1. No category

PDF - Complete Book (3.01 MB)

Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
Cisco MDS 9000 Family
Secure Erase Configuration Guide
For Cisco MDS 9500 and 9200 Series
Cisco MDS 9000 NX-OS Release 5.0(1a)
February 2010
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Text Part Number: OL-21472-01
Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL
STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT
WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT
SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE
OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public
domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH
ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT
LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF
DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,
WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
CCDE, CCENT, CCSI, Cisco Eos, Cisco HealthPresence, Cisco IronPort, the Cisco logo, Cisco Nurse Connect, Cisco Pulse, Cisco SensorBase, Cisco StackPower,
Cisco StadiumVision, Cisco TelePresence, Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels, Flip for Good, Flip Mino, Flipshare (Design), Flip Ultra,
Flip Video, Flip Video (Design), Instant Broadband, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn, Cisco Capital,
Cisco Capital (Design), Cisco:Financed (Stylized), Cisco Store, Flip Gift Card, and One Million Acts of Green are service marks; and Access Registrar, Aironet, AllTouch,
AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo,
Cisco IOS, Cisco Lumin, Cisco Nexus, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation,
Continuum, EtherFast, EtherSwitch, Event Center, Explorer, Follow Me Browsing, GainMaker, iLYNX, IOS, iPhone, IronPort, the IronPort logo, Laser Link, LightStream,
Linksys, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, PCNow, PIX, PowerKEY, PowerPanels, PowerTV, PowerTV (Design),
PowerVu, Prisma, ProConnect, ROSA, SenderBase, SMARTnet, Spectrum Expert, StackWise, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc.
and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship
between Cisco and any other company. (0910R)
Cisco MDS 9000 Family Secure Erase Configuration Guide
© 2010 Cisco Systems, Inc. All rights reserved.
Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
CONTENTS
New and Changed Information
Preface
vii
ix
Audience
ix
Organization
ix
Document Conventions
x
Related Documentation xi
Release Notes xi
Compatibility Information xi
Regulatory Compliance and Safety Information xi
Hardware Installation xi
Cisco Fabric Manager xi
Command-Line Interface xii
Intelligent Storage Networking Services Configuration Guides
Troubleshooting and Reference xii
Installation and Configuration Notes xii
Obtaining Documentation and Submitting a Service Request
CHAPTER
1
xii
xii
About Secure Erase 1-1
Secure Erase Job 1-2
Secure Erase Session 1-2
Concepts and Terminology
Features and Capabilities
1-3
1-4
Requirements and Prerequisites 1-5
Software Requirements 1-5
Hardware Requirements 1-5
Software Licenses 1-5
CHAPTER
2
Configuration Overview
2-1
Configuration Process 2-1
Obtaining Information 2-2
Setting Up Cisco Secure Erase 2-3
Job Configuration 2-4
Recovering Secure Erase Configuration
2-5
Cisco MDS 9000 Family Secure Erase Configuration Guide
OL-21472-01, Cisco MDS NX-OS Release 5.x
iii
Contents
Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
CHAPTER
Provisioning Secure Erase on the MSM
3
3-1
Using the Secure Erase Pre-Configuration Wizard
Configuring MDS Modules for Secure Erase
3-3
3-5
Creating a Secure Erase Workflow Using Fabric Manager
Creating a Secure Erase Job Using Fabric Manager
Displaying Secure Erase Job Status 3-18
APPENDIX
A
Secure Erase CLI Command Reference
add-session vsan
A-2
add-step dynamic
A-3
add-step static
add-tgt vsan
add-vi vsan
empty
3-13
3-14
A-1
A-4
A-5
A-6
A-8
secure-erase abort job
A-9
secure-erase create algorithm
secure-erase create job
A-10
A-11
secure-erase create-vi vsan
A-12
secure-erase destroy algorithm
secure-erase destroy job
A-14
secure-erase destroy-vi vsan
secure-erase start job
A-16
secure-erase stop job
A-17
secure-erase validate job
A-19
A-21
show secure-erase job detail
show secure-erase vsan
A-15
A-18
show secure-erase algorithm
show secure-erase job
A-13
A-22
A-23
Cisco MDS 9000 Family Secure Erase Configuration Guide
iv
OL-21472-01, Cisco MDS NX-OS Release 5.x
Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
New and Changed Information
Table 1 summarizes the new and changed features for the Cisco MDS 9000 Family Secure Erase
Configuration Guide and tells you where they are documented. The table includes a brief description of
each new feature and the release in which the change occurred.
Note
As of NX-OS Release 4.1(1), SAN-OS has been changed to NX-OS. References to SAN-OS releases
before 4.1(1) still apply.
Table 1
Documented Features for the Cisco MDS 9000 Family Secure Erase Configuration
Guide, Release 5.x
Changed
in Release Where Documented
Feature
Description
Configuring
Secure Erase
Using Fabric
Manager
Added the Secure Erase
Pre-Configuration Wizard.
Added Creating Secure Erase Jobs
Using Fabric Manager.
5.0(1a)
Chapter 3, “Configuring
Secure Erase Using Cisco
Fabric Manager”
Added Secure Erase Job Status View.
Cisco MDS 9000 Family Secure Erase Configuration Guide
OL-21472-01, Cisco MDS NX-OS Release 5.x
vii
New and Changed Information
Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
Cisco MDS 9000 Family Secure Erase Configuration Guide
viii
OL-21472-01, Cisco MDS NX-OS Release 5.x
Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
Preface
This preface describes the audience, organization, and conventions of the Cisco MDS 9000 Family
Secure Erase Configuration Guide. It also provides information on how to obtain related documentation.
Audience
This guide is intended for experienced network administrators who are responsible for planning,
installing, configuring, and maintaining Cisco MDS 9000 Secure Erase.
Organization
This document is organized as follows:
Chapter
Title
Description
Chapter 1
Product Overview
Provides an overview of Cisco MDS Secure
Erase.
Chapter 2
Configuring Secure Erase
Describes the installation, provisioning, and
configuration tasks.
Appendix A
Secure Erase CLI Command
Reference
Syntax and usage guidelines for Cisco MDS
Secure Erase CLI commands.
Cisco MDS 9000 Family Secure Erase Configuration Guide
OL-21472-01, Cisco MDS NX-OS Release 5.x
ix
Preface
Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
Document Conventions
Command descriptions use these conventions:
boldface font
Commands and keywords are in boldface.
italic font
Arguments for which you supply values are in italics.
[ ]
Elements in square brackets are optional.
[x|y|z]
Optional alternative keywords are grouped in brackets and separated by
vertical bars.
Screen examples use these conventions:
screen font
Terminal sessions and information the switch displays are in screen font.
boldface screen font
Information you must enter is in boldface screen font.
italic screen font
Arguments for which you supply values are in italic screen font.
< >
Nonprinting characters, such as passwords, are in angle brackets.
[ ]
Default responses to system prompts are in square brackets.
!, #
An exclamation point (!) or a pound sign (#) at the beginning of a line of code
indicates a comment line.
This document uses the following conventions:
Note
Caution
Means reader take note. Notes contain helpful suggestions or references to material not covered in the
manual.
Means reader be careful. In this situation, you might do something that could result in equipment
damage or loss of data.
Cisco MDS 9000 Family Secure Erase Configuration Guide
x
OL-21472-01, Cisco MDS NX-OS Release 5.x
Preface
Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
Related Documentation
The documentation set for the Cisco MDS 9000 Family includes the following documents. To find a
document online, use the Cisco MDS SAN-OS Documentation Locator at:
http://www.cisco.com/en/US/docs/storage/san_switches/mds9000/roadmaps/doclocater.htm
Release Notes
•
Cisco MDS 9000 Family Release Notes for Cisco MDS SAN-OS Releases
•
Cisco MDS 9000 Family Release Notes for Storage Services Interface Images
•
Cisco MDS 9000 Family Release Notes for Cisco MDS 9000 EPLD Images
Compatibility Information
•
Cisco MDS 9000 SAN-OS Hardware and Software Compatibility Information
•
Cisco MDS 9000 Family Interoperability Support Matrix
•
Cisco MDS Storage Services Module Interoperability Support Matrix
•
Cisco MDS SAN-OS Release Compatibility Matrix for Storage Service Interface Images
Regulatory Compliance and Safety Information
•
Regulatory Compliance and Safety Information for the Cisco MDS 9000 Family
Hardware Installation
•
Cisco MDS 9124 Multilayer Fabric Switch Quick Start Guide
•
Cisco MDS 9500 Series Hardware Installation Guide
•
Cisco MDS 9200 Series Hardware Installation Guide
•
Cisco MDS 9100 Series Hardware Installation Guide
Cisco Fabric Manager
•
Cisco MDS 9000 Family Fabric Manager Quick Configuration Guide
•
Cisco MDS 9000 Family Fabric Manager Configuration Guide
•
Cisco MDS 9000 Family Fabric Manager Database Schema
Cisco MDS 9000 Family Secure Erase Configuration Guide
OL-21472-01, Cisco MDS NX-OS Release 5.x
xi
Preface
Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
Command-Line Interface
•
Cisco MDS 9000 Family Software Upgrade and Downgrade Guide
•
Cisco MDS 9000 Family Storage Services Module Software Installation and Upgrade Guide
•
Cisco MDS 9000 Family CLI Quick Configuration Guide
•
Cisco MDS 9000 Family CLI Configuration Guide
•
Cisco MDS 9000 Family Command Reference
Intelligent Storage Networking Services Configuration Guides
•
Cisco MDS 9000 Family Data Mobility Manager Configuration Guide
•
Cisco MDS 9000 Family Storage Media Encryption Configuration Guide
Troubleshooting and Reference
•
Cisco MDS 9000 Family Troubleshooting Guide
•
Cisco MDS 9000 Family MIB Quick Reference
•
Cisco MDS 9000 Family SMI-S Programming Reference
•
Cisco MDS 9000 Family System Messages Reference
Installation and Configuration Notes
•
Cisco MDS 9000 Family SSM Configuration Note
•
Cisco MDS 9000 Family Port Analyzer Adapter Installation and Configuration Note
•
Cisco 10-Gigabit X2 Transceiver Module Installation Note
•
Cisco MDS 9000 Family CWDM SFP Installation Note
•
Cisco MDS 9000 Family CWDM Passive Optical System Installation Note
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, submitting a service request, and gathering additional
information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and
revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the What’s New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed
and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free
service and Cisco currently supports RSS version 2.0.
Cisco MDS 9000 Family Secure Erase Configuration Guide
xii
OL-21472-01, Cisco MDS NX-OS Release 5.x
Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
CH A P T E R
1
Product Overview
Cisco Secure Erase is a SAN-based product that erases existing data on a specific Logical Unit Number
(LUN) on a storage array. The data erased using Secure Erase cannot be reconstructed.
Cisco Secure Erase runs on the Cisco MDS 9000 18/4-Port Multiservice Module (MSM-18/4 module)
and MDS 9222i switch. The MSM-18/4 module and 9222i switch are together called as the Secure Erase
node.
The MSM-18/4 module must be installed on the Cisco MDS switch on which you want to run Cisco
Secure Erase.
This chapter includes the following sections:
•
About Secure Erase, page 1-1
•
Concepts and Terminology, page 1-3
•
Features and Capabilities, page 1-4
•
Requirements and Prerequisites, page 1-5
About Secure Erase
Cisco Secure Erase for the Cisco MDS 9500 or 9200 family of switches provides significant advantages
over traditional data erase mechanisms. These advantages include platform independence, higher speed,
lower cost, and easier deployment.
Cisco Secure Erase uses special algorithms to erase data. These algorithms erase data by specifying
pattern sequences that are repeatedly written to the target media. This process overcomes the traditional
problem of data remanance.
Cisco MDA 9000 Family Secure Erase Configuration Guide
OL-21472-01, Cisco MDS NX-OS Release 5.x
1-1
Chapter 1
Product Overview
About Secure Erase
Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
Figure 1-1
Cisco Secure Erase Topology
Virtual Initiators on
Secure Erase node
FC
Storage Arrays
280215
FC
The Secure Erase feature runs on the MSM-18/4 module intelligent line card, which is responsible for
managing the data erasing process. This process is executed by virtual initiators (VIs) created on the
MSM-18/4 module. The host or servers connected to SAN the have no role in the data-erasing process.
The storage ports can be connected anywhere in the SAN provided they are accessible from the switch
where Cisco Secure Erase is running.
Secure Erase Job
A Secure Erase job contains information about the following:
•
Target Enclosures where Secure Erase functions are performed. A single target enclosure can be
made up of multiple ports spanning multiple VSANs.
•
Storage port(s) coming out of the Storage Enclosure. These storage ports can belong to separate
VSANs.
•
VIs that will execute Secure Erase operations. Like target ports, a job also contains VIs that are part
of different VSANs.
•
Secure Erase sessions.
All actions such as start, stop, abort, and validate are performed at the job level. These actions impact
all sessions in a job.
Secure Erase Session
A Secure Erase session is a unit of erase that is defined by the following parameters:
•
Target LUN(s) where Secure Erase needs to be performed.
•
Storage port with which you would access the above mentioned LUN.
•
Secure Erase algorithm to be used for the erase procedure.
•
Virtual Initiator is selected out of the VIs available in the job automatically. The selection is based
on a load-balancing algorithm.
Cisco MDA 9000 Family Secure Erase Configuration Guide
1-2
OL-21472-01, Cisco MDS NX-OS Release 5.x
Chapter 1
Product Overview
Concepts and Terminology
Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
Concepts and Terminology
Cisco Secure Erase uses the following concepts and terminologies:
Secure Erase
Cisco Secure Erase is a SAN-based feature that erases existing data on a specific target. The data erased
through Secure Erase cannot be reconstructed.
Secure Erase Job
Secure Erase job is an enclosure where multiple target ports and VIs that belong to different VSANs can
be added.
Secure Erase Session
Secure Erase session is a unit of Secure Erase operation that contains the target and algorithms to be
used.
Secure Erase Algorithm
Secure Erase is based on erase algorithms recommended by the United States Department of Defense,
the Royal Canadian Police and NIST-800-88 algorithm recommended by the National Institute of
Standards and Technology, agency of US Department of Commerce.
Secure Erase algorithms specify a sequence of patterns to be written on physical media with the objective
of erasing the data and overcoming the problem of data remanence.
MSM
An MSM-18/4 module is an MDS switch module that provides intelligent services. The Secure Erase
feature is executed on the MSM-18/4 module.
VI
A VI is a Virtual Initiator residing on the MSM-18/4 module.
LUN
A Logical Unit Number (LUN) is a unit of storage that you can specify for Secure Erase. The LUN is
only a unique number in the content of a storage port.
FUA
A FUA is a Force Unit Access bit. Secure Erase turns the bit on in all the writes.
Cisco MDA 9000 Family Secure Erase Configuration Guide
OL-21472-01, Cisco MDS NX-OS Release 5.x
1-3
Chapter 1
Product Overview
Features and Capabilities
Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
Features and Capabilities
Cisco Secure Erase has the following features and capabilities:
Configuration Using CLI
Secure Erase provides a set of CLI commands. The CLI runs on the supervisor and the requests are
directly sent to the Secure Erase process running on the Secure Erase node.
Support Function
Secure Erase supports multiple storage ports and multiple storage arrays.
Data Erase
Secure Erase supports data erase using different algorithms.
Secure Erase Algorithms
Secure Erase provides algorithms recommended by the United States Department of Defense, the Royal
Canadian Police, and the NIST-800-88 algorithm recommended by the National Institute of Standards
and Technology, an agency of the US Department of Commerce. There is a provision to create and use
your own proprietary algorithms.
You can choose from the following algorithms:
•
Gutmann (http://www.usenix.org/publications/library/proceedings/sec96/full_papers/gutmann/)
•
RCMP
•
DoD 522022M
•
DoD 522022M-S
•
NIST-800-88
•
All zeroes
Synchronize Cache
Synchronize cache is a SCSI command to request the storage controller to synchronize the data present
in the cache to the physical media. This command can specify an LBA range for which the cache needs
to be synchronized. Secure Erase executes this command at every step of the algorithm to instruct the
storage controller to write each pattern to the physical media before next pattern is written.
Please check with the array vendor to find out whether synchronize cache is supported.
Cisco MDA 9000 Family Secure Erase Configuration Guide
1-4
OL-21472-01, Cisco MDS NX-OS Release 5.x
Chapter 1
Product Overview
Requirements and Prerequisites
Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
Requirements and Prerequisites
The prerequisites described in the following sections are required to set up Secure Erase.
Software Requirements
Cisco Secure Erase has the following software requirements:
•
MDS switches hosting the MSM-18/4 module and 9222i switch must be running SAN-OS Release
3.3(1a) or later.
•
The Fabric Manager server version must be SAN-OS Release 3.3(1a) or later.
Hardware Requirements
Cisco Secure Erase has the following hardware requirements:
•
MSM-18/4 module and 9222i switch
The following switches support the MS-18/4 module:
•
All MDS 9200 family switches
•
All MDS 9500 family switches
Software Licenses
Cisco Secure Erase uses the Storage Services Enabler (SSE) Package for the licensing. The SSE license
package is not included with the
.
Cisco MDA 9000 Family Secure Erase Configuration Guide
OL-21472-01, Cisco MDS NX-OS Release 5.x
1-5
Chapter 1
Product Overview
Requirements and Prerequisites
Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
Cisco MDA 9000 Family Secure Erase Configuration Guide
1-6
OL-21472-01, Cisco MDS NX-OS Release 5.x
Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
CH A P T E R
2
Configuring Secure Erase
This chapter describes how to configure Cisco MDS Secure Erase, and has the following sections:
•
Configuration Overview, page 2-1
•
Configuration Process, page 2-1
Secure Erase is included in the SSI image.
Configuration Overview
Cisco Secure Erase runs on the MSM-18/4 module and 9222i switch installed in an MDS 9500 or 9200
series switch.
The Secure Erase software package is included in the SSI image, which is delivered as part of NX-OS.
The Secure Erase feature must be provisioned on the MSM-18/4 module.
Configuration Process
The following sections provide an overview of a typical Secure Erase process:
•
Obtaining Information, page 2-2
•
Setting Up Cisco Secure Erase, page 2-3
•
Job Configuration, page 2-4
•
Recovering Secure Erase Configuration, page 2-5
Cisco MDS 9000 Family Secure Erase Configuration Guide
OL-21472-01, Cisco MDS NX-OS Release 5.x
2-1
Chapter 2
Configuring Secure Erase
Configuration Process
Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
Figure 2-1
Secure Erase Workflow Diagram
Step 1: Obtain Information
Collect information about
Storage Enclosures
Step 3: Job Configuration
Create Secure Erase Jobs
and Sessions
187141
Step 2: Setup
Creating Virtual Initiators,
Zoning and Storage Array
Configuration
Obtaining Information
You need to collect the following information about the target enclosure:
•
Information about the target enclosure or storage array on which you would like to perform Secure
Erase. The storage array is also called as Secure Erase storage array.
•
Information about WWNs of the target ports you would like to use to access the target enclosure.
The target ports are called Secure Erase target ports and the VSANs where the Secure Erase target
ports reside are called Secure Erase VSANs.
•
Information about one or more LUNs on the Secure Erase storage array on which you would like to
perform Secure Erase. These LUNs are also called as Secure Erase LUNs.
Cisco MDS 9000 Family Secure Erase Configuration Guide
2-2
OL-21472-01, Cisco MDS NX-OS Release 5.x
Chapter 2
Configuring Secure Erase
Configuration Process
Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
Setting Up Cisco Secure Erase
You need to create the VIs, setup zone, and storage array configuration to preconfigure Secure Erase.
The CLI configuration is preserved across reboots or switch reloads. It is preferred to have one job per
storage enclosure. A storage enclosure can have multiple storage ports spanning multiple VSANs and
storage LUNs.
To set up Secure Erase, follow these procedures:.
Command
Purpose
Step 1
switch# config t
Enters configuration mode.
Step 2
switch# MSM-18/4 enable feature se module
module-id
Provisions the Secure Erase feature on the
specific module.
Step 3
switch# secure-erase module module-id
Creates VIs in a Secure Erase VSAN.
create-vi vsan secure-erase VSAN
Note
switch# show secure-erase module module-id
Displays the WWNs of Secure Erase VIs created
in the previous step.
Step 4
vsan secure-erase VSAN
This command must be performed for
each Secure Erase VSAN. Once created,
VIs are available for all Secure Erase
jobs. Also, WWNs of the VIs are
persistent across reload of the switch or
MSM-18/4.
Complete the additional following tasks:
•
Set up the zone.
Decide on one or more Secure Erase VIs and zone target ports that you would like to use to perform
Secure Erase.
•
Program the storage array.
The Secure Erase storage array must be programmed to enable Secure Erase VIs to access the Secure
Erase LUNs. Secure Erase requires write commands to go directly to the physical media.
Secure Erase sends all write commands with Force Unit Access (FUA) bit on. When the bit is set,
the SCSI device is instructed to bypass the cache and perform the command directly on the physical
media.
Note
Check with the storage array vendor to confirm that FUA bit is supported in SCSI writes.
Cisco MDS 9000 Family Secure Erase Configuration Guide
OL-21472-01, Cisco MDS NX-OS Release 5.x
2-3
Chapter 2
Configuring Secure Erase
Configuration Process
Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
Figure 2-2
Interaction of SUP and MSM-18/4
Secure Erase Command Parser
SUPERVISOR
Command
Response
Secure Erase node
187037
Secure Erase Daemon
All Secure Erase CLIs are performed on the Supervisor. The Secure Erase configuration is stored in
persistent memory on the supervisor engine.
Job Configuration
You can configure Cisco Secure Erase jobs and sessions using the CLI. For information about the CLI,
refer to the Secure Erase CLI Command Reference, page A-1.
To create a Secure Erase job and session, follow these steps:
Step 1
Command
Purpose
secure-erase module module-id create job
Creates a Secure Erase job.
job-id
Step 2
Step 3
secure-erase module module-id job job-id
add-vi vsan secure-erase VSAN all | pwwn
secure-erase VI pwwn
add-tgt vsan secure-erase VSAN pwwn
secure-erase target port pwwn
Adds Secure Erase VIs and Secure Erase target
ports to a Secure Erase job.
secure-erase module module-id job job-id
add-session vsan secure-erase VSAN pwwn
secure-erase target port pwwn all-lun | lun
secure-erase LUN algorithm algorithm name/id
Creates Secure Erase sessions for each Secure
Erase LUN. This command performs these tasks:
Note
You can use the CLI commands several
times to include all the Secure Erase VIs
and Secure Erase target ports in all the
Secure Erase VSANs.
•
Creates a login from the Secure Erase VIs to
the Secure Erase target ports.
•
Discovers LUNs exposed through Secure
Erase target ports. For example, issue TUR,
Report LUNs, Inquiry, and Read Capacity.
Note
The job must have one or more Secure
Erase VIs in the Secure Erase VSAN.
Step 4
show secure-erase module module-id job |
job-id |details
Displays information about all jobs.
Step 5
secure-erase module module-id start job
job-id
Starts the job. The process of writing the pattern
sequence dictated by the erase algorithm is
specified.
Cisco MDS 9000 Family Secure Erase Configuration Guide
2-4
OL-21472-01, Cisco MDS NX-OS Release 5.x
Chapter 2
Configuring Secure Erase
Configuration Process
Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
To stop or abort a Secure Erase job and session, follow this step:
Step 1
Command
Purpose
secure-erase module module-id stop | abort job
Stops or aborts the job. The Stop command waits
for completion of the current pattern and pauses
the pattern sequence. A stopped job can be
restarted. Aborting the job does not wait for
completion of a current pattern. An aborted job
can not be restarted.
job-id
Recovering Secure Erase Configuration
All of the Secure Erase configuration is stored in persistent memory and is automatically recovered on
a crash or reload of the MSM-18/4 module or a reload of the Cisco MDS supervisors.
After the recovery process is complete, you can validate the recovered data by performing a discovery
process using this command:
secure-erase module module-id validate job job-id
Cisco MDS 9000 Family Secure Erase Configuration Guide
OL-21472-01, Cisco MDS NX-OS Release 5.x
2-5
Chapter 2
Configuring Secure Erase
Configuration Process
Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
Cisco MDS 9000 Family Secure Erase Configuration Guide
2-6
OL-21472-01, Cisco MDS NX-OS Release 5.x
Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
CH A P T E R
3
Configuring Secure Erase Using Cisco Fabric
Manager
The Fabric Manager provides a user interface to configure Secure Erase jobs and operations on the
switch by using a job creation wizard.
This chapter describes how to configure Cisco MDS Secure Erase using Cisco Fabric Manager, and
includes the following sections:
•
Provisioning Secure Erase on the MSM-18/4 Module, page 3-1
•
Using the Secure Erase Pre-Configuration Wizard, page 3-3
•
Creating a Secure Erase Workflow Using Fabric Manager, page 3-13
•
Displaying Secure Erase Job Status, page 3-18
Secure Erase is supported on the MSM-18/4 module and the MDS 9222i switch. The MSM-18/4 module
and the MDS 9222i switch are referred to as a Secure Erase node.
Note
This feature will not be supported on switches running releases prior to NX-OS Release 5.0(1a).
Provisioning Secure Erase on the MSM-18/4 Module
You need to enable the Secure Erase feature on the Secure Erase nodes for them to participate in the
Secure Erase operation.
To enable Secure Erase on the MSM-18/4, follow these steps:
Step 1
Expand End Devices in the Physical Attributes pane and click the MSM/SSN tab in the information pane
to obtain the module information. (See Figure 3-1.)
Cisco MDS 9000 Family Secure Erase Configuration Guide
OL-21472-01, Cisco MDS NX-OS Release 5.x
3-1
Chapter 3
Configuring Secure Erase Using Cisco Fabric Manager
Provisioning Secure Erase on the MSM-18/4 Module
Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
Figure 3-1
Step 2
MSM/SSN Tab
From the feature drop-down list, select SE to provision the MSM-18/4 with Secure Erase. (See
Figure 3-2.)
Figure 3-2
Feature Drop-Down List
.
Once the MSM-18/4 is provisioned, the entry is displayed in the table. (See Figure 3-3.)
Cisco MDS 9000 Family Secure Erase Configuration Guide
3-2
OL-21472-01, Cisco MDS NX-OS Release 5.x
Chapter 3
Configuring Secure Erase Using Cisco Fabric Manager
Using the Secure Erase Pre-Configuration Wizard
Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
Figure 3-3
MSM Module Entry
Using the Secure Erase Pre-Configuration Wizard
The Secure Erase Pre-configuration wizard performs the following steps so that the Secure Erase capable
module is ready to run the Secure Erase jobs:
1.
Configures SSH by doing the following:
– Enables SSH.
– Creates keys.
2.
Configures IP connectivity.
– Creates the VSAN 1 interface and configures IP.
– Create the CPP IPFC interface and configures IP.
3.
Enables IPv4 routing.
4.
Configures the IP default gateway for the MSM-18/4 module or the MDS 9222i switch.
5.
Configures a zone to include the pWWN of MSM-18/4 module or the MDS 9222i switch and the
supervisor module.
6.
Enables the Secure Erase feature.
In the Secure Erase Pre-configuration wizard, when you click Next at each step, the configuration listed
for that step will be preformed. For most steps, the Back button is disabled in the wizard. However, if
an error occurs at any step, you are prevented from moving to the next step until you modify the data and
click Next again successfully.
Also, if you click Cancel, the wizard exits at the step without undoing any of the settings performed by
the previous steps. The Back option will not be available for the steps in this wizard.
To use the Secure Erase Pre-configuration wizard, launch the Fabric Manager GUI after selecting the
required fabric (See Figure 3-4).
Note
Before you use the Secure Erase Pre-configuration wizard, install the Secure Erase package with the SSI
image in the switch. SSH is enabled by the Secure Erase pre-configuration setup.
Cisco MDS 9000 Family Secure Erase Configuration Guide
OL-21472-01, Cisco MDS NX-OS Release 5.x
3-3
Chapter 3
Configuring Secure Erase Using Cisco Fabric Manager
Using the Secure Erase Pre-Configuration Wizard
Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
To display the Secure Erase Pre-Configuration wizard, from the Fabric Manager menu, choose Tools >
Secure Erase > Pre-configuration.
You see the Secure Erase Pre-Configuration Wizard screen. (See Figure 3-5.)
Figure 3-4
Secure Erase Pre-Configuration
Cisco MDS 9000 Family Secure Erase Configuration Guide
3-4
OL-21472-01, Cisco MDS NX-OS Release 5.x
Chapter 3
Configuring Secure Erase Using Cisco Fabric Manager
Configuring MDS Modules for Secure Erase
Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
Configuring MDS Modules for Secure Erase
To configure MDS modules for Secure Erase, follow these steps:
Step 1
Select the Secure Erase capable modules that you want to configure and click Next.
The Modules for Set Up screen (see Figure 3-5) displays only the switch and modules that do not have
the Secure Erase feature enabled. The switch must be running Cisco NX-OS Release 5.0 or later. This
wizard cannot be used to edit existing configurations.
Figure 3-5
Step 2
Modules for Set Up
The Enable Secure Shell (SSH) screen (see Figure 3-6) displays a list of Secure Erase switches.
The table indicates if SSH is enabled and if the key already exists.
a.
Click Next.
A SSH key is created if the key does not already exist. SSH is enabled. The SSH key is created for
protocol RSA with a numbits value of 1024.
Note
If SSH is already enabled on all switches, then the “No action necessary” message is displayed. Click
Next to continue.
Cisco MDS 9000 Family Secure Erase Configuration Guide
OL-21472-01, Cisco MDS NX-OS Release 5.x
3-5
Chapter 3
Configuring Secure Erase Using Cisco Fabric Manager
Configuring MDS Modules for Secure Erase
Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
Figure 3-6
Step 3
Enable Secure Shell (SSH)
Select a switch from the drop-down list to configure the IP address and mask for the VSAN 1 interface.
a.
Click Add (See Figure 3-7)
The switch moves from the drop-down list to the table. One entry can be added for each switch.
b.
Click Next.
The IP address is created and the IPv4 routing is enabled for all the switches that are selected.
Note
The valid mask values are 8, 16, 24, or 32.
If the VSAN 1 IP address is already configured for the switch, then the switch does not appear in the
drop-down list.
If all the switches already have the VSAN 1 IP address configured, then a message is displayed. Once
you click Next, the IPv4 routing is configured.
If you do not add a VSAN 1 IP address for all the switches in the list and click Next, an error message
is displayed. (See Figure 3-8.)
Cisco MDS 9000 Family Secure Erase Configuration Guide
3-6
OL-21472-01, Cisco MDS NX-OS Release 5.x
Chapter 3
Configuring Secure Erase Using Cisco Fabric Manager
Configuring MDS Modules for Secure Erase
Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
Step 4
Figure 3-7
Configure VSAN IP Connectivity
Figure 3-8
Error Message for VSAN IP Connectivity
Select a switch module from the drop-down list and specify the CPP IP address/mask. (See Figure 3-9)
a.
Click Add to move the switch module from the drop-down list to the table.
The CPP IP address must be in the same subnet as the VSAN 1 IP address or an error message is
displayed. Only one entry can be added for each switch module.
b.
Click View necessary gateways.
The Necessary Default Gateways screen is displayed. (See Figure 3-10).
c.
Click Next.
The IP address is created and the gateway is configured.
The Configure Module IP Connectivity screen (see Figure 3-9) sets the IP address for CPP and
configures the default gateway for the CPP interface to point to the VSAN 1 IP address. All IP traffic
from the CPP interface is routed to the management interface.
Cisco MDS 9000 Family Secure Erase Configuration Guide
OL-21472-01, Cisco MDS NX-OS Release 5.x
3-7
Chapter 3
Configuring Secure Erase Using Cisco Fabric Manager
Configuring MDS Modules for Secure Erase
Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
Figure 3-9
Configure Module IP Connectivity
The Necessary Default Gateways screen (see Figure 3-10) shows the VSAN 1 IP address that will be
used to configure the default gateway for each of the switch modules. It also shows if a default gateway
already exists.
Cisco MDS 9000 Family Secure Erase Configuration Guide
3-8
OL-21472-01, Cisco MDS NX-OS Release 5.x
Chapter 3
Configuring Secure Erase Using Cisco Fabric Manager
Configuring MDS Modules for Secure Erase
Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
Figure 3-10
Note
Necessary Default Gateways
The valid mask values are 8, 16, 24, or 32.
If the CPP IP address is already configured for the switch module, then the module does not appear in
the drop-down list.
The 9222i switch is not displayed in the drop-down list because it is not required to set a separate CPP
IP address or default gateway for this module.
If all of the switch modules already have their CPP IP addresses configured, then a message is displayed.
Click Next. The necessary default gateways are configured.
Step 5
Click Create/Activate Zones.
The wizard goes through the fabrics to create the zones. (See Figure 3-11)
Before creating the zones, the wizard checks if the active and local zone databases of the principle switch
match. If there is a mismatch, an input dialog box is displayed. You will be prompted to copy the active
zone database to the local zone database. If you click Yes, the zones are created on the principal switch
for the fabric. If you click No, the zone creation is skipped for the zone mismatched fabric. After the
zone creation is complete, a popup dialog box is displayed that specifies if the zone creation process was
successful or if it failed.
If there is an error during the zone creation, the Create/Activate Zones button is enabled. Click
Create/Activate Zones again to create the zones that failed previously. Only the zones that failed
previously will be created to avoid any duplicate entries in the zones database.
Once all the zones are created successfully on all the fabrics, the Create/Activate Zones button is
disabled and the Status button is enabled. (See Figure 3-12.)
Cisco MDS 9000 Family Secure Erase Configuration Guide
OL-21472-01, Cisco MDS NX-OS Release 5.x
3-9
Chapter 3
Configuring Secure Erase Using Cisco Fabric Manager
Configuring MDS Modules for Secure Erase
Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
(Optional) If you wish to do the zoning yourself, follow these steps:
a.
Click Next without clicking Create/Activate Zones.
A warning message is displayed stating that the zones are not created and asking if you wish to
continue to the next step without creating zones.
b.
Click Yes to continue.
The Status button allows the user to verify that the zones were added to the active zone database.
Note
Zoning is not required for the MDS 9222i switch because this module type is also a supervisor and does
not need to be zoned with the supervisor’s VSAN 1 WWN to allow communication.
The Zoning screen (see Figure 3-11) creates a zone to include the VSAN 1 WWN and the module WWN
for each of the selected module.
Figure 3-11
Zoning
Cisco MDS 9000 Family Secure Erase Configuration Guide
3-10
OL-21472-01, Cisco MDS NX-OS Release 5.x
Chapter 3
Configuring Secure Erase Using Cisco Fabric Manager
Configuring MDS Modules for Secure Erase
Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
The Zone Creation Status screen (see Figure 3-12) shows all the zones in the active zone database.
Figure 3-12
Step 6
Zone Creation Status
Click Finish to complete the Secure Erase Pre-configuration wizard setup (See Figure 3-13).
Cisco MDS 9000 Family Secure Erase Configuration Guide
OL-21472-01, Cisco MDS NX-OS Release 5.x
3-11
Chapter 3
Configuring Secure Erase Using Cisco Fabric Manager
Configuring MDS Modules for Secure Erase
Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
Figure 3-13
Note
Secure Erase Feature
The Secure Erase Pre-configuration wizard enables the Secure Erase functionality for all the nodes on
the modules selected.
A message appears that shows the status of the setup as a success or as a failure. If successful, the Finish
button is disabled and the Cancel button changes to Close.
Cisco MDS 9000 Family Secure Erase Configuration Guide
3-12
OL-21472-01, Cisco MDS NX-OS Release 5.x
Chapter 3
Configuring Secure Erase Using Cisco Fabric Manager
Creating a Secure Erase Workflow Using Fabric Manager
Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
Creating a Secure Erase Workflow Using Fabric Manager
You can create a Secure Erase job using the Secure Erase wizard in Fabric Manager.
To create a workflow using the Secure Erase wizard, from the Fabric Manager menu, choose Tools >
Secure Erase > Secure Erase.
The job creation screen is displayed. (See Figure 3-14.)
Figure 3-14
Note
Secure Erase Configuration
Fabric Manager will internally add the string SE as a prefix to all job names so that they are identified
as SE jobs and not as DMM jobs.
The Secure Erase job creation panel is displayed with all the enclosures listed.
Cisco MDS 9000 Family Secure Erase Configuration Guide
OL-21472-01, Cisco MDS NX-OS Release 5.x
3-13
Chapter 3
Configuring Secure Erase Using Cisco Fabric Manager
Creating a Secure Erase Job Using Fabric Manager
Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
Creating a Secure Erase Job Using Fabric Manager
To configure Secure Erase jobs, follow these steps:
Step 1
Select an enclosure from the enclosure list.
The port list is populated with the end ports belonging to the selected enclosure. (See Figure 3-15)
a.
Select multiple target ports from the list.
b.
Click Next.
The wizard will validate that the target ports selected belong to same fabric and the same VSAN (the
target ports cannot span across VSANs).
Note
The selected multiple target ports should belong to the same fabric and the same VSAN.
Figure 3-15
Step 2
Secure Erase Create Job
Select the SE-enabled module in the fabric. (See Figure 3-16.)
a.
Click Next.
All DPP Virtual Initiators (VIs) for the selected module are listed.
Cisco MDS 9000 Family Secure Erase Configuration Guide
3-14
OL-21472-01, Cisco MDS NX-OS Release 5.x
Chapter 3
Configuring Secure Erase Using Cisco Fabric Manager
Creating a Secure Erase Job Using Fabric Manager
Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
Note
All of the SE-enabled modules in the VSAN that the target ports belong to are listed. The module with
the least number of active jobs should be selected by default. Ensure that the number of active jobs for
each module is listed correctly.
Figure 3-16
Step 3
Secure Erase Enable Module
Select a DPP Virtual Initiator (VI) for Secure Erase.
The first DPP VI in the list is selected by default. Verify that the pWWN, nWWN, and the job number
are listed correctly for each DPP VI. (See Figure 3-17.)
a.
Click Create/Activate Zone.
The Zone Activation Status is displayed. (See Figure 3-18.)
Zones are created for each of the VSANs that the selected targets belong to and the selected DPP VI.
b.
Click Status to view the Zone creation or activation status.
c.
Click Next.
All of the selected targets with the LUNs are listed.
Cisco MDS 9000 Family Secure Erase Configuration Guide
OL-21472-01, Cisco MDS NX-OS Release 5.x
3-15
Chapter 3
Configuring Secure Erase Using Cisco Fabric Manager
Creating a Secure Erase Job Using Fabric Manager
Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
Figure 3-17
DPP VI Selection
Cisco MDS 9000 Family Secure Erase Configuration Guide
3-16
OL-21472-01, Cisco MDS NX-OS Release 5.x
Chapter 3
Configuring Secure Erase Using Cisco Fabric Manager
Creating a Secure Erase Job Using Fabric Manager
Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
Figure 3-18
Step 4
Note
Select the LUNs for which the sessions need to be created. (See Figure 3-19.)
Checking the Session check box at target level will check all the LUNs for that target. Unchecking the
session check box for any of the LUNs will automatically uncheck the check box at the parent target
level.
a.
Note
Zone Activation Status
Select the algorithm for each LUN. (See Figure 3-19.)
Selecting an algorithm at target level will select that algorithm for all the LUNs for that target. Selecting
a different algorithm for any of the LUNs will automatically mark the algorithm as Mixed at the parent
target level.
Cisco MDS 9000 Family Secure Erase Configuration Guide
OL-21472-01, Cisco MDS NX-OS Release 5.x
3-17
Chapter 3
Configuring Secure Erase Using Cisco Fabric Manager
Creating a Secure Erase Job Using Fabric Manager
Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
Figure 3-19
Step 5
Create Session
Click Finish.
The Secure Erase job is created with specxified sessions.
If multiple LUNs were selected and at least one session is created successfully, then the operation is
considered to be successful.
Displaying Secure Erase Job Status
To verify the Secure Erase jobs and session information, follow these steps:
Step 1
Expand End Devices in the Physical Attributes pane and select Secure Erase.
The information pane is displayed. (See Figure 3-20.)
Cisco MDS 9000 Family Secure Erase Configuration Guide
3-18
OL-21472-01, Cisco MDS NX-OS Release 5.x
Chapter 3
Configuring Secure Erase Using Cisco Fabric Manager
Creating a Secure Erase Job Using Fabric Manager
Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
Figure 3-20
Step 2
Secure Erase Job Status View
Select a job status for each Secure Erase job.
The following opearations are allowed on each job:
•
Start—Starts the Secure Erase job. The session progress can be viewed in the session rows.
•
Stop—Stops the Secure Erase job. The session progress can be viewed in the session rows.
•
Abort—Aborts the Secure Erase job. The session progress can be viewed in the session rows.
•
Validate—Validates the Secure Erase job. The session progress can be viewed in the session rows.
•
Delete—Deletes the selected Secure Erase job.
Cisco MDS 9000 Family Secure Erase Configuration Guide
OL-21472-01, Cisco MDS NX-OS Release 5.x
3-19
Chapter 3
Configuring Secure Erase Using Cisco Fabric Manager
Creating a Secure Erase Job Using Fabric Manager
Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
Cisco MDS 9000 Family Secure Erase Configuration Guide
3-20
OL-21472-01, Cisco MDS NX-OS Release 5.x
Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
A P P E N D I X
A
Secure Erase CLI Command Reference
The Cisco MDS Secure Erase provides CLI commands that support scripting and advanced operations.
This appendix contains a list of alphabetically arranged commands that are unique to Cisco MDS Secure
Erase.
For information about other commands that apply to the Cisco MDS 9000 Family of multilayer directors
and fabric switches, refer to the Cisco MDS 9000 Family CLI Configuration Guide.
Cisco MDS 9000 Family Secure Erase Configuration Guide
OL-21472-01, Cisco MDS NX-OS Release 5.x
A-1
Appendix A
Secure Erase CLI Command Reference
add-session vsan
Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
add-session vsan
To add sessions to a job, use the add-session vsan command in configuration mode.
add-session vsan vsan-id pwwn tgt-pwwn all-luns | lun lun-id algorithm name/id
Syntax Description
vsan-id
Specifies the VSAN ID of the target.
pwwn tgt-pwwn
Specifies the pWWN of the target.
all-luns
Specifies all of the LUNs in the Secure Erase session.
lun lun-id
Specifies the LUN ID of the Secure Erase session.
algorithm name/id
Specifies the algorithm that should be used for the session.
Defaults
None.
Command Modes
Configuration Secure Erase job submode
Command History
Release
Modification
3.3(1a)
This command was introduced.
Usage Guidelines
None.
Examples
The following example shows how to add a VI to a specific Secure Erase job:
switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# secure-erase module 2 job 1
switch(config-se-job)# add-session vsan 1 pwwn 20:04:00:a0:b8:16:92:18 all-luns algorithm
RCMP
Related Commands
Command
Description
add-session job
Adds sessions to the job.
Cisco MDS 9000 Family Secure Erase Configuration Guide
A-2
OL-21472-01, Cisco MDS NX-OS Release 5.x
Appendix A
Secure Erase CLI Command Reference
add-step dynamic
Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
add-step dynamic
To add a dynamic pattern step to a specific algorithm, use the add-step dynamic command in
configuration mode.
add-step dynamic [0 | 1]
Syntax Description
0
(Optional) Specifies that the pattern is generated using a random number
generator.
1
(Optional) Specifies that the pattern is complimentary to the previous
pattern.
Defaults
None.
Command Modes
Configuration Secure Erase algorithm submode
Command History
Release
Modification
3.3(1a)
This command was introduced.
Usage Guidelines
None.
Examples
The following example shows how to add a dynamic pattern step to a specific algorithm:
switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# secure-erase module 2 algorithm 0
switch(config-se-algo)#
switch(config-se-algo)# add-step dynamic 0
Related Commands
Command
Description
add-step static
Adds static pattern step to a specific algorithm.
Cisco MDS 9000 Family Secure Erase Configuration Guide
OL-21472-01, Cisco MDS NX-OS Release 5.x
A-3
Appendix A
Secure Erase CLI Command Reference
add-step static
Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
add-step static
To add a static pattern step to a specific algorithm, use the add-step static command in configuration
mode.
add-step static pattern
Syntax Description
pattern
Defaults
None.
Command Modes
Configuration Secure Erase algorithm submode
Command History
Release
Modification
3.3(1a)
This command was introduced.
Specifies the static pattern step. The pattern is to write ranges from 1 to 512
bytes and can consist of only characters 0 to 9 and A to F.
Usage Guidelines
None.
Examples
The following example shows how to add a static step to a specific algorithm:
switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# secure-erase module 2 algorithm 0
switch(config-se-algo)#
switch(config-se-algo)# add-step static 1
Related Commands
Command
Description
add-step dynamic
Adds a dynamic pattern step to a specific algorithm.
Cisco MDS 9000 Family Secure Erase Configuration Guide
A-4
OL-21472-01, Cisco MDS NX-OS Release 5.x
Appendix A
Secure Erase CLI Command Reference
add-tgt vsan
Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
add-tgt vsan
To define target enclosure and add multiple target ports for a specific Secure Erase job, use the add-tgt
vsan command in configuration mode.
add-tgt vsan vsan-id pwwn target port pwwn
Syntax Description
vsan-id
Specifies the VSAN ID of the target port added to a Secure Erase job.
pwwn target port pwwn Specifies the port world-wide name (pWWN) of the target port.
Defaults
None.
Command Modes
Configuration Secure Erase job submode
Command History
Release
Modification
3.3(1a)
This command was introduced.
Usage Guidelines
Note
Examples
The target ports added to a specific job can be part of a different VSAN. The Secure Erase application
creates VIs in a specific VSAN.
VIs and targets from different VSANs can be added to a job. A storage array may have multiple storage
ports belonging to a different VSAN. You can create one job for one storage array.
The following example shows how to define a target enclosure and add multiple target ports for a specific
Secure Erase job:
switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# secure-erase module 2 job 1
switch(config-se-job)# add-tgt vsan 1 pwwn 20:04:00:a0:b8:16:92:18
Related Commands
Command
Description
add-session vsans
Adds sessions to a job.
add-VI job
Adds a VI to a specific Secure Erase job.
secure-erase create job Creates a Secure Erase job.
Cisco MDS 9000 Family Secure Erase Configuration Guide
OL-21472-01, Cisco MDS NX-OS Release 5.x
A-5
Appendix A
Secure Erase CLI Command Reference
add-vi vsan
Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
add-vi vsan
To add a VI to a specific Secure Erase job, use the add-vi vsan command in configuration mode.
add-vi vsan vsan-id all | pwwn VI pwwn
Syntax Description
vsan-id
Specifies the VSAN ID of the target where a VI exists.
all
Adds all the VSAN IDs of the target.
pwwn VI pwwn
Adds a specific VI in a given VSAN to the job.
Defaults
None.
Command Modes
Configuration Secure Erase job submode
Command History
Release
Modification
3.3(1a)
This command was introduced.
Usage Guidelines
You must add at least one VI in each VSAN where a Secure Erase target is present.
All VIs that are part of the same job and the VSAN must have same target view. The same set of targets
and LUNs must be exposed for all VIs in the same VSAN.
Note
Examples
VI-CPP can not be added to a job. To know the WWN of the VI-CPP, run the show isapi virtual-nport
database command on MSM-18/4 module.
The following example shows how to add all VIs to a given Secure Erase job:
switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# secure-erase module 2 job 1
switch(config-se-job)# add-vi vsan 1 all
The following example shows how to add a VI to a given Secure Erase job:
switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# secure-erase module 2 job 1
switch(config-se-job)# add-vi vsan 1 pwwn 2c:0d:00:05:30:00:43:64
Related Commands
Command
Description
add-session job
Adds sessions to the job.
Cisco MDS 9000 Family Secure Erase Configuration Guide
A-6
OL-21472-01, Cisco MDS NX-OS Release 5.x
Appendix A
Secure Erase CLI Command Reference
add-vi vsan
Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
Command
Description
add-VI job
Adds a VI to a specific Secure Erase job.
secure-erase create job Creates a Secure Erase job.
Cisco MDS 9000 Family Secure Erase Configuration Guide
OL-21472-01, Cisco MDS NX-OS Release 5.x
A-7
Appendix A
Secure Erase CLI Command Reference
empty
Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
empty
To remove all steps of the user-configured algorithm, use the empty command in configuration mode.
empty
Syntax Description
This command has no arguements or keywords.
Defaults
None.
Command Modes
Configuration Secure Erase algorithm submode
Command History
Release
Modification
3.3(1a)
This command was introduced.
Usage Guidelines
None.
Examples
The following example shows how to remove all steps of the user-configured algorithm:
switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# secure-erase module 2 algorithm 0
switch(config-se-algo)#
switch(config-se-algo)# empty
Related Commands
Command
Description
add-step dynamic
Adds a dynamic pattern step to a specific algorithm.
add-step static
Adds static pattern step to a specific algorithm.
Cisco MDS 9000 Family Secure Erase Configuration Guide
A-8
OL-21472-01, Cisco MDS NX-OS Release 5.x
Appendix A
Secure Erase CLI Command Reference
secure-erase abort job
Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
secure-erase abort job
To abort a Secure Erase job, use the secure-erase abort job command in configuration mode.
secure-erase module-id abort job job-id
Syntax Description
module-id
Specifies the desired module number of the MSM-18/4 on which Secure
Erase is provisioned.
job-id
Specifies the job ID of the target.
Defaults
None.
Command Modes
Configuration mode
Command History
Release
Modification
3.3(1a)
This command was introduced.
Usage Guidelines
This command does not wait for the completion of current patterns. An aborted job cannot be restarted.
A job can be aborted only when it has one or more sessions in the running state.
Examples
The following example shows how to abort a Secure Erase job:
switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# secure-erase module 2 abort job 1
Related Commands
Command
Description
secure-erase start job
Restarts all sessions in a job.
secure-erase stop job
Stops all sessions in a job.
secure-erase validate
job
Validates a job in a session.
Cisco MDS 9000 Family Secure Erase Configuration Guide
OL-21472-01, Cisco MDS NX-OS Release 5.x
A-9
Appendix A
Secure Erase CLI Command Reference
secure-erase create algorithm
Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
secure-erase create algorithm
To configure a Secure Erase algorithm on a specific slot of the intelligent line card where Secure Erase
is provisioned, use the secure-erase module create algorithm command in configuration mode.
secure-erase module module-id create algorithm algorithm-id
Syntax Description
module-id
Specifies the desired slot number of the intelligent line card on which Secure
Erase is provisioned.
algorithm-id
Specifies the algorithm ID. The range is 0 to 9.
Defaults
None.
Command Modes
Configuration mode
Command History
Release
Modification
3.3(1a)
This command was introduced.
Usage Guidelines
None.
Examples
The following example shows how to create a Secure Erase algorithm:
switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# secure-erase module 2 create algorithm 3
Related Commands
Command
Description
secure-erase create-vi
vsan
Creates a VI for a specific VSAN.
Cisco MDS 9000 Family Secure Erase Configuration Guide
A-10
OL-21472-01, Cisco MDS NX-OS Release 5.x
Appendix A
Secure Erase CLI Command Reference
secure-erase create job
Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
secure-erase create job
To create a Secure Erase job, use the secure-erase create job command in configuration mode.
secure-erase module module-id create job job-id
Syntax Description
module module-id
Specifies the desired module number of the MSM-18/4 on which Secure
Erase is provisioned.
job-id
Specifies a unique number to identify a Secure Erase job. The range is 1 to
9999.
Note
You will be prompted to choose a different ID if the job ID chosen
already exists.
Defaults
None.
Command Modes
Configuration mode
Command History
Release
Modification
3.3(1a)
This command was introduced.
Usage Guidelines
Examples
A Secure Erase job contains the following information:
•
The target enclosure where Secure Erase needs to be performed. Multiple target ports spanning
multiple VSANs can be a part of one target enclosure.
•
Multiple target ports, VIs, and Secure Erase sessions can be added. These target ports and VIs can
be a part of different VSANs.
The following example shows how to create a Secure Erase job:
switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# secure-erase module 2 create job 1
Related Commands
Command
Description
add-tgt job
Defines a target enclosure and adds multiple target ports for a specific Secure
Erase job.
Cisco MDS 9000 Family Secure Erase Configuration Guide
OL-21472-01, Cisco MDS NX-OS Release 5.x
A-11
Appendix A
Secure Erase CLI Command Reference
secure-erase create-vi vsan
Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
secure-erase create-vi vsan
To create a VI for a specific VSAN, use the secure-erase create-vi vsan command in configuration
mode.
secure-erase module module-id create-vi vsan vsan-id
Syntax Description
module module-id
Specifies the desired slot number of the MSM-18/4 on which Secure Erase is
provisioned.
vsan-id
Specifies the VSAN ID of the target port being added.
Defaults
None.
Command Modes
Configuration mode
Command History
Release
Modification
3.3(1a)
This command was introduced.
Usage Guidelines
You do not need to provide the job ID because VIs can be used commonly across jobs.
Examples
The following example shows how to create VIs for a VSAN:
switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# secure-erase module 2 create-vi vsan 1
Related Commands
Command
Description
create job
Creates a Secure Erase job.
Cisco MDS 9000 Family Secure Erase Configuration Guide
A-12
OL-21472-01, Cisco MDS NX-OS Release 5.x
Appendix A
Secure Erase CLI Command Reference
secure-erase destroy algorithm
Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
secure-erase destroy algorithm
To destroy a Secure Erase algorithm, use the secure-erase destroy algorithm command in configuration
mode.
secure-erase module module-id destroy algorithm algorithm-id
Syntax Description
module module-id
Displays the slot number of the MSM-18/4 on which Secure Erase is
provisioned.
algorithm-id
Displays the algorithm ID. The range is 0 to 9.
Defaults
None.
Command Modes
Configuration mode
Command History
Release
Modification
3.3(1a)
This command was introduced.
Usage Guidelines
None.
Examples
The following example shows how to destroy an algorithm:
switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# secure-erase module 2 destroy algorithm 1
Related Commands
Command
Description
secure-erase destroyvi vsan
Destroys a Secure Erase VSAN.
Cisco MDS 9000 Family Secure Erase Configuration Guide
OL-21472-01, Cisco MDS NX-OS Release 5.x
A-13
Appendix A
Secure Erase CLI Command Reference
secure-erase destroy job
Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
secure-erase destroy job
To destroy a Secure Erase job, use the secure-erase destroy job command in configuration mode.
secure-erase module-id destroy job job-id
Syntax Description
module-id
Specifies the desired module number of the MSM-18/4 on which Secure
Erase is provisioned.
job-id
Specifies the job ID of the target.
Defaults
None.
Command Modes
Configuration mode
Command History
Release
Modification
3.3(1a)
This command was introduced.
Usage Guidelines
This command destroys a Secure Erase job. A job can be destroyed only when there are no active
sessions running.
Examples
The following example shows how to validate a Secure Erase job:
switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# secure-erase module 2 destroy job 1
Related Commands
Command
Description
secure-erase start job
Starts all sessions in a job.
secure-erase stop job
Stops all sessions in a job.
Cisco MDS 9000 Family Secure Erase Configuration Guide
A-14
OL-21472-01, Cisco MDS NX-OS Release 5.x
Appendix A
Secure Erase CLI Command Reference
secure-erase destroy-vi vsan
Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
secure-erase destroy-vi vsan
To destroy a VI for a specific VSAN, use the secure-erase destroy-vi vsan command in configuration
mode.
secure-erase module module-id destroy-vi vsan vsan-id
Syntax Description
module module-id
Displays the slot number of the MSM-18/4 on which Secure Erase is
provisioned.
vsan-id
Displays the VSAN-ID of the target.
Defaults
None.
Command Modes
Configuration mode
Command History
Release
Modification
3.3(1a)
This command was introduced.
Usage Guidelines
None.
Examples
The following example shows how to destroy a VSAN:
switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# secure-erase module 2 destroy-vi vsan 1
Related Commands
Command
Description
secure-erase destroy
algorithm
Destroys a Secure Erase algorithm.
Cisco MDS 9000 Family Secure Erase Configuration Guide
OL-21472-01, Cisco MDS NX-OS Release 5.x
A-15
Appendix A
Secure Erase CLI Command Reference
secure-erase start job
Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
secure-erase start job
To restart all sessions in a job, use the secure-erase start job command in configuration mode.
secure-erase module module-id start job job-id
Syntax Description
module module-id
Specifies the desired module number of the MSM-18/4 on which Secure
Erase is provisioned.
job-id
Starts a specific job ID of the target.
Defaults
None.
Command Modes
Configuration mode
Command History
Release
Modification
3.3(1a)
This command was introduced.
Usage Guidelines
This command starts all sessions in a job. If the active sessions have reached the maximum limit, the
remaining sessions are queued. The queued sessions start when one or more sessions are complete or
aborted.
A job can be started only when it has one or more sessions in the stopped state or ready state.
Examples
The following example shows how to start a session in a Secure Erase job:
switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# secure-erase module 2 start job 1
Related Commands
Command
Description
secure-erase stop job
Stops all sessions in a job.
Cisco MDS 9000 Family Secure Erase Configuration Guide
A-16
OL-21472-01, Cisco MDS NX-OS Release 5.x
Appendix A
Secure Erase CLI Command Reference
secure-erase stop job
Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
secure-erase stop job
To stop all sessions in a job, use the secure-erase stop job command in configuration mode.
secure-erase module-id stop job job-id
Syntax Description
module-id
Specifies the desired module number of the MSM-18/4 on which Secure
Erase is provisioned.
job-id
Stops the specific job ID of the target.
Defaults
None.
Command Modes
Configuration mode
Command History
Release
Modification
3.3(1a)
This command was introduced.
Usage Guidelines
This command waits for the completion of the current pattern and pauses the pattern sequence. A stopped
job can be restarted.
A job can be stopped only when it has one or more sessions in the running state.
Examples
The following example shows how to stop a session in a Secure Erase job:
switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# secure-erase module 2 stop job 1
Related Commands
Command
Description
secure-erase start job
Restarts all sessions in a job.
Cisco MDS 9000 Family Secure Erase Configuration Guide
OL-21472-01, Cisco MDS NX-OS Release 5.x
A-17
Appendix A
Secure Erase CLI Command Reference
secure-erase validate job
Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
secure-erase validate job
To validate a Secure Erase job, use the secure-erase validate job command in configuration mode.
secure-erase module-id validate job job-id
Syntax Description
module-id
Specifies the desired module number of the MSM-18/4 on which Secure
Erase is provisioned.
job-id
Specifies the job ID of the target.
Defaults
None.
Command Modes
Configuration mode
Command History
Release
Modification
3.3(1a)
This command was introduced.
Usage Guidelines
None
Examples
The following example shows how to validate a Secure Erase job:
switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# secure-erase module 2 validate job 1
Related Commands
Command
Description
secure-erase abort job Aborts a job in a session.
secure-erase start job
Restarts all sessions in a job.
secure-erase stop job
Stops all sessions in a job.
Cisco MDS 9000 Family Secure Erase Configuration Guide
A-18
OL-21472-01, Cisco MDS NX-OS Release 5.x
Appendix A
Secure Erase CLI Command Reference
show secure-erase algorithm
Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
show secure-erase algorithm
To display the list of all Secure Erase algorithms, use the show secure-erase algorithm command.
show secure-erase module module-id algorithm algorithm name
Syntax Description
module module-id
Displays the slot number of the MSM-18/4 on which Secure Erase is
provisioned.
algorithm name
Displays the algorithm name.
Defaults
None.
Command Modes
Exec mode
Command History
Release
Modification
3.3(1a)
This command was introduced.
Usage Guidelines
None.
Examples
The following example displays the list of Secure Erase algorithms:
switch# show secure-erase module 4 algorithm name 1
switch# Algorithm : 1
Step 0:
faa8bd6c1e838b6b9b0818f30d48f5eecc7e7f572d9d8ac50a9a78b73bf128eb7a71ff40a7c07f55dda1d31f87
5bca26b170d6b3c0735
55e06d6229f6a5dedeaa0583f0d1ebe28fca8a7cac936d6f0a453af4174fbbcba29f711047cb48e984a3c09751
9138a628bc6e662bd3d28237d09
1f68a8df05f50effc55390a12ee2c6
Step 1:
05574293e17c749464f7e70cf2b70a11338180a8d262753af5658748c40ed714858e00bf583f80aa225e2ce078
a435d94e8f294c3f8ca
aa1f929dd6095a212155fa7c0f2e141d70357583536c9290f5bac50be8b044345d608eefb834b7167b5c3f68ae
6ec759d7439199d42c2d7dc82f6
e0975720fa0af1003aac6f5ed11d39
Step 2:
123456789876543567890987654567123456789876543567890987654567123456789876543567890987654567
1234567898765435678
909876545671234567898765435678909876545671234567898765435678909876545671234567898765435678
909876545671234567898765435
678909876545671234567898765435
The following example displays all available Secure Erase algorithms on a module:
switch# show secure-erase module 4 algorithm
Cisco MDS 9000 Family Secure Erase Configuration Guide
OL-21472-01, Cisco MDS NX-OS Release 5.x
A-19
Appendix A
Secure Erase CLI Command Reference
show secure-erase algorithm
Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
Related Commands
Command
Description
show secure-erase job
Displays the contents of a particular Secure Erase job.
Cisco MDS 9000 Family Secure Erase Configuration Guide
A-20
OL-21472-01, Cisco MDS NX-OS Release 5.x
Appendix A
Secure Erase CLI Command Reference
show secure-erase job
Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
show secure-erase job
To display the contents of a particular job, use the show secure-erase job command.
show secure-erase module module-id job job-id
Syntax Description
module module-id
Displays the slot number of the MSM-18/4 on which Secure Erase is
provisioned.
job-id
Displays the unique number to identify a Secure Erase job.
Defaults
None.
Command Modes
Exec mode
Command History
Release
Modification
3.3(1a)
This command was introduced.
Usage Guidelines
None.
Examples
The following example displays the contents of a particular Secure Erase job:
switch# show secure-erase module 4 job 2
The following example displays the contents of all Secure Erase jobs configured on a module:
switch# show secure-erase module 16 job
Related Commands
Command
Description
show secure-erase
algorithm
Displays the list of Secure Erase algorithms.
Cisco MDS 9000 Family Secure Erase Configuration Guide
OL-21472-01, Cisco MDS NX-OS Release 5.x
A-21
Appendix A
Secure Erase CLI Command Reference
show secure-erase job detail
Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
show secure-erase job detail
To display the contents of a particular job in detail, use the show secure-erase job detail command.
show secure-erase module module-id job job-id detail
Syntax Description
module module-id
Displays the slot number of the MSM-18/4 on which Secure Erase is
provisioned.
job-id
Displays the unique number to identify a Secure Erase job.
Defaults
None.
Command Modes
Exec mode
Command History
Release
Modification
3.3(1a)
This command was introduced.
Usage Guidelines
None.
Examples
The following example displays the contents of a Secure Erase job in a brief form:
switch# show secure-erase module 4 job 2 detail
Related Commands
Command
Description
show secure-erase job
Displays the contents of a Secure Erase job.
Cisco MDS 9000 Family Secure Erase Configuration Guide
A-22
OL-21472-01, Cisco MDS NX-OS Release 5.x
Appendix A
Secure Erase CLI Command Reference
show secure-erase vsan
Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
show secure-erase vsan
To display a list of all VIs in the VSAN, use the show secure-erase vsan command.
show secure-erase module module-id vsan vsan-id
Syntax Description
module module-id
Displays the slot number of the MSM-18/4 on which Secure Erase is
provisioned.
vsan-id
Displays the VSAN ID of the target.
Defaults
None.
Command Modes
Exec mode
Command History
Release
Modification
3.3(1a)
This command was introduced.
Usage Guidelines
None.
Examples
The following example displays the list of all VIs in the VSAN:
switch# show secure-erase module 4 vsan 1
Related Commands
Command
Description
show secure-erase
algorithm
Displays the list of Secure Erase algorithms.
show secure-erase job
Displays the contents of a particular Secure Erase job.
Cisco MDS 9000 Family Secure Erase Configuration Guide
OL-21472-01, Cisco MDS NX-OS Release 5.x
A-23
Appendix A
Secure Erase CLI Command Reference
show secure-erase vsan
Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
Cisco MDS 9000 Family Secure Erase Configuration Guide
A-24
OL-21472-01, Cisco MDS NX-OS Release 5.x
Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
INDEX
A
J
Algorithm
Job
about
about
1-3
data erase
2-4
1-4
recommended
1-4
L
LUN
C
Cache Synchronization
1-4
commands
overview
1-3
N
Configuration
process
1-2, 1-3
1-4
new and changed information (table)
2-1
2-1
job configuration
O
2-4
obtaining information
2-2
recovering configuration
set up
Overview
1-1
2-5
2-3
storage array, program
VI,creating
Zones, set up
2-3
2-3
R
Requirements
2-3
hardware
1-5
Licenses, Software
software
D
Data Erase
1-5
1-5
1-4
S
documentation
additional publications
related documents
1-xi
1-xi
SCSI command
MSM-18/4
F
1-4
Session
about
FUA
1-vii
1-2, 1-3
1-3
1-3
Cisco MDS 9000 Family Secure Erase Configuration Guide
OL-21472-01, Cisco MDS NX-OS Release 5.x
IN-1
Index
Se n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a ck - d o c @ c i s c o . c o m
V
VI
1-3
creating
2-3
Cisco MDS 9000 Family Secure Erase Configuration Guide
IN-2
OL-21472-01, Cisco MDS NX-OS Release 5.x

 Download  Report

Paperzz.com

Your Paperzz

© Copyright 2026 Paperzz