The Data Domain sanitization command exists to enable the administrator to delete files at the logical level, whether a backup set or individual files. Deleting a file in most file systems consists of just flagging the file or deleting references to the data on disk,freeing up the physical space to be consumed at a later time. However, this simple action introduces the problem of leaving behind a residual representation of underlying data
physically on disks. Deduplicated storage environments are not immune to this problem.
Shredding data in a system implies eliminating the residual representation of that data and thus the possibility that the file may be accessible after it has been shredded. Data Domain’s sanitization approach ensures is compliant with the 2007 versions of Department of Defense (DoD) 5220.22 of the following specifications:
-US Department of Defense 5220.22-M Clearing and Sanitization Matrix
-National Institute of Systems and Technology (NIST) Special Publication 800-88
Sanitization can be run only by using the CLI.
During sanitization, the system runs through five phases:
Performs an index merge to flush all index data to disk.
Reviews all data to be sanitized. This includes all stored data.
Reviews all of the files in the logical space and remembers what data isactive.
Copies live data forward and frees the space it used to occupy.
Writes zeroes to the disks in the system.