<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>I guess the question is for a parallel filesystem how do you make
sure you have 0'd out the file with out borking the whole
filesystem since you are spread over a RAID set and could be
spread over multiple hosts.</p>
<p>-Paul Edmon-<br>
</p>
<div class="moz-cite-prefix">On 9/29/2021 10:32 AM, Scott Atchley
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAL8g0jKEtiEEmSyqsjOaR31rhE61Be+75XyCaLCfH6p4+J0L0w@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">For our users that have sensitive data, we keep it
encrypted at rest and in movement.
<div><br>
</div>
<div>For HDD-based systems, you can perform a secure erase per
NIST standards. For SSD-based systems, the extra writes from
the secure erase will contribute to the wear on the drives and
possibly their eventually wearing out. Most SSDs provide an
option to mark blocks as zero without having to write the
zeroes. I do not think that it is exposed up to the PFS layer
(Lustre, GPFS, Ceph, NFS) and is only available at the ext4 or
XFS layer.</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Wed, Sep 29, 2021 at 10:15
AM Paul Edmon <<a href="mailto:pedmon@cfa.harvard.edu"
moz-do-not-send="true">pedmon@cfa.harvard.edu</a>> wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">
<div>
<p>The former. We are curious how to selectively delete
data from a parallel filesystem. For example we commonly
use Lustre, ceph, and Isilon in our environment. That
said if other types allow for easier destruction of
selective data we would be interested in hearing about it.<br>
</p>
<p>-Paul Edmon-<br>
</p>
<div>On 9/29/2021 10:06 AM, Scott Atchley wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Are you asking about selectively deleting
data from a parallel file system (PFS) or destroying
drives after removal from the system either due to
failure or system decommissioning?
<div><br>
</div>
<div>For the latter, DOE does not allow us to send any
non-volatile media offsite once it has had user data
on it. When we are done with drives, we have a very
big shredder.</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Wed, Sep 29, 2021
at 9:59 AM Paul Edmon via Beowulf <<a
href="mailto:beowulf@beowulf.org" target="_blank"
moz-do-not-send="true">beowulf@beowulf.org</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px
0px
0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">Occassionally
we get DUA (Data Use Agreement) requests for sensitive
<br>
data that require data destruction (e.g. NIST 800-88).
We've been <br>
struggling with how to handle this in an era of
distributed filesystems <br>
and disks. We were curious how other people handle
requests like this? <br>
What types of filesystems to people generally use for
this and how do <br>
people ensure destruction? Do these types of DUA's
preclude certain <br>
storage technologies from consideration or are there
creative ways to <br>
comply using more common scalable filesystems?<br>
<br>
Thanks in advance for the info.<br>
<br>
-Paul Edmon-<br>
<br>
_______________________________________________<br>
Beowulf mailing list, <a
href="mailto:Beowulf@beowulf.org" target="_blank"
moz-do-not-send="true">Beowulf@beowulf.org</a>
sponsored by Penguin Computing<br>
To change your subscription (digest mode or
unsubscribe) visit <a
href="https://beowulf.org/cgi-bin/mailman/listinfo/beowulf"
rel="noreferrer" target="_blank"
moz-do-not-send="true">https://beowulf.org/cgi-bin/mailman/listinfo/beowulf</a><br>
</blockquote>
</div>
</blockquote>
</div>
</blockquote>
</div>
</blockquote>
</body>
</html>