Data Domain

Last reply by 03-11-2022 Solved
Start a Discussion
2 Bronze
2 Bronze
15808

DoD Wipe of Data Domain?

We have several Data Domain VTL units on lease and need to be returned soon.  Because of contract requirements, we must wipe the data off of the Data Domain units using DoD standards, not just the standard sanitize command.  There is apparently a service you can purchase from EMC where they will do it for you, but with as many units as we have and the cost per unit, the actual cost is astronomically prohibitive.  I am wondering if there is an alternate way to do this in house?

Replies (15)
2 Bronze
2 Bronze
8642

After a lot of research and help from others, the answer has been found.  You CAN boot from a USB drive and wipe the disks!  Here is the procedure:

1. create bootable media, either a USB thumbdrive, or bootable CD using BCWipe or whatever other application you choose.

2. attach bootable media via USB

3. boot Data Domain with a keyboard and monitor attached directly to it.  The moment you see the first text on the screen, start tapping the F2 key.

4. It will eventually come up and ask for the CURRENT password.  This is NOT the password you have set up for users, this is a BIOS/CMOS password.  Found the password info HERE: http://lvlnrd.com/emc-datadomain-default-bios-cmos-password/

DD460 = d400d (delta four zero zero delta)

DD670 = d600d (delta six zero zero delta)

DD880 = d800d (delta four zero zero delta)

The pattern is simple, “d + major series model number + d

5. Once you are into the BIOS, go to the boot menu, set your USB drive as the first boot disk, and reboot.

6. Once you have rebooted it will boot from the USB drive, and you can then wipe the disks as you need to.  This may take a week or more depending on size of your drives.

7. After the wipe is complete, you will likely need to re-install the DDOS, the instructions for which can be found in the official documentation.

NOTE:  There is only one drawback with this method that I can think of.  There is not a way with BCWipe booting it from USB that you can save the logs or get the certificate saved so any media, so the only way to get a record of it is to snap a photo of the logs.  Cybersecurity has agreed to this method.

3 Argentum
2268

Hi,

I'm glad you are happy with your DoD system wipe, nice job.

On your final note, with the EMC services to perform the wipe we insert a stick when it completes and capture the raw files from the erasure completion onto it and then generate a certificate in pdf form to confirm the successful passes against each disk and that the verification also completed with no errors. This lists out the SN of the disks and the system etc...

Without that certificate and the details, we would not be able to complete as DoD compliant but your guys are happy with a photo and thats great news.

Note: The EMC erasure software is actually running from the software loaded in RAM, not from the stick, which is how we can insert a different stick to collect that raw completion files, the software obviously has to be able to scan for this new stick/media when inserted and thats where the drivers become very important.

I've never done it with any other erasure products, so maybe those have a similar method.

Regards, Jonathan

5625

How do I run filesys destroy and-zero on my DD ?

I'm trying it with NAVCli which I'm using it for my VNX but I get invalid response. I believe for DD it would be a different way ?

5625

can't use navicli , either purchase certified erasure server from EMC or try the steps above.

1154

Hi, 

I've EMC DD2500 and it doesn't have the VGA port or USB boot option. DD2500 has only a serial port. How I can I proceed with dod wipe for dd2500. IT has only cli mode.

2 Bronze
2 Bronze
618

How about using the "set priv se" access to get root bash access and run command to overwrite the disks?

Latest Solutions
Top Contributor