IBM Support

Sanitize Disk PRPQ Announcement Letter and Readme Information

Troubleshooting


Problem

This document provides information about PRPQ 5799SD1 IBM i5/OS Disk Sanitizer.

Resolving The Problem

This document provides information about PRPQ 5799SD1 IBM i5/OS Disk Sanitizer.

This PRPQ has been withdrawn, however, IBM i Lab Services provides support for it.

IBM Disk Sanitizer for i provides a method to sanitize disk drives by overwriting all addressable locations on the disk drive three times. The Sanitizer meets the specifications listed in Department of Defense (DoD) specification 5220.22-M. A record of all drives sanitized is created for audit purposes. For more information, contact Mike Gordon at [email protected].

Overview
IBM Disk Sanitizer for i5/OS provides a method for the customer to sanitize (securely erase) disk drives by overwriting all addressable locations on the disk drive three times. The Sanitizer meets the specifications listed in Department of Defense (DoD) specification 5220.22-M. A record of all drives sanitized is created for audit purposes.

Benefits
o Reduces risk of data theft and accidental information dissemination
o Provides regulatory compliance by meeting rigorous DoD standards and furnishing appropriate audit trail documentation
o Allows customers to reduce costs by re-using or selling storage assets rather than destroying them

Planned availability date: July 6, 2007

5799-SD1

Eligible Business Partners
o IBM Business Partner -- Solutions Providers who acquire IBM products directly from IBM
o IBM Business Partner -- Systems Integrators
o IBM Business Partner -- Distributors

Description
When a disk unit is erased or formatted, the original data can sometimes be reconstructed using specialized methods and tools.

To address the problem of this residual data, the U.S. Department of Defense (DoD) created guidelines for media re-use which require compliance by all agencies handling national security information.
National and state legislation, such as the Health Information Portability and Accountability Act (HIPAA), have used the DoD specification to ensure that data is securely erased before a disk drive is re-purposed or discarded.

The IBM Disk Sanitizer for i5/OS overwrites all addressable locations on a disk drive with three different patterns of data.

A record of all drives sanitized is created for audit purposes.

Terms and Conditions
Prerequisites: One of the following sets of PTFs must be installed before the restore licensed program command is run:

o i5/OS Version 5 Release 3 with PTF SI27653 and MF41753
o i5/OS Version 5 Release 3 with Licensed Internal Code Version V5R3M5 with PTF SI27653 and MF41750
o i5/OS Version 5 Release 4 Modification 0 with PTF MFSI27656 and MF41751
o i5/OS Version 5 Release 4 Modification 5 with PTF MFSI27656 and MF41752

Restrictions and Limitations:

  • Only non-configured units can be sanitized
  • Units located under the same input/output processor (IOP) as the load source cannot be sanitized
  • Device parity protection must be stopped prior to running SANITIZE


The IOP is reset after each overwrite pass. There will be a short delay when configured disk units under the IOP being reset are not available.

Because this is a write-intensive task, there may be performance issues. It is recommended to run this procedure during off-peak hours.

Documentation
After installation, review the README section of the i5/OS README file in the QSD1 library for instructions on this product. Use DSPPFM FILE(QSD1/README) MBR(README) to display this file.

Ordering Information
Description PRPQ Number
IBM Disk Sanitizer for i5/OS 5799-SD1

Terms and Conditions
IBM Business Partner Exhibit

o U.S.: Z125-5505
o Canada: 0856

Product Category (U.S.): B
Distributor Schedule A Applies: Yes
North American Business Partner Program: Yes
Permission to copy: Permission to copy not granted
Licensing: IPLA
Warranty: Non warranted (as is)
Software guarantee: Basic license -- two months
National language version: This PRPQ will install and run correctly on any national language version. It is shipped with upper/lower case English (#2924) only.
Program support: Program service will be available until December 31, 2010.

Trademarks
i5/OS is a trademark of International Business Machines Corporation in the United States or other countries or both. Other company, product, and service names may be trademarks or service marks of others.

PRPQ 5799-SD1 READ ME INSTRUCTIONS

This PRPQ (5799SD1) works only on i5/OS V5R3M0 and later releases, from: http://www-01.ibm.com/common/ssi/ShowDoc.jsp?docURL=/common/ssi/rep_rp/3/ENUSP84513/index.html&breadCrum=DET001PT288&url=buttonpressed=DET001PT008&page=0&user+type=EXT&submit.x=12&submit.y=6&lang=en_US

Support
This product is now supported by IBM i Lab Services through Mike Gordon at [email protected]. It was previously supported via developerWorks.

Installation
Before you install this program, verify that the correct PTFs, listed below, are loaded and applied on your system.

To install, run:

RSTLICPGM LICPGM(5799SD1) DEV(OPT01) LNG(2924)

Note: The default value for the keyword parameter "LNG" (language for licensed program) is *PRIMARY. If you do not change it to "2924," the default value for this key word parameter will be the same as the "Primary National Language Version" of your i5/OS system. Because this product supports all national language versions, this product provides only national language version of 2924.

If your system primary national language version is not 2924: You will see "*NOPRIMARY" on the "INSTALLED STATUS" column of the "DISPLAY INSTALLED LICENSED PROGRAMS" status screen (if you want to see the status, run GO LICPGM, choose Option 10). This is normal. You have everything you need for this product if you did not receive any error messages during the installation process.

Note: The device name for your CD might be different than OPT01. You need to change your RSTLICPGM DEV parameter according to your optical device name.

After you install this product, a library named QSD1 is created.

To delete this product, run GO LICPGM and select option 12. Type 4 in front of licensed program 5799SD1.

For users who were asked to install this product by an IBM business partner or an independent software vendor, follow the instructions from your software provider. Your software provider will most likely give you a list of commands to issue after installing this product.

Required PTFs
If you will be running this PRPQ on a system with the following release shown below, the following PTFs must be applied to your system for the PRPQ to function properly:

V5R3M0 i5/OSV5R3M5 LICV5R4M0 i5/OSV5R4M5 i5/OS
SI27653
MF41753
SI27653
MF41750
SI27656
MF41751
SI27656
MF41752

Description
IBM Disk Sanitizer for i5/OS provides a method for the customer to sanitize (securely erase) disk drives by overwriting all addressable locations on the disk drive three times.

Format
The Disk Sanitizer is accessed using a macro interface from either the Dedicated Service Tools (DST) menu or the System Service Tools (SST) menu.

Note: Device parity protection must be stopped prior to running SANITIZE.

1. From DST or SST, select Start a service tool.
2. Select Display/Alter/Dump.
3. Select Display/Alter storage.
4. Select Licensed Internal Code (LIC) data.
5. Select Advanced Analysis (you will need to scroll down to see this option).
6. At the Select Advanced Analysis Command screen, there is a blank line at the top. Type 1 in the Option column to select this line, then type SANITIZE and press Enter.
7. Type -H to display the help text listed below.

Help Text
This macro is used to securely erase non-configured disk units. The IBM Disk Sanitizer for i5/OS overwrites all addressable locations on a disk drive with three different patterns of data.

Between each pattern, the input/output processor (IOP) controlling the disk unit(s) will be reset. This will affect the availability of other disk units controlled by the same IOP and will affect the performance of the system.

An entry will be added to the Product Activity Log (PAL) listing each unit selected to be sanitized and an indication of whether the unit passed or failed to sanitize.

The PAL System Reference Code (SRC) is srcB6000231 for all units on which sanitize ran successfully. The PAL SRC is srcB6000232 for all units on which sanitize did not run successfully.

The control panel will display the srcC6XX0230 during the sanitize procedure. The XX will be replaced with the percent complete.

Usage:
SANITIZE -HELP -- Displays this help screen.
SANITIZE -LIST -- Lists the disk units that are available to be sanitized.
SANITIZE -ALL -- Runs sanitize processing on all available disk units.
SANITIZE -UNIT <list> -- Runs sanitize processing on a list of units. The list must contain the resource name of each unit separated by one or more spaces.
SANITIZE -README -- Displays the README file.

Sample usage:
SANITIZE -HELP
SANITIZE -LIST
SANITIZE -ALL
SANITIZE -UNIT DD005
SANITIZE -UNIT DD005 DD008 DD013
SANITIZE -README

How to print the audit report to a spooled file
1.From System Service Tools (SST), select Start a service tool.
2.Select Display/Alter/Dump.
3.Select Display/Alter storage.
4.Select Licensed Internal Code (LIC) data.
5.Select Advanced analysis.
6.Select the SANITIZE command.
7.Type the sanitize options to select the disks to sanitize. Use the –HELP option for more information.
8.You will see a screen that shows the selected units. Verify that the units you selected can be sanitized.
9.Record the options displayed at the top of the screen after the word SANITIZE. Example: -UNIT DD005 DD024
10.Press F3 to return to the Display/Alter dump output device menu.
11.Select Dump to printer.
12.Select Licensed Internal Code (LIC) data.
13.Select Advanced analysis.
14.Select the SANITIZE command.
15.Type the options you recorded in Step 9 and add the option –CONFIRM at the end of the line. Example: -UNIT DD005 DD024 –CONFIRM
16.The sanitize operation may take many minutes to complete. The SRC C6XX0230 on the system control panel displays the status of the sanitize operation, where XX is the percentage complete.
17.When the sanitize operation has completed, use WRKSPLF to display or print the spooled file.

Cautions/Limitations
oOnly non-configured units can be sanitized.
oUnits located under the same input/output processor (IOP) as the load source cannot be sanitized.
oThe IOP is reset after each overwrite pass, and there will be a short delay when configured disk units under the IOP being reset are not available.
oOnly physical disk drives under a physical storage adapter assigned to IBM i can be sanitized.
oBecause this is a write-intensive task, there may be performance issues. It is recommended to run this procedure during off-peak hours.

Trademarks
System i and i5/OS are registered trademarks of International Business Machines Corporation in the United States or other countries or both. Other company, product, and service names may be trademarks or service marks of others.

The capability to sanitize SSD on 7.1 is added by PTF MF52834, which is not part of any Technology Refresh (TR). This Immediate Apply PTF can be loaded independently of 7.1 TR3.

IBM Disk Sanitizer for i5/OS™ PRPQ, 5799-SD1 has been enhanced to sanitize SSDs by the following PTFs:

o i5/OS Licensed Internal Code Version V6R1M0 MF50875
o i5/OS Licensed Internal Code Version V6R1M1 MF50873
o i5/OS Licensed Internal Code Version V7R1M0 MF52834

The Disk Sanitizer is accessed using a macro interface from either the Dedicated Service Tools (DST) menu or the System Service Tools (SST) menu.

From DST or SST, do the following:

1. Select Start a service tool
2. Select Display/Alter/Dump
3. Select Display/Alter storage
4. Select Licensed Internal Code (LIC) data
5. Select Advanced Analysis (scroll down to see this option)

At the Select Advanced Analysis screen, there is a blank line at the top. Type1 in the Option column to select this line, then type SSDSANITIZE and press Enter.

The following link is for the Sanitize readme (Note: This was written prior to the release of SSDs): ftp://public.dhe.ibm.com/systems/support/system_i/tools/PRPQ5799SD1README.pdf

Additional documentation is located at the Sanitizer Web site: http://www-947.ibm.com/systems/support/i/disksanitizer/index.html

[{"Type":"MASTER","Line of Business":{"code":"LOB57","label":"Power"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG60","label":"IBM i"},"Platform":[{"code":"PF012","label":"IBM i"}],"Version":"6.1.0"}]

Historical Number

454862776

Document Information

Modified date:
18 December 2019

UID

nas8N1014286