Subscribe

Disks sanitize

[ Edited ]

We have a filer with only one aggaragate , the vol0 is in that aggregate.

I need to destroy the aggregate to sanitize the disks. I will not be able to offline the aggregate since it has vol0.

What is the best way to satitize the disks?

 

Re: Disks sanitize

Hello,

 

If you truly don't need anything on the filer, you can boot into the special boot menu and issue a 4a (erase all disks and initialize system).  Just connect via the wrench port (COM) or service processor and you should be good to go.

 

Hope that helps,

 

Chris

Re: Disks sanitize

Thank you Chris,

I have to do disk sanitize -c 7 <disk> to make sure that no data can be recovered. Does the option 4 same as disk sanitize?

I have BMC access to the filer so i can perform ^C and option 4 .

Re: Disks sanitize

Hello,

 

From the verbiage of the process itself, NetApp claims that an option 4 has the following result:

 

Zero disks, reset config and install a new file system?: yes
This will erase all the data on the disks, are you sure?: yes
Rebooting to finish wipeconfig request

 

That said, I've not been able to find a clear explanation as to how much of an effective wipe this applies vs. the disk sanitize function.  I would suspect that a 7-pass sanitize is more "complete" than the wipeconfig, but as you observed, the sanitize can only be executed against spare disks.  So whatever disks make up your vol0  obviously can't be part of the sanitize procedure.

 

Maybe a wipeconfig guru can give us some more information insofar as if that procedure zeros things out as effectively or not.  In the meantime, you could run the 4a - rebuild the root aggregate with 3 disks - boot back into ONTAP and then apply the sanitize license and sanitize the remaining disks (which are now spares).  It's a bit of extra time - but I don't know how else you'll be able to run the sanitize command...

 

Good luck,

 

Chris

Re: Disks sanitize

Option 4 does indeed zero the disks, but with a single zero overpass write only, which will prevent logical recovery of data.

 

Disk sanitize does allow options for random overwrite to ensure data is not recoverable under any circumstances, including spinstand magnetoforce microscopy. Spin-stand MFM is very expensive, difficult and generally only a concern with significantly resourced adversaries.

 

Individual organisations need to decide on the cost vs utility of the two options.

Re: Disks sanitize

What is possible: initialize filer using special boot menu 4 (this creates 3 disks root aggregate); sanitize remaining disks; initialize filer again making sure it goes to sanitized disks (e.g. by physically removing three disks) and sanitize the remaining ones, this leaves us with original content securely wiped and only default content on three disks. It should be good enough.

Alternative is to connect shelves to another filer and sanitize from there.

Re: Disks sanitize

Thank you all for your help.  I started with disk satitize start -c . It is almost 24 hours for 60%. Will option 4 take less time than >disk sanitize start -c 1 ?

Re: Disks sanitize

Hello,

 

The amount of time it'll take a 4a depends on number/speed(type)/etc of your drives.  A small number of SAS disks will zero out pretty quickly (few hours?) but a large number of SATA drives can take days...

 

Chris