2017-06-09 09:35 PM
I am wondering what happens in a multple SVM scenario when SVM A destroy a volume X. Then if SVM B creates a new volumes Y where blocks previously belonging to volume X are now belonging to Y. Is the data from volume X available through volume Y ?
Basically, how can I reassure a very cautious tenant about the security of his data. Is there official documentastion on this ?
2017-06-09 10:15 PM
While you delete a volume on OnTap 8.3 and above it will go to VRQ (Volume Recovery Queue)
Deleted volumes will be retained in a recovery queue for at least 12 hours before being completely destroyed.
This feature is added on OnTap 8.3 to provides recovery capability for accidentally deleted flexible volumes
To permanently delete the volume without waiting the default 12 hours, purge the volume use follwing command.(in diag level)
::*> volume recovery-queue purge -vserver svm_name -volume vol_name
Before you delete the volume, its possible to rehost it to another SVM (in OnTap 9)
Using the volume rehost command.
Once you delete the volume from any SVM, there is *no way* you can access the data in another SVM.
Even though OnTap will not technically erase each block, it will marked them as empty block.
which mean new data can be written there.
If your customer is more conserned about data security, you can suggest using Ontap9 and make use of NVE (NetApp Volume Encryption)
You can find some info related to NVE here
2017-06-10 07:09 AM
Thank you for answering. I had the info on what you answered, but my question is left unanswered.
What happens when the second SVM reads a block that previously belonged to the first SVM ? Let's say its block 32 to the server using the LUN. What will block 32 contain when the server asks to read that block ? Will it contain all zeroes or will it contain data placed there previously when the block was part of a volume of the first SVM ? And how about if the new volume is a cifs volume ?
Here is my scenario. I already have a tenant using the equipment. I need, to introduce a second tenant to that same equipment because this is where I have the capacity. None of the volumes of the first tenant are encrypted as previously the equipment was dedicated. The first tenant has concerns on the privacy of his data if I introduce the second tenant.
2017-06-11 07:41 PM
Remember that the volume presented to the client/s is virtualised by ONTAP's WAFL layer to actual blocks on disk. The system will return exactly what clients have written to it - if they haven't written anything, it will return blank blocks.
Your client's data will remain on disk until the block is reclaimed and rewritten for another volume. There are ways to recover it in whole or part until this occurs. If they are very concerned about security, you could consider an upgrade to ONTAP 9.1 and enable NetApp Volume Encryption (NVE) for their volumes (if your controller supports it). This will introduce software encryption for their volumes.