5.2 Securely Erasing Database Servers and Storage Servers

Oracle Exadata System Software includes the Secure Eraser utility, which securely erases data on hard drives, flash devices, persistent memory, and internal USBs. It also resets ILOM to factory settings.

Secure Eraser sanitizes all content, not only user data but also operating system, Oracle Exadata System Software, and user configurations.

Caution:

The server will become unbootable after the system devices are securely erased, and ILOM will no longer be remotely accessible after being reset to factory default. ILOM will remain accessible through serial console.

The Secure Eraser utility works on both database servers and storage servers and covers all supported Oracle Exadata systems.

Based on hardware capabilities, different secure erasure methods are applied. In general, Secure Eraser has two types of erasure methods: 3-pass erase and crypto erase. The 3-pass erase method overwrites all addressable locations with a character, its complement, then a random character, and finally verifies the results. The crypto erase method erases all user data present on instant secure erase (ISE) devices by deleting the encryption keys with which the user data was previously encrypted. The crypto erase method is used by default on all hardware devices that support it.

Refer to the table "Estimated Erasure Times for Disks by Erasure Method" in the topic DROP CELL for a summary of the secure erasure methods used and their approximate time. Note that the time for 3-pass erase varies from drives to drives based on their size and speed. It is approximately equal to the time required to overwrite the entire device three times and read it one more time. Hard drives, flash devices, persistent memory, and internal USBs are securely erased in parallel: the time required to erase one device is the same as that required for erasing multiple devices of the same kind.