Commvault

Erase Data Feature

Quick Links to Topics:


Erase data is a powerful operation that allows Commvault® administrators to granularly mark objects as unrecoverable within the CommCell® environment. Administrators can browse or search for data through the CommCell® console and mark the data as unrecoverable.

Erase data is a CommCell level license. Once it is applied you need to enable 'erase data' in the General tab of the storage policy. Once this license is applied, the 'Catalog' option cannot be used to recover backup data managed by the storage policy. This is because random binaries are written to the OML header in the media password location. The password cannot be used and you always get a decryption error when using these tools.

If the erase data operation is something that would be of value to your organization, then it may be worth the risks previously described. If you are not sure, then it is recommended that you do not use it. If you have capacity-based licensing arrangements with Commvault software, check to see if this license is installed. If it is, you may want to disable 'erase data' in all storage policies within the CommCell® environment.

How Erase Data Works

When the erase data license is implemented it is only effective when writing jobs to new or recycled media. The license cannot be retroactively applied to jobs already in storage. If the license is removed, it is only effective when writing to new or recycled media. All jobs written to media for the storage policy when the license was being used cannot be recovered through Media Explorer or the 'Catalog' option.

It is technically not possible to erase specific data from within a job. Erase data works by logically marking the data unrecoverable. If a Browse and Restore or Find operation is conducted, the data does not appear. In order for this feature to be effective, any media managed by a storage policy with erase data enabled will not be able to be recovered through Media Explorer or the 'Catalog' option.





Erase Media

To ensure encryption keys are destroyed in the CommServe® database when tapes are aged, the 'Erase Media' option is used. Erase Media is a physical operation that mounts the tape and overwrites the OML header. Once the header is overwritten, data cannot be recovered using any method Commvault® software provides. This is considered a destructive operation so it cannot be performed on any tapes where jobs are actively being retained. The option to erase media is available in all logical media groups except the Assigned Media group.

There are two methods for erasing a tape:

  1. Manually erasing a tape in the Spare Media Group.

  2. Automatically erasing tapes that are returned to the Spare Media Group (configured through the storage policy copy).

Manually Erasing a Tape

From the spare media group | Right-click the desire tape | Options | Erase Spare Media
Erasing spare media loads the tape in a drive and overwrites the header, thus preventing data past the header from being recovered through Commvault® software.




To physically erase a tape

1 - Right-click tape | Options | Erase Spare Media.

2 - Select Quick or Full Erase.

3 - Confirm the operation.

4 - Erase media operations will appear in the Job Controller.



Automating Erase Operations

When tapes are recycled, they can automatically be marked to be erased. This is done by selecting the 'Erase Media' check box in the Media tab of a storage policy copy. An erase media operation must be scheduled for the library, which physically loads each marked tape and overwrites the OML header.




Scheduling Erase Spare Media Operations

Right-click the tape library | Erase Spare Media
When the 'Mark Media to be Erased' option is enabled for storage policy copies, erase media operations must be scheduled for any library where media is marked for erasing.





To schedule an erase media operation

1 - Right-click Library | Erase Spare Media.

2 - Set the erase operation to be quick (overwrite OML header) or full (overwrite entire tape).

3 - The erase operation can be run immediately, scheduled, or…

4 - …saved as a script.


Erase Media Storage Policy Settings

Right-click the storage policy tape copy | Click Properties | Media tab

The option 'Mark Media to be Erased After Recycling' in the Media tab of the storage policy copy marks all tapes managed by the policy to be erased once all jobs have aged. A schedule must then be set up at the tape library to erase the media. The erase media operation mounts the tape and write a new OML header to the tape. This makes the data completely unrecoverable through the CommCell® console, Media Explorer, or through a tape catalog operation. It is important to note that the data on the tape is not actually erased. As such, it is recommended to encrypt all tapes.




To mark tapes to be erased

1 - Right-click a storage policy copy | Properties.

2 - In the Media tab select ‘Mark Media to be Erased After Recycling’.

3 - Click Yes to confirm.


Copyright © 2021 Commvault | All Rights Reserved.