Secure Erase Without Losing Storage Pool

Currently reading
Secure Erase Without Losing Storage Pool

3
0
NAS
DS218+
Operating system
  1. Windows
Mobile operating system
  1. Android
Hi guys,

I have a DS218+ and accidently synched some sensitive work data from my phone to my NAS via drive. I have deleted this now and cleared recycle bin however I wish to perform a secure erase on the 2 drives without losing all data currently in my storage pool.

Can you please tell me whether the following would work?
1) deactivate drive 1
2) secure erase drive 1
3) repair/rebuild storage pool such that drive 1 will now be synchronised with drive 2
4) deactivate drive 2
5) secure erase drive 2
6) repair/rebuild storage pool such that drive 2 will not be synchronised with drive 1

Also, I am using 2x WD red HDDs and the Synology hybrid RAID setup.

Thanks for your help.

John
 

fredbert

Moderator
NAS Support
Subscriber
1,838
750
NAS
DS1520+, DS218+, DS215j
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
That’s an interesting question.

Technically the approach will work in so much as keeping data intact while swapping disks out and in. What, to me, isn’t clear is if the disk platter will be re-sync’ed sector by sector in its entirety or if only the current ‘active’ data.

The sure way would be a Hyper Backup of the NAS. Then secure delete both disks and rebuild the NAS from the backup.

You should also look at Drive database and version history.


Someone maybe able to clear up what a resync does. Or you probably will get an answer from Synology Support if you open a ticket (ie not just their forum)
 
3
0
NAS
DS218+
Operating system
  1. Windows
Mobile operating system
  1. Android
Hi Fred,

Thanks for your insightful reply :)

So just to confirm,
1) I can deactivate + secure both drives remotely after creating a backup via Hyper Backup and then activate the drives and install from backup again?
2) I have now created a backup in Hyper Backup via WebDav to another NAS and it was successful. I ticked for all files + apps to be backed up. Do I need to separately backup the NAS config or is the Hyper Backup file all I need to restore the entire NAS?
3) I can backup via WebDav to a remove NAS but once I have secure deleted both drives and reactivated them again, can I restore remotely from the other NAS over WebDav?

Thanks again for your help.

John
 
1,199
397
NAS
DS418play, DS213j, DS3621+, DSM 7.0.4-11091
I'm pretty sure that Synology's secure erase does not touch the OS and Swap partitions which also contain personalized data. If I wanted a true secure erase, I would do it off-NAS using Windows' Diskpart Clean All.
 

fredbert

Moderator
NAS Support
Subscriber
1,838
750
NAS
DS1520+, DS218+, DS215j
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
I'm pretty sure that Synology's secure erase does not touch the OS and Swap partitions which also contain personalized data. If I wanted a true secure erase, I would do it off-NAS using Windows' Diskpart Clean All.
Hadn't checked if there was a secure delete feature in DSM. I assumed to remove the disk and put it in a USB caddy and then use a Mac/PC application to do multi-pass erase of the whole disk.


@nasnewbie Firstly, the HB task you did was the multi-version type? Single-version doesn't backup all packages and it tells you in the list when selecting them. Just confirm this before moving on.

The HB task will make backups of the DSM configuration (it's exactly the same info that you'd generate using Control Panel's backup/restore feature). But not all things are restored, as I confirmed recently and here's some info on what I found out ... you may want to screengrab some Control Panel pages [people are going to roll their eyes now as I link again to my post] Info - Hyper Backup omissions?

I see two approaches to cleaning the disks as rebuilding the NAS:
  1. All-in-one: You've got you HB vault done so extract both disks and do a multi-pass erase off the whole disk. Insert both disks into NAS and follow the setup process building a two disk SHR array. Then login and use HB to restore from the backup vault.
  2. Cautious-but-takes-longer: Remove the disks and only do the multi-pass erase on one disk. Then rebuild the NAS and restore, but the array type will be SHR without data protection (i.e. it's one disk for now). Confirm the restore went well and then erase the second disk. After that you can add this disk to the NAS and add it to the SHR storage pool to give it 1-disk protection.
 
3
0
NAS
DS218+
Operating system
  1. Windows
Mobile operating system
  1. Android
Hi Guys,

Thanks again for all your help.

Given the NAS is remote and not in my state, I am unable to remove the drives.
Is there any way of clearing both drives without extracting them?

I deleted the volume and storage pool and performed a secure erase on 1 drive. I then created a new volume on that drive and performed a secure erase on the other drive at that point.

Just wanting to ensure that the RAID did not sync to the second drive back to the first after I created the new volume on the first drive following the secure erase.

Thanks again
John
 

fredbert

Moderator
NAS Support
Subscriber
1,838
750
NAS
DS1520+, DS218+, DS215j
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
I think you may have done as much as you can. I'm not aware of how else you could do with remotely. You're in a better position than before.

If this is going to be a risk of happening again then you may be better off using SSD for storage as once the blocks have been marked for deletion they are very unlikely to be recoverable due to how garbage collection works and makes blocks available for writing ... unlike HDD the SSD has to erase the space first and it does this very soon after space is marked for deletion, whereas HDD leave it until the space in is to reused.
 
1,199
397
NAS
DS418play, DS213j, DS3621+, DSM 7.0.4-11091
Hadn't checked if there was a secure delete feature in DSM.
Secure Erase
you may be better off using SSD for storage as once the blocks have been marked for deletion they are very unlikely to be recoverable
It is impossible to securely absolutely erase SSDs by overwriting due to the nature of how SSDs manage storage. While recovery is difficult, forensic recovery tools will find data remnants from SSDs.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Similar threads

Similar threads

Trending threads

Top