Sanitize a disk
Sanitizing a disk allows you to remove data from a disk or a set of disks on decommissioned or inoperable systems so that the data can never be recovered.
Two methods are available to sanitize disks using the CLI:
Sanitize a disk with “maintenance mode” commands (ONTAP 9.6 and later releases)
Beginning with ONTAP 9.6, you can perform disk sanitization in maintenance mode.
-
The disks cannot be self-encrypting disks (SED).
You must use the
storage encryption disk sanitize
command to sanitize an SED.
-
Boot into maintenance mode.
-
Exit the current shell by entering
halt
.The LOADER prompt is displayed.
-
Enter maintenance mode by entering
boot_ontap maint
.After some information is displayed, the maintenance mode prompt is displayed.
-
-
If the disks you want to sanitize are partitioned, unpartition each disk:
The command to unpartition a disk is only available at the diag level and should be performed only under NetApp Support supervision. It is highly recommended that you contact NetApp Support before you proceed. You can also refer to the Knowledge Base article How to unpartition a spare drive in ONTAP disk unpartition <disk_name>
-
Sanitize the specified disks:
disk sanitize start [-p <pattern1>|-r [-p <pattern2>|-r [-p <pattern3>|-r]]] [-c <cycle_count>] <disk_list>
Do not turn off power to the node, disrupt the storage connectivity, or remove target disks while sanitizing. If sanitizing is interrupted during the formatting phase, the formatting phase must be restarted and allowed to finish before the disks are sanitized and ready to be returned to the spare pool. If you need to abort the sanitization process, you can do so by using the disk sanitize abort
command. If the specified disks are undergoing the formatting phase of sanitization, the abort does not occur until the phase is complete.-p
<pattern1>
-p
<pattern2>
-p
<pattern3>
specifies a cycle of one to three user-defined hex byte overwrite patterns that can be applied in succession to the disks being sanitized. The default pattern is three passes, using 0x55 for the first pass, 0xaa for the second pass, and 0x3c for the third pass.-r
replaces a patterned overwrite with a random overwrite for any or all of the passes.-c
<cycle_count>
specifies the number of times that the specified overwrite patterns are applied. The default value is one cycle. The maximum value is seven cycles.<disk_list>
specifies a space-separated list of the IDs of the spare disks to be sanitized. -
If desired, check the status of the disk sanitization process:
disk sanitize status [<disk_list>]
-
After the sanitization process is complete, return the disks to spare status for each disk:
disk sanitize release <disk_name>
-
Exit maintenance mode.
Sanitize a disk with “nodeshell” commands (all ONTAP 9 releases)
After the disk sanitization feature is enabled using nodeshell commands on a node, it cannot be disabled.
-
The disks must be spare disks; they must be owned by a node, but not used in a local tier (aggregate).
If the disks are partitioned, neither partition can be in use in a local tier (aggregate).
-
The disks cannot be self-encrypting disks (SED).
You must use the
storage encryption disk sanitize
command to sanitize an SED. -
The disks cannot be part of a storage pool.
-
If the disks you want to sanitize are partitioned, unpartition each disk:
The command to unpartition a disk is only available at the diag level and should be performed only under NetApp Support supervision. It is highly recommended that you contact NetApp Support before you proceed. You can also refer to the Knowledge Base article How to unpartition a spare drive in ONTAP. disk unpartition <disk_name>
-
Enter the nodeshell for the node that owns the disks you want to sanitize:
system node run -node <node_name>
-
Enable disk sanitization:
options licensed_feature.disk_sanitization.enable on
You are asked to confirm the command because it is irreversible.
-
Switch to the nodeshell advanced privilege level:
priv set advanced
-
Sanitize the specified disks:
disk sanitize start [-p <pattern1>|-r [-p <pattern2>|-r [-p <pattern3>|-r]]] [-c <cycle_count>] <disk_list>
Do not turn off power to the node, disrupt the storage connectivity, or remove target disks while sanitizing. If sanitizing is interrupted during the formatting phase, the formatting phase must be restarted and allowed to finish before the disks are sanitized and ready to be returned to the spare pool. If you need to abort the sanitization process, you can do so by using the disk sanitize abort command. If the specified disks are undergoing the formatting phase of sanitization, the abort does not occur until the phase is complete. -p <pattern1> -p <pattern2> -p <pattern3>
specifies a cycle of one to three user-defined hex byte overwrite patterns that can be applied in succession to the disks being sanitized. The default pattern is three passes, using 0x55 for the first pass, 0xaa for the second pass, and 0x3c for the third pass.-r
replaces a patterned overwrite with a random overwrite for any or all of the passes.-c <cycle_count>
specifies the number of times that the specified overwrite patterns are applied.The default value is one cycle. The maximum value is seven cycles.
<disk_list>
specifies a space-separated list of the IDs of the spare disks to be sanitized. -
If you want to check the status of the disk sanitization process:
disk sanitize status [<disk_list>]
-
After the sanitization process is complete, return the disks to spare status:
disk sanitize release <disk_name>
-
Return to the nodeshell admin privilege level:
priv set admin
-
Return to the ONTAP CLI:
exit
-
Determine whether all of the disks were returned to spare status:
storage aggregate show-spare-disks
If…
Then…
All of the sanitized disks are listed as spares
You are done. The disks are sanitized and in spare status.
Some of the sanitized disks are not listed as spares
Complete the following steps:
-
Enter advanced privilege mode:
set -privilege advanced
-
Assign the unassigned sanitized disks to the appropriate node for each disk:
storage disk assign -disk <disk_name> -owner <node_name>
-
Return the disks to spare status for each disk:
storage disk unfail -disk <disk_name> -s -q
-
Return to administrative mode:
set -privilege admin
-
The specified disks are sanitized and designated as hot spares. The serial numbers of the sanitized disks are written to /etc/log/sanitized_disks
.
The specified disks’ sanitization logs, which show what was completed on each disk, are written to /mroot/etc/log/sanitization.log
.