Wiping the data from your NetScaler
There are two scenarios when you are likely to wipe the data from your NetScaler:
- You are decommissioning or returning the NetScaler and want to remove all of your configuration and files before you return it.
- You are redeploying the NetScaler and want to start with a factory default configuration.
The configuration-wipe scripts remove all customer proprietary information from a NetScaler.
Caution: Running these scripts is dangerous. If something goes wrong during execution, the NetScaler might be rendered unbootable, and we might have to reinstall the software image. The config wipe scripts remove everything on the box, including licenses, configuration, images, and scripts and the configuration is not preserved without a valid backup. Run these scripts only after understanding the consequences. We recommend that you reach out to NetScaler support and open a support case to engage the relevant team.
Points to note
- The new configuration-wipe scripts are distributed in the official NetScaler software bundle. For example, the tar file for 14.1-4.42 (build-14.1-4.42_nc_64.tgz) contains the scripts.
-
The scripts in the recovery folder (
/flash/.recovery) must be replaced with these scripts before running the command to wipe out the data.Important!
If the
/flash/.recoveryfolder does not exist, the SSD must be replaced. - Ensure that the config wipe scripts match the build number. For example, if you plan to upgrade to 14.1-4.42, download the scripts for this build.
- The number in the script is the date and not the software version. That is, config_wipe_01_10_23.tgz refers to 10 January 2023. If you see multiple files in the installation package, use the file with the later date.
- Run the config wipe script only after upgrading to the matching build.
Supported Platforms
The script is supported on all NetScaler MPX appliances. The script is not supported on NetScaler SDX appliances.
Commands to wipe the config
-
Create a folder for the build, download the tarball, and extract the contents into this folder. The following code sample is for the 14.1-4.42 build. At the command line, type:
> shell root@ns# mkdir -p /var/nsinstall/14.1-4.42 root@ns# cd /var/nsinstall/14.1-4.42/ root@ns# pwd /var/nsinstall/14.1-4.42 root@ns# tar xvzf /var/build-14.1-4.42_nc_64.tgz x .ns.version x OTP_tool.tgz x installns x invalid_config_check_files.tgz x nsconfig x skf x schema.json x licservverify x reference_schema.json x bootloader.tgz x python.tgz <!--NeedCopy--> -
Verify that the scripts are part of the tarball. At the command line, type:
> shell root@ns# ls -l config_wipe* -rw-r--r-- 1 root 1001 136782 Jul 26 04:29 config_wipe_01_10_23.tgz <!--NeedCopy--> - Run
installnsto install the fresh build. -
Reboot the NetScaler.
-
Switch to the
/flash/.recoveryfolder and extract the contents. If the folder does not exist, the SSD must be replaced.root@ns# cd /flash/.recovery root@ns# tar xvzf /var/nsinstall/14.1-4.42/config_wipe_01_10_23.tgz x rc.conf_wipe_subr x rc.disk_wipe_and_reset x rc.flash_wipe_recover x rc.local_disk_wipe_2 x rc.local_flash_wipe_1 x rc.main_disk_wipe x rc.main_flash_wipe x rc.system_wipe_and_reset x loader x .new_loader_version root@ns# <!--NeedCopy--> -
Wipe the configuration. At the command line, type:
sh rc.system_wipe_and_reset <!--NeedCopy-->
Two optional parameters are available to zero the flash and the disk one or more times.
sh rc.system_wipe_and_reset [num_flash_loops [num_disk_loops]]
<!--NeedCopy-->
Parameters:
num_flash_loops - Number of times to loop through the flash, zeroing all sectors. The default is 0. Acceptable values are from 0 through 16.
num_disk_loops - Number of times to loop through the hard drive, zeroing all sectors. The default is 0. Acceptable values are from 0 through 16.
Note:
You can specify num_disk_loops only after you provide num_flash_loops. To zero the disk without zeroing the flash, set the flash parameter to 0.
Examples The following command is used to zero the flash once and zero the hard drive twice.
sh rc.system_wipe_and_reset 1 2
<!--NeedCopy-->
The following command is used to zero only the hard drive once.
sh rc.system_wipe_and_reset 0 1
<!--NeedCopy-->
Use any of the following commands to zero the flash four times.
sh rc.system_wipe_and_reset 4 0
<!--NeedCopy-->
OR
sh rc.system_wipe_and_reset 4
<!--NeedCopy-->
Script running time
The appliance might reboot one or more times. The time taken for some sample configuration is as follows:
- Without parameters, the script completes in five minutes. That is, the disk is only reformatted and not zeroed. Zeroing adds extra security so that the data cannot be recovered.
- When you zero the flash:
- On appliances with 256 MB flash, slightly more than one minute is added per pass.
- On MPX appliances with 4 GB flash, approximately 17 minutes are added per pass.
- When you zero the disk:
- On appliances with 80 GB hard drives, approximately 52 minutes are added per pass.
- On MPX appliances with 250 GB hard drives, approximately 163 minutes are added per pass.
Appliances with one SSD
A config wipe deletes and rebuilds all the data from the /flash and /var partitions irrespective of whether it is a single SSD system or a system with separate flash and hard drive.
On single SSD systems, there is only one physical storage device. Therefore, you cannot reformat and optionally zero the entire device.
Instead of reformatting the entire flash, only the flash partition is reformatted. Instead of zeroing the entire flash, only the flash partition is zeroed.
Since there is a hard drive partition instead of a physical hard drive, reformatting and optionally zeroing is limited to the hard drive partition.