5.2 Securely Erasing Database Servers and Storage Servers

Oracle Exadata System Software 12.2.1.1.0 or later comes with a utility called Secure Eraser which securely erases data on hard drives, flash devices, persistent memory, and internal USBs. It also resets ILOM to factory settings.

In earlier versions of Exadata, you can securely erase user data through CellCLI commands such as DROP CELL ERASE, DROP CELLDISK ERASE, or DROP GRIDDISK ERASE. These DROP commands only cover user data on hard drives and flash devices. Secure Eraser, on the other hand, sanitizes all content, not only user data but also operating system, Oracle Exadata System Software, and user configurations. In addition, it covers a wider range of hardware components including hard drives, flash devices, persistent memory, internal USBs, and ILOMs.

Caution:

The server will become unbootable after the system devices are securely erased, and ILOM will no longer be remotely accessible after being reset to factory default. ILOM will remain accessible through serial console.

The Secure Eraser utility works on both database servers and storage servers and covers all Oracle Exadatas V2 or higher.

Based on hardware capabilities, different secure erasure methods are applied. In general, Secure Eraser has two types of erasure methods: 3-pass erase and crypto erase. The 3-pass erase method overwrites all addressable locations with a character, its complement, then a random character, and finally verifies the results. The crypto erase method erases all user data present on instant secure erase (ISE) devices by deleting the encryption keys with which the user data was previously encrypted.

Refer to the table "Estimated Erasure Times for Disks by Erasure Method" in the topic DROP CELL for a summary of the secure erasure methods used and their approximate time. Note that the time for 3-pass erase varies from drives to drives based on their size and speed. It is approximately equal to the time required to overwrite the entire device three times and read it one more time. Hard drives, flash devices, persistent memory, and internal USBs are securely erased in parallel: the time required to erase one device is the same as that required for erasing multiple devices of the same kind.