Proposals for recycling disks

For DICE servers:

  • The Unit managing the server should be responsible for ensuring that all disks are wiped before disposal. This doesn't necessarily imply that the Unit has to do the wiping - support can do this if necessary - but it's the Unit's responsibility to ensure that it happens.

  • If machines are going for disposal, would it not be simpler to wipe the disk as part of the decomissioning process. Once the machine is disconnected it is much more difficult to wipe the disks.
  • I'd say the unit should do it themselves.
  • What happens with servers which are part of a hand-me-down chain? Should the original Unit assume that the new Unit will do enough? Or should paranoia prevail? What happens if the chain is changed between turn-off and handover?

For self-managed servers:

  • Support should check that the user has taken a copy/removed all the data that they require prior to disposal and then all disks should be wiped. It's unlikely that these machines will be reallocated but should this happen, the disks should be wiped. If the machine is being changed to a DICE machine, a reinstall is sufficient.

For MDP admin desktops:

  • Support should ensure that any disk from a Windows Managed desktop is wiped prior to disposal. If the machine is being reallocated as a self-managed machine, the disk should also be wiped. If the machine is being reallocated as a DICE machine, a re-install is sufficient.

For DICE staff/PhD desktops:

  • Prior to disposal, support should check with the user that they have removed all the data that they require from the hard disk. If there has been local user data, the disk should be wiped. If not, there is no need to wipe it ? If the machine is being reallocated as a self-managed machine, the disk should be wiped. If the machine is being reallocated as a DICE machine, a re-install is sufficient. (Or, if there has been local data, should we also wipe the disk ?)

  • What if it had been a self-managed server in a previous life? All these rules are rather tending towards a "just wipe" approach being the only safe one

For self-managed desktops:

  • As we cannot be sure what data is on a self-managed machine, support should wipe all disks prior to disposal. (Or, should we ask the user what data has been held/what the machine has been used for and then make a decision based on the answer ?). Support should also check with the user that they have removed all the data they require. If reallocating as a self-managed machine, disks should be wiped. If reallocating as a DICE desktop, a re-install is sufficient.

  • I'd suggest that it wouldn't be safe to rely on "the user", who might have inherited the machine from someone who has since left.

For lab desktops:

  • We should not need to wipe the disks prior to disposal but should do so if the machine is being reallocated as a self-managed machine.

General Responses

* Clarity is essential; and whatever we do decide should be documented somewhere that's easy to find.

* It would be easier I think to have a simple set of criteria which, if ALL met, certify a drive as safe to dispose without wiping. Adding any uncertainty to the process will allow data to leak out.

* The only thing unanswered is what to do with unreadable (i.e. faulty) drives where there's a good chance that the data is intact?

* For all of the above (excluding lab desktops), unless the machine is instantly being reinstalled as DICE, then always wipe when being decommissioned.

* So if being reallocated as self-managed, wipe prior to install.

* In the case of disposal, we still have to wipe until that court case is resolved and we can pass the buck to CCL North?

* Are the disc-wiping tools easily available on all (reasonably likely) subnets?

* We should also be wary of passing machines between users without first wiping them. In the table below I'd suggest that DICE desktop -> DICE desktop and MDP -> MDP should be "reinstall" rather than "n/a", and S/M desktop -> S/M desktop should be "wipe" rather than "n/a".

* There are different types of "DICE server", and whether we wipe or not should take the new use into account. "N/A" is therefore n/a for that column.

The table below attempts to provide a summary. The rows represent the current type of machine and the columns represent its next purpose/destination.

  DICE servers S/M servers MDP DICE desktops S/M desktops Lab desktops recycling
DICE servers n/a wipe disks n/a n/a n/a n/a wipe disks
S/M servers n/a wipe disks if going to new owner n/a reinstall wipe disks if going to new owner reinstall wipe disks
MDP n/a n/a n/a reinstall wipe disks reinstall wipe disks
DICE desktop n/a wipe disks reinstall n/a wipe if data on disk? reinstall wipe if data on local disk?
S/M desktop n/a wipe disks if going to new owner reinstall reinstall n/a reinstall wipe disks
Lab desktop n/a wipe disks reinstall reinstall wipe disks n/a no wiping

-- AlisonDownie - 12 Jul 2012

Edit | Attach | Print version | History: r10 | r8 < r7 < r6 < r5 | Backlinks | Raw View | Raw edit | More topic actions...
Topic revision: r6 - 25 Jul 2012 - 06:49:45 - GeorgeRoss
 
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
This Wiki uses Cookies