Re: [Beowulf] Data Destruction

2021-09-30 Thread Jan Wender 
One of our customers is giving the disks to the on-site firefighters to be used 
in training exercises 

On 30. September 2021 at 09:51:40, John Hearns 
(hear...@gmail.com(mailto:hear...@gmail.com)) wrote:

> I once had an RMA case for a failed tape with Spectralogic. To prove it was 
> destroyed and not re-used I asked the workshop guys to put it through a 
> bandsaw, then sent off the pictures.
>  
> On Wed, 29 Sept 2021 at 16:47, Ellis Wilson 
> mailto:el...@ellisv3.com)> wrote:
> > On 9/29/21 11:41 AM, Jörg Saßmannshausen wrote:
> > > If you still need more, don't store the data at all but print it out on 
> > > paper
> > > and destroy it by means of incineration. :D
> >  
> > I have heard stories from past colleagues of one large US Lab putting
> > their HDDs through wood chippers with magnets on the chipped side to
> > kill the bits good and dead. As a storage fanatic that always struck me
> > as something I'd have loved to see.
> >  
> > Best,
> >  
> > ellis
> > ___
> > Beowulf mailing list, Beowulf@beowulf.org(mailto:Beowulf@beowulf.org) 
> > sponsored by Penguin Computing
> > To change your subscription (digest mode or unsubscribe) visit 
> > https://beowulf.org/cgi-bin/mailman/listinfo/beowulf
> ___
> Beowulf mailing list, Beowulf@beowulf.org sponsored by Penguin Computing
> To change your subscription (digest mode or unsubscribe) visit 
> https://beowulf.org/cgi-bin/mailman/listinfo/beowulf

--  
Jan Wender - j.wen...@web.de(mailto:j.wen...@web.de) - Signal/Mobile: 
+4915780949428(tel:+4915780949428) - Threema EPD4T5B4 ___
Beowulf mailing list, Beowulf@beowulf.org sponsored by Penguin Computing
To change your subscription (digest mode or unsubscribe) visit 
https://beowulf.org/cgi-bin/mailman/listinfo/beowulf

Re: [Beowulf] Data Destruction

2021-09-30 Thread John Hearns 
I once had an RMA case for a failed tape with Spectralogic. To prove it was
destroyed and not re-used I asked the workshop guys to put it through a
bandsaw, then sent off the pictures.

On Wed, 29 Sept 2021 at 16:47, Ellis Wilson  wrote:

> On 9/29/21 11:41 AM, Jörg Saßmannshausen wrote:
> > If you still need more, don't store the data at all but print it out on
> paper
> > and destroy it by means of incineration. :D
>
> I have heard stories from past colleagues of one large US Lab putting
> their HDDs through wood chippers with magnets on the chipped side to
> kill the bits good and dead.  As a storage fanatic that always struck me
> as something I'd have loved to see.
>
> Best,
>
> ellis
> ___
> Beowulf mailing list, Beowulf@beowulf.org sponsored by Penguin Computing
> To change your subscription (digest mode or unsubscribe) visit
> https://beowulf.org/cgi-bin/mailman/listinfo/beowulf
>
___
Beowulf mailing list, Beowulf@beowulf.org sponsored by Penguin Computing
To change your subscription (digest mode or unsubscribe) visit 
https://beowulf.org/cgi-bin/mailman/listinfo/beowulf

Re: [Beowulf] Data Destruction

2021-09-29 Thread Ellis Wilson 

On 9/29/21 5:51 PM, Jörg Saßmannshausen wrote:

interesting concept. I did not know about the Lustre fsencrypt but then, I am
less the in-detail expert in PFS.

Just to make sure I get the concept of that correct: Basically Lustre is
providing projects which itself are encrypted, similar to the encrypted
containers I mentioned before. So in order to access the project folder, you
would need some kind of encryption key. Without that, you only have
meaningless data in front of you. Is that understanding correct?


The lustre kernel client module won't even permit open.  There may be a 
way around that with a hacked kernel module, but even then if you don't 
have the key, you don't have the data.


And it's not explicitly "project" based, in that the key really just 
applies to directories and all of their children (recursively).


Last, apologies, but I typo'd the name.  It's fscrypt, not fsencrypt. 
Was typing too quickly.  See section 30.5 of the Lustre manual for 
details.  At present no directories end up encrypted, so if you have 
*nix perms you'll be able to traverse everything, but you can't open 
anything (or again, even if you could, nonsense comes out).  Full 
directory (including metadata) encryption is slated for the next release 
of Lustre.



The only problem I have with all these things is: at one point you will need
to access the decrypted data. Then you need to make sure that this data is not
leaving your system. So for that reason we are using a Data Safe Haven where
data ingress and egress is done via a staging system.


I think this is orthogonal to the issue in question.  For sure having a 
form of air gap to control the flow of data in/out is very useful, but 
in multi-tenant PFS you still need to provide some protections against 
malicious tenants convolving other people's data with their own and 
purporting it's a legitimate export.  Client-side encryption (when 
managed appropriately) provides fairly decent protection against this 
form of the problem.


Best,

ellis
___
Beowulf mailing list, Beowulf@beowulf.org sponsored by Penguin Computing
To change your subscription (digest mode or unsubscribe) visit 
https://beowulf.org/cgi-bin/mailman/listinfo/beowulf

Re: [Beowulf] Data Destruction

2021-09-29 Thread Jörg Saßmannshausen 
Hi Ellis,

interesting concept. I did not know about the Lustre fsencrypt but then, I am 
less the in-detail expert in PFS.

Just to make sure I get the concept of that correct: Basically Lustre is 
providing projects which itself are encrypted, similar to the encrypted 
containers I mentioned before. So in order to access the project folder, you 
would need some kind of encryption key. Without that, you only have 
meaningless data in front of you. Is that understanding correct?

Does anybody happen to know if a similar system like the one Lustre is 
offering is possible on Ceph?

The only problem I have with all these things is: at one point you will need 
to access the decrypted data. Then you need to make sure that this data is not 
leaving your system. So for that reason we are using a Data Safe Haven where 
data ingress and egress is done via a staging system. 

Some food for thought.

Thanks

All the best

Jörg

Am Mittwoch, 29. September 2021, 16:42:46 BST schrieb Ellis Wilson:
> Apologies in advance for the top-post -- too many interleaved streams
> here to sanely bottom-post appropriately.
> 
> SED drives, which are a reasonably small mark-up for both HDDs and SSDs,
> provide full drive or per-band solutions to "wipe" the drive by revving
> the key associated with the band or drive.  For enterprise HDDs the
> feature is extremely common -- for enterprise SSDs it is hit or miss
> (NVMe tend to have it, SATA infrequently do).  This is your best bet for
> a solution where you're a-ok with wiping the entire system.  Note
> there's non-zero complexity here usually revolving around a non-zero
> price KMIP server, but it's (usually) not terrible.  My old employ
> (Panasas) supports this level of encryption in their most recent release.
> 
> Writing zeros over HDDs or SSDs today is an extremely dubious solution.
>   SSDs will just write the zeros elsewhere (or more commonly, not write
> them at all) and HDDs are far more complex than the olden days so you're
> still given no hard guarantees there that writing to LBA X is actually
> writing to LBA X.  Add a PFS and then local FS in front of this and
> forget about it.  You're just wasting bandwidth.
> 
> If you have a multi-tenant system and cannot just wipe the whole system
> by revving encryption keys on the drives, you're options are static
> partitioning of the drives into SED bands per tenant and a rather
> complex setup with a KMIP server and parallel parallel file systems to
> support that, or client-side encryption.  Lustre 2.14 provides this via
> fsencrypt for data, which is actually pretty slick.  This is your best
> bet to cryptographically shred the data for individual users.  I have no
> experience with other commercial file systems so cannot comment on who
> does or doesn't support client-side encryption, but whoever does should
> allow you to fairly trivially shred the bits associated with that
> user/project/org by discarding/revving the corresponding keys.  If you
> go the client-side encryption route and shred the keys, snapshots, PFS,
> local FS, RAID, and all of the other factors here play no role and you
> can safely promise the data is mathematically "gone" to the end-user.
> 
> Best,
> 
> ellis
> 
> On 9/29/21 10:52 AM, Paul Edmon via Beowulf wrote:
> > I guess the question is for a parallel filesystem how do you make sure
> > you have 0'd out the file with out borking the whole filesystem since
> > you are spread over a RAID set and could be spread over multiple hosts.
> > 
> > -Paul Edmon-
> > 
> > On 9/29/2021 10:32 AM, Scott Atchley wrote:
> >> For our users that have sensitive data, we keep it encrypted at rest
> >> and in movement.
> >> 
> >> For HDD-based systems, you can perform a secure erase per NIST
> >> standards. For SSD-based systems, the extra writes from the secure
> >> erase will contribute to the wear on the drives and possibly their
> >> eventually wearing out. Most SSDs provide an option to mark blocks as
> >> zero without having to write the zeroes. I do not think that it is
> >> exposed up to the PFS layer (Lustre, GPFS, Ceph, NFS) and is only
> >> available at the ext4 or XFS layer.
> >> 
> >> On Wed, Sep 29, 2021 at 10:15 AM Paul Edmon  >> 
> >> > wrote:
> >> The former.  We are curious how to selectively delete data from a
> >> parallel filesystem.  For example we commonly use Lustre, ceph,
> >> and Isilon in our environment.  That said if other types allow for
> >> easier destruction of selective data we would be interested in
> >> hearing about it.
> >> 
> >> -Paul Edmon-
> >> 
> >> On 9/29/2021 10:06 AM, Scott Atchley wrote:
> >>> Are you asking about selectively deleting data from a parallel
> >>> file system (PFS) or destroying drives after removal from the
> >>> system either due to failure or system decommissioning?
> >>> 
> >>> For the latter, DOE does not allow us to send any non-volatile
> >>> media offsite

Re: [Beowulf] Data Destruction

2021-09-29 Thread Ellis Wilson 

On 9/29/21 11:41 AM, Jörg Saßmannshausen wrote:

If you still need more, don't store the data at all but print it out on paper
and destroy it by means of incineration. :D


I have heard stories from past colleagues of one large US Lab putting 
their HDDs through wood chippers with magnets on the chipped side to 
kill the bits good and dead.  As a storage fanatic that always struck me 
as something I'd have loved to see.


Best,

ellis
___
Beowulf mailing list, Beowulf@beowulf.org sponsored by Penguin Computing
To change your subscription (digest mode or unsubscribe) visit 
https://beowulf.org/cgi-bin/mailman/listinfo/beowulf

Re: [Beowulf] Data Destruction

2021-09-29 Thread Ellis Wilson 
Apologies in advance for the top-post -- too many interleaved streams 
here to sanely bottom-post appropriately.


SED drives, which are a reasonably small mark-up for both HDDs and SSDs, 
provide full drive or per-band solutions to "wipe" the drive by revving 
the key associated with the band or drive.  For enterprise HDDs the 
feature is extremely common -- for enterprise SSDs it is hit or miss 
(NVMe tend to have it, SATA infrequently do).  This is your best bet for 
a solution where you're a-ok with wiping the entire system.  Note 
there's non-zero complexity here usually revolving around a non-zero 
price KMIP server, but it's (usually) not terrible.  My old employ 
(Panasas) supports this level of encryption in their most recent release.


Writing zeros over HDDs or SSDs today is an extremely dubious solution. 
 SSDs will just write the zeros elsewhere (or more commonly, not write 
them at all) and HDDs are far more complex than the olden days so you're 
still given no hard guarantees there that writing to LBA X is actually 
writing to LBA X.  Add a PFS and then local FS in front of this and 
forget about it.  You're just wasting bandwidth.


If you have a multi-tenant system and cannot just wipe the whole system 
by revving encryption keys on the drives, you're options are static 
partitioning of the drives into SED bands per tenant and a rather 
complex setup with a KMIP server and parallel parallel file systems to 
support that, or client-side encryption.  Lustre 2.14 provides this via 
fsencrypt for data, which is actually pretty slick.  This is your best 
bet to cryptographically shred the data for individual users.  I have no 
experience with other commercial file systems so cannot comment on who 
does or doesn't support client-side encryption, but whoever does should 
allow you to fairly trivially shred the bits associated with that 
user/project/org by discarding/revving the corresponding keys.  If you 
go the client-side encryption route and shred the keys, snapshots, PFS, 
local FS, RAID, and all of the other factors here play no role and you 
can safely promise the data is mathematically "gone" to the end-user.


Best,

ellis

On 9/29/21 10:52 AM, Paul Edmon via Beowulf wrote:
I guess the question is for a parallel filesystem how do you make sure 
you have 0'd out the file with out borking the whole filesystem since 
you are spread over a RAID set and could be spread over multiple hosts.


-Paul Edmon-

On 9/29/2021 10:32 AM, Scott Atchley wrote:
For our users that have sensitive data, we keep it encrypted at rest 
and in movement.


For HDD-based systems, you can perform a secure erase per NIST 
standards. For SSD-based systems, the extra writes from the secure 
erase will contribute to the wear on the drives and possibly their 
eventually wearing out. Most SSDs provide an option to mark blocks as 
zero without having to write the zeroes. I do not think that it is 
exposed up to the PFS layer (Lustre, GPFS, Ceph, NFS) and is only 
available at the ext4 or XFS layer.


On Wed, Sep 29, 2021 at 10:15 AM Paul Edmon > wrote:


The former.  We are curious how to selectively delete data from a
parallel filesystem.  For example we commonly use Lustre, ceph,
and Isilon in our environment.  That said if other types allow for
easier destruction of selective data we would be interested in
hearing about it.

-Paul Edmon-

On 9/29/2021 10:06 AM, Scott Atchley wrote:

Are you asking about selectively deleting data from a parallel
file system (PFS) or destroying drives after removal from the
system either due to failure or system decommissioning?

For the latter, DOE does not allow us to send any non-volatile
media offsite once it has had user data on it. When we are done
with drives, we have a very big shredder.

On Wed, Sep 29, 2021 at 9:59 AM Paul Edmon via Beowulf
mailto:beowulf@beowulf.org>> wrote:

Occassionally we get DUA (Data Use Agreement) requests for
sensitive
data that require data destruction (e.g. NIST 800-88). We've
been
struggling with how to handle this in an era of distributed
filesystems
and disks.  We were curious how other people handle requests
like this?
What types of filesystems to people generally use for this
and how do
people ensure destruction?  Do these types of DUA's preclude
certain
storage technologies from consideration or are there creative
ways to
comply using more common scalable filesystems?

Thanks in advance for the info.

-Paul Edmon-

___
Beowulf mailing list, Beowulf@beowulf.org
 sponsored by Penguin Computing
To change your subscription (digest mode or unsubscribe)
visit https://beowulf.org/cgi-bin/mailman/listinfo/beowulf

Re: [Beowulf] Data Destruction

2021-09-29 Thread Jörg Saßmannshausen 
Dear all,

interesting discussion and very timely for me as well as we are currently 
setting up a new HPC facility, using OpenStack throughout so we can build a 
Data Safe Haven with it as well.
The question about data security came up too in various conversations, both 
internal and with industrial partners. 
Here I actually asked one collaboration partner what they understand about 
"data at rest":
- the drive has been turned off
- the data is not being accessed

For the former, that is easy we simply encrypt all drives, one way or another. 
However, that means when the drive is on, the data is not encrypted. 

For the latter that is a bit more complicated as you need to decrypt the 
files/folder when you want to access them. This, however, in addition to the 
drive encryption itself, should give you potentially the maximum security. 
When you want to destroy that data, deleting the encrypted container *and* the 
access key, i.e. the piece you need to decrypt it, like a Yubikey, should in 
my humble opinion being enough for most data. 
If you need more, shred the drive and don't use fancy stuff like RAID or PFS. 

If you still need more, don't store the data at all but print it out on paper 
and destroy it by means of incineration. :D

How about that?

All the best from a sunny London

Jörg

Am Mittwoch, 29. September 2021, 15:57:17 BST schrieb Skylar Thompson:
> In this case, we've successfully pushed back with the granting agency (US
> NIH, generally, for us) that it's just not feasible to guarantee that the
> data are truly gone on a production parallel filesystem. The data are
> encrypted at rest (including offsite backups), which has been sufficient
> for our purposes. We'll then just use something like GNU shred(1) to do a
> best-effort secure delete.
> 
> In addition to RAID, other confounding factors to be aware of are snapshots
> and cached data.
> 
> On Wed, Sep 29, 2021 at 10:52:33AM -0400, Paul Edmon via Beowulf wrote:
> > I guess the question is for a parallel filesystem how do you make sure you
> > have 0'd out the file with out borking the whole filesystem since you are
> > spread over a RAID set and could be spread over multiple hosts.
> > 
> > -Paul Edmon-
> > 
> > On 9/29/2021 10:32 AM, Scott Atchley wrote:
> > > For our users that have sensitive data, we keep it encrypted at rest and
> > > in movement.
> > > 
> > > For HDD-based systems, you can perform a secure erase per NIST
> > > standards. For SSD-based systems, the extra writes from the secure erase
> > > will contribute to the wear on the drives and possibly their eventually
> > > wearing out. Most SSDs provide an option to mark blocks as zero without
> > > having to write the zeroes. I do not think that it is exposed up to the
> > > PFS layer (Lustre, GPFS, Ceph, NFS) and is only available at the ext4 or
> > > XFS layer.
> > > 
> > > On Wed, Sep 29, 2021 at 10:15 AM Paul Edmon  > > 
> > > > wrote:
> > > The former.  We are curious how to selectively delete data from a
> > > parallel filesystem.  For example we commonly use Lustre, ceph,
> > > and Isilon in our environment.  That said if other types allow for
> > > easier destruction of selective data we would be interested in
> > > hearing about it.
> > > 
> > > -Paul Edmon-
> > > 
> > > On 9/29/2021 10:06 AM, Scott Atchley wrote:
> > > > Are you asking about selectively deleting data from a parallel
> > > > file system (PFS) or destroying drives after removal from the
> > > > system either due to failure or system decommissioning?
> > > > 
> > > > For the latter, DOE does not allow us to send any non-volatile
> > > > media offsite once it has had user data on it. When we are done
> > > > with drives, we have a very big shredder.
> > > > 
> > > > On Wed, Sep 29, 2021 at 9:59 AM Paul Edmon via Beowulf
> > > > 
> > > > mailto:beowulf@beowulf.org>> wrote:
> > > > Occassionally we get DUA (Data Use Agreement) requests for
> > > > sensitive
> > > > data that require data destruction (e.g. NIST 800-88). We've
> > > > been
> > > > struggling with how to handle this in an era of distributed
> > > > filesystems
> > > > and disks.  We were curious how other people handle requests
> > > > like this?
> > > > What types of filesystems to people generally use for this
> > > > and how do
> > > > people ensure destruction?  Do these types of DUA's preclude
> > > > certain
> > > > storage technologies from consideration or are there creative
> > > > ways to
> > > > comply using more common scalable filesystems?
> > > > 
> > > > Thanks in advance for the info.
> > > > 
> > > > -Paul Edmon-
> > > > 
> > > > ___
> > > > Beowulf mailing list, Beowulf@beowulf.org
> > > >

Re: [Beowulf] Data Destruction

2021-09-29 Thread Skylar Thompson 
In this case, we've successfully pushed back with the granting agency (US NIH,
generally, for us) that it's just not feasible to guarantee that the data
are truly gone on a production parallel filesystem. The data are encrypted
at rest (including offsite backups), which has been sufficient for our
purposes. We'll then just use something like GNU shred(1) to do a
best-effort secure delete.

In addition to RAID, other confounding factors to be aware of are snapshots
and cached data.

On Wed, Sep 29, 2021 at 10:52:33AM -0400, Paul Edmon via Beowulf wrote:
> I guess the question is for a parallel filesystem how do you make sure you
> have 0'd out the file with out borking the whole filesystem since you are
> spread over a RAID set and could be spread over multiple hosts.
> 
> -Paul Edmon-
> 
> On 9/29/2021 10:32 AM, Scott Atchley wrote:
> > For our users that have sensitive data, we keep it encrypted at rest and
> > in movement.
> > 
> > For HDD-based systems, you can perform a secure erase per NIST
> > standards. For SSD-based systems, the extra writes from the secure erase
> > will contribute to the wear on the drives and possibly their eventually
> > wearing out. Most SSDs provide an option to mark blocks as zero without
> > having to write the zeroes. I do not think that it is exposed up to the
> > PFS layer (Lustre, GPFS, Ceph, NFS) and is only available at the ext4 or
> > XFS layer.
> > 
> > On Wed, Sep 29, 2021 at 10:15 AM Paul Edmon  > > wrote:
> > 
> > The former.  We are curious how to selectively delete data from a
> > parallel filesystem.  For example we commonly use Lustre, ceph,
> > and Isilon in our environment.  That said if other types allow for
> > easier destruction of selective data we would be interested in
> > hearing about it.
> > 
> > -Paul Edmon-
> > 
> > On 9/29/2021 10:06 AM, Scott Atchley wrote:
> > > Are you asking about selectively deleting data from a parallel
> > > file system (PFS) or destroying drives after removal from the
> > > system either due to failure or system decommissioning?
> > > 
> > > For the latter, DOE does not allow us to send any non-volatile
> > > media offsite once it has had user data on it. When we are done
> > > with drives, we have a very big shredder.
> > > 
> > > On Wed, Sep 29, 2021 at 9:59 AM Paul Edmon via Beowulf
> > > mailto:beowulf@beowulf.org>> wrote:
> > > 
> > > Occassionally we get DUA (Data Use Agreement) requests for
> > > sensitive
> > > data that require data destruction (e.g. NIST 800-88). We've
> > > been
> > > struggling with how to handle this in an era of distributed
> > > filesystems
> > > and disks.  We were curious how other people handle requests
> > > like this?
> > > What types of filesystems to people generally use for this
> > > and how do
> > > people ensure destruction?  Do these types of DUA's preclude
> > > certain
> > > storage technologies from consideration or are there creative
> > > ways to
> > > comply using more common scalable filesystems?
> > > 
> > > Thanks in advance for the info.
> > > 
> > > -Paul Edmon-
> > > 
> > > ___
> > > Beowulf mailing list, Beowulf@beowulf.org
> > >  sponsored by Penguin Computing
> > > To change your subscription (digest mode or unsubscribe)
> > > visit https://beowulf.org/cgi-bin/mailman/listinfo/beowulf
> > > 
> > > 

> ___
> Beowulf mailing list, Beowulf@beowulf.org sponsored by Penguin Computing
> To change your subscription (digest mode or unsubscribe) visit 
> https://beowulf.org/cgi-bin/mailman/listinfo/beowulf


-- 
Skylar
___
Beowulf mailing list, Beowulf@beowulf.org sponsored by Penguin Computing
To change your subscription (digest mode or unsubscribe) visit 
https://beowulf.org/cgi-bin/mailman/listinfo/beowulf

Re: [Beowulf] Data Destruction

2021-09-29 Thread Paul Edmon via Beowulf 
I guess the question is for a parallel filesystem how do you make sure 
you have 0'd out the file with out borking the whole filesystem since 
you are spread over a RAID set and could be spread over multiple hosts.


-Paul Edmon-

On 9/29/2021 10:32 AM, Scott Atchley wrote:
For our users that have sensitive data, we keep it encrypted at rest 
and in movement.


For HDD-based systems, you can perform a secure erase per NIST 
standards. For SSD-based systems, the extra writes from the secure 
erase will contribute to the wear on the drives and possibly their 
eventually wearing out. Most SSDs provide an option to mark blocks as 
zero without having to write the zeroes. I do not think that it is 
exposed up to the PFS layer (Lustre, GPFS, Ceph, NFS) and is only 
available at the ext4 or XFS layer.


On Wed, Sep 29, 2021 at 10:15 AM Paul Edmon > wrote:


The former.  We are curious how to selectively delete data from a
parallel filesystem.  For example we commonly use Lustre, ceph,
and Isilon in our environment.  That said if other types allow for
easier destruction of selective data we would be interested in
hearing about it.

-Paul Edmon-

On 9/29/2021 10:06 AM, Scott Atchley wrote:

Are you asking about selectively deleting data from a parallel
file system (PFS) or destroying drives after removal from the
system either due to failure or system decommissioning?

For the latter, DOE does not allow us to send any non-volatile
media offsite once it has had user data on it. When we are done
with drives, we have a very big shredder.

On Wed, Sep 29, 2021 at 9:59 AM Paul Edmon via Beowulf
mailto:beowulf@beowulf.org>> wrote:

Occassionally we get DUA (Data Use Agreement) requests for
sensitive
data that require data destruction (e.g. NIST 800-88). We've
been
struggling with how to handle this in an era of distributed
filesystems
and disks.  We were curious how other people handle requests
like this?
What types of filesystems to people generally use for this
and how do
people ensure destruction?  Do these types of DUA's preclude
certain
storage technologies from consideration or are there creative
ways to
comply using more common scalable filesystems?

Thanks in advance for the info.

-Paul Edmon-

___
Beowulf mailing list, Beowulf@beowulf.org
 sponsored by Penguin Computing
To change your subscription (digest mode or unsubscribe)
visit https://beowulf.org/cgi-bin/mailman/listinfo/beowulf


___
Beowulf mailing list, Beowulf@beowulf.org sponsored by Penguin Computing
To change your subscription (digest mode or unsubscribe) visit 
https://beowulf.org/cgi-bin/mailman/listinfo/beowulf

Re: [Beowulf] Data Destruction

2021-09-29 Thread Paul Edmon via Beowulf 
Yeah, that's what we were surmising.  But paranoia and compliance being 
what it is we were curious what others were doing.


-Paul Edmon-

On 9/29/2021 10:32 AM, Renfro, Michael wrote:


I have to wonder if the intent of the DUA is to keep physical media 
from winding up in the wrong hands. If so, if the servers hosting the 
parallel filesystem (or a normal single file server) is physically 
secured in a data center, and the drives are destroyed on 
decommissioning, that might satisfy the requirements.


*From: *Beowulf  on behalf of Paul Edmon 
via Beowulf 

*Date: *Wednesday, September 29, 2021 at 9:15 AM
*To: *Scott Atchley 
*Cc: *Beowulf Mailing List 
*Subject: *Re: [Beowulf] Data Destruction

*External Email Warning*

*This email originated from outside the university. Please use caution 
when opening attachments, clicking links, or responding to requests.*




The former.  We are curious how to selectively delete data from a 
parallel filesystem.  For example we commonly use Lustre, ceph, and 
Isilon in our environment.  That said if other types allow for easier 
destruction of selective data we would be interested in hearing about it.


-Paul Edmon-

On 9/29/2021 10:06 AM, Scott Atchley wrote:

Are you asking about selectively deleting data from a parallel
file system (PFS) or destroying drives after removal from the
system either due to failure or system decommissioning?

For the latter, DOE does not allow us to send any non-volatile
media offsite once it has had user data on it. When we are done
with drives, we have a very big shredder.

On Wed, Sep 29, 2021 at 9:59 AM Paul Edmon via Beowulf
mailto:beowulf@beowulf.org>> wrote:

Occassionally we get DUA (Data Use Agreement) requests for
sensitive
data that require data destruction (e.g. NIST 800-88). We've been
struggling with how to handle this in an era of distributed
filesystems
and disks.  We were curious how other people handle requests
like this?
What types of filesystems to people generally use for this and
how do
people ensure destruction?  Do these types of DUA's preclude
certain
storage technologies from consideration or are there creative
ways to
comply using more common scalable filesystems?

Thanks in advance for the info.

-Paul Edmon-

___
Beowulf mailing list, Beowulf@beowulf.org
<mailto:Beowulf@beowulf.org> sponsored by Penguin Computing
To change your subscription (digest mode or unsubscribe) visit
https://beowulf.org/cgi-bin/mailman/listinfo/beowulf

<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbeowulf.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fbeowulf=04%7C01%7CRenfro%40tntech.edu%7Ce4b070f6b37645adf15808d983539bba%7C66fecaf83dc04d2cb8b8eff0ddea46f0%7C1%7C0%7C637685217402282601%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=6Nz8oMRsE%2BwUZuaarhTWXAZ8ThB7zWUHJz%2BmVCo2bp4%3D=0>


___
Beowulf mailing list, Beowulf@beowulf.org sponsored by Penguin Computing
To change your subscription (digest mode or unsubscribe) visit 
https://beowulf.org/cgi-bin/mailman/listinfo/beowulf
___
Beowulf mailing list, Beowulf@beowulf.org sponsored by Penguin Computing
To change your subscription (digest mode or unsubscribe) visit 
https://beowulf.org/cgi-bin/mailman/listinfo/beowulf

Re: [Beowulf] Data Destruction

2021-09-29 Thread Skylar Thompson 
We have one storage system (DDN/GPFS) that is required to be
NIST-compliant, and we bought self-encrypting drives for it. The up-charge
for SED drives has diminished significantly over the past few years so that
might be easier than doing it in software and then having to verify/certify
that the software is encrypting everything that it should be.

On Wed, Sep 29, 2021 at 09:58:58AM -0400, Paul Edmon via Beowulf wrote:
> Occassionally we get DUA (Data Use Agreement) requests for sensitive data
> that require data destruction (e.g. NIST 800-88). We've been struggling with
> how to handle this in an era of distributed filesystems and disks.  We were
> curious how other people handle requests like this?  What types of
> filesystems to people generally use for this and how do people ensure
> destruction?  Do these types of DUA's preclude certain storage technologies
> from consideration or are there creative ways to comply using more common
> scalable filesystems?
> 
> Thanks in advance for the info.
> 
> -Paul Edmon-
> 
> ___
> Beowulf mailing list, Beowulf@beowulf.org sponsored by Penguin Computing
> To change your subscription (digest mode or unsubscribe) visit 
> https://beowulf.org/cgi-bin/mailman/listinfo/beowulf

-- 
Skylar
___
Beowulf mailing list, Beowulf@beowulf.org sponsored by Penguin Computing
To change your subscription (digest mode or unsubscribe) visit 
https://beowulf.org/cgi-bin/mailman/listinfo/beowulf

Re: [Beowulf] Data Destruction

2021-09-29 Thread Renfro, Michael 
I have to wonder if the intent of the DUA is to keep physical media from 
winding up in the wrong hands. If so, if the servers hosting the parallel 
filesystem (or a normal single file server) is physically secured in a data 
center, and the drives are destroyed on decommissioning, that might satisfy the 
requirements.

From: Beowulf  on behalf of Paul Edmon via Beowulf 

Date: Wednesday, September 29, 2021 at 9:15 AM
To: Scott Atchley 
Cc: Beowulf Mailing List 
Subject: Re: [Beowulf] Data Destruction

External Email Warning

This email originated from outside the university. Please use caution when 
opening attachments, clicking links, or responding to requests.



The former.  We are curious how to selectively delete data from a parallel 
filesystem.  For example we commonly use Lustre, ceph, and Isilon in our 
environment.  That said if other types allow for easier destruction of 
selective data we would be interested in hearing about it.

-Paul Edmon-
On 9/29/2021 10:06 AM, Scott Atchley wrote:
Are you asking about selectively deleting data from a parallel file system 
(PFS) or destroying drives after removal from the system either due to failure 
or system decommissioning?

For the latter, DOE does not allow us to send any non-volatile media offsite 
once it has had user data on it. When we are done with drives, we have a very 
big shredder.

On Wed, Sep 29, 2021 at 9:59 AM Paul Edmon via Beowulf 
mailto:beowulf@beowulf.org>> wrote:
Occassionally we get DUA (Data Use Agreement) requests for sensitive
data that require data destruction (e.g. NIST 800-88). We've been
struggling with how to handle this in an era of distributed filesystems
and disks.  We were curious how other people handle requests like this?
What types of filesystems to people generally use for this and how do
people ensure destruction?  Do these types of DUA's preclude certain
storage technologies from consideration or are there creative ways to
comply using more common scalable filesystems?

Thanks in advance for the info.

-Paul Edmon-

___
Beowulf mailing list, Beowulf@beowulf.org<mailto:Beowulf@beowulf.org> sponsored 
by Penguin Computing
To change your subscription (digest mode or unsubscribe) visit 
https://beowulf.org/cgi-bin/mailman/listinfo/beowulf<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbeowulf.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fbeowulf=04%7C01%7CRenfro%40tntech.edu%7Ce4b070f6b37645adf15808d983539bba%7C66fecaf83dc04d2cb8b8eff0ddea46f0%7C1%7C0%7C637685217402282601%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=6Nz8oMRsE%2BwUZuaarhTWXAZ8ThB7zWUHJz%2BmVCo2bp4%3D=0>
___
Beowulf mailing list, Beowulf@beowulf.org sponsored by Penguin Computing
To change your subscription (digest mode or unsubscribe) visit 
https://beowulf.org/cgi-bin/mailman/listinfo/beowulf

Re: [Beowulf] Data Destruction

2021-09-29 Thread Scott Atchley 
For our users that have sensitive data, we keep it encrypted at rest and in
movement.

For HDD-based systems, you can perform a secure erase per NIST standards.
For SSD-based systems, the extra writes from the secure erase will
contribute to the wear on the drives and possibly their eventually wearing
out. Most SSDs provide an option to mark blocks as zero without having to
write the zeroes. I do not think that it is exposed up to the PFS layer
(Lustre, GPFS, Ceph, NFS) and is only available at the ext4 or XFS layer.

On Wed, Sep 29, 2021 at 10:15 AM Paul Edmon  wrote:

> The former.  We are curious how to selectively delete data from a parallel
> filesystem.  For example we commonly use Lustre, ceph, and Isilon in our
> environment.  That said if other types allow for easier destruction of
> selective data we would be interested in hearing about it.
>
> -Paul Edmon-
> On 9/29/2021 10:06 AM, Scott Atchley wrote:
>
> Are you asking about selectively deleting data from a parallel file system
> (PFS) or destroying drives after removal from the system either due to
> failure or system decommissioning?
>
> For the latter, DOE does not allow us to send any non-volatile media
> offsite once it has had user data on it. When we are done with drives, we
> have a very big shredder.
>
> On Wed, Sep 29, 2021 at 9:59 AM Paul Edmon via Beowulf <
> beowulf@beowulf.org> wrote:
>
>> Occassionally we get DUA (Data Use Agreement) requests for sensitive
>> data that require data destruction (e.g. NIST 800-88). We've been
>> struggling with how to handle this in an era of distributed filesystems
>> and disks.  We were curious how other people handle requests like this?
>> What types of filesystems to people generally use for this and how do
>> people ensure destruction?  Do these types of DUA's preclude certain
>> storage technologies from consideration or are there creative ways to
>> comply using more common scalable filesystems?
>>
>> Thanks in advance for the info.
>>
>> -Paul Edmon-
>>
>> ___
>> Beowulf mailing list, Beowulf@beowulf.org sponsored by Penguin Computing
>> To change your subscription (digest mode or unsubscribe) visit
>> https://beowulf.org/cgi-bin/mailman/listinfo/beowulf
>>
>
___
Beowulf mailing list, Beowulf@beowulf.org sponsored by Penguin Computing
To change your subscription (digest mode or unsubscribe) visit 
https://beowulf.org/cgi-bin/mailman/listinfo/beowulf

Re: [Beowulf] Data Destruction

2021-09-29 Thread Paul Edmon via Beowulf 
The former.  We are curious how to selectively delete data from a 
parallel filesystem.  For example we commonly use Lustre, ceph, and 
Isilon in our environment.  That said if other types allow for easier 
destruction of selective data we would be interested in hearing about it.


-Paul Edmon-

On 9/29/2021 10:06 AM, Scott Atchley wrote:
Are you asking about selectively deleting data from a parallel file 
system (PFS) or destroying drives after removal from the system either 
due to failure or system decommissioning?


For the latter, DOE does not allow us to send any non-volatile media 
offsite once it has had user data on it. When we are done with drives, 
we have a very big shredder.


On Wed, Sep 29, 2021 at 9:59 AM Paul Edmon via Beowulf 
mailto:beowulf@beowulf.org>> wrote:


Occassionally we get DUA (Data Use Agreement) requests for sensitive
data that require data destruction (e.g. NIST 800-88). We've been
struggling with how to handle this in an era of distributed
filesystems
and disks.  We were curious how other people handle requests like
this?
What types of filesystems to people generally use for this and how do
people ensure destruction?  Do these types of DUA's preclude certain
storage technologies from consideration or are there creative ways to
comply using more common scalable filesystems?

Thanks in advance for the info.

-Paul Edmon-

___
Beowulf mailing list, Beowulf@beowulf.org
 sponsored by Penguin Computing
To change your subscription (digest mode or unsubscribe) visit
https://beowulf.org/cgi-bin/mailman/listinfo/beowulf


___
Beowulf mailing list, Beowulf@beowulf.org sponsored by Penguin Computing
To change your subscription (digest mode or unsubscribe) visit 
https://beowulf.org/cgi-bin/mailman/listinfo/beowulf

Re: [Beowulf] Data Destruction

2021-09-29 Thread Scott Atchley 
Are you asking about selectively deleting data from a parallel file system
(PFS) or destroying drives after removal from the system either due to
failure or system decommissioning?

For the latter, DOE does not allow us to send any non-volatile media
offsite once it has had user data on it. When we are done with drives, we
have a very big shredder.

On Wed, Sep 29, 2021 at 9:59 AM Paul Edmon via Beowulf 
wrote:

> Occassionally we get DUA (Data Use Agreement) requests for sensitive
> data that require data destruction (e.g. NIST 800-88). We've been
> struggling with how to handle this in an era of distributed filesystems
> and disks.  We were curious how other people handle requests like this?
> What types of filesystems to people generally use for this and how do
> people ensure destruction?  Do these types of DUA's preclude certain
> storage technologies from consideration or are there creative ways to
> comply using more common scalable filesystems?
>
> Thanks in advance for the info.
>
> -Paul Edmon-
>
> ___
> Beowulf mailing list, Beowulf@beowulf.org sponsored by Penguin Computing
> To change your subscription (digest mode or unsubscribe) visit
> https://beowulf.org/cgi-bin/mailman/listinfo/beowulf
>
___
Beowulf mailing list, Beowulf@beowulf.org sponsored by Penguin Computing
To change your subscription (digest mode or unsubscribe) visit 
https://beowulf.org/cgi-bin/mailman/listinfo/beowulf