SAN and impact of Cache optimization with Eraser

wildelmo

New Member
We currenty use your product in our company to comply with DOD 5220.22 for data cleanup. Our issue is that we currently use a SAN, and the Engineers of the manufacturer are telling us that they cannot guarantee that all passes of overwrites actually make it to disk. Due to Cache optimization. The Architecture of the SAN doesn't allow us to Disable Write cache.

Have you guys seen issues like this? Say with IBM, EMC or Hitachi SAN's?

The problem being stated, is that overwrite passes may be occuring in Cache. And that this interferes with perhaps the 1st or 2nd pass to disk. Can only ensure that the LAST pass makes it to physical blocks.

This would make the Eraser product completely useless for ALL Government Defense contractors who use SAN's. Please, any help will be appreciated on this topic. Perhaps a LONG delay between PASS overwrites (for singe file), to ensure time for cache to flush to disk.
 
Eraser (a program written by volunteers and released under the GPL) specifically does not promise compliance with any official standards. It uses erasing methods sanctioned by certain official standards, but that is not the same thing.

Eraser is specifically designed to work with single hard drives. The authors have advised that its workings are not assured when it is used on an NAS; I am sure that similar considerations would apply to a SAN. Clearly, anything that comes between the file system and the physical drive is an issue for a program like Eraser, which works at a file system level. Even on an ordinary PC, cacheing is a problem; while, in that case, the writes will get through, one can never be sure what data is left in the paging file unless it too is completely overwritten.

Just as a matter of personal opinion, I see no prospect that Eraser would ever attempt to comply with the national standards of a particular country; it would just be too expensive. If someone wanted to take the Eraser code and create some sort of standards compliant application which could compete in whatever bureaucratic obstacle race particular security authorities impose on their contractors, that is allowed under the GPL. For now, I believe that the only pragmatic way to assess the effectiveness of Eraser in a particular environment is to test it, rather than discuss the theoretician possibilities. Erase some files, and then attempt to recover them; do that a statistcally significant number of times, and then assess the results.

David
 
DavidHB - Thanks for the reply. Was hoping that someone had a solution. Figured there was someone who's had a similar problem with this. From what I've seen so far the problem will be with any HOST based writes to SAN.

And agree the problem can be had with any cache, even servers with local RAID controllers. That's why I was thinking that perhaps introducing enough delay between passes could get the writes from cache to disk between passes.
 
wildelmo said:
We currenty use your product in our company to comply with DOD 5220.22 for data cleanup. Our issue is that we currently use a SAN, and the Engineers of the manufacturer are telling us that they cannot guarantee that all passes of overwrites actually make it to disk. Due to Cache optimization. The Architecture of the SAN doesn't allow us to Disable Write cache.
We specify to Windows that the writes must go through disk and flushed to the platters immediately. Unless the SAN ignores such a request (some may) you shouldn't have a problem. We will write to the cache (indirectly, since disk writes must be aligned to certain memory addresses) but Windows sends the instruction to flush the disk cache after every write.

wildelmo said:
Have you guys seen issues like this? Say with IBM, EMC or Hitachi SAN's?
Not really. I didn't really expect enterprise situations to use Eraser.. but thanks for the vote of confidence!

wildelmo said:
The problem being stated, is that overwrite passes may be occuring in Cache. And that this interferes with perhaps the 1st or 2nd pass to disk. Can only ensure that the LAST pass makes it to physical blocks.
I can imagine that that's why most erasure methods include a "verify" phase. But it is impossible to verify that a cryptographically strong pseudorandom block of data is correct... is it? I can't seem to reconcile those facts and hence have not implemented it. For the record, v5 didn't implement verification, either.

wildelmo said:
This would make the Eraser product completely useless for ALL Government Defense contractors who use SAN's. Please, any help will be appreciated on this topic. Perhaps a LONG delay between PASS overwrites (for singe file), to ensure time for cache to flush to disk.
Perhaps... will it help?
 
Back
Top