ONTAP Discussions

Disks sanitize

RATNATHURAI
11,945 Views

We have a filer with only one aggaragate , the vol0 is in that aggregate.

I need to destroy the aggregate to sanitize the disks. I will not be able to offline the aggregate since it has vol0.

What is the best way to satitize the disks?

 

10 REPLIES 10

colsen
11,785 Views

Hello,

 

If you truly don't need anything on the filer, you can boot into the special boot menu and issue a 4a (erase all disks and initialize system).  Just connect via the wrench port (COM) or service processor and you should be good to go.

 

Hope that helps,

 

Chris

RATNATHURAI
11,769 Views

Thank you Chris,

I have to do disk sanitize -c 7 <disk> to make sure that no data can be recovered. Does the option 4 same as disk sanitize?

I have BMC access to the filer so i can perform ^C and option 4 .

colsen
11,760 Views

Hello,

 

From the verbiage of the process itself, NetApp claims that an option 4 has the following result:

 

Zero disks, reset config and install a new file system?: yes
This will erase all the data on the disks, are you sure?: yes
Rebooting to finish wipeconfig request

 

That said, I've not been able to find a clear explanation as to how much of an effective wipe this applies vs. the disk sanitize function.  I would suspect that a 7-pass sanitize is more "complete" than the wipeconfig, but as you observed, the sanitize can only be executed against spare disks.  So whatever disks make up your vol0  obviously can't be part of the sanitize procedure.

 

Maybe a wipeconfig guru can give us some more information insofar as if that procedure zeros things out as effectively or not.  In the meantime, you could run the 4a - rebuild the root aggregate with 3 disks - boot back into ONTAP and then apply the sanitize license and sanitize the remaining disks (which are now spares).  It's a bit of extra time - but I don't know how else you'll be able to run the sanitize command...

 

Good luck,

 

Chris

AlexDawson
11,726 Views

Option 4 does indeed zero the disks, but with a single zero overpass write only, which will prevent logical recovery of data.

 

Disk sanitize does allow options for random overwrite to ensure data is not recoverable under any circumstances, including spinstand magnetoforce microscopy. Spin-stand MFM is very expensive, difficult and generally only a concern with significantly resourced adversaries.

 

Individual organisations need to decide on the cost vs utility of the two options.

Manikk
9,987 Views

Hi Chris,

 

What command we need to use to perform the Disk Santize from SP login ?

 

Thanks ,

Manik.

AlexDawson
9,982 Views
You need to boot or setup then boot ONTAP to sanitize disks. The exact specifics depend on the model and ONTAP version present on the system

Manikk
8,267 Views

Thank you Alex.

aborzenkov
11,719 Views
What is possible: initialize filer using special boot menu 4 (this creates 3 disks root aggregate); sanitize remaining disks; initialize filer again making sure it goes to sanitized disks (e.g. by physically removing three disks) and sanitize the remaining ones, this leaves us with original content securely wiped and only default content on three disks. It should be good enough.

Alternative is to connect shelves to another filer and sanitize from there.

RATNATHURAI
11,672 Views

Thank you all for your help.  I started with disk satitize start -c . It is almost 24 hours for 60%. Will option 4 take less time than >disk sanitize start -c 1 ?

colsen
11,669 Views

Hello,

 

The amount of time it'll take a 4a depends on number/speed(type)/etc of your drives.  A small number of SAS disks will zero out pretty quickly (few hours?) but a large number of SATA drives can take days...

 

Chris

Public