Removing All Data with the Wipe Appliance Operation

This appendix describes how to use the Wipe Appliance operation to remove all data from the Secure Malware Analytics Appliance. It includes the following topics:

About Wipe Appliance

The Wipe Appliance boot option enables you to wipe the disks on a Secure Malware Analytics Appliance to remove all data prior to decommissioning or returning it to the Cisco Demo Loan Program.


Note


The Wipe Appliance boot option should not be confused with Data Reset, which prepares an appliance to restore a backup by clearing operating system logs and other state with the destroy-data command.



Important


After performing the wipe appliance procedure, the Secure Malware Analytics Appliance will no longer operate without being returned to Cisco for reimaging.


Wipe Appliance Procedure

This operation is only available in recover-mode tgsh, not tgsh as started from Admin TUI. Perform the following steps to wipe all data from the appliance:

Procedure


Step 1

Reboot the appliance (click the Operations tab, choose Power, and then click the Reboot button).

Step 2

Press F6 at the BIOS window for a list of possible boot targets, and choose Recovery.

The Secure Malware Analytics Shell opens in Recovery Mode. (See Figure 6 in Resetting the Administrator Password)

Step 3

Run one of the following commands in recovery-mode tgsh. These vary only in performance and (theoretically) level of security (although with modern drives, even the fast mechanism is likely to provide very good security).

  • service start wipe-fast

  • service start wipe-random

  • service start wipe-3pass

Immediately after running any of these commands, the Wipe process will start.

The Wipe Finished window is displayed when the wipe operation is complete.

Figure 1. Wipe Finished

Step 4

Press Enter to exit.


Wipe Appliance and Clusters

After performing a wipe operation, the Secure Malware Analytics Appliance will no longer operate unless it is returned to Cisco for reimaging. Wipe should only be used on a cluster node after that node has been flagged in the Admin UI as permanently removed.