Data Domain Sanitize Feature / Alternative to ‘"filesys destroy and-zero"
Summary: Due to emerging cyber threats, Dell Technologies deprecated the ‘filesys destroy and-zero’ command on PowerProtect Data Domain Series, to reduce the threat to the customers. In the past, our Customers have been using this command to decommission their Data Domain systems. This command would destroy the entire DDFS and the associated metadata that resided in Cache disks. NOTE This solution is only for Data Domain systems not running RLCE. ...
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Instructions
Today Dell Technologies recommends our Customers to use instead the following procedure to sanitize the entire system:
Step 1: Execute the
Step 2: Execute the
Step 3: Execute the
command (please refer to the DDOS command reference guide for usage instructions). This command may require secure officer authorization and respective 2FA.
Note: Please note that there may be enforcement of up to a 24-hour delay before the user could execute the next set of steps after this step.
Step 4: To sanitize the SSDs used in the Cache Tier, execute this set of three commands for each disk (please refer to the DDOS command reference guide for usage instructions):
Note: These commands are only applicable to Solid-State Cache Tier disks.
Step 1: Execute the
'mtree delete <mtree-path>'command for each Mtree (please refer to the DDOS command reference guide for usage instructions)
Step 2: Execute the
‘system sanitize start’to wipe data on all external shelves (please refer to the command reference guide for usage instructions). This command writes a single pass of zeros to all disks residing in the external enclosure(s) and meets the NIST 800-88 'Clear' standard. Use
‘system sanitize status'to view progress.
Step 3: Execute the
'filesys destroy'
command (please refer to the DDOS command reference guide for usage instructions). This command may require secure officer authorization and respective 2FA.
Note: Please note that there may be enforcement of up to a 24-hour delay before the user could execute the next set of steps after this step.
Step 4: To sanitize the SSDs used in the Cache Tier, execute this set of three commands for each disk (please refer to the DDOS command reference guide for usage instructions):
- SSD’s in external shelf:
storage remove enclosures <SSD enclosure id> storage add tier cache enclosures <SSD enclosure id> storage remove enclosures <SSD enclosure id>
- SSD’s in head unit: execute this set of three commands for each disk:
storage remove disks <disk_id> storage add tier cache disks <disk_id> storage remove disks <disk_id>This set of commands write a single pass of zeros to all Solid-State disks residing in the specified enclosure(s) and meets the NIST 800-88 'Purge' standard.
Note: These commands are only applicable to Solid-State Cache Tier disks.
Affected Products
Data Domain, DD OS 7.10, DD OS 7.13, DD OS 7.7, Data Domain Virtual EditionArticle Properties
Article Number: 000224012
Article Type: How To
Last Modified: 07 Jun 2024
Version: 2
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.