When the time arrives to decommission an environment with sesitive data, we are frequently confronted to the problem how to certify to our customer or management the erase of all data and logs.
On Exadata Machine starting from the software release 220.127.116.11.0, this problem has been elegantly solved by Oracle introducing a new utility called Secure Eraser; which securely erases data on hard drives, flash devices, internal USBs, and resets ILOM to factory default.
In earlier software versions, the Exadata Storage Software includes CellCli commands to securely erase the user data:
CellCLI> DROP GRIDDISK ALL FLASHDISK PREFIX=DATA, ERASE=7pass CellCLI> DROP GRIDDISK ALL PREFIX=DATA, ERASE=3pass
CellCLI> DROP CELLDISK ALL FLASHDISK ERASE=7pass CellCLI> DROP CELL ERASE=3pass
Unfortunatly those commands only cover the user data stored on the Storage Cell, and none of them produces an official certificate with the summary of the actions taken to guarantee the wipe of the data. While all this is done by Secure Eraser on all Compute and Storage nodes, sanitizing on all type of devices: user data, OS logs and network configurations.
Depending from the Exadata model, a subset of all of available options to execute Secure Eraser is possible:
- Automatic Secure Eraser Ethrough PXE Boot
- Interactive Secure Eraser through PXE Boot
- Interactive Secure Eraser through Network Boot
- Interactive Secure Eraser through External USB
Recently I used Secure Eraser through External USB on one Exadata X7-2 Machine and here are reported the different steps.
Copy the Secure Eraser Diagnostic image from MOS 2180963.1 to a USB stick.
# dd if=image_diagnostics_18.104.22.168.0_LINUX.X64_180125.3-1.x86_64.usb of=/dev/sdb
Boot the server using the USB device with the Secure Eraser Diagnostic image
After login, start the Secure Erase process
/usr/sbin/secureeraser --erase --all --flash_erasure_method=7pass --hdd_erasure_method=3pass --technician=Emiliano_Fusaglia --witness=Mario_Bros --output=/mnt/iso
At the end of the erase process a Data Erasure Certificate similar to the one on the example below will be available in TXT, HTML and PDF format.
4 thoughts on “Exadata How Safely Erase All Data”
Thanks for the write-up. We have an old Exadata we want to sell, but don’t have access to the secure erase tool. Could you hit me up with this tool by email?
You can download the software from MOS: Patch 25470974: EXADATA 22.214.171.124.0 Secure Eraser Package.
You are welcome