Safe deleting a LUN in VMware

vmware-esxi vmware-vsphere secure-delete lun

I have a LUN in our VMware 6.7.0 world. For a specific project we need to safe-delete (with a standard method like DoD 5220) the data on this LUN with some kind of deletion protocol. The underlying storage system is a 3PAR SSMC with VMFS 5 and the SCSI Controller is VMware Paravirtual. The LUN is used by ~15 VMs (which are all marked for deletion) as storage with Tick-Provision Lazy-Zeroed.

After a while searching the web I only found the paid solution "Blancco LUN Eraser". However, we have to delete it today. Is there any other way to secure-delete with a protocol?

My first idea was to just use DBAN on each individual VM and delete every individual "Disk". After that just deleting the LUN in vSphere. This was discussed at VMWare too: https://communities.vmware.com/message/989618#989618

Any ideas? I'm running out of possibilities and ideas myself.


What you essentially want to do is to wipe the whole datastore, as DBAN-ing the individual VMs doesn't guarantee that every single bit of the underlying LUN gets overwritten.

As long as the underlying storage for the datastore is presented over iSCSI or FC to the ESXi, it should show similarly as Direct Attached Storage, and then you should be able to overwrite it with dd from the ESXi console. See this site for more context.

For example:

# dd if=/dev/zero of=/dev/disks/t10.NVMe_Samsung_SSD_960_EVO conv=notrunc

However, as Michal Hampton pointed out, it's best to investigate the options on the underlying storage first. HPE Proliant Servers has had this feature since Gen8 (so around 2014 maybe), so I'd be quite surprised if 3PAR doesn't as well.

As a point of interest as well, VMFS5 doesn't support UNMAP either, so any deletion in VMware doesn't result in blocks being marked as free on the underlying storage. VMFS6 however changes this to support asynchronous space reclamation (basically ESXi scans through the datastores in its spare time and sends SCSI UNMAP commands to the storage so that it knows what blocks it can repurpose). In this case it's rather important depending on what you're trying to achieve, and how the underlying storage operates.

Related

Dynamic resizing of screen doesn't work in Parallels
How do I get the window jelly effect? [duplicate]
Connecting to Internet using TataPhoton 3G dongle(ZTE MF190) Ubuntu 12.04
Mouse pointer disappears on primary monitor?
Does the kernel also need to be updated if I update the Intel drivers?
Notifications from a website I don't visit on my desktop
Static IP address changed to another static IP address. What needs to be changed?
Old DNS Settings Keeps Coming Back
Canon printer drivers for Ubuntu 15.10
NVIDIA Graphics - resolution problems with new 12.04 LTS installation
Google chrome profile in use; browser does not start anymore
How to scan if Ubuntu is infected? server attack