I’ve recently completed a project to replace an old CX4-120 with a newer VNX series SAN. EMC charge an arm and a let for their sanitisation process, so after looking into the process I decided to go about it myself.

To begin, you’ll need to remove all LUNs and Raid Groups to sanitise disks. Once that’s done connect to your SAN (make sure it’s the right one!) using the NAVISphere CLI and get a list of disks and their “Zero Mark”. Assuming the disk has been used it will be a long number, 9 bytes long as a minimum:

C:\Windows\system32>naviseccli -h IP Address -User Username -Password Password -Scope 0 zerodisk -messner all getzeromark
Bus 0 Enclosure 0 Disk 0
Zero Mark: 279969800
Bus 0 Enclosure 0 Disk 1
Zero Mark: 279969800
Bus 0 Enclosure 0 Disk 2
Zero Mark: 279969800
Bus 0 Enclosure 0 Disk 3
Zero Mark: 279969800
Bus 0 Enclosure 0 Disk 4
Zero Mark: 279969800
Bus 0 Enclosure 0 Disk 5
Zero Mark: 279969800

In this case the above drives are those used to store FlareOS, with a production SAN you’ll end up with a long list of drives. Make a note of the Zerk Mark’s and proceed to sanitise the disks. You can either sanitise them individually or as a whole.

To sanitise individually pass the bus, enclosure and disk ID to the navicli command, the format is BUS_Encclosure_Disk, for example:

C:\Windows\system32>naviseccli -h IP Address -User Username -Password Password -Scope 0 zerodisk -messner 0_0_5 start

If you’re brave and want to sanitise everything, the command is slightly different.

C:\Windows\system32>naviseccli -h IP Address -User Username -Password Password -Scope 0 zerodisk -messner all start

If you choose to sanitise all disks any that have a LUN bound, or the vault disks, will be skipped.

To check the status of the zeroing process, the following command can be used:

C:\Windows\system32>naviseccli -h IP Address -User Username -Password Password -Scope 0 zerodisk -messner all status

Bus 0 Enclosure 0  Disk 0
        Percent Done: Disk zeroing not in progress


Bus 0 Enclosure 0  Disk 1
        Percent Done: Disk zeroing not in progress


Bus 0 Enclosure 0  Disk 2
        Percent Done: Disk zeroing not in progress


Bus 0 Enclosure 0  Disk 3
        Percent Done: Disk zeroing not in progress


Bus 0 Enclosure 0  Disk 4
        Percent Done: Disk zeroing not in progress


Bus 0 Enclosure 0  Disk 5
        Percent Done: 77

Once zeroing a disk is complete you can check the zero mark again, this time the zeroed disk should show 69704:

C:\Windows\system32>naviseccli -h IP Address -User Username -Password Password -Scope 0 zerodisk -messner all getzeromark
Bus 0 Enclosure 0 Disk 0
Zero Mark: 279969800
Bus 0 Enclosure 0 Disk 1
Zero Mark: 279969800
Bus 0 Enclosure 0 Disk 2
Zero Mark: 279969800
Bus 0 Enclosure 0 Disk 3
Zero Mark: 279969800
Bus 0 Enclosure 0 Disk 4
Zero Mark: 279969800
Bus 0 Enclosure 0 Disk 5
Zero Mark: 69704

In my case, the results of the getzeromark command before and after zeroing were saved as evidence of zeroing. Whilst it may not be enough to satisfy auditors it’s enough for me to be confident to pass the SAN over to a recycling company who can then sanitise it.

Having accurate time configured on Cisco routers is important, if for nothing else being able to look through log files and understand when something happened is imperative. Configuring time on Cisco routers requires three different configuration elements:

  • Configuring an external time source, usually NTP
  • Configuring the device to adjust for summer time/daylight savings
  • (Optionally) using the adjusted time in debugging and logs

I recently picked up two AIR-LAP1142N access points from eBay that had previously been used with a Cisco Wireless LAN controller. As such they were configured with CAPWAP and do allow for independent operation. Cisco access points have three different image types available:

  • Lightweight (Files matching cXXX->k9w8.tar.xxx)
  • Lightweight Recovery (Files matching cXXX-rcvk9w8.tar.xxx)
  • Autonomous (Files matching cXXX-k9w7.tar.xxx)

In order to use the access point without a wireless LAN controller (WLC), the Autonomous image must be installed onto the access point. Thankfully there is a process to convert a lightweight access point to an autonomous one.