Function Characteristics and Application Scenarios
The data erasure feature (SmartErase) of OceanStor Dorado V6 storage systems overwrites the original data on disks. In this way, data on disks is permanently erased and cannot be restored.
Function Characteristics
- The erased data cannot be restored, ensuring information security.
- Three data erasure mechanisms are provided.
- block_erase: It is a block-level data erasure mechanism that erases both user data and mapping.
- cryptographic_erase: Oriented to self-encrypting disks (SEDs), this mechanism erases both user data and mapping by erasing security keys.
- overwrite: This mechanism overwrites user data by repeatedly writing specific hexadecimal numbers. Currently, the supported overwrite standards are DoD 5220.22-M (E), DoD 5220.22-M (ECE), VSITR, and Custom.
- DoD 5220.22-M (E): DoD 5220.22-M standard that enables a storage system to write 0x55, 0xAA, and a pseudo random number in sequence.
- DoD 5220.22-M (ECE): DoD 5220.22-M (ECE) standard that enables a storage system to write 0x55, 0xAA, a pseudo random number, a pseudo random number, 0x55, 0xAA, and a pseudo random number in sequence.
- VSITR: VSITR standard that enables a storage system to write 0x00, 0xFF, 0x00, 0xFF, 0x00, 0xFF, and a pseudo random number in sequence.
- Custom: User-defined standard. You can customize the hexadecimal numbers to be written and the number of write times.
- SmartErase is a basic function software of OceanStor Dorado. The SmartErase license is not displayed on the License Management page in DeviceManager.
- The data erasure function can be implemented based on DoD 5220.22-M (E), DoD 5220.22-M (ECE), VSITR, and Custom standards. However, the function is not certified by a third-party professional data erasure organization. If you need third-party professional certification, purchase a third-party professional data erasure service.
- Do not erase disk data within 15 minutes after the storage system is upgraded or a patch is installed.
- Data erasure results can be verified.
Application Scenarios
- Erase data from selected disks. In this scenario, you can erase data in either of the following ways:
- User data erasure: Erase user data but retain disk authentication information.
- Full erasure: Erase both user data and disk authentication information.
- Disk authentication information is used by Huawei storage systems to identify and authenticate disks. Storage systems cannot identify disks whose authentication information is erased.
- The disks whose authentication information is retained can be used again, but the disks whose authentication information is erased can no longer be used.
- Data erasure operations performed on DeviceManager and in the CLI user view only erase user data but retain disk authentication information.
- Full erasure can be performed only in the CLI engineer view.
- Erase data from all disks in a storage pool to be deleted. For details, see Deleting a Storage Pool in the Basic Storage Service Configuration Guide.
This operation will not erase data from the faulty disks in a storage pool.