John Tolmachoff
asked on
Secure erase hard drives Dell PE 195
I have a Dell PE 1950 server with a PERC 5/I embedded SAS controller.
I need to securely erase some SAS drives.
I do not see any way in the controller configuration to just pass through the drives, instead I can only create virtual drives, which does not securely erase the drive.
Any ideas?
I need to securely erase some SAS drives.
I do not see any way in the controller configuration to just pass through the drives, instead I can only create virtual drives, which does not securely erase the drive.
Any ideas?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I think if you just set it up as RAID 0 in the controller,you can probably erase that way.
No, do RAID1. It will accomplish the same thing in half the time. (Either way the metadata will be preserved. So if you have a 300TB disk, would you rather write/verify a 299.9GB LUN, or a 599.8GB LUN?)
I think the way that controller works is that it sets it up as 2 jbods when set to raid 0.
From there you just run the secure erase for both at the same time.
Six one way ,half a dozen the other.
From there you just run the secure erase for both at the same time.
Six one way ,half a dozen the other.
ASKER
And somewhere in between is the middle.
;)
Thanks guys, I will try this later today I hope.
;)
Thanks guys, I will try this later today I hope.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Don't want read load balancing after erasing, you would be verifying that half the data on one disk and half on the other has been zeroed out.
it won't be compliant anyway, unless you have a true non-RAID controller. Since you are writing the data immediately before the validation phase, then only way a RAID-based config wouldn't be correct is if you have unrecoverable write errors.
Any unrecoverable write errors on a secure erase mean that the HDD has to be physically destroyed. So as long as the controller doesn't report any such errors then the data will match. (and if you get an unrecoverable read error on a disk, then no worries, because you already know the data was erased on those blocks, so you are OK)
Now you do risk that the disks were short stroked (reprogrammed to show that there are fewer blocks on the drive then there really are. The easy way to figure out if the disks were reprogrammed is to look at the make/model info and read up the specs, then look at the size of the disks that are reported to the BIOS (which should match), or the size of a RAID 1 reported by the O/S .. the unaccounted for data is metadata, and should be around 32 MB).
Any unrecoverable write errors on a secure erase mean that the HDD has to be physically destroyed. So as long as the controller doesn't report any such errors then the data will match. (and if you get an unrecoverable read error on a disk, then no worries, because you already know the data was erased on those blocks, so you are OK)
Now you do risk that the disks were short stroked (reprogrammed to show that there are fewer blocks on the drive then there really are. The easy way to figure out if the disks were reprogrammed is to look at the make/model info and read up the specs, then look at the size of the disks that are reported to the BIOS (which should match), or the size of a RAID 1 reported by the O/S .. the unaccounted for data is metadata, and should be around 32 MB).
ASKER
Test A: Created one RAID1 volume, initialized, then did a DoD 5220.22-M wipe, then ran a consistancy check. 2 hours 13 minutes
Test B: Created one RAID0 volume, initalized, then did a DoD 5220.22-M wipe, no consitnacy check available. 3 hours 51 minutes
Test C: Created 2 RAID0 volumes (one for each drive,) initalized then did a DOD 5220.22-4 wipe, no consitancy check available. 4 hours 2 mintues
Test B: Created one RAID0 volume, initalized, then did a DoD 5220.22-M wipe, no consitnacy check available. 3 hours 51 minutes
Test C: Created 2 RAID0 volumes (one for each drive,) initalized then did a DOD 5220.22-4 wipe, no consitancy check available. 4 hours 2 mintues
ASKER
Thanks guys. Not the ideal solution, but it works, since I do not have to certify them, just secure wipe them before scrapping them.
Like I wrote ... it will do it in half the time, and you even penalized the RAID1 by making it do a 5th pass by forcing a manual consistency check ;)
There are some paid-for products that understand the controller so can deconstruct the RAID into individual disks and then print off a certificate with the serial number of the disk on it for "proof" if needed.