Virtual Machines, Secure Wiping Software.

Kryten

Old Cow.
Moderator
Joined
Dec 22, 2003
Messages
3,351
Right, I'd not normally post for help on this sort of subject here as I've normally got lots of other resources however this one is a bit of a stumper.

My companies biggest money maker is secure wiping of hard drives, in or out of their respective laptops/desktops/servers/racks/arrays etc.
We *have* to use a particular peice of software which limits us to doing 4 drives at a time in any circumstance. We can artificially increase this to 16 drives by making 4 RAID arrays - however this eliminates the assett tracking side of things as serial numbers of individual drives are no longer recorded.

We are starting to get more and more drives separately, outside of the units - normally in caddies - mainly Sun, HP, Dell and IBM and currently I have 3000 drives, mostly HP/Compaq to get through.

Currently, I have built up 4 racks with 10 HP Proliant 580's in each, meaning I can do 120 units at a time - but this obviously takes a lot of juice and a lot of space. It takes an average of 4 hours to wipe the batch of drives.

We can *not* change the software, being the most obvious answer. We are bound by regulations by the government and other organisations who's names I'm not allowed to divulge to use that software because of the standards of wiping it can do (hence the time taken).

However, I have had an idea that may help treble production time - using a virtual server system, running 8 virtual machines per physical unit and using a drive enclosure hooked up to each unit, with 4 drives allocated to a certain SCSI channel and then to a certain virtual machine. However, I've tried this with VMWare and MS Virtual Server to no avail - the software boots from LAN and freezes - this I suspect is down to the software layer (the virtual machine) between the hardware and the wiping software. I've thought about ESX and Xen Server on other's recommendations however as hard as I look, I've not got the hardware requirements to do that (mainly 64bit hardware - everything we have is P4 HT or MP Xeons, neither of which are 64bit/em64t). Apparently these packages are lower level than the likes of VMware (although I know ESX=VM) and Virtual Server, however not being able to directly test them I cant confirm this.

So, questions being:
1) does anyone have experience with ESX or Xen and probably more importantly;
2) would this idea be likely to work in the first place;
3) if neither of the above, any other cunning plans I can look at to save time, hardware, space and electricity bills?
 

GReaper

Resident Freddy
Joined
Dec 22, 2003
Messages
1,979
Maybe with Xen, but you haven't given much detail on the software you use apart from the fact it can't be replaced.

With Xen you can hide a PCI device from dom0 (the main host server) and allocate it to a domU (an individual virtual server). However if this appears as a single device to the machine then you could possibly allocate particular devices to a virtual server instead, but I'm not entirely sure how this would affect your tracking.

The only other issue is performance, a virtualised solution might suffer a performance penalty for IO. Everyone praises virtualisation but there is always a penalty to pay for it.

Surely you can get a single machine to test it?
 

Rubric

Part of the furniture
Joined
Dec 22, 2003
Messages
2,145
Smash them up. Burn them. Smash them up again.

Piss on them.
 

GReaper

Resident Freddy
Joined
Dec 22, 2003
Messages
1,979
Good point. We're considering the technical solution here and the best damn solution is to physically destroy them!

That'll save you a few thousand hours. :p
 

Kryten

Old Cow.
Moderator
Joined
Dec 22, 2003
Messages
3,351
Aye :D

Found such a single machine to try it with GReaper - stumbled across a crappy Acer HTPC with an AMD 64 3200 in it.
Fixed it up, found a hard drive, slapped in scsi card and fired up Xen with an array of 14 drives.

Lo and behold, all the wiping software sees is the "virtual" drive before it's bridge to the physical unit, wiping out any tracking details.

So pretty much that's my super duper idea out the window.

I'm now looking at a similar (in a physical way) setup using 2 blade servers (6 blades per server) and a rack full of enclosures. Still takes up space but far less than how it's being done at the moment - but just means I need to get some proper 3 phase juice into the building.

There's not much information I can give about the software - It's based/built on Linux, communicates with a central database server where it sends all the final wiping results and asset management information after the wipe. Can boot from PXE or CD and the above information can either be directly sent to the server or saved to physical medium i.e. usb stick or floppy disk and imported to database separately.

Drives that can't be wiped are indeed physically shredded (our machine is good fun to watch) but naturally in a recycling and re-use environment the idea is to keep them working and reuse them elsewhere as often as possible.

Cheers anyway, always appreciate some second opinions and ideas :)
 

GReaper

Resident Freddy
Joined
Dec 22, 2003
Messages
1,979
Could you put in multiple SCSI cards into a machine and pass the PCI device to a virtual server? Hardly as efficient but it might work.

Some documentation about it is available here. I've never bothered testing any PCI hiding features as I've never really needed it.

Test it with a couple of cards and see if it works!
 

Kryten

Old Cow.
Moderator
Joined
Dec 22, 2003
Messages
3,351
Yeah I did that with Xen, which is pretty much the only Virtual Server system that nearly worked.

I'm not really too fussed - we don't plan on getting another 3000 drives in bulk sometime soon but I do want to be a little better prepared.

Never mind, I'll keep hoping the software gets re-approved sometime soon :D
 

Users who are viewing this thread

Top Bottom