and export formats.
Anti-DDoS https://docs.otc.t-systems.com/anti-ddos/umn/
Migration: The Anti-DDoS Traffic Cleaning Service is a network security service that protects IP addresses from attacks. Exporting of Anti-DDoS settings can be invoked via the API. Statistics can be downloaded via the GUI.
Export format: csv
Limitations: It may be necessary to re-configure certain settings in the coming environment.
https://docs.otc.t-systems.com/api-gateway/index.html
Migration: Please consult “Restrictions and Compatibility and Extended Definition” for more information on exporting.
Export format: JSON
https://docs.otc.t-systems.com/application-operations-management/index.html
Migration: Settings can be exported via GUI and API. The customer is responsible for reconciling the exported data.
Export formats: JSON
https://docs.otc.t-systems.com/application-performance-management/index.html
Migration: The APM Service (Application Performance Management) enables the identification of problems such as slow methods and optimization of cloud applications. Please consult the service providers for the underlying metrics and harvester settings.
Export format: csv
Limitation: It may be necessary to re-configure certain settings and alerting rules in the coming environment.
https://docs.otc.t-systems.com/application-service-mesh/index.html
Migration: Settings can be exported via API. The customer is responsible for reconciling the exported data.
Export format: JSON
Limitations: It may be necessary to re-configure certain settings in the coming environment.
https://docs.otc.t-systems.com/cloud-backup-recovery/index.html
Migration: Configuration via API available, backup export possible only via workaround to create and export an image.
Export formats: qcow, .vmdk, .vhd, .zvhd (when exporting as an image)
Limit: Service backups could not be used in another environment
https://docs.otc.t-systems.com/cloud-container-engine/index.html
Migration: Settings can be exported via API. The customer is responsible for reconciling the exported data. Open-source tools such as YAML and kubectl can also be used.
Reference migration methods: https://arch.otc-service.com/docs/best-practices/containers/cloud-container-engine/migrating-from-other_clouds-to-cce
Export format: JSON
Limitations: It may be necessary to re-configure certain settings in the coming environment.
https://docs.otc.t-systems.com/cloud-container-instance/index.html
Migration: Settings can be exported via API. The customer is responsible for reconciling the exported data. Open-source tools such as YAML and kubectl can also be used.
Export format: JSON
Limitations: It may be necessary to re-configure certain settings in the coming environment.
https://docs.otc.t-systems.com/cloud-eye/index.html
Migration: Settings can be exported via API. The customer is responsible for reconciling the exported data (GUI and API).
Export format: JSON
Limitation: It may be necessary to re-configure certain settings in the coming environment.
https://docs.otc.t-systems.com/cloud-firewall/index.html
Migration: Cloud Firewall (CFW) is a next-generation, cloud-native firewall that protects internet and VPC boundaries in the cloud. Settings (access policies, object groups), including LTS logs, can be imported and exported via the GUI and API.
Export format: xlsx for settings, csv for logs
Limitations: It may be necessary to re-configure certain settings in the coming environment.
https://docs.otc.t-systems.com/cloud-search-service/index.html
Migration: For more information, please consult “Elasticsearch Cluster Access Methods” in “Cloud Search Service – User Guide.” Furthermore, native open-source tools such as DBeaver or snapshots using CSS documentation can be used.
Export format: No limit to snapshot name.
https://docs.otc.t-systems.com/cloud-trace-service/index.html
Migration: The export can take place for OBS and LTS. For more information on export, please consult “Configuring a tracker with the help of querying a trace list”.
Export format: JSON
https://docs.otc.t-systems.com/config/index.html
Migration: Settings can be exported via API. The customer is responsible for reconciling the exported data (GUI and API).
Export format: JSON
Limitation: It may be necessary to re-configure certain settings in the coming environment.
https://docs.otc.t-systems.com/data-lake-insight/index.html
Migration: Data Lake Insight can also be used as a migration tool to stream data. Furthermore, SQL databases created within DLI can also be exported as json or csv only in OBS. Exported databases in Object Block Storage (OBS) can be directly downloaded inside OBS. Object Storage Service APIs are located in: https://docs.otc.t-systems.com/object-storage-service/index.html
Export format: .json or .csv
https://docs.otc.t-systems.com/data-replication-service/index.html
Switch: Data Replication Service helps the customer migrate their data (SQL or NoSQL). Customer data is not stored.
https://docs.otc.t-systems.com/data-warehouse-service/index.html
Migration: In this case, native open-source tools such as DBeaver or pg_dump can be used. DataArts Studio offers a wide selection of migration options from DWS.
https://docs.otc.t-systems.com/data-arts-studio/index.html
Migration: Since it is both a migration and a flow tool, flows can be exported to local path or to Object Block Storage (OBS), although it is not compatible with other cloud service providers. Exported files in Object Block Storage (OBS) can be directly downloaded inside OBS. Object Storage Service APIs are located in: https://docs.otc.t-systems.com/object-storage-service/index.html
Export format: .job in the exported .zip file.
https://docs.otc.t-systems.com/database-security-service/index.html
Migration: Database Security Service (DBSS) is an intelligent security service for databases. All configurations must be documented to reconstruct this service in the future environment.
Limit: Database Security Service has no option to export the configurations via API or GUI.
https://docs.otc.t-systems.com/distributed-database-middleware/index.html
Migration: The following direct migration options are available:
- Using a MySQL tool (mysqldump) and replication via different tools such as rsync
- Via the Data Replication Service → Migration → outside the cloud (out of the cloud) from MySQL to MySQL. In this case, a data migration is carried out using the Data Replication Service specifically from one MySQL database in the cloud to a MySQL database outside the cloud.
Export format: .sql
https://docs.otc.t-systems.com/distributed-message-service/index.html
Migration: The export can be carried out via OBS (Migrating Data Using Smart Connect) or Kafka Data Migration Overview.
Export format: JSON
https://docs.otc.t-systems.com/document-database-service/index.html
Migration: The following options are available:
- Manually with open-source tools: Use of native open-source tools to export backups.
- Via the DDS user interface: According to documentation (DDS user guide, manually switching the primary and secondary nodes of a replica set), you can export backups via the DDS UI and, during the process, the Object Storage Service is used as a storage destination.
- A backup export can also be done via the API functions.
- Using the Data Replication Service: Use the data replication service for real-time migration out of the cloud: DDS → MongoDB
https://docs.otc.t-systems.com/elastic-volume-service/index.html
Migration: Images can be created for exporting data – there are numerous tools available on the market that enable you to export disks or copy data from one data media to another data source.
Export formats: qcow, .vmdk, .vhd, .zvhd (when exporting as an image)
https://docs.otc.t-systems.com/function-graph/index.html
Migration: Export the data via API
Export format: JSON & zip
Limits: Exported code may need to be redeveloped if it is used in other environments.
https://docs.otc.t-systems.com/host-security-service/index.html
Migration: Host Security Service (HSS) helps with identifying and managing assets on servers, with eliminating risks, and with fending off intrusion attempts (intrusion detection) and website manipulation. Assets, fingerprints, vulnerabilities, events, and alarms can be exported. Some configurations (e.g., baseline checks and policies) must be documented in order to reconstruct this service in the future environment.
Export format: csv
Limit: Host Security Service has limited ability to export the configurations via API. It may be necessary to re-configure certain settings in the coming environment.
https://docs.otc.t-systems.com/image-management-service/index.html
Migration: Via the IMS Service’s export function
Export formats: qcow, .vmdk, .vhd, .zvhd
Limits: There is a 128 GB limit when exporting encrypted images.
https://docs.otc.t-systems.com/key-management-service/index.html
Migration: The Key Management Service (KMS) is a cloud service that is used to centrally create, administrate, and secure cryptographic keys that are used for encrypting data, among other things. KMS uses Hardware Security Modules (HSM) that meet FIPS 140-2 level 3 requirements for protecting
and managing these keys. Root keys are always stored in Open Telekom Cloud's Hardware Security Module (HSM). It is necessary to encrypt data in order to afterwards re-encrypt it in the next environment.
Limit: It is prohibited to take keys with you.
https://docs.otc.t-systems.com/log-tank-service/index.html
Migration: Log data can be exported and downloaded to OBS.
Export format: JSON
https://docs.otc.t-systems.com/mapreduce-service/index.html
Migration: In this case, native open-source tools such as DBeaver can be used. DataArts Studio offers a wide selection of migration options from MRS.
https://docs.otc.t-systems.com/modelarts/index.html
Migration: The first models are not compatible with other service providers. Customer data for training are stored in the Object Storage Service and can be downloaded at any time.
Limit: You cannot switch from ModelArts. It is necessary to seek a new service that provides a similar functionality.
https://docs.otc.t-systems.com/object-storage-service/index.html
Migration – The configuration can be downloaded via the API or the inventory function – all data can be directly downloaded – there are tools on the market that can be used to copy data to different destinations.
Export format: Format of file will remain
https://docs.otc.t-systems.com/optical-character-recognition/index.html
Migration: Since the Optical Character Recognition Service evaluates entries (e.g., images) only temporarily in the cache and returns a JSON structure as a result, no data is permanently saved in this service. Therefore, migration is not required.
Migration: All oracle-optimized backups are in the Open Telekom Cloud's Object Storage Service. Data can be directly downloaded there. Object Storage Service APIs are located in: https://docs.otc.t-systems.com/object-storage-service/index.html
https://docs.otc.t-systems.com/relational-database-service/index.html
Migration: The following options are available:
- Manually with open-source native tools: Use of native open-source tools to export backups.
- Via the RDS user interface: A backup export can also be carried out via the RDS UI.
- The API offers functions for exporting backups.
- Using the Data Replication Service, a migration, synchronization, or backup migration in Object Block Storage (OBS) is available based on the engine (MySQL, PostgreSQL, or Microsoft SQL).
Export format: For MySQL: .sql via mysqldump for PostgreSQL any name via pg_dump/pg_dumpall and for Microsoft SQL .bak
https://docs.otc.t-systems.com/scalable-file-service/index.html
Migration: rsync, rclone, or other tools can be used to export data.
Export formats: File formats remain unchanged.
https://docs.otc.t-systems.com/software-repository-container/index.html
Migration: Settings can be exported via API. The customer is responsible for reconciling the exported data.
Docker commands, image-sync and harbor (open-source registry) can be used to migrate Docker images to SWR. A detailed description on downloading Docker images can be found in the documentation: https://docs.otc.t-systems.com/software-repository-container/umn/image_management/pulling_an_image.html
Export format: JSON, Docker images
Limitations: It may be necessary to re-configure certain settings in the coming environment.
https://docs.otc.t-systems.com/storage-disaster-recovery-service/index.html
Migration: The Storage Disaster Recovery Service replicates EVS hard drives from the Elastic Volume Service. Therefore, the Elastic Volume Service’s migration service can be used. Configuration data can be retrieved via the API.
https://docs.otc.t-systems.com/tag-management-service/index.html
Migration: Settings can be exported via API. The customer is responsible for reconciling the exported data (GUI and API).
Export format: JSON
Limitation: It may be necessary to re-configure certain settings in the coming environment.
https://docs.otc.t-systems.com/web-application-firewall/index.html
Migration: The Web Application Firewall monitors, filters, and blocks HTTP and HTTPS-based network traffic to a web server. Settings and events, including LTS logs, can be exported via GUI and API.
Export formats for events and logs: csv
Limitations: It may be necessary to re-configure certain settings in the coming environment.
JURISDICTION GOVERNING THE ICT INFRASTRUCTURE THAT WAS CREATED FOR OPEN TELEKOM CLOUD (ACCORDING TO ART. 28 PARA. 1 LIT A. DATA ACT)
The infrastructure that Telekom uses for Open Telekom Cloud is subject to the laws of the Federal Republic of Germany, including the laws of the European Union.
MEASURES AGAINST INTERNATIONAL GOVERNMENT ACCESS TO NON-PERSONAL CUSTOMER CONTENT (ACCORDING TO ART. 28 PARA. 1 LIT. B DATA ACT)
Telekom offers their customers a bundle comprising technical, organizational, and contractual measures to prevent international government access to non-personal customer content, including the transfer of customers saved in the EU to government institutions in third countries if they infringe national or EU law.
Technical and organizational measures
- Encryption
- Telekom offers or enables the customer to encrypt customer data.
- Telekom has defined its cryptographic measures via guidelines. This provisions include:
- the use of the applied state of the art in cryptographic methods
- the management and application of cryptographic keys
- the protection of cryptographic keys throughout their lifecycle (generation, storage, application, and destruction).
- Customer control and authorization concepts
- The customer controls where their data is processed. This occurs when choosing services in the corresponding availability zone (AZ) or the selected region. The customer controls who can access their data. During the process, the customer is granted an “Identity & Access Management” (IAM) system. Here, the customer can issue additional authorizations. The issuance of additional authorizations remains under the authority of the customer. If data that the customer stores in the Open Telekom Cloud is to be made available to additional systems, then this remains under the customer’s control and authority. For more information, please consult the shared responsibility model: https://www.open-telekom-cloud.com/de/support/shared-responsibility. Furthermore, Telekom cannot access customer content. For the operation of Open Telekom Cloud, there are internally defined permissions in the form of roles based on business, security-relevant, and data protection requirements. This includes:
- Roles are documented and up-to-date.
- Roles are uniquely assigned to users or machines.
- Users have access only to the networks, systems, and data for which they are explicitly authorized.
- A formal process for registering and deregistering has been defined so that access rights can be assigned.
- A formal process for granting user accesses has been defined to assign or withdraw access rights for all user types to all systems and services.
- The allocation and use of privileged access rights are restricted and monitored continuously.
- The allocation of access rights is monitored with the objective of preventing rights from being allocated across functions.
- Employee duties
- Telekom obliges all employees who are involved in the processing of customer data to handle the data confidentially and to refrain from sharing it with third parties. Awareness is raised among employees on how they need to handle data disclosure requests from government institutions according to Telekom’s contractual obligations towards their customers and taking into account applicable European laws.
Contractual measures
The data is processed solely in the EU and is subject to EU jurisdiction. No customer data is processed outside the EU. The infrastructure is in the EU and is subject to European jurisdiction accordingly.
INFORMATION ABOUT COMMERCIAL FRAMEWORK CONDITIONS (ACCORDING TO ART. 29 PARA. 4 AND 5 DATA ACT)
- Standard service fees according to Service Description
- A compensation payment shall be due if the reserved packages are prematurely canceled. Please consult the Service Description for more information on handling migration costs as part of the Data Act.
Note: The information on this page will be updated as necessary. Customers can download a copy of this page for their records.
