|
I have a couple VMs under vmware 6.7 that need to be deleted. The datastore for these is on a SAN along with a bunch of other VMs we want to keep but someone said we should DoD wipe them. It looks like VMware has a write zeroes function but I don't think that qualifies. Does booting the VM to a usb and wiping from there accomplish the same thing?
|
# ¿ Jan 28, 2019 02:03 |
|
|
# ¿ May 19, 2024 22:17 |
|
YOLOsubmarine posted:Are you required for regulatory reasons to wipe them? Given that VSAN data may be re-distributed across disk groups for a number of reasons there’s no way to guarantee that you’ve actually cleared all data related to the VM from the drives without wiping the drives themselves at the bit level. Since this was a system setup before I started is that something we can migrate VMs to or has to be done at creation? That doesn't sound like something that would comply with regulatory compliance though. I think that would have to be something like separate sets of disk for each set of VMs.
|
# ¿ Jan 28, 2019 03:23 |
|
evil_bunnY posted:What’s the underlying storage. Trying to wipe a CoW-backed volume is only gonna end in tears I know getting iso27001 is a stated goal too so even if this is fine I may have to change the current system anyway.
|
# ¿ Jan 28, 2019 19:48 |
|
YOLOsubmarine posted:You’d have to wipe every drive in the array. Neither the storage not the hypervisor have a complete picture of which blocks may have belonged to a particular VM at some point and have not yet been overwritten so there’s no facility for wiping only those blocks. Long term problem: I know we have upcoming projects(some govt) that will require us to certify media is sanitized, overwrite three times before reuse or degauss/destroy, which as pointed out is hard to do when that could apply to every disk on the SAN. I think my worry is most of these refer to 'sanitizing before reuse' of the drive and I am not sure if that means at the end of the project or just when the drive leaves IT's possession. VM encryption seems like a practical solution we should use but I am unsure if that qualifies for sanitizing in these policies that say overwrite three times etc. I could just be overthinking this but also don't want our process to end up being 'we swear we will destroy the disk later' for compliance.
|
# ¿ Jan 29, 2019 02:59 |