Table of ContentsView in Frames

Emergency shredding of data on disks using Storage Encryption

In case of a security emergency, you can instantly prevent access to data on disks using Storage Encryption, even if power is not available to the storage system or the external key server.

Before you begin

You must configure the external key server so that it only operates if an easily destroyed authentication item (for example, a smart card or USB drive) is present. See the documentation for the external key management server for details.

About this task

The steps for emergency shredding vary depending on whether power is available to the storage system and the external key server.

Step

  1. Perform one of the following actions:
    If... Then...
    Power is available to the storage system and you have time to gracefully take the storage system offline
    1. If the storage system is a node in an HA pair, disable takeover.
    2. Take all aggregates offline and destroy them.
    3. Halt the storage system.
    4. Boot into maintenance mode.
    5. Enter the following command: disk encrypt sanitize -all

    This leaves the storage system in a permanently disabled state with all data erased. To use the storage system again, you must set it up from the beginning.

    Power is available to the storage system and you must shred the data immediately; time is critical
    1. If the storage system is a node in an HA pair, disable takeover.
    2. Access the nodeshell by entering the following command: system node run -node node_name
    3. Set the privilege level to advanced.
    4. Enter the following command: disk encrypt sanitize -all

    The storage system panics, which is expected due to the abrupt nature of the procedure. It leaves the storage system in a permanently disabled state with all data erased. To use the storage system again, you must set it up from the beginning.

    Power is available to the external key server but not to the storage system
    1. Log in to the external key server.
    2. Destroy all keys associated with the disks containing data to protect.
    Power is not available to the external key server or the storage system Destroy the authentication item for the key server (for example, the smart card). If power to the systems is restored, the external key server cannot operate due to the missing authentication item. This prevents access to the disk encryption keys by the storage system, and therefore access to the data on the disks.