Scott,
The ‘passes’ cover the entire disk. That is, you would write varying patterns of bits over the entire disk over and over again, each time picking a different bit pattern. According to strict security standards, if you were to just format the drive a few times, writing the same pattern of bits each time, you can still read the previously written data from the drive if you tried hard enough. If you are using ICKDSF, you can use TRKFMT function with the CYCLES and ERASEDATA to do multiple passes. Aria From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of Scott Rohling Sent: Thursday, October 08, 2009 9:29 AM To: IBMVM@LISTSERV.UARK.EDU Subject: zVM 'disk wiping' Working with a customer running Linux on zSeries under zVM... discussing clean up of disk areas when a Linux server is removed. The 'norm' according to the customer is to use anywhere from 3 to 35 'passes' to erase data, depending on sensitivity. I'm wondering if anyone can provide input about how this relates to various cleanup available... I'm confused on a couple of fronts: - I'm probably not understanding -- but writing 1's or 0's more than once to a disk area seems, well, silly. Do 'passes' imply that each pass is covering more 'area' or something? Whenever I do things like 0 a disk using the dd command -- I assume the entire disk is being written to and any subsequent dd commands are unnecessary and redundant. - If we do a DIRM PURGE user CLEAN -- is that sufficient to meet any DoD rules, etc concerning securely wiping data? Same for CPFMTXA FORMAT and any other utilities used from zVM to 'clean' DASD... does anyone actually run these more than once? I'm sure I'm not understanding the context of 'passes' and just want to be able to talk intelligently as I can about how their concept of passes relates to how mainframe DASD is dealt with - especially at the zVM level. This is always where I come to hear several points of view and get useful insight -- so any input would be most welcome! Scott p.s. Considered posting this in Linux-390 .. but it's really more of a zVM thing to me - especially since I plan to use DIRMAINT CLEAN functions to remove Linux servers from zVM.
