Release notes
Scrub data on an encrypted volume with a SnapMirror synchronous relationship
Suggest changes
-
PDF of this doc site
-
Cluster administration
-
Volume administration
-
Logical storage management with the CLI
-
-
NAS storage management
-
Configure NFS with the CLI
-
Manage NFS with the CLI
-
Manage SMB with the CLI
-
Manage file access using SMB
-
-
-
Security and data encryption
-
Data protection and disaster recovery
-
Collection of separate PDF docs
Creating your file...
Beginning with ONTAP 9.8, you can use a secure purge to non-disruptively "scrub" data on NVE-enabled volumes with a SnapMirror synchronous relationship.
A secure purge might take from several minutes to many hours to complete, depending on the amount of data in the deleted files. You can use the volume encryption secure-purge show command to view the status of the operation. You can use the volume encryption secure-purge abort command to terminate the operation.
|
In order to do a secure purge on a SAN host, you must delete the entire LUN containing the files you want to purge, or you must be able to punch holes in the LUN for the blocks that belong to the files you want purge. If you cannot delete the LUN or your host operating system does not support punching holes in the LUN, you cannot perform a secure purge. |
-
You must be a cluster administrator to perform this task.
-
Advanced privileges are required for this task.
-
On the storage system, change to advanced privilege level:
set -privilege advanced -
Delete the files or the LUN you want to securely purge.
-
On a NAS client, delete the files you want to securely purge.
-
On a SAN host, delete the LUN you want to securely purge or punch holes in the LUN for the blocks that belong to the files you want to purge.
-
-
Prepare the destination volume in the Asynchronous relationship to be securely purged:
volume encryption secure-purge start -vserver <SVM_name> -volume <volume_name> -prepare trueRepeat this step for the other volume in your SnapMirror synchronous relationship.
-
If the files you want to securely purge are in Snapshot copies, delete the Snapshot copies:
snapshot delete -vserver <SVM_name> -volume <volume_name> -snapshot <snapshot> -
If the secure purge file is in the base or common Snapshot copies, update the SnapMirror to move the common Snapshot copy forward:
snapmirror update -source-snapshot <snapshot_name> -destination-path <destination_path>There are two common Snapshot copies, so this command must be issued twice.
-
If the secure purge file is in the application-consistent Snapshot copy, delete the Snapshot copy on both volumes in the SnapMirror synchronous relationship:
snapshot delete -vserver <SVM_name> -volume <volume_name> -snapshot <snapshot>Perform this step on both volumes.
-
Securely purge the deleted files:
volume encryption secure-purge start -vserver <SVM_name> -volume <volume_name>Repeat this step on each volume in the SnapMirror synchronous relationship.
The following command securely purges the deleted files on “vol1” on SVM “vs1”.
cluster1::> volume encryption secure-purge start -vserver vs1 -volume vol1
-
Verify the status of the secure purge operation:
volume encryption secure-purge show