Manualshelf

Administrator Guide

ManualsBrandsDell ManualsConverged InfrastructureSecurity Solution Resources
21222324252627282930
Technical support and resources
ID 483
5.5 System Erase
At the end of a system life cycle, it either can be retired or repurposed. For either scenario, System Erase
removes sensitive data and settings from the server. Secure Erase wipes storage devices and server
nonvolatile stores such as caches and logs so that no confidential information unintentionally leaks. It is a
utility in Lifecycle Controller (F10) that erases logs, configuration data, storage data, and cache.
The following devices, configuration settings, and applications can be erased by using the System Erase
feature:
o iDRAC is reset to default settings, erasing all data and settings.
o Lifecycle Controller (F10) data
o BIOS
o Embedded diagnostics and operating system driver packs
o iDRAC Service Module (iSM)
o SupportAssist Collection reports
The following components can also be erased:
o Hardware Cache (clear PERC NVCache)
o vFlash SD Card (initialize card) (Note: vFlash not available on servers 15G or later.)
Data on the following components are cryptographically disposed of by System Erase as described below:
o Self Encrypting Drives (SED)
o Instant Secure Erase drives (ISE drives)
o NVM devices such as Intel Apache Pass and NVDIMMs
Data overwrite can erase non-ISE SATA hard drives.
Instant Secure Erase (ISE) destroys the internal encryption key that is used in 14th and 15th generation
drives thus rendering the user data unrecoverable. ISE is a recognized method of data erasure on storage
drives as seen in NIST Special Publication 800-88 “Guidelines for Media Sanitization.”
Advantages of the new ISE feature with System Erase are the following:
o Speed: Faster than data overwriting techniques like DoD 5220.22-M (seconds compare with hours)
o Effectiveness: ISE renders all the data on the drive, including reserved blocks, unreadable.
o Better TCO: Storage devices can be reused instead of being crushed or otherwise physically
destroyed.
System Erase can be performed by the following methods:
o Lifecycle Controller interface (F10)
o RACADM CLI
o Redfish