HPE ProLiant User Manual page 40

2. You have an iLO user account with all iLO 5 privileges, including Recovery Set.
3. If the following features are enabled, disable them:
Server Configuration Lock
Smart Array Encryption
Intel VROC Encryption
4. Verify that the iLO security setting on the system maintenance switch is in the OFF position.
If iLO is configured to use the High Security, FIPS, or CNSA security state, change the security state to Production.
For instructions, see the HPE iLO User Guide.
NOTE: Intelligent Provisioning does not support the High Security, FIPS, or CNSA security states. On servers that use NOTE:
these security states, you can use REST tools to initiate the One-button secure erase process. For more information, see
the REST documentation.
5. The storage drives that you want to erase support a native sanitize method.
Examples include the SANITIZE command for SATA and SAS drives and FORMAT for NVM Express drives. The NIST publication
recommends these commands for purging data on these device types. Using these commands is more secure than using software to
overwrite data on storage drives.
Hewlett Packard Enterprise recommends configuring SNMP, AlertMail, or iLO RESTful API alerts before initiating the One button secure
erase process. If errors occur when individual components are erased, an Integrated Management Log (IML) entry is logged for each
error. The IML is erased later during the One-button secure erase process. After the log is erased, the individual component errors will
be unavailable. Using SNMP, AlertMail, or iLO RESTful API alerts allow you to review the IML log.
6. Disconnect or detach storage devices that you do not want to erase.
To reduce the chance of data loss, Hewlett Packard Enterprise recommends disconnecting or detaching drives that you do not want to
erase. This step includes removable drives, external storage, and shared storage.
If an attached storage device does not support native sanitize methods, it will not be erased during the One-button secure erase
process. An Integrated Management Log (IML) entry will report an erase failure for the device.
HPE Synergy users:
◦ Remove HPE OneView or Virtual Connect profiles assigned to the system.
Initiating the One-button secure erase Initiating the One-button secure erase process
Prerequisites Prerequisites
Your environment meets the Prerequisites for initiating the One-button secure erase process .
CAUTION: CAUTION:
Use this feature only when you want to decommission a system or use it for a different purpose. This process resets the
server and supported components to the factory state. Depending on the storage capacity, securely erasing the server and
components might take up to a day or more to finish. Once you initiate this process, it cannot be undone. Until the process
is complete, avoid interactions with iLO or the system that involve configuration changes and powering off the system.
Procedure Procedure
1. From the main Intelligent Provisioning screen, click Perform Maintenance ->One button secure erase and then follow the onscreen
prompts to begin erasing the system.
2. The server restarts and the One button Secure erase process begins
The server reboots and the BIOS deletes the data that it controls. After the BIOS finishes this process, the system powers off. iLO then
deletes the remaining items.
If errors occur when individual components are erased, an Integrated Management Log (IML) entry is logged for each error and you
process
Intelligent Provisioning 4.20 User Guide for HPE ProLiant and Synergy Gen11 Servers 40