Avamar: How to perform secure deletion operation for client data in Avamar

Summary: This document describes what is secure deletion and how to perform secure deletion operation for any client data. (The process is also in the Tech Addendum)

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Instructions

Overview:
 

The Avamar secure backup deletion feature is a 7-pass overwrite process that completely satisfies DoD 5220.22-M (ECE) requirements.

The process uses a seven pass overwriting algorithm:
  • Two passes using a character and its complement
  • Two passes using random characters
  • Two passes with a character and its complement
  • A final pass, using random characters
 
Procedure:

1. Log in to the Avamar Utility Node as admin and load the ssh keys. For instructions on loading keys see Avamar: How to Log in to an Avamar Server and Load Various Keys.

2. Verify the following prior to beginning the secure deletion:

a. The grid must be in a healthy state:
  • All Nodes must be online
  • There should be no offline stripes.

b. Garbage Collection(GC) must be run until all pending nonsecure deletions have been completed:

avmaint garbagecollect --maxtime=0
 
c. The grid must be idle:
  • No running backups
  • No running replications (source or target)
  • No running maintenance 
 

3. Locate the backups to be securely deleted by typing the following on a single command line:

securedelete getb --id=USER@AUTH --password=PASSWORD --account=DOMAIN/CLIENT
Where:
  • USER is the Avamar username (MCUser for example)
  • AUTH is the authentication system used by USER (the default internal authentication domain is "avamar")
  • PASSWORD is the password for the USER account
  • DOMAIN/CLIENT is the full path to the client machine.

Example to get the backups for /clients/client-abc.company.com, using MCUser (with the password 'Password-12345'):

securedelete getb --id=MCUser@avamar --password=Password-12345 --account=/clients/client-abc.company.com

1  Request succeeded
[0]  labelnum:  84  label: Test_One-Test_one-1724401800006  created: 133688760426840890  totalbytes: 1504339712 ispresentbytes: 0  pidnum: 3001  percentnew: 0  expires: 1729585800  partial: 0  retentiontype: daily  backuptype: Full  ddrindex: 1  locked: 1  direct_restore: 1  tier: 0  appconsistent: not_available sealstate: COMPLETE
[1]  labelnum:  83  label: Test_One-1724142600004  created: 133686165370483230  totalbytes: 1501144832 ispresentbytes: 0  pidnum: 3001  percentnew: 0  expires: 1729326600  partial: 0  retentiontype: daily  backuptype: Full  ddrindex: 1  locked: 0  direct_restore: 1  tier: 0  appconsistent: not_available sealstate: COMPLETE
[2]  labelnum:  82  label: Test_Two-1724056200006  created: 133685300998726380  totalbytes: 1502447360 ispresentbytes: 0  pidnum: 3001  percentnew: 0  expires: 1729240200  partial: 0  retentiontype: daily,weekly  backuptype: Full  ddrindex: 1  locked: 0  direct_restore: 1  tier: 0  appconsistent: not_available sealstate: COMPLETE
[3]  labelnum:  81  label: Test_Three-1723537800004  created: 133680118440536800  totalbytes: 1502938752 ispresentbytes: 0  pidnum: 3001  percentnew: 0  expires: 1728721800  partial: 0  retentiontype: daily,weekly  backuptype: Full  ddrindex: 1  locked: 0  direct_restore: 1  tier: 0  appconsistent: not_available sealstate: COMPLETE
 

4. From the output, locate the backup to securely delete and note the created date.

In this example, label number 82 is being selected to securely delete:

[2]  labelnum:  82  label: Test_Two-1724056200006  created: 133685300998726380  totalbytes: 1502447360 ispresentbytes: 0  pidnum: 3001  percentnew: 0  expires: 1729240200  partial: 0  retentiontype: daily,weekly  backuptype: Full  ddrindex: 1  locked: 0  direct_restore: 1  tier: 0  appconsistent: not_available sealstate: COMPLETE
 

5. Run the following command to securely delete the backup:

securedelete delb --id=USER@AUTH --password=PASSWORD --account=DOMAIN/CLIENT --date=DATE
Where:
  • USER is the Avamar username (MCUser for example)
  • AUTH is the authentication system used by USER  (the default internal authentication domain is "avamar")
  • PASSWORD is the password for the USER account
  • DOMAIN/CLIENT is the full path to the client machine.

Example to delete the backup with label number 82 for /clients/client-abc.company.com, using MCUser (with the password 'Password-12345'):

securedelete delb --id=MCUser@avamar --password=Password-12345 --account=/clients/client-abc.company.com --date=133685300998726380

1  Request succeeded
 

Note:  This command takes some time to complete. The prompt is only returned when the command has finished.

Warning: Do not interrupt the "securedelete delb" command. If interrupted, not all data is securely deleted.

 

If issues are encountered, Create a Service Request with the Dell Technologies support team for assistance.

Additional Information

For more information about the securedelete feature, see the Dell Avamar Product Security Guide applicable t the environment:
  • Chapter: Data Security and Integrity
  • Section "Data Erasure)

 

 

 

Affected Products

Avamar, Avamar Server

Products

Avamar
Article Properties
Article Number: 000156372
Article Type: How To
Last Modified: 28 Aug 2025
Version:  12
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.