Skip to content
English - United States
CONTACT US
  • There are no suggestions because the search field is empty.

Onsite Data Sanitization Procedures

For Dell PowerMax 2000 storage arrays and other variants

1. Preparation

Confirm Scope of Work

• Verify the PowerMax 2000 array details (number of drives, RAID configuration, D@RE status).

• Confirm with the customer whether they require full data sanitization or drive disposal. Data Backup & Customer Sign-Off

• Confirm all necessary data has been backed up before erasure.

• Obtain customer approval before proceeding, as this process is irreversible. Gather Required Tools & Equipment • Safety Gear: Anti-static wrist strap, anti-static mat.

• Hardware Tools: Screwdrivers, drive trays (if applicable).

• Erasure Setup:

o A workstation with WipeOS installed.

o PCIe NVMe adapters (for direct drive connection).

o NVMe-compatible host system.

 

2. Identify & Handle Data at Rest Encryption (D@RE) Before proceeding, determine if D@RE is enabled on the PowerMax array.

Check D@RE Encryption Status

Method 1: Using Dell Unisphere GUI 1. Log in to Unisphere for PowerMax. WipeOS Confidential 2. Navigate to Security > Data at Rest Encryption (D@RE). 3. If D@RE is enabled, confirm if the encryption keys are accessible.

Method 2: Using Dell CLI (Command Line)

1. SSH into the PowerMax management console.

2. Run: symecrypt - show 3. If output shows "Encryption Enabled", determine if the keys are available.

Scenario 1: D@RE is Disabled Proceed with normal drive removal and wiping using WipeOS.

Scenario 2: D@RE is Enabled, and Keys Are Available 1. Disable D@RE via Unisphere: o Navigate to Security > Data at Rest Encryption. o Select "Disable Encryption". o Follow the on-screen steps to remove encryption. 2. Verify Decryption is Complete. 3. Proceed with drive sanitization.

Scenario 3: D@RE is Enabled, but Keys Are NOT Available You CANNOT access the data or wipe the drive normally.

Steps to Handle a Locked Encrypted Drive

Option 1: Perform a Cryptographic Erase (If Supported)

1. Check if the drive is Self-Encrypting (SED): Bash // lsblk -o NAME,ROTA,TYPE

2. Use an NVMe CLI tool to reset encryption: Bash // nvme format /dev/nvme0n1 --ses=2

3. If the above fails, look for a PSID (Physical Security ID) printed on the drive label and use a tool like: Bash // nvme sanitize /dev/nvme0n1 --action=3 --psid=

4. If successful, proceed to wipe the drive with WipeOS.

Option 2: Attempt Overwrite (May Fail on Locked Drives) If encryption cannot be removed, attempt an overwrite: Bash // dd if=/dev/zero of=/dev/nvme0n1 bs=1M status=progress ⚠ Note: This will likely fail if the drive is locked.

Option 3: Physical Destruction (If Drive is Permanently Locked)

• If encryption keys are lost, Dell drives may enter a locked state permanently.

• In this case, physical destruction is the only NIST-approved method: o Shred the drive using an NSA/CSS-approved shredder.

o Use a degausser (if the drive is magnetic media-based).

o Drill holes into the NAND chips.

3. Physically Removing Drives from Dell PowerMax 2000 Step-by-Step Drive Removal Process

1. Power Down the Array:

o Shut down the PowerMax 2000 using Dell’s Unisphere or CLI commands.

o Disconnect all power sources.

2. Access the Drive Array Enclosure (DAE):

o Remove the front bezel to expose drive bays.

3. Identify and Remove Drives:

o Press the drive release button. WipeOS Confidential o Gently pull the drive straight out.

4. Handle Drives Safely:

o Place drives on an anti-static mat.

o Avoid physical shocks.

4. Connecting Drives to WipeOS Workstation • Use PCIe NVMe adapters or an NVMe-compatible host system. • Boot the system and verify that WipeOS detects the drives.

5. Data Sanitization Using WipeOS Launching WipeOS 1. Boot into WipeOS.

2. Verify all connected drives are recognized.

3. Select the appropriate erasure method:

o NIST 800-88 Purge (Recommended for compliance).

o DoD 5220.22-M (Multi-pass overwrite).

o Custom overwrite settings if requested by the customer. Monitoring and Completion

• Track the sanitization process in real-time.

• If any errors occur, troubleshoot and restart affected drives.

• Upon completion, generate a detailed sanitization report.

6. Handling Failed Drive Sanitization (Per Section 3.3.2 of the Partner Agreement) WipeOS Confidential If a drive cannot be sanitized due to encryption, hardware failure, or system incompatibility, WipeOS follows these protocols:

1. Notify the Customer and Partner Immediately.

2. Secure and Quarantine any failed devices.

3. Provide the Customer with Alternative Sanitization Options:

o Physical destruction (shredding, degaussing, drilling).

o Specialized firmware-based erasure (if applicable).

4. Document All Actions Taken, including:

o Failed sanitization attempts.

o Error logs.

o Chain of custody records.

7. Reinstalling Drives (If Required)

• Align the drives with their respective slots.

• Push the drives in until they click into place.

• Replace the front bezel.

8. Documentation and Reporting Generate and Deliver Sanitization Reports

• WipeOS generates certificates of erasure.

• Provide the report to the customer for compliance documentation. Customer Sign-Off

• Confirm with the customer that sanitization meets their security requirements.

• Store a copy of the sanitization report for internal records. WipeOS Confidential

Final Notes

This process complies with WipeOS’s Strategic Infrastructure Partner Agreements. If a drive cannot be wiped, we follow Section 3.3.2 of our agreement to properly quarantine and report the failure. Always check if encryption is enabled before wiping. If keys are unavailable, be prepared for drive disposal instead of reuse.