Disk sanitization process
Understanding the basics of the disk sanitization process helps you understand what to anticipate during the sanitization process and after it is complete.
The disk sanitization process uses three successive default or user-specified byte overwrite patterns for up to seven cycles per operation. The random overwrite pattern is repeated for each cycle.
Depending on the disk capacity, the patterns, and the number of cycles, the process can take several hours. Sanitization runs in the background. You can start, stop, and display the status of thesanitization process.
The sanitization process contains two phases:
1. Formatting phase
The operation performed for the formatting phase depends on the class of disk being sanitized, as
shown in the following table:
2. Pattern overwrite phase
The specified overwrite patterns are repeated for the specified number of cycles.
When the sanitization process is complete, the specified disks are in a sanitized state. They are not returned to spare status automatically. You must return the sanitized disks to the spare pool before the newly sanitized disks are available to be added to another aggregate.
When disk sanitization cannot be performed
Disk sanitization is not supported for all disk types. In addition, there are times when disk sanitization cannot be performed.
You should be aware of the following facts about the disk sanitization process:
• It is not supported on all SSD part numbers.
For information about which SSD part numbers support disk sanitization, see the Hardware
Universe at hwu.netapp.com.
• It is not supported in takeover mode for systems in an HA pair.
• It cannot be performed on disks that were failed due to readability or writability problems.
• It does not perform its formatting phase on ATA drives.
• If you are using the random pattern, it cannot be performed on more than 100 disks at one time.
• It is not supported on array LUNs.
• If you sanitize both SES disks in the same ESH shelf at the same time, you see errors on the
console about access to that shelf, and shelf warnings are not reported for the duration of the
sanitization.
However, data access to that shelf is not interrupted.
• You can perform disk sanitization on disks using Storage Encryption.
However, there are other methods to obliterate data on disks using Storage Encryption that are faster and do not require an operational storage system.
What happens if disk sanitization is interrupted
Disk sanitization is a long-running operation. If disk sanitization is interrupted by user intervention or an unexpected event such as a power outage, Data ONTAP takes action to return the disks that were being sanitized to a known state, but you must also take action before the sanitization process can finish. If the sanitization process is interrupted by power failure, system panic, or manual intervention, the sanitization process must be repeated from the beginning. The disk is not designated as sanitized.
If the formatting phase of disk sanitization is interrupted, Data ONTAP must recover any disks that were corrupted by the interruption. After a system reboot and once every hour, Data ONTAP checks for any sanitization target disk that did not complete the formatting phase of its sanitization. If any such disks are found, Data ONTAP recovers them. The recovery method depends on the type of the disk. After a disk is recovered, you can rerun the sanitization process on that disk; for HDDs, you can use the -s option to specify that the formatting phase is not repeated again.