Secure Data Overwrite, protecting your data once you're done with it.
Mike_Stenson 270006BAK6 Visits (6509)
Secure Data Overwrite (SDO) is a method of securely overwriting data on DS8000 series storage. While it's most often referred to for discontinuing existing storage, it's use is not only limited to this.
There are other reasons that someone may wish to have SDO run on their machine. For example, if you are physically moving a storage device to a separate location, you may wish to utilize SDO to secure your data in transit. Also, if you're repurposing your storage for use by another department (for example, a machine which stored sensitive personal information is to be repurposed for any other purpose) this would be a good option to ensure that the data is unretrievable. This can be extremely helpful in industries with specific regulatory requirements, such as the financial or health care industries in ensuring compliance when reutilizing existing hardware.
WIth DS8870 microcode announced on June 4 (LMC 7.7.10.xx on DS8870) there have been improvements to the process. The first improvement is the addition of a cryptoerase of the drives prior to overwriting. This is possible since all DDMs in the DS8870 are full data encryption drives. What this means is that the drives internal key is obfuscated, then recreated, which renders the data on the drive as unreadable. The second is allowing for a single pass over-write of the storage DDMs. This does improve the over-all time to completion, but keep in mind that the HMC possesses a larger hard drive and this drive takes considerably longer than the SAS drives in backend storage to over-write (there has been no change, the non-FDE drive in the HMC is over-written three times regardless of microcode level currently).
A brief over view of the current process is as follows:
( for more information see,
This whole process is time consuming, the amount of time is dependent on the total size of the storage and can take several days due for this to complete.
This service was previously available as an STG Lab Services offering, however as of release 6.2 (LMC 18.104.22.168 for DS8700 or 22.214.171.124 for DS8800) your IBM Service Representative can perform this for you as a billable service.
If you're interested in SDO on either a DS8700, or a DS8800 the process is very similar, you simply need to be running supported microcode. The only differences are that there is no initial cryptoerase, and as such all SDO processes perform a three-pass over-write on all drives (storage DDMs, LPAR, and HMC drives).