Thanks all,
It was a government customer that I was talking too and it sounded like a good
idea, however with the certification paper trails required today, I don't think
it would be of such a benefit after all. It may be useful on the disk
evacuation, but they're still going to need their paper trail with a
certification that it was done and confirmed.
David Magda wrote:
On Nov 10, 2009, at 20:55, Mark A. Carlson wrote:
Typically this is called "Sanitization" and could be done as part of
an evacuation of data from the disk in preparation for removal.
You would want to specify the patterns to write and the number of
passes.
See also "remanence":
http://en.wikipedia.org/wiki/Data_remanence
(S)ATA actually has a protocol command ("secure erase") that will cause
the disk to over write all of its sectors, and not be usable until its
done. This doesn't exist in SCSI / SAS / FC as far as I know.
Generally speaking one over write is sufficient to prevent data from
being accessible, but various government standards specify anywhere
between one and four passes:
http://en.wikipedia.org/wiki/Data_erasure
Degaussing or complete destruction is usually necessary for the "top
secret" stuff. DBAN is a useful (open-source) utility that I tend to
recommend for regular folk:
http://www.dban.org/
While it could be useful, there are penalties in various jurisdictions
for leaking data (especially with government-related stuff), so I'm not
sure if Sun would want to potentially expose itself to inappropriate use
that doesn't clean everything properly.
With ZFS encryption coming up, it could be sufficient to have your data
sets encrypted and then simply "forget" the key. The data is still
technically there, but (theoretically) completely inaccessible.
_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
