When you no longer need the device and you want to return it, erase the data from the device.
Erase data from device
Erase any remaining data using the HPE One-button secure erase feature in the iLO interface. For more information on the secure erase procedure, see the HPE documentation (https://support.hpe.com/hpesc/public/docDisplay?docId=a00026171en_us&page=GUID-8A7C60B7-A3A1-42C6-BEA5-0252F945B7C9.html#GUID-8A7C60B7-A3A1-42C6-BEA5-0252F945B7C9).
Before you begin
Many of the prerequisites listed in the preceding HPE documentation are irrelevant to the GDC air-gapped appliance device, or managed by Google.
- The Administrator account has all the privileges and must be used to initiate the secure erase process.
- The device already has an advanced iLO License.
- Server Configuration Lock, Smart Array Encryption, and Intel VROC Encryption are not used in the device at this time.
- The device is not a c-Class and HPE Synergy system.
- The storage drives used in the device are nVME drives supporting nVME FORMAT.
- LDAP Directory Authentication with the HPE Extended Schema is not in use on the device.
Disconnect storage devices which should not be erased
If any additional drives are connected, you must erase them if they remain connected. These drives may or may not support a built-in sanitization method. Therefore, their state after the secure erase procedure cannot be guaranteed.
Optionally configure SNMP, AlertMail, or iLO RESTful API alerts
If an error occurs during the secure erase process, an IML entry is logged. Alerts send a notification, allowing for faster recovery.
Begin the secure erase process
- In the iLO interface, click Lifecycle Management and then the Decommission tab.
- Click Erase System and confirm.
Gather logs
Gather the logs produced during the secure erase procedure, and bring the system back to a usable state.
Regain access to the iLO interface
If the Administrator account is unchanged, you can use the account to access the iLO interface, and the logs from the last secure erase can be acquired. Otherwise, the logs are lost when the iLO password is reset.
Because account rotation is used in most cases, the iLO must be reset. Reset the iLO by using the iLO 5 Configuration Utility, as described at https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00026113en_us.
If the BIOS password has changed, the entire system can be factory reset using the System Maintenance Switch, as described at https://techlibrary.hpe.com/docs/iss/DL380_Gen10/setup_install/GUID-561C370B-8FA9-468E-9B0A-BDEE7F82927E.html.
View the report
If the iLO logs are still accessible from when the device was erased, or if you ran the secure erase procedure again after iLO access was regained, view the logs in the iLO interface as follows:
Go to Lifecycle Management > Decommission > View Last Erase Report.
Save the report
- Go to Lifecycle Management > Decommission and click the document icon with the CSV label.
- Click Save and follow the browser prompts to save the secure erase report. Save the secure erase report as a record in a tracking system to show that it was completed.
Delete the secure erase report
- Go to Lifecycle Management > Decommission > View Last Erase Report.
- Click the trash can icon.
The event log, IML, security log, and configuration settings made up to this point are reset to the factory default settings. iLO might attempt an auto-restore operation when it starts.
Destroy YubiKeys
To wipe the data from the device, follow these steps:
- Remove the YubiKeys from the device.
- Destroy the YubiKeys by following your company's process to sanitize or destroy physical media.