Securely Erasing Data
Data security is a key consideration throughout the lifecycle of a server, including when the server is repurposed or retired. Many servers are repurposed as they are transitioned from workload to workload, or as they change ownership from one organization to another. All servers are retired when they reach the end of their useful life. When such transitions occur, the best practice for data protection is to remove all data from the server to ensure that sensitive information is not inadvertently shared. Beyond best practices, often government regulations about privacy rights also necessitate complete data elimination when IT resources are transitioned.
System Erase simplifies the process of erasing server storage devices and server nonvolatile stores such as caches and logs. To meet varying Systems Administrator needs for interactive and programmable operations, System Erase can be performed by the following methods: Lifecycle Controller GUI, WS-Man API, and RACADM CLI.
Using one of these three methods, an administrator can selectively reset a PowerEdge server to its original state (factory settings), removing data from internal server non-volatile stores and from storage devices within the server. System Erase can discover server-attached storage including hard disk drives (HDDs), self-encrypting drives (SEDs), Instant Secure Erase (ISE), and nonvolatile memory drives (NVMe’s). Data stored on ISE, SED, and NVMe devices can be made inaccessible using cryptographic erase while devices such as non-ISE SATA HDDs can be erased using data overwrite.
NVMe Sanitize Cryptographic Erase functionality is much faster and more efficient way than other methodologies. This feature destroys the key and creates a new media encryption key. Data blocks are overwritten with zeros and rendered irretrievable. Data erases other user sensitive data such as debug logs and Personal Identifying Information (PII).
For information about the System Erase function within the Lifecycle Controller GUI, see the Lifecycle Controller User's Guide available at
www.dell.com/idracmanuals.
Table 1. System Erase methods
Drive Type
|
Connected to
|
Erase Method used
|
Notes
|
SAS/SATA SED
|
PERC
|
TCG Enterprise Extension (Dell Drive specification) RevertSP
|
Cryptographically erases all user data and returns drive to factory secure state. PERC issues the command to the drives.
|
SAS SED/SAS ISE
SATA SED/ SATA ISE
|
PERC/HBA/SW RAID/AHCI
PERC/BOSS/HBA/SW RAID/AHCI
|
SCSI SANITIZE command(048h) with Service Action=Cryptographic erase
(03h)
ATA Sanitize Device command(0B4h) with Feature=Crypto Scramble
Ext(011h)
|
PERC/SW RAID issues the command to the drive. For AHCI and HBA, LC issues the command using BIOS. SED and ISE drives behave identical since they are NOT secured behind these controllers.
PERC/BOSS/SW RAID issues the command to the drive. For AHCI and HBA, LC issues the command using BIOS.
|
SAS/SATA HDD
|
PERC/HBA/SW RAID/AHCI
|
SCSI Write Buffer(3Bh)/ATA Write Buffer
|
Dell only ship ISE/SED drives, this method is no longer in use.
|
NVMe
|
PERC/non-PERC
|
- Sanitize NVM command with bits 00:02 set to 100b – Cryptographic erase)
- Format NVM (Command DWORD 10 – bits 09:11 set to 010b – Cryptographic erase)
|
BIOS and PERC issue these commands to the drives. Sanitize is a new command and so is supported by newer drives – older drives support the Format NVM. BIOS/PERC checks if the drive supports Sanitize and use it – if not use the Format NVM command.
|
NVMe SED
|
PERC/BOSS/non-PERC
|
TCG Opal Revert
|
Cryptographically erases all user data and returns drive to factory secure state. PERC/BOSS issues the command to the drives. For direct attach iDRAC issues the command. BOSS and iDRAC support for NVMe SED is not supported.
|