IBM Tivoli Storage Manager, Version 7.1

Setting up shredding

You must configure Tivoli® Storage Manager so that data identified as sensitive is stored only in storage pools that will enforce shredding after that data is deleted.

Procedure

Complete the following steps to set up your shredding configuration:

  1. Specify that you want data to be shredded either automatically after it is deleted or manually by an administrator. You can specify how shredding is to be done by setting the SHREDDING server option. 
    shredding automatic
    You can also set the shredding option dynamically by using the SETOPT command.
  2. Set up one or more random access disk storage pool hierarchies that will enforce shredding and specify how many times the data is to be overwritten after deletion. For example, 
    define stgpool shred2 disk shred=5
define stgpool shred1 disk nextstgpool=shred2 shred=5
  3. Define volumes to those pools, and specify disks for which write caching can be disabled. AIX operating systems HP-UX operating systems Linux operating systems Oracle Solaris operating systems 
    define volume shred1 
	/var/storage/bf.dsm formatsize=100
define volume shred2 
	/var/storage/bg.dsm formatsize=100
    Windows operating systems 
    define volume shred1 j:\storage\bf.dsm formatsize=100
define volume shred2 m:\storage\bg.dsm formatsize=100
  4. Define and activate a policy for the sensitive data. The policy will bind the data to a management class whose copy groups specify shred storage pools. 
    define domain shreddom
define policyset shreddom shredpol
define mgmtclass shreddom shredpol shredclass
define copygroup shreddom shredpol shredclass type=backup
	destination=shred1
define copygroup shreddom shredpol shredclass type=archive
	destination=shred1
activate policyset shreddom shredpol
  5. Identify those client nodes whose data should be shredded after deletion, and assign them to the new domain. 
    update node engineering12 domain=shreddom

Results

If you have specified manual shredding with the SHREDDING server option, you can start the shredding process by issuing the SHRED DATA command. This command lets you specify how long the process will run before it is canceled and how the process responds to an I/O error during shredding. For objects that cannot be shredded, the server reports each object.

Note: If you specify manual shredding, run the SHRED DATA command regularly, at least as often as you perform other routine server-maintenance tasks (for example, expiration, reclamation, and so on). Doing so can prevent performance degradation of certain server processes (in particular, migration). For best results, run SHRED DATA after any operation (for example, expiration and migration) that deletes files from a shred pool.
To see the status and amount of data waiting to be shredded, you can issue the QUERY SHREDSTATUS command. The server reports a summary of the number and size of objects waiting to be shredded. To display detailed information about data shredding on the server, issuing the following command: 
query shredstatus format=detailed
Figure 1 displays a detailed report for the storage pool.
Figure 1. Querying shredding status
Shredding  Objects  Occupied   Data left
 Active   Awaiting    Space     to shred
            Shred      (MB)       (MB)
--------- --------  --------  ---------- 
    NO        4        182        364

When data shredding completes, a message is issued that reports the amount of data that was successfully shredded and the amount of data that was skipped, if any.

Parent topic: Securing sensitive client data

Feedback