cisco mds 9000 family secure erase configuration … documentation comments to...

Send documenta t ion comments to mdsfeedback -doc@c i sco .com

Cisco MDS 9000 FamilySecure Erase Configuration GuideFor Cisco MDS 9500 and 9200 Series.

Cisco MDS 9000 SAN-OS Release 3.4(1)

June 2008

Americas HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706 USAhttp://www.cisco.comTel: 408 526-4000

800 553-NETS (6387)Fax: 408 527-0883

Text Part Number: OL-16893-01

http://www.cisco.com


THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.

The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.

NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

CCDE, CCENT, Cisco Eos, Cisco Lumin, Cisco Nexus, Cisco StadiumVision, the Cisco logo, DCE, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn is a service mark; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.

All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0805R)

Cisco MDS 9000 Family Secure Erase Configuration Guide © 2008 Cisco Systems, Inc. All rights reserved.


OL-16893-01, Cisco MDS SAN-OS Release 3.x

C O N T E N T S

Preface v

Audience v

Organization v

Document Conventions vi

Related Documentation vii

Release Notes vii

Compatibility Information vii

Regulatory Compliance and Safety Information vii

Hardware Installation vii

Cisco Fabric Manager vii

Command-Line Interface viii

Intelligent Storage Networking Services Configuration Guides viii

Troubleshooting and Reference viii

Installation and Configuration Notes viii

Obtaining Documentation and Submitting a Service Request viii

C H A P T E R 1 About Secure Erase 1-1

Secure Erase Job 1-2

Secure Erase Session 1-2

Concepts and Terminology 1-3

Features and Capabilities 1-4

Requirements and Prerequisites 1-5

Software Requirements 1-5

Hardware Requirements 1-5

Software Licenses 1-5

C H A P T E R 2 Configuration Overview 2-1

Configuartion Process 2-1

Obtaining Information 2-2

Setting up Cisco Secure Erase 2-3

Job Configuration 2-4

Recovering Secure Erase Configuration 2-5

iiiCisco MDS 9000 Family Secure Erase Configuration Guide


Contents

A P P E N D I X A Secure Erase CLI Command Reference A-1

add-session vsan A-2

add-step dynamic A-3

add-step static A-4

add-tgt vsan A-5

add-vi vsan A-6

empty A-8

secure-erase abort job A-9

secure-erase create algorithm A-10

secure-erase create job A-11

secure-erase create-vi vsan A-12

secure-erase destroy algorithm A-13

secure-erase destroy job A-14

secure-erase destroy-vi vsan A-15

secure-erase start job A-16

secure-erase stop job A-17

secure-erase validate job A-18

show secure-erase algorithm A-19

show secure-erase job A-21

show secure-erase job detail A-22

show secure-erase vsan A-23

ivCisco MDS 9000 Family Secure Erase Configuration Guide



Preface

This preface describes the audience, organization, and conventions of the Cisco MDS 9000 Family Secure Erase Configuration Guide. It also provides information on how to obtain related documentation.

AudienceThis guide is intended for experienced network administrators who are responsible for planning, installing, configuring, and maintaining Cisco MDS 9000 Secure Erase.

OrganizationThis document is organized as follows:

Chapter Title Description

Chapter 1 Product Overview Provides an overview of Cisco MDS Secure Erase.

Chapter 2 Configuring Secure Erase Describes the installation, provisioning, and configuration tasks.

Appendix A Secure Erase CLI Command Reference

Syntax and usage guidelines for Cisco MDS Secure Erase CLI commands.

vCisco MDS 9000 Family Secure Erase Configuration Guide



Preface

Document ConventionsCommand descriptions use these conventions:

Screen examples use these conventions:

This document uses the following conventions:

Note Means reader take note. Notes contain helpful suggestions or references to material not covered in the manual.

Caution Means reader be careful. In this situation, you might do something that could result in equipment damage or loss of data.

boldface font Commands and keywords are in boldface.

italic font Arguments for which you supply values are in italics.

[ ] Elements in square brackets are optional.

[ x | y | z ] Optional alternative keywords are grouped in brackets and separated by vertical bars.

screen font Terminal sessions and information the switch displays are in screen font.

boldface screen font Information you must enter is in boldface screen font.

italic screen font Arguments for which you supply values are in italic screen font.

< > Nonprinting characters, such as passwords, are in angle brackets.

[ ] Default responses to system prompts are in square brackets.

!, # An exclamation point (!) or a pound sign (#) at the beginning of a line of code indicates a comment line.

viCisco MDS 9000 Family Secure Erase Configuration Guide



Preface

Related DocumentationThe documentation set for the Cisco MDS 9000 Family includes the following documents. To find a document online, use the Cisco MDS SAN-OS Documentation Locator at:

http://www.cisco.com/en/US/docs/storage/san_switches/mds9000/roadmaps/doclocater.htm

Release Notes • Cisco MDS 9000 Family Release Notes for Cisco MDS SAN-OS Releases

• Cisco MDS 9000 Family Release Notes for Storage Services Interface Images

• Cisco MDS 9000 Family Release Notes for Cisco MDS 9000 EPLD Images

Compatibility Information • Cisco MDS 9000 SAN-OS Hardware and Software Compatibility Information

• Cisco MDS 9000 Family Interoperability Support Matrix

• Cisco MDS Storage Services Module Interoperability Support Matrix

• Cisco MDS SAN-OS Release Compatibility Matrix for Storage Service Interface Images

Regulatory Compliance and Safety Information • Regulatory Compliance and Safety Information for the Cisco MDS 9000 Family

Hardware Installation • Cisco MDS 9124 Multilayer Fabric Switch Quick Start Guide

• Cisco MDS 9500 Series Hardware Installation Guide



Cisco Fabric Manager • Cisco MDS 9000 Family Fabric Manager Quick Configuration Guide

• Cisco MDS 9000 Family Fabric Manager Configuration Guide

• Cisco MDS 9000 Family Fabric Manager Database Schema

viiCisco MDS 9000 Family Secure Erase Configuration Guide


http://www.cisco.com/en/US/docs/storage/san_switches/mds9000/roadmaps/doclocater.htm


Preface

Command-Line Interface • Cisco MDS 9000 Family Software Upgrade and Downgrade Guide

• Cisco MDS 9000 Family Storage Services Module Software Installation and Upgrade Guide

• Cisco MDS 9000 Family CLI Quick Configuration Guide

• Cisco MDS 9000 Family CLI Configuration Guide

• Cisco MDS 9000 Family Command Reference

Intelligent Storage Networking Services Configuration Guides • Cisco MDS 9000 Family Data Mobility Manager Configuration Guide

• Cisco MDS 9000 Family Storage Media Encryption Configuration Guide

Troubleshooting and Reference • Cisco MDS 9000 Family Troubleshooting Guide

• Cisco MDS 9000 Family MIB Quick Reference

• Cisco MDS 9000 Family SMI-S Programming Reference

• Cisco MDS 9000 Family System Messages Reference

Installation and Configuration Notes • Cisco MDS 9000 Family SSM Configuration Note

• Cisco MDS 9000 Family Port Analyzer Adapter Installation and Configuration Note

• Cisco 10-Gigabit X2 Transceiver Module Installation Note

• Cisco MDS 9000 Family CWDM SFP Installation Note

• Cisco MDS 9000 Family CWDM Passive Optical System Installation Note

Obtaining Documentation and Submitting a Service RequestFor information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

Subscribe to the What’s New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0.

viiiCisco MDS 9000 Family Secure Erase Configuration Guide


http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html


Cisco MOL-16893-01, Cisco MDS SAN-OS Release 3.x

C H A P T E R 1
Product Overview
Cisco Secure Erase is a SAN-based product that erases existing data on a specific Logical Unit Number (LUN) on a storage array. The data erased using Secure Erase cannot be reconstructed.

Cisco Secure Erase runs on the Storage Service Module (SSM). The SSM must be installed on the Cisco MDS switch on which you want to run Cisco Secure Erase.

This chapter includes the following sections:

• About Secure Erase, page 1-1

• Concepts and Terminology, page 1-3

• Features and Capabilities, page 1-4

• Requirements and Prerequisites, page 1-5

About Secure EraseCisco Secure Erase for the Cisco MDS 9500 or 9200 family of switches provides significant advantages over traditional data erase mechanisms. These advantages include platform independence, higher speed, lower cost, and easier deployment.

Cisco Secure Erase uses special algorithms to erase data. These algorithms erase data by specifying pattern sequences that are repeatedly written to the target media. This process overcomes the traditional problem of data remanance.

Figure 1-1 Cisco Secure Erase Topology

FC FC

Virtual Initiators on SSM

Storage Arrays 2802

15

1-1DA 9000 Family Secure Erase Configuration Guide


Chapter 1 Product Overview About Secure Erase

The Secure Erase feature runs on the SSM intelligent linecard, which is responsible for managing the data erasing process. This process is executed by virtual initiators (VIs) created on the SSM. The host or servers connected to SAN have no role in the data erasing process. The storage ports can be connected anywhere in the SAN provided they are accessible from the switch where Cisco Secure Erase is running.

Secure Erase JobA Secure Erase job contains information about the following:

• Target Enclosures where Secure Erase functions are performed. A single target enclosure can be made up of multiple ports spanning multiple VSANs.

• Storage port(s) coming out of the Storage Enclosure. These storage ports can belong to separate VSANs.

• VIs that will execute Secure Erase operations. Like target ports, a job also contains VIs that are part of different VSANs.

• Secure Erase sessions.

All actions such as start, stop, abort, and validate are performed at the job level. These actions impact all sessions in a job.

Secure Erase SessionA Secure Erase session is a unit of erase that is defined by the following parameters:

• Target LUN(s) where Secure Erase needs to be performed.

• Storage port with which you would access the above mentioned LUN.

• Secure Erase algorithm to be used for the erase procedure.

• Virtual Initiator is selected out of the VIs available in the job automatically. The selection is based on a load balancing algorithm.

1-2Cisco MDA 9000 Family Secure Erase Configuration Guide



Chapter 1 Product Overview Concepts and Terminology

Concepts and TerminologyCisco Secure Erase uses the following concepts and terminologies:

Secure Erase

Cisco Secure Erase is a SAN-based feature that erases existing data on a specific target. The data erased through Secure Erase cannot be reconstructed.

Secure Erase Job

Secure Erase job is an enclosure where multiple target ports and VIs that belong to different VSANs can be added.

Secure Erase Session

Secure Erase session is a unit of Secure Erase operation that contains the target and algorithms to be used.

Secure Erase Algorithm

Secure Erase is based on erase algorithms recommended by the United States Department of Defense, the Royal Canadian Police and NIST-800-88 algorithm recommended by the National Institute of Standards and Technology, agency of US Department of Commerce.

Secure Erase algorithms specify a sequence of patterns to be written on physical media with the objective of erasing the data and overcoming the problem of data remanence.

SSM

An SSM is an MDS switch module that provides intelligent services. The Secure Erase feature is executed on the SSM.

VI

A VI is a Virtual Initiator residing on the SSM.

LUN

A Logical Unit Number (LUN) is a unit of storage that you can specify for Secure Erase. The LUN is only a unique number in the content of a storage port.

FUA

A FUA is a Force Unit Access bit. Secure Erase turns the bit on in all the writes.




Chapter 1 Product Overview Features and Capabilities

Features and CapabilitiesCisco Secure Erase has the following features and capabilities:

Configuration Using CLI

Secure Erase provides a set of CLI commands. The CLI runs on the supervisor and the requests are directly sent to the Secure Erase process running on the SSM.

Support Function

Secure Erase supports multiple storage ports and multiple storage arrays.

Data Erase

Secure Erase supports data erase using different algorithms.

Secure Erase Algorithms

Secure Erase provides algorithm recommended by the United States Department of Defense, the Royal Canadian Police, and the NIST-800-88 algorithm recommended by the National Institute of Standards and Technology, an agency of the US Department of Commerce. There is a provision to create and use your own proprietary algorithms.

Synchronize Cache

Synchronize cache is a SCSI command to request the storage controller to synchronize the data present in the cache to the physical media. This command can specify an LBA range for which the cache needs to be synchronized. Secure Erase executes this command at every step of the algorithm to instruct the storage controller to write each pattern to the physical media before next pattern is written.

Please check with the array vendor to find out whether synchronize cache is supported.




Chapter 1 Product Overview Requirements and Prerequisites

Requirements and PrerequisitesThe following prerequisites are required to set up Secure Erase:

Software RequirementsCisco Secure Erase has the following software requirements:

• MDS switches hosting the SSM must be running SAN-OS release 3.3(1a) or later.

• The Fabric Manager server version must be SAN-OS 3.3(1a) or later.

Hardware RequirementsCisco Secure Erase has the following hardware requirements:

• SSM

The following switches support the SSM:

• All MDS 9200 family switches

• All MDS 9500 family switches

Software LicensesCisco Secure Erase uses the Storage Services Enabler (SSE) Package for the licensing. The SSE license package is not included with the SSM.




Chapter 1 Product Overview Requirements and Prerequisites




Cisco MOL-16893-01, Cisco MDS SAN-OS Release 3.x

C H A P T E R 2
Configuring Secure Erase
This chapter describes how to configure Cisco MDS Secure Erase, and has the following sections:

• Configuration Overview, page 2-1

• Configuartion Process, page 2-1

Secure Erase is included in the SSI image. For more information on how to install SSM, refer to the Cisco MDS 9000 Family Storage Services Module Software Installation and Upgrade Guide.

Configuration OverviewCisco Secure Erase runs on the SSM installed in an MDS 9500 or 9200 series switch.

The Secure Erase software package is included in the SSI image, which is delivered as part of SAN-OS.

For information on how to install the SSM image, refer to the Cisco MDS 9000 Family Storage Services Module Software Installation and Upgrade Guide.

The Secure Erase feature must be provisioned on the SSM.

Configuartion ProcessThe following sections provide an overview of a typical Secure Erase process:

• Obtaining Information, page 2-2

• Setting up Cisco Secure Erase, page 2-3

• Job Configuration, page 2-4

• Recovering Secure Erase Configuration, page 2-5

2-1DS 9000 Family Secure Erase Configuration Guide


Chapter 2 Configuring Secure Erase Configuartion Process

Figure 2-1 Secure Erase Workflow Diagram

Obtaining InformationYou need to collect the following information about the target enclosure:

• Information about the target enclosure or storage array on which you would like to perform Secure Erase. The storage array is also called as Secure Erase storage array.

• Information about WWNs of the target ports you would like to use to access the target enclosure. The target ports are called Secure Erase target ports and the VSANs where the Secure Erase target ports reside are called Secure Erase VSANs.

• Information about one or more LUNs on the Secure Erase storage array on which you would like to perform Secure Erase. These LUNs are also called as Secure Erase LUNs.

Step 1: Obtain InformationCollect information about

Storage Enclosures

Step 2: Setup Creating Virtual Initiators, Zoning and Storage Array

Configuration

Step 3: Job Configuration Create Secure Erase Jobs

and Sessions

1871

41

2-2Cisco MDS 9000 Family Secure Erase Configuration Guide




Setting up Cisco Secure EraseYou need to create the VIs, setup zone, and storage array configuration to preconfigure Secure Erase.

The CLI configuration is preserved across reboots or switch reloads. It is preferred to have one job per storage enclosure. A storage enclosure can have multiple storage ports spanning multiple VSANs and storage LUNs.

Additionally, complete the following tasks:

• Set up the zone.

Decide on one or more Secure Erase VIs and zone target ports that you would like to use to perform Secure Erase.

• Program the storage array.

The Secure Erase storage array must be programed to enable Secure Erase VIs to access the Secure Erase LUNs. Secure Erase requires write commands to go directly to the physical media.

Secure Erase sends all write commands with Force Unit Access (FUA) bit on. When the bit is set, the SCSI device is instructed to bypass the cache and perform the command directly on the physical media.

Note Check with the storage array vendor to confirm that FUA bit is supported in SCSCI writes.

Figure 2-2 Interaction of SUP and SSM

All Secure Erase CLIs are performed at Supervisor. The Secure Erase configuration is stored in persistent memory on the supervisor engine.

Step Command Comments

Step 1 ssm enable feature se module module-id

Provisions the Secure Erase feature on the specific module.

Step 2 secure-erase module module-id

create-vi vsan secure-erase

VSAN

Creates VIs in a Secure Erase VSAN.

Note This command must be performed for each Secure Erase VSAN. Once created, VIs are available for all Secure Erase jobs. Also, WWNs of the VIs are persistent across reload of switch or SSM.

Step 3 show secure-erase module

module-id vsan secure-erase

VSAN

Displays the WWNs of Secure Erase VIs created in the previous step.

Secure Erase Command Parser

SUPERVISOR

Secure Erase Daemon

SSM

Command Response

187037





Job ConfigurationYou can configure Cisco Secure Erase jobs and sessions using the CLI. For information about the CLI, refer to the “Secure Erase CLI Command Reference, page A-1”.

To create a Secure Erase job and session, follow these steps:

To stop or abort a Secure Erase job and session, follow this step:

Step Command Purpose


create job job-id

Creates a Secure Erase job.

Step 2 secure-erase module module-id job job-id add-vi vsan secure-erase VSAN all | pwwn secure-erase VI pwwnadd-tgt vsan secure-erase VSAN pwwn secure-erase target port pwwn

Adds Secure Erase VIs and Secure Erase target ports to a Secure Erase job.

Note You can use the CLI commands several times to include all the Secure Erase VIs and Secure Erase target ports in all the Secure Erase VSANs.

Step 3 secure-erase module module-id job job-id add-session vsan secure-erase VSAN pwwn secure-erase target port pwwn all-lun | lun secure-erase LUN algorithm algorithm name/id

Creates Secure Erase sessions for each Secure Erase LUN. This command performs these tasks:

• Creates a login from the Secure Erase VIs to the Secure Erase target ports.

• Discovers LUNs exposed through Secure Erase target ports. For example, issue TUR, Report LUNs, Inquiry, and Read Capacity.

Note The job must have one or more Secure Erase VIs in the Secure Erase VSAN.

Step 4 show secure-erase module module-id job | job-id |details

Displays information about all jobs.


start job job-id

Starts the job. The process of writing the pattern sequence dictated by the erase algorithm is specified.


stop | abort job job-id

You have an option to stop or abort the job. The Stop command waits for completion of the current pattern and pauses the pattern sequence. A stopped job can be restarted. Aborting the job does not wait for completion of a current pattern. An aborted job can not be restarted.





Recovering Secure Erase ConfigurationThe SSM and supervisor engine configuration recovery process consists of the following tasks:

• All Secure Erase configuration is stored in persistent memory and is automatically recovered on a crash or reload of the SSM or a reload of the Cisco MDS supervisors.

• After the recovery process is complete, the recovered data is validated by performing a discovery process using this command:

secure-erase module module-id validate job job-id




Cisco MDS 90OL-16893-01, Cisco MDS SAN-OS Release 3.x

A
P P E N D I X A Secure Erase CLI Command Reference
The Cisco MDS Secure Erase provides CLI commands that support scripting and advanced operations.

This appendix contains a list of alphabetically arranged commands that are unique to Cisco MDS Secure Erase.

For information about other commands that apply to the Cisco MDS 9000 Family of multilayer directors and fabric switches, refer to the Cisco MDS 9000 Family CLI Configuration Guide.

A-100 Family Secure Erase Configuration Guide


Appendix A Secure Erase CLI Command Reference add-session vsan

add-session vsanTo add sessions to a job, use the add-session vsan command in configuration mode.

add-session vsan vsan-id pwwn tgt-pwwn all-luns | lun lun-id algorithm name/id

Syntax Description

Defaults None.

Command Modes Configuration Secure Erase job submode

Command History

Usage Guidelines None.

Examples The following example shows how to add a VI to a specific Secure Erase job:

switch# config terminalEnter configuration commands, one per line. End with CNTL/Z.switch(config)# secure-erase module 2 job 1switch(config-se-job)# add-session vsan 1 pwwn 20:04:00:a0:b8:16:92:18 all-luns algorithm RCMP

Related Commands

vsan-id Specifies the VSAN ID of the target.

pwwn tgt-pwwn Specifies the pWWN of the target.

all-luns Specifies all of the LUNs in the Secure Erase session.

lun lun-id Specifies the LUN ID of the Secure Erase session.

algorithm name/id Specifies the algorithm that should be used for the session.

Release Modification

3.3(1a) This command was introduced.

Command Description

add-session job Adds sessions to the job.

A-2Cisco MDS 9000 Family Secure Erase Configuration Guide



Appendix A Secure Erase CLI Command Reference add-step dynamic

add-step dynamicTo add a dynamic pattern step to a specific algorithm, use the add-step dynamic command in configuration mode.

add-step dynamic [0 | 1]

Syntax Description

Defaults None.

Command Modes Configuration Secure Erase algorithm submode

Command History


Examples The following example shows how to add a dynamic pattern step to a specific algorithm:

switch# config terminalEnter configuration commands, one per line. End with CNTL/Z.switch(config)# secure-erase module 2 algorithm 0switch(config-se-algo)#switch(config-se-algo)# add-step dynamic 0

Related Commands

0 (Optional) Specifies that the pattern is generated using a random number generator.

1 (Optional) Specifies that the pattern is complimentary to the previous pattern.



Command Description

add-step static Adds static pattern step to a specific algorithm.




Appendix A Secure Erase CLI Command Reference add-step static

add-step staticTo add a static pattern step to a specific algorithm, use the add-step static command in configuration mode.

add-step static pattern

Syntax Description

Defaults None.


Command History


Examples The following example shows how to add a static step to a specific algorithm:

switch# config terminalEnter configuration commands, one per line. End with CNTL/Z.switch(config)# secure-erase module 2 algorithm 0switch(config-se-algo)#switch(config-se-algo)# add-step static 1

Related Commands

pattern Specifies the static pattern step. The pattern is to write ranges from 1 to 512 bytes and can consist of only characters 0 to 9 and A to F.



Command Description

add-step dynamic Adds a dynamic pattern step to a specific algorithm.




Appendix A Secure Erase CLI Command Reference add-tgt vsan

add-tgt vsanTo define target enclosure and add multiple target ports for a specific Secure Erase job, use the add-tgt vsan command in configuration mode.

add-tgt vsan vsan-id pwwn target port pwwn

Syntax Description

Defaults None.


Command History

Usage Guidelines The target ports added to a specific job can be part of a different VSAN. The Secure Erase application creates VIs in a specific VSAN.

Note VIs and targets from different VSANs can be added to a job. A storage array may have multiple storage ports belonging to a different VSAN. You can create one job for one storage array.

Examples The following example shows how to define a target enclosure and add multiple target ports for a specific Secure Erase job:

switch# config terminalEnter configuration commands, one per line. End with CNTL/Z.switch(config)# secure-erase module 2 job 1switch(config-se-job)# add-tgt vsan 1 pwwn 20:04:00:a0:b8:16:92:18

Related Commands

vsan-id Specifies the VSAN ID of the target port added to a Secure Erase job.

pwwn target port pwwn Specifies the port world-wide name (pWWN) of the target port.



Command Description

add-session vsans Adds sessions to a job.

add-VI job Adds a VI to a specific Secure Erase job.

secure-erase create job Creates a Secure Erase job.




Appendix A Secure Erase CLI Command Reference add-vi vsan

add-vi vsanTo add a VI to a specific Secure Erase job, use the add-vi vsan command in configuration mode.

add-vi vsan vsan-id all | pwwn VI pwwn

Syntax Description

Defaults None.


Command History

Usage Guidelines You must add at least one VI in each VSAN where a Secure Erase target is present.

All VIs that are part of the same job and the VSAN must have same target view. The same set of targets and LUNs must be exposed for all VIs in the same VSAN.

Note VI-CPP can not be added to a job. To know the WWN of the VI-CPP, please run the show isapi virtual-nport database command on SSM module.

Examples The following example shows how to add all VIs to a given Secure Erase job:

switch# config terminalEnter configuration commands, one per line. End with CNTL/Z.switch(config)# secure-erase module 2 job 1switch(config-se-job)# add-vi vsan 1 all

The following example shows how to add a VI to a given Secure Erase job:switch# config terminalEnter configuration commands, one per line. End with CNTL/Z.switch(config)# secure-erase module 2 job 1switch(config-se-job)# add-vi vsan 1 pwwn 2c:0d:00:05:30:00:43:64

Related Commands

vsan-id Specifies the VSAN ID of the target where a VI exists.

all Adds all the VSAN IDs of the target.

pwwn VI pwwn Adds a specific VI in a given VSAN to the job.



Command Description

add-session job Adds sessions to the job.




Appendix A Secure Erase CLI Command Reference add-vi vsan

add-VI job Adds a VI to a specific Secure Erase job.

secure-erase create job Creates a Secure Erase job.

Command Description




Appendix A Secure Erase CLI Command Reference empty

emptyTo remove all steps of the user-configured algorithm, use the empty command in configuration mode.

empty

Syntax Description This command has no arguements or keywords.

Defaults None.


Command History


Examples The following example shows how to remove all steps of the user-configured algorithm:

switch# config terminalEnter configuration commands, one per line. End with CNTL/Z.switch(config)# secure-erase module 2 algorithm 0switch(config-se-algo)#switch(config-se-algo)# empty

Related Commands



Command Description

add-step dynamic Adds a dynamic pattern step to a specific algorithm.

add-step static Adds static pattern step to a specific algorithm.




Appendix A Secure Erase CLI Command Reference secure-erase abort job

secure-erase abort jobTo abort a Secure Erase job, use the secure-erase abort job command in configuration mode.

secure-erase module-id abort job job-id

Syntax Description

Defaults None.

Command Modes Configuration mode

Command History

Usage Guidelines This command does not wait for the completion of current patterns. An aborted job cannot be restarted.

A job can be aborted only when it has one or more sessions in the running state.

Examples The following example shows how to abort a Secure Erase job:

switch# config terminalEnter configuration commands, one per line. End with CNTL/Z.switch(config)# secure-erase module 2 abort job 1

Related Commands

module-id Specifies the desired module number of the SSM on which Secure Erase is provisioned.

job-id Specifies the job ID of the target.



Command Description

secure-erase start job Restarts all sessions in a job.

secure-erase stop job Stops all sessions in a job.

secure-erase validate job

Validates a job in a session.




Appendix A Secure Erase CLI Command Reference secure-erase create algorithm

secure-erase create algorithmTo configure a Secure Erase algorithm on a specific slot of the intelligent linecard where Secure Erase is provisioned, use the secure-erase module create algorithm command in configuration mode.

secure-erase module module-id create algorithm algorithm-id

Syntax Description

Defaults None.


Command History


Examples The following example shows how to create a Secure Erase algorithm:

switch# config terminalEnter configuration commands, one per line. End with CNTL/Z.switch(config)# secure-erase module 2 create algorithm 3

Related Commands

module-id Specifies the desired slot number of the intelligent linecard on which Secure Erase is provisioned.

algorithm-id Specifies the algorithm ID. The range is 0 to 9.



Command Description

secure-erase create-vi vsan

Creates a VI for a specific VSAN.




Appendix A Secure Erase CLI Command Reference secure-erase create job

secure-erase create jobTo create a Secure Erase job, use the secure-erase create job command in configuration mode.

secure-erase module module-id create job job-id

Syntax Description

Defaults None.


Command History

Usage Guidelines A Secure Erase job contains the following information:

• The target enclosure where Secure Erase needs to be performed. Multiple target ports spanning multiple VSANs can be a part of one target enclosure.

• Multiple target ports, VIs, and Secure Erase sessions can be added. These target ports and VIs can be a part of different VSANs.

Examples The following example shows how to create a Secure Erase job:

switch# config terminalEnter configuration commands, one per line. End with CNTL/Z.switch(config)# secure-erase module 2 create job 1

Related Commands

module module-id Specifies the desired module number of the Storage Services Module (SSM) on which Secure Erase is provisioned.

job-id Specifies a unique number to identify a Secure Erase job. The range is 1 to 9999.

Note You will be prompted to choose a different ID if the job ID chosen already exists.



Command Description

add-tgt job Defines a target enclosure and adds multiple target ports for a specific Secure Erase job.




Appendix A Secure Erase CLI Command Reference secure-erase create-vi vsan

secure-erase create-vi vsanTo create a VI for a specific VSAN, use the secure-erase create-vi vsan command in configuration mode.

secure-erase module module-id create-vi vsan vsan-id

Syntax Description

Defaults None.


Command History

Usage Guidelines You do not need to provide the job ID because VIs can be used commonly across jobs.

Examples The following example shows how to create VIs for a VSAN:

switch# config terminalEnter configuration commands, one per line. End with CNTL/Z.switch(config)# secure-erase module 2 create-vi vsan 1

Related Commands

module module-id Specifies the desired slot number of the SSM on which Secure Erase is provisioned.

vsan-id Specifies the VSAN ID of the target port being added.



Command Description

create job Creates a Secure Erase job.




Appendix A Secure Erase CLI Command Reference secure-erase destroy algorithm

secure-erase destroy algorithmTo destroy a Secure Erase algorithm, use the secure-erase destroy algorithm command in configuration mode.

secure-erase module module-id destroy algorithm algorithm-id

Syntax Description

Defaults None.


Command History


Examples The following example shows how to destroy an algorithm:

switch# config terminalEnter configuration commands, one per line. End with CNTL/Z.switch(config)# secure-erase module 2 destroy algorithm 1

Related Commands

module module-id Displays the slot number of the SSM on which Secure Erase is provisioned.

algorithm-id Displays the algorithm ID. The range is 0 to 9.



Command Description

secure-erase destroy- vi vsan

Destroys a Secure Erase VSAN.




Appendix A Secure Erase CLI Command Reference secure-erase destroy job

secure-erase destroy jobTo destroy a Secure Erase job, use the secure-erase destroy job command in configuration mode.

secure-erase module-id destroy job job-id

Syntax Description

Defaults None.


Command History

Usage Guidelines This command destroys a Secure Erase job. A job can be destroyed only when there are no active sessions running.

Examples The following example shows how to validate a Secure Erase job:

switch# config terminalEnter configuration commands, one per line. End with CNTL/Z.switch(config)# secure-erase module 2 destroy job 1

Related Commands





Command Description

secure-erase start job Starts all sessions in a job.





Appendix A Secure Erase CLI Command Reference secure-erase destroy-vi vsan

secure-erase destroy-vi vsanTo destroy a VI for a specific VSAN, use the secure-erase destroy-vi vsan command in configuration mode.

secure-erase module module-id destroy-vi vsan vsan-id

Syntax Description

Defaults None.


Command History


Examples The following example shows how to destroy a VSAN:

switch# config terminalEnter configuration commands, one per line. End with CNTL/Z.switch(config)# secure-erase module 2 destroy-vi vsan 1

Related Commands


vsan-id Displays the VSAN-ID of the target.



Command Description

secure-erase destroy algorithm

Destroys a Secure Erase algorithm.




Appendix A Secure Erase CLI Command Reference secure-erase start job

secure-erase start jobTo restart all sessions in a job, use the secure-erase start job command in configuration mode.

secure-erase module module-id start job job-id

Syntax Description

Defaults None.


Command History

Usage Guidelines This command starts all sessions in a job. If the active sessions have reached the maximum limit, the remaining sessions are queued. The queued sessions start when one or more sessions are complete or aborted.

A job can be started only when it has one or more sessions in the stopped state or ready state.

Examples The following example shows how to start a session in a Secure Erase job:

switch# config terminalEnter configuration commands, one per line. End with CNTL/Z.switch(config)# secure-erase module 2 start job 1

Related Commands

module module-id Specifies the desired module number of the SSM on which Secure Erase is provisioned.

job-id Starts a specific job ID of the target.



Command Description





Appendix A Secure Erase CLI Command Reference secure-erase stop job

secure-erase stop jobTo stop all sessions in a job, use the secure-erase stop job command in configuration mode.

secure-erase module-id stop job job-id

Syntax Description

Defaults None.


Command History

Usage Guidelines This command waits for the completion of the current pattern and pauses the pattern sequence. A stopped job can be restarted.

A job can be stopped only when it has one or more sessions in the running state.

Examples The following example shows how to stop a session in a Secure Erase job:

switch# config terminalEnter configuration commands, one per line. End with CNTL/Z.switch(config)# secure-erase module 2 stop job 1

Related Commands


job-id Stops the specific job ID of the target.



Command Description





Appendix A Secure Erase CLI Command Reference secure-erase validate job

secure-erase validate jobTo validate a Secure Erase job, use the secure-erase validate job command in configuration mode.

secure-erase module-id validate job job-id

Syntax Description

Defaults None.


Command History

Usage Guidelines None

Examples The following example shows how to validate a Secure Erase job:

switch# config terminalEnter configuration commands, one per line. End with CNTL/Z.switch(config)# secure-erase module 2 validate job 1

Related Commands





Command Description

secure-erase abort job Aborts a job in a session.






Appendix A Secure Erase CLI Command Reference show secure-erase algorithm

show secure-erase algorithmTo display the list of all Secure Erase algorithms, use the show secure-erase algorithm command.

show secure-erase module module-id algorithm algorithm name

Syntax Description

Defaults None.

Command Modes Exec mode

Command History


Examples The following example displays the list of Secure Erase algorithms:

switch# show secure-erase module 4 algorithm name 1switch# Algorithm : 1Step 0: faa8bd6c1e838b6b9b0818f30d48f5eecc7e7f572d9d8ac50a9a78b73bf128eb7a71ff40a7c07f55dda1d31f875bca26b170d6b3c073555e06d6229f6a5dedeaa0583f0d1ebe28fca8a7cac936d6f0a453af4174fbbcba29f711047cb48e984a3c097519138a628bc6e662bd3d28237d091f68a8df05f50effc55390a12ee2c6Step 1: 05574293e17c749464f7e70cf2b70a11338180a8d262753af5658748c40ed714858e00bf583f80aa225e2ce078a435d94e8f294c3f8caaa1f929dd6095a212155fa7c0f2e141d70357583536c9290f5bac50be8b044345d608eefb834b7167b5c3f68ae6ec759d7439199d42c2d7dc82f6e0975720fa0af1003aac6f5ed11d39Step 2: 1234567898765435678909876545671234567898765435678909876545671234567898765435678909876545671234567898765435678909876545671234567898765435678909876545671234567898765435678909876545671234567898765435678909876545671234567898765435678909876545671234567898765435

The following example displays all available Secure Erase algorithms on a module:

switch# show secure-erase module 4 algorithm


algorithm name Displays the algorithm name.






Appendix A Secure Erase CLI Command Reference show secure-erase algorithm

Related Commands Command Description

show secure-erase job Displays the contents of a particular Secure Erase job.




Appendix A Secure Erase CLI Command Reference show secure-erase job

show secure-erase jobTo display the contents of a particular job, use the show secure-erase job command.

show secure-erase module module-id job job-id

Syntax Description

Defaults None.


Command History


Examples The following example displays the contents of a particular Secure Erase job:

switch# show secure-erase module 4 job 2

The following example displays the contents of all Secure Erase jobs configured on a module:

switch# show secure-erase module 16 job

Related Commands


job-id Displays the unique number to identify a Secure Erase job.



Command Description

show secure-erase algorithm

Displays the list of Secure Erase algorithms.




Appendix A Secure Erase CLI Command Reference show secure-erase job detail

show secure-erase job detailTo display the contents of a particular job in detail, use the show secure-erase job detail command.

show secure-erase module module-id job job-id detail

Syntax Description

Defaults None.


Command History


Examples The following example displays the contents of a Secure Erase job in a brief form:

switch# show secure-erase module 4 job 2 detail

Related Commands


job-id Displays the unique number to identify a Secure Erase job.



Command Description

show secure-erase job Displays the contents of a Secure Erase job.




Appendix A Secure Erase CLI Command Reference show secure-erase vsan

show secure-erase vsanTo display a list of all VIs in the VSAN, use the show secure-erase vsan command.

show secure-erase module module-id vsan vsan-id

Syntax Description

Defaults None.


Command History


Examples The following example displays the list of all VIs in the VSAN:

switch# show secure-erase module 4 vsan 1

Related Commands


vsan-id Displays the VSAN ID of the target.



Command Description

show secure-erase algorithm

Displays the list of Secure Erase algorithms.

show secure-erase job Displays the contents of a particular Secure Erase job.




Appendix A Secure Erase CLI Command Reference show secure-erase vsan




Cisco OL-16893-01, Cisco MDS SAN-OS Release 3.x

I N D E X

A

Algorithm

about 1-3

data erase 1-4

recommended 1-4

C

Cache Synchronization 1-4

Configuration

commands 1-4

overview 2-1

process 2-1

job configuration 2-4

obtaining information 2-2

recovering configuration 2-5

set up 2-3

storage array, program 2-3

VI,creating 2-3

Zones, set up 2-3

D

Data Erase 1-4

documentation

additional publications i-vii

related documents i-vii

F

FUA 1-3

J

Job 2-4

about 1-2, 1-3

L

LUN 1-3

O

Overview 1-1

R

Requirements

hardware 1-5

Licenses, Software 1-5

software 1-5

S

SCSI command 1-4

Session

about 1-2, 1-3

SSM 1-3

V

VI 1-3

creating 2-3

IN-1MDS 9000 Family Secure Erase Configuration Guide


Index

IN-2Cisco MDS 9000 Family Secure Erase Configuration Guide


cisco mds 9000 family secure erase configuration … documentation comments to...

Documents