FDRERASE, which can be licensed separately or as an option to
quickly and securely erases data from z/OS disk with the minimum of CPU resources
and in the minimum elapsed time. Several Tb's of data can be erased in an hour.
FDRERASE is the first z/OS secure data erase utility to earn international
CCEVS EAL2+ validation. See the certification
page for more details.
The secure erasure of data is required by many government, industry and corporate
privacy and security laws and regulations worldwide. Examples include the European
Data Protection Directive, HIPAA, Sarbanes-Oxley and DoD requirements.
Unfortunately, the standard data erasure utilities provided within z/OS (e.g.
ICKDSF) are slow and do not always fully erase the data.
FDRERASE offers a significantly more secure option for the erasure of your z/OS data.
There are many times when you may wish to insure that your z/OS data has
been securely erased, for example:
- At the end of a disaster test, or when leaving the DR site
after a real disaster.
- When you are disconnecting a disk control unit, perhaps
after moving all data with FDRPAS or by some other means.
- When reusing disk volumes for new purposes
FDRERASE offers several levels of data erasure:
See the examples page for more details on running FDRERASE.
- The ERASE function overwrites every track with a single track-length record
consisting of binary zeroes (or a user specified pattern).
The ERASE function meets the DoD/NCSC definition of “clearing” or “erasing”
a disk and is usually adequate for erasing disks that will be sold, scrapped,
or returned to the manufacturer.
- The SECUREERASE function overwrites every track with varying complementary patterns,
from 3 to 8 passes per track.
The SECUREERASE function meets the DoD/NCSC definition of “sanitizing” or “purging” a disk
and can be used on your most sensitive data to make it very unlikely that the data could
be recovered, even if the hard drives were removed and accessed elsewhere as FBA disks.
Performing a single overwrite, ERASE can erase approximately 1.5Tb of
data (per DASD controller) in 1 hour. Two ERASE jobs (running against two
separate DASD controllers) can erase approximately 3Tb in 1 hour.
See the user experiences page for more details on FDRERASE performance.
To protect against operator error, FDRERASE operates only on offline disks.
You specify a device address or an address prefix, such as 1A*. FDRERASE will identify
the offline disk device(s) matching your selection, and it will erase those volumes.
If you are an FDRPAS
customer, FDRERASE will by default only erase FDRPAS source volumes
(that were previously online), but this default can be overridden if required
and any offline disk can be erased.
The SIMERASE function allows you to validate your control statements to
ensure that the correct disk(s) will be selected for erasure.
FDRERASE also offers two additional features, neither of which actually
delete any data, but which can be of use in certain situations.
- EMPTYVTOC does not erase any data from disks, nor does it
uncatalog any data sets. It simply reinitializes a disk with an empty VTOC. If
present, the VTOCIX will be rebuilt. After the EMPTYVTOC has run, the emptied VTOC
and the re-built VTOCIX will have the same size and location as the originals.
This is a very quick way of initializing an empty volume (perhaps after
a successful FDRPAS
SWAP), but should not be used as a method of erasing disks.
- SIMERASE also does not erase any data, but it validates your FDRERASE
control statements to confirm which disk devices will be erased by a “real”
QUICKERASE, ERASE or SECUREERASE.
Innovation recommends that you always use SIMERASE to validate your
FDRERASE control statements before running the process for real.
For more introductory information on FDRERASE, see the
Product Portfolio Sheet or view our
For more comprehensive information, please request a Concept & Facilities Guide
return to top