I have a question regarding the way WebBIOS utility erases RAID drive groups on UCS Server. In the documentation, I found this warning:
If you choose Clear Configuration or New Configuration, all existing data in the configuration is deleted. Back up data that you want to keep before you choose a configuration type.I am interested in how does Clear Configuration delete the data on the disk. Is there some overwrite involved? Would you call it secure erase? Our IT Security team wants to make sure the data is securely erased from a server we are planning to use for a different purpose at another location.
Accepted Solutions
Greetings.
Deleting the VDs does not 'scrub' the data.
I have actually helped customers who's raid controller failed, corrupting/deleting the VD metadata off the drives, recreate the same VD (exact same size, strip size, across same physical disks), but without choosing 'init', and they got their whole esxi server and datastores back completely intact.
There are some LSI/Avago utilities including StorCli, that can trigger something similar to what you are looking for although I doubt they are dod compliant
http://docs.avagotech.com/docs/12352476 StorCLI syntax guide
Below extracted from above avago doc:
storcli /cx[/ex]/sx start erase [simple|normal|thorough] [erasepatternA=<val1>] [erasepatternB=<val2>]
This command securely erases non-SED drives. The drive is written with erase patterns to ensure that the data is securely erased. You can use the following options with the start erase command:
Table 11
Drive Erase Command Options Options Value Range Description erase simple: Single pass, single pattern write normal: Three pass, three pattern write thorough: Nine pass, repeats the normal write 3 times Secure erase type. erasepatternA 8-bit value Erase pattern A to overwrite the data. erasepatternB 8-bit value Erase pattern B to overwrite the data.
Input example: storcli /c0/e25/s1 start erase thorough erasepatternA=10010011 erasepatternB=11110000
BTW, C0/e25/S1 : C0=controller 0 (the first controller, and usually the only one installed. e25 is Enclosure #25, s1 is drive slot #1
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
If you have SED/Self Encrypting Drives, than a more secure/complete wipe is triggered with:
storcli /c0/e25/s1 secureerase
For example if you check the spec sheets of a C240M4 SFF , you have SED drive options that include:
Thanks,
Kirk...
Greetings.
Deleting the VDs does not 'scrub' the data.
I have actually helped customers who's raid controller failed, corrupting/deleting the VD metadata off the drives, recreate the same VD (exact same size, strip size, across same physical disks), but without choosing 'init', and they got their whole esxi server and datastores back completely intact.
There are some LSI/Avago utilities including StorCli, that can trigger something similar to what you are looking for although I doubt they are dod compliant
http://docs.avagotech.com/docs/12352476 StorCLI syntax guide
Below extracted from above avago doc:
storcli /cx[/ex]/sx start erase [simple|normal|thorough] [erasepatternA=<val1>] [erasepatternB=<val2>]
This command securely erases non-SED drives. The drive is written with erase patterns to ensure that the data is securely erased. You can use the following options with the start erase command:
Table 11
Drive Erase Command Options Options Value Range Description erase simple: Single pass, single pattern write normal: Three pass, three pattern write thorough: Nine pass, repeats the normal write 3 times Secure erase type. erasepatternA 8-bit value Erase pattern A to overwrite the data. erasepatternB 8-bit value Erase pattern B to overwrite the data.
Input example: storcli /c0/e25/s1 start erase thorough erasepatternA=10010011 erasepatternB=11110000
BTW, C0/e25/S1 : C0=controller 0 (the first controller, and usually the only one installed. e25 is Enclosure #25, s1 is drive slot #1
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
If you have SED/Self Encrypting Drives, than a more secure/complete wipe is triggered with:
storcli /c0/e25/s1 secureerase
For example if you check the spec sheets of a C240M4 SFF , you have SED drive options that include:
Thanks,
Kirk...
