You need to have the cli installed.
***NOTE: There seems to be some confusion on the Vault Drives. From what I glean, you will never be able to wipe these drives as they contain a RAID group. Remove the RAID group and you will lose connectivity and NOT be able to run naviseccli. If you know this to be inaccurate, please let me know, as I’d love to hear more.
Then you simply run:
naviseccli -h IP Address -User Username -Password Password -Scope 0 zerodisk -messner all start
This will wipe all disks. You do need to have all disks unbound, so remove all RAID groups, LUNS, and storage pools first.
You can then run the info below to see the status. This will give you the % complete. In Unisphere you should see the drives change from unbound to bound. Once complete, they will change back to unbound. (YMMV as this seems to be rather flaky. )
naviseccli -h IP Address -User Username -Password Password -Scope 0 zerodisk -messner all status
Finally, you can run the below to get the zeromark.
naviseccli -h IP Address -User Username -Password Password -Scope 0 zerodisk -messner all getzeromark
If you see 69704 , congratulations, you have zeroed that disk!
Switching gears, now you need to go into documentation mode. To collect the serial numbers of the drives you wiped, you can run the info below:
naviseccli -h IP Address -User Username -Password Password getdisk all -serial
Document all serial numbers and when they were zeroed out. (Don’f forget, we didn’t wipe the vault drives, so you can’t list those as being zeroed).
You now have a fully wiped SAN, well, mostly wiped anyway. Those pesky Vault drives can present a real issue. Hopefully you have never stored live data on them, but if you have, you will want to wipe those drives as well. If you have another SAN you use, you can pull the vault dives, and insert into the other SAN and zeroize from there. The only other solution I have is to pull them and wipe with a professional zeroing device.
They have a built in command that will do the job:
navicli -h <SP IP> zerodisk -messner B E D
usage: zerodisk disk-names [start|stop|status|getzeromark]
sample: navicli -h 10.10.10.10 zerodisk -messner 1_1_12
This command will write all zero’s to the disk, making any data recovery from the disk impossible. Add this command to a windows batch file for every disk in your array, and you’ve got a quick and easy way to zero out all the disks.
So, once the disks are zeroed out, how do you prove to the audit department that the work was done? I searched everywhere and could not find any documentation from emc on this command, which is no big surprise since you need the engineering mode switch (-messner) to run it. Here were my observations after running it:
This is the zeromark status on 1_0_4 before running navicli -h 10.10.10.10 zerodisk -messner 1_0_4 start:
Bus 1 Enclosure 0 Disk 4
Zero Mark: 9223372036854775807
This is the zeromark status on 1_0_4 after the zerodisk process is complete:
(I ran navicli -h 10.10.10.10 zerodisk -messner 1_0_4 getzeromark to get this status)
Bus 1 Enclosure 0 Disk 4
Zero Mark: 69704
The 69704 number indicates that the disk has been successfully scrubbed. Prior to running the command, all disks will have an extremely long zero mark (18+ digits), after the zerodisk command completes the disks will return either a 69704 or 69760 depending on the type of disk (FC/SATA). That’s be best I could come up with to prove that the zeroing was successful. Running the getzeromark option on all the disks before and after the zerodisk command should be sufficient to prove that the disks were scrubbed.
If you don’t need to save anything then you probably don’t need DoD compliancy because a completion certificate is required to meet that governance plus the method of multiple pass overwrites etc…
If you don’t need compliance and you don’t need a certificate then you should just issue a command;
filesys destroy and-zero (make sure it’s the correct DDR )
The and-zero will write zero’s and will take several hours to complete. It is not supported on gateway appliances.
Without the “and-zero” it will just ‘mark’ the data as deleted and finish very quickly.
I hope that helps, Regards Jonathan
1. Install NaviCli
2. Open the command prompt and choose the specific path location where the setup is installed.
3. Example of usage:
C:\Users\HP\Navisphere CLI>NaviSECCli.exe -h 220.127.116.11 -user sysadmin -password sysadmin -scope 0 getdisk
If don’t want to write password everytime:
For VNX1 Series, use the following commands to copy data from online disk 0_1_5 to any hotspare available:
>> naviseccli –h <SP_IPaddress> copytohotspare 0_1_5 –initiate
***If command above does not work, attempt the following command***
>> naviseccli -h <SP_IPaddress> -user <username> -password <password> copytohotspare 0_1_5 –initiate
note: Default username and password are sysadmin, sysadmin. If for some reason this does not work, request customer for username and password.
**To verify that disk is actually copying to hotspare use command:
>> naviseccli getdisk <disk location>