Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document.
Note: Even the most advanced machine translation cannot match the quality of professional translators.
Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Function Characteristics and Application Scenarios
The data erasure feature of OceanStor V5 storage systems overwrites the original data on disks by physically writing data. In this way, data on disks is permanently erased and cannot be restored.
Function Characteristics
- The erased data cannot be restored, ensuring information security.
- Three data erasure mechanisms are provided.
- block_erase: It is a block-level data erasure mechanism that erases both user data and mapping.
- cryptographic_erase: Oriented to SEDs, this mechanism erases both user data and mapping by erasing security keys.
- overwrite: This mechanism overwrites user data by repeatedly writing specific hexadecimal numbers. Currently, the supported overwrite standards are dod(e), dod(ece), vsitr, and custom.
- DoD 5220.22-M (E): DoD 5220.22-M standard that enables a storage system to write 0x55, 0xAA, and a pseudo random number in sequence.
- DoD 5220.22-M (ECE): DoD 5220.22-M (ECE) standard that enables a storage system to write 0x55, 0xAA, a pseudo random number, a pseudo random number, 0x55, 0xAA, and a pseudo random number in sequence.
- VSITR: VSITR standard that enables a storage system to write 0x00, 0xFF, 0x00, 0xFF, 0x00, 0xFF, and a pseudo random number in sequence.
- Custom: User-defined standard. You can customize the hexadecimal numbers to be written and the number of write times.
- The data erasure function can be implemented based on DoD 5220.22-M (E), DoD 5220.22-M (ECE), VSITR, and user-defined standards. However, the function is not certified by a third-party professional data erasure organization. If you need third-party professional certification, purchase a third-party professional data erasure service.
- SSDs support three data erasure mechanisms: block_erase, cryptographic_erase, and overwrite. HDD SEDs support onlycryptographic_erasee.
- Data erasure results can be verified.
Application Scenarios
- Erase data from selected disks. In this scenario, you can erase data in either of the following ways:
- User data erasure: Erase user data but retain disk authentication information.
- Full erasure: Erase both user data and disk authentication information.
- Disk authentication information is used by Huawei storage systems to identify and authenticate disks. Storage systems cannot identify disks whose authentication information is erased.
- The disks whose authentication information is retained can be used again, but the disks whose authentication information is erased can no longer be used.
- Data erasure operations performed on DeviceManager and in the CLI user view only erase user data but retain disk authentication information.
- Full erasure can be performed only in the CLI engineer view.
- Erase data from all disks in a disk domain to be deleted. For details, see Deleting a Disk Domain in the Basic Storage Service Configuration Guide for Block.
This operation will not erase data from the faulty disks in a disk domain.
