Storage Array Erasure
Our erasure appliances provide two approaches to storage array erasure - LUN or Direct Attach. LUN Erasure can be performed on any SAN attached array. Simply zone the erasure appliance into the SAN, present the target LUNs from the array, and start the erasure. This method generates an erasure report that shows when and by what method each array was erased. Unlike some competing products, all disks presented to the erasure appliance will be erased simultaneously - so performance can be very high.
The Direct Attach method is described in more detail below. Direct Attach is even faster than LUN erase, and in many cases is preferred because now the erasure report shows the serial number of each drive that has been erased. Also, the opportunity for human error is less when performing Direct Attach erasure, because we eliminate the possibility of not addressing usable areas on a drive.
How does our product work?
All of our erasure appliances are built to erase entire storage arrays WITHOUT REMOVING DRIVES from the storage frames. The exact procedures used vary by array machine/model type, but in general these appliances can address and erase all Fibre Channel based arrays (with the notable exception of some HDS arrays – more on that later). We can also address and erase most SAS/SATA based arrays using the appliance. Typical erasure times for a single pass NIST are shown:
146GB FC Drives 30 minutes
300GB FC Drive 65 minutes
1TB SATA Drive 3 hours 30 minutes
These erasure appliances can erase an entire tray of disks (say 15) in the same amount of time as a single disk – so an entire 15 disk tray filled with 1TB SATA drives would erase in about 3 ½ hours. We are being modest when saying there aren’t a lot of erasure tools in the market today which can match this performance!
Erasing a typical Fibre array such as EMC’s Clariion/VMAX/DMX is a straightforward process. The appliance must be located with 5 meters (cabling distance limitations) of the array to be erased, and a custom cable is attached to an HBA port on the back of the erasure appliance and then directly to a drawer of disk. Note when erasing arrays we do not attached to array host bus adapters –we intentionally bypass the storage controller to gain direct access to the drive. Additional drawers may be daisy chained – a typical setup would see two or three drawers attached to a single HBA port – so in the case of an EMC array maybe 45 disks can be erased simultaneously from one appliance HBA port. With a quad port HBA literally hundreds of drives can be erased at rated speed simultaneously – so the appliance is very fast relative to more crude erasure tools many enterprises are using today.
Techniques used to erase NAS appliances vary greatly. NAS products such as EMC’s Celerra are basically FC arrays with NAS gateways – so erasure via direct attach is both possible and easy. The same is true of Netapp Filers that use FC disk – direct attachment erasure is straightforward. Other NAS storage – take EMC’s Isilon – work differently and the process to perform correct “secure erase” changes. In these cases, the drives cannot be directly populated to the erasure appliance – a different approach is necessary. We create a bootable USB memory stick and boot individual “containers” or “shelves” of disk. Each drive in the container erases at maximum speed (limited primarily by the speed of the drive).
Let’s provide an example – erasing an IBM XIV. This is an interesting example because the XIV uses Fibre Channel attachment, but the actual drives are SATA or SAS depending on model/config. A fully configured XIV has 15 drawers of disk, but these disks sit behind a SAS extender inside what is essentially an Intel PC – so unlike a dedicated FC drive which appears as a local drive – these drives appear as network drives and as such cannot be populated to an erasure appliance. In this case, we erase the drawer via USB boot – our software boots the drawer and now can directly address and properly erase each drive.
An erasure log file is stored for each drive erased so that a certified erasure report is generated for record keeping purposes. The erasure report is considered “certified” for two reasons – 1) a hashing algorithm in the erasure log file prevents unauthorized tampering with the log file and 2) in addition to HTML and CSV outputs, an erasure report may be generated as a secure PDF, further ensuring the integrity of the reported data.
Talk with us about your specific erasure requirements!