BrettK1
Enthusiast
Enthusiast

Sanitizing VMs

This is a question that looks like it gets asked once every 5-6 years, so I'll put it out there again now!

What is the best way to sanitize a VM from vCenter attached storage, in our case, specifically a non-stretched vSAN (currently 6.7.0-18010457)?

Previous answers generally included 'boot and nuke' style sanitization, and am wondering if this is still relevant on today's all flash vSANs, or of there is a better out-of-box solution for this.

0 Kudos
5 Replies
depping
Leadership
Leadership

what do you mean with sanitizing?

0 Kudos
BrettK1
Enthusiast
Enthusiast

Sorry, I didn't use the word 'data' in front of sanitization - "the process of deliberately, permanently and irreversibly removing or destroying the data stored on a memory device to make it unrecoverable⁠".

Just deleting a VM through vCenter is theoretically recoverable (at least for a time), so looking for current 'best practices' in the vSphere world for VM level data sanitization (as opposed to 'end of life / repurposing sanitization of a vSAN itself).

0 Kudos
depping
Leadership
Leadership

there's a secure wipe option, but this is intended for decommissioned disks etc:

https://blogs.vmware.com/virtualblocks/2020/10/12/vsan-a-secure-fortress-for-your-data/

alantz
Enthusiast
Enthusiast

Maybe doing encryption up front is the best method.

--Alan--

 

0 Kudos
BrettK1
Enthusiast
Enthusiast

Yes, I was considering chatting vSAN encryption with our storage architect for possible implementation in the near future, but for now, I wonder if this is a question to pose to VMWare reps themselves (even if there isn't an answer, it's a question worth putting in their heads).

0 Kudos