Den fre 27 juli 2018 kl 21:20 skrev Patrick Donnelly <pdonnell@xxxxxxxxxx>:
> as part of deprovisioning customers, we regularly have the task of
> wiping their Ceph clusters. Is there a certifiable, GDPR compliant way
> to do so without physically shredding the disks?
This should work and should be as fast as it can be:
wipefs -a /dev/sdX
shred /dev/sdX
Whether or not that's "GDPR compliant" will depend on external
certification, I guess.
(The issues might be that you can't guarantee all blocks in an SSD/HDD
are actually erased because the device firmware may retire bad blocks
and make them inaccessible. It may not be possible for the device to
physically destroy those blocks either even with SMART directives. You
may be stuck with an industrial shredder to be compliant if the rules
are stringent.)
This is an issue that annoys me really much. If you run dban ISO wipe, or the above
commands, or dd /dev/random to each and every usable sector of the drive, it will be
super-cleaned. I would dare say that none on this maillist could get useful data out of
it to save their lives, and the lives of their family members.
Still people (and/or auditors who make a living out of this) will invent ways for hard drive
heads to be slightly out of alignment or remapped sectors that would show up magically
at auditing time but not in any other case.
So if you wipe,overwrite,rewrite and do all the magic tricks to make each read byte on the
drive give you new data and none of the old I (personally) think it should be compliantly
wiped and anyone that "knows" a way to get the drive to magically start serving old stale
ceph data via the OSDs are quite welcome to provide me with such a program. I will make
a killing on backup / restore that utilizes this kind of magic to get wiped data back.
Not that I am any kind of laywer or anything, but if a customer needs to run a ton of data
over ceph (or any other storage) and demands wiping on the way out, it would either be
for them to pay enough so you can destruct the drives and replace them, or they should
only write down encrypted data (should be easy for VMs with ceph backend storage) and
then throw away the key to the data which you never saw.
Not doing their part to prevent reading of said data, and not paying you for costs which
compliance says is unavoidable if no wiping is ever good enough seems like a poor
relationship and only drives such customers to some provider that will be prone to lie to
them in order to not push the real costs over to customers.
May the most significant bit of your life be positive.
_______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
