Table of ContentsView in Frames

Using disk sanitization to remove data from disks

Disk sanitization enables you to remove data from a disk or set of disks so that the data can never be recovered.

Before you begin

The disks that you want to sanitize must be spare disks; they must be owned but not used in an aggregate.

About this task

When disk sanitization is enabled on a storage system, it cannot be disabled again.

If you need to remove data from disks using Storage Encryption, do not use this procedure. Use the procedure for destroying data on disks using Storage Encryption.

Steps

  1. Enable disk sanitization by entering the following command: options licensed_feature.disk_sanitization.enable on
    You are asked to confirm the command, because it is irreversible.
  2. Sanitize the specified disks by entering the following command: disk sanitize start [-p pattern1|-r [-p pattern2|-r [-p pattern3|-r]]] [-c cycle_count] disk_list
    Attention: Do not turn off the storage system, disrupt the storage connectivity, or remove target disks while sanitizing. If sanitizing is interrupted during the formatting phase, the formatting phase must be restarted and allowed to finish before the disks are sanitized and ready to be returned to the spare pool.

    If you need to abort the sanitization process, you can do so by using the disk sanitize abort command. If the specified disks are undergoing the formatting phase of sanitization, the abort does not occur until the phase is complete. At that time, Data ONTAP displays a message telling you that the sanitization process was stopped.

    -p pattern1 -p pattern2 -p pattern3 specifies a cycle of one to three user-defined hex byte overwrite patterns that can be applied in succession to the disks being sanitized. The default pattern is three passes, using 0x55 for the first pass, 0xaa for the second pass, and 0x3c for the third pass.

    -r replaces a patterned overwrite with a random overwrite for any or all of the passes.

    -c cycle_count specifies the number of times that the specified overwrite patterns are applied. The default value is one cycle. The maximum value is seven cycles.

    disk_list specifies a space-separated list of the IDs of the spare disks to be sanitized.

  3. If you want to check the status of the disk sanitization process, enter the following command: disk sanitize status [disk_list]
  4. After the sanitization process is complete, return the disks to spare status by entering the following command for each disk: disk sanitize release disk_name
  5. Determine whether all of the disks were returned to spare status by entering the following command: aggr status -s
    If... Then...
    All of the sanitized disks are listed as spares You are done. The disks are sanitized and in spare status.
    Some of the sanitized disks are not listed as spares Complete the following steps:
    1. Enter advanced privilege mode: priv set advanced
    2. Assign the disks to the appropriate storage system by entering the following command for each disk: disk assign disk_name -o system_name
    3. Return the disks to spare status by entering the following command for each disk: disk unfail -s disk_name
    4. Return to administrative mode: priv set

Result

The specified disks are sanitized and designated as hot spares. The serial numbers of the sanitized disks are written to /etc/log/sanitized_disks.

Examples

The following command applies the default three disk sanitization overwrite patterns for one cycle (for a total of three overwrites) to the specified disks 8a.6, 8a.7, and 8a.8:

disk sanitize start 8a.6 8a.7 8a.8

The following command would result in three disk sanitization overwrite patterns for six cycles (for a total of 18 overwrites) to the specified disks:

disk sanitize start -c 6 8a.6 8a.7 8a.8