If you are concerned about sensitive data on a hard disk, you have several options to erase the data. You can dispose of the disk drive yourself and purchase a replacement drive, you can remove the disks from the appliance and use your own disk wiping utility, or you can wipe the data using the hidden RiOS CLI command datastore wipe.
The datastore wipe command is available in RiOS versions 5.0.7 and 5.5.1 and later, and is used within config mode (for earlier version 5.0 releases, please contact Riverbed Technical Support). Because datastore wipe is a hidden command, it will not auto-complete with the Tab key. The command starts multiple overwrites of the segment store and PFS and RSP partitions in accordance with NNSA Policy Letter NAP-14.x. (The underlying Linux command is scrub.)
Important: Before you use the datastore wipe command to clear the disk data, understand the following:
The scrubbing takes a very long time and if you close the CLI session that runs the command, the scrub will not complete. Because of this, Riverbed strongly advises you run the command from the console. The scrub on larger appliances may take more than 24 hours and it requires several hours on even the smallest units. If you run the command from a SSH session and log out of your machine (or disconnect your laptop) before it completes, the command will not clear the disk successfully.
The command will halt the system, but will not clear the configuration including secure vault. To clear the configuration including secure vault, you will need to reboot the SteelHead and run the reset factory command.
You only need to wipe the data store if you want to completely erase sensitive data, for example prior to shipping the SteelHead back to Riverbed.
The datastore wipe command will completely erase the PFS and RSP partitions.
For version 5.0.7 and 5.5.1 and later, use the command sequence:
SH > enable SH # config terminal SH (config) # no cli session auto-logout SH (config) # datastore wipe
Wait for it to finish; reboot if desired and do: SH > enable SH # config terminal SH (config) # secure-vault new-password <new random password> SH (config) # reset factory
How Effective is the Data Store Wipe?
After following the data store wipe process, the data store will be wiped in accordance with the NNSA Policy Letter draft in 2005.This writes over the data store twice with random (or pseudo-random)data and once with a known pattern of data. The configuration erase process (reset factory) deletes the configuration but the configuration portion of the disk is not wiped following the NNSA procedure -- it only performs a conventional operating system delete. Due to this it's recommended to first set the secure vault password to a non-default random value before starting the configuration erase process.
Data Recovery is a complex exercise and you will need to consult with security and legal resources to assess whether the process discussed in the NNSA Policy Letter NAP-14.x is suitable for your purposes.