Sun Storage 6000 and FLX 380 Arrays: How to Purge Data and Erase Disks Securely Using the Data Encryption Services Feature

Asset ID:	1-79-1600044.1
Update Date:	2014-11-17
Keywords:

Solution Type Predictive Self-Healing Sure

Solution 1600044.1 : Sun Storage 6000 and FLX 380 Arrays: How to Purge Data and Erase Disks Securely Using the Data Encryption Services Feature

Applies to:

Sun Storage 6580 Array - Version All Versions and later
Sun Storage 6140 Array - Version All Versions and later
Sun Storage 6180 Array - Version All Versions and later
Sun Storage 6780 Array - Version All Versions and later
Sun Storage Flexline 380 Array - Version Not Applicable and later
Information in this document applies to any platform.

Purpose

This article discusses the ability to erase data from Full Disk Encryption-capable (FDE) disk drives in the Sun Storage 6000 and FLX 380 arrays.

Scope

A feature called Data Encryption Services can be activated by installing a premium feature license in the array. The ability for this feature to function depends upon having the compatible hardware installed. The array must have FDE-capable disk drives to perform the needed functions that go along with the Data Encryption Services feature. This solution is usually pre-configured at the time of purchase to ensure that FDE-capable disk drives are present.

Details

The Sun Storage 6000 and FLX 380 arrays have the capability to encrypt data drives by using a premium feature license and specific disk drive hardware capable of FDE.

This requires:

Data Encryption Services premium feature license
Specific disk drives compatible with the FDE security feature

If properly configured and enabled, disk drives will display a "Secure Erase" button when viewed in Sun Storage Common Array Manager (CAM) Browser User Interface.

For other model arrays, the "Secure Erase" button may still be present, but will be disabled (greyed out)

If the disk is part of a virtual disk, the Secure Erase button will be disabled. You cannot erase a secure drive that is assigned to a virtual disk

To use the "Secure Erase" function on a disk :

In the CAM GUI :

Select the array in the left panel from the Storage System Summary view, and click on the Expand Branch icon
Expand the branch titled "Physical Devices"
Select "Disks" link
In the Disk Summary view, select a specific disk
In the Disk Details view, you will see a button titled "Secure Erase"

In the CAM sscs CLI :

Location for sscs :

Solaris : /opt/SUNWstkcam/bin/
Linux : /opt/sun/cam/bin/
Windows : C:\Program Files\Sun\Common Array Manager\bin

Use the following command :

sscs modify -a <array-name> -e disk <disk-name[,disk-name...]>

Example :

sscs modify -a st6780 -e disk t0d01

This will prepare the specified disk(s) for use in non-secure volume groups.

Caution : This function will destroy all data on the specified disk(s) and is an irreversible operation.

For additional information, please reference the Sun Storage Common Array Manager Array Administration Guide, beginning on printed page 43, headed "About Data Encryption Services"

References

http://docs.oracle.com/cd/E24008_01/pdf/E24011.pdf
<NOTE:1008773.1> - How to remove sensitive information / data from your hard-disk using the format utility

Attachments

This solution has no attachment