1. Security Guide for Oracle Exadata
  2. Securely Erasing Oracle Exadata
  3. Overview of Secure Eraser

5.1 Overview of Secure Eraser

Oracle Exadata System Software release 12.2.1.1.0 or later provides a secure erasure solution, called Secure Eraser, for every component within Oracle Exadata.

Secure Eraser is a comprehensive solution that covers all Oracle Exadatas (V2 or higher), including both 2-socket and 8-socket servers. The solution securely erases all data on both database servers and storage servers, and resets the internal network switches, the Ethernet switches, and the power distribution units back to factory defaults.

To download the Secure Eraser package, examine the Supplemental Readme associated with your current Oracle Exadata System Software version. To find the Supplemental Readme associated with each Oracle Exadata System Software version, see Exadata Database Machine and Exadata Storage Server Supported Versions (My Oracle Support Doc ID 888828.1).

To achieve the best possible performance, secure erasure is performed in parallel at every layer on an Oracle Exadata. All Oracle Exadata Database Servers and Oracle Exadata Storage Servers are securely erased in parallel. Within a server, all device types (such as hard drives, flash devices, persistent memory and internal USBs) are securely erased in parallel. For each device type, all devices are further securely erased in parallel. This means that the total time to securely erase an entire rack is the same regardless of whether it's a quarter, half, or full rack, and that the total time should be approximately the time it takes to erase whichever component takes the longest time.

Secure Eraser automatically detects the hardware capability of a storage device and picks the best erasure method supported by the device. Cryptographic erasure is used whenever possible to provide better security and faster speed. The cryptographic erasure method used by Secure Eraser is fully compliant with the NIST SP-800-88r1 standard.

Secure Eraser comes with flexible options. The entire process can be completely automated without any user intervention. Or, you can choose to do it interactively and choose to erase specific types of storage devices.

Secure Eraser periodically generates a progress report every 10 seconds so that you can easily monitor the progress.

When the secure erasure is completed, a certificate is generated for each server with a list of devices that have been securely erased. The following figure shows a sample certificate from Secure Eraser.

Figure 5-1 Sample Certificate from Secure Eraser

Description of Figure 5-1 follows
Description of "Figure 5-1 Sample Certificate from Secure Eraser"

Related Topics

Parent topic: Securely Erasing Oracle Exadata