Skip to main content

Securely erasing drive data

Lenovo XClarity Administrator can securely erase data on all drives in selected ThinkSystem and ThinkAgile servers running version 22B and later. This operation permanently rewrites each drive by filling the entire drive with a binary zero, binary one, or random data, making it difficult to discover what was saved on the drive.

Attention

  • This operation permanently and irreversibly erases all data on the drives.

  • There is no way to cancel this operation after the job is submitted.

Before you begin

You must have lxc-supervisor authority to erase drive data.

Ensure that the UEFI admin password is not set on the managed servers to be erased. If the UEFI admin password is set on any servers, the drives in those servers are not erased.

You can securely erase drive data for up to three servers at a time by default. You can configure the number of allowed servers at one time by clicking Administration > Inventory Preferences and setting the Maximum number of servers that can be erased in a batch to the desired value. You can choose a number from 3 - 100 servers.

Only one secure erase job is allowed at one time. You must wait for the current job to complete before started another secure erase job.

It might take several hours to erase very large drives.

You cannot securely erase SATA SDD volumes that are connected to Marvell RAID controllers. Instead, consider the following recommendations.

  • For 7mm SATA SSDs, connect to Broadcom RAID controllers to perform secure erase.

  • For M.2 SATA SSDs, connect to Marvell non-RAID controllers (such as ThinkSystem M.2 SATA/NVMe 2-Bay Enablement Kit) to perform secure erase.

About this task

You can erase data on the following drives.

  • NVMe

  • SAS

  • SAS HBA

  • SAS RAID

  • SATA

  • External-connected storage devices

    • Lenovo Storage D1212 (MT 4587)

    • Lenovo Storage D1224 (MT 4587)

    • Lenovo Storage D3284 (MT 6413)

The secure-erase operation creates an entry in the audit log. You can forward this events using the event forwarding function (see Forwarding events to syslog, remote SNMP manager, email, and other event services).

To troubleshoot secure erase issues, see Cannot securely erase drive data on frozen drives and Cannot securely erase SATA SDD volumes when connected to Marvel RAID.

Procedure

To securely erase all drives in specific managed servers, complete the following steps.

  1. From the XClarity Administrator menu, click Hardware > Servers. The Servers page is displayed with a tabular view of all managed servers.
  2. Select the server.
  3. Click All Actions > Service > Drive Secure Erase (HDD/SDD).
  4. Enter your supervisor password to confirm that you want to erase all drives in the selected servers
  5. Click Erase.

    If you choose to perform a mass drive erase on more than three servers, you are prompted to enter your user ID and password. Enter the same user credentials that you used to log in to XClarity Administrator.

    A job is created to perform this operation. You can monitor the progress of the Jobs page by clicking Monitoring > Jobs from the XClarity Administrator menu. If the job did not complete successfully, click the job link to display details about the job (see Monitoring jobs).