Manual Chapter :
Returned Material Data Security Statement
Applies To:
Show Versions
Returned Material Data Security Statement
Returned material data security
Follow these data security guidelines when returning
equipment to F5 for reprocessing or repair. The guidelines include
reprocessing procedures and optional customer-end procedures.
Memory technologies used in F5 equipment
F5 equipment contains volatile, battery-backed volatile, and
non-volatile memory.
Volatile memory
loses
all traces of data on power down. Battery-backed
volatile memory
retains data as long as battery charge is
maintained. Non-volatile memory
retains
data indefinitely.Volatile memory
Volatile memory loses all traces of data on power down;
therefore, customer data that is stored in volatile memory is secure when
power is removed from the platform. No further action is required by customers
for equipment that includes volatile memory.
Battery-backed volatile
memory
This F5 platform contains a coin battery for
maintaining BIOS settings and the system clock.
All data maintained by the
coin battery is used only for system specific tasks. No customer data is
maintained by the battery-backed volatile memory. No further action is
required by customers for equipment that includes volatile memory.
Non-volatile memory
F5 platforms include various non-volatile memory components.
These non-volatile memory components can be categorized as either user
inaccessible or user accessible.
Inaccessible non-volatile memory components are programmed
during manufacture or software installation. The data stored in user
inaccessible non-volatile memory is used for setting voltage levels,
determining the sequence of operational events, and the managing appliance
operational condition. Data held within user inaccessible, non-volatile memory
represents no data security risk to customers. User inaccessible, non-volatile
memory cannot be modified by appliance users, and therefore, contains no
customer data.
Inaccessible non-volatile memory
This table lists the inaccessible non-volatile
memory in this system.
Description |
Data |
Customer data |
|---|---|---|
Programmable firmware stores |
Firmware |
No |
System SEEPROM |
Platform ID, serial number, part
number, and so on. |
No |
PHY EEPROMs |
PHY MAC address |
No |
Accessible non-volatile memory
This table lists the accessible non-volatile
memory in this system. Not all platform variants include all of these non-volatile
memory items.
Description |
Data |
Customer data |
Data security method |
|---|---|---|---|
Hard disk drive (HDD) |
F5 product software, customer
configuration, and log files |
Yes |
Standard reprocessing or customer
removal |
Solid-state drive (SSD), if
present |
F5 product software, customer
configuration, and log files |
Yes |
Standard reprocessing or customer
removal |
Always-On Management (AOM) Flash
chip (soldered-down flash chip) |
AOM boot code and customer custom
configuration |
Yes |
Standard reprocessing or customer
action |
FIPS software or hardware security module (HSM),
if present |
FIPS security domain and private
keys |
Yes |
Standard reprocessing or customer
action |
Data removal from F5 components
For components that contain sensitive customer data and
cannot be removed from your F5 system, you can take optional steps to remove
the data from these components before you return the system to F5 for
processing.
Remove sensitive data from storage drives on F5 systems
The hard disk drive (HDD) or
solid-state drive (SSD) components included in F5 platforms might include
sensitive customer data. If you purchase the HDD removal SKU, you can remove
the HDD/SSD and coin battery, and these components will be replaced during F5
reprocessing. Otherwise, HDD and SSD components are processed by F5 through
standard processing. You can perform a disk erase operation on your system to
remove sensitive customer data.
- Perform a disk erase operation using the F5Disk Eraseutility to remove all data on hard disk drives (HDDs) or solid-state drives (SSDs) using a single-pass, zero write disk erase operation. For more information about storage drive maintenance, seeF5 Platforms: Essentialsat techdocs.f5.com/en-us/hw-platforms/f5-plat-hw-essentials.html.
Remove IP address data from
Always-On Management
If you have configured an IP
address for the Always-On Management (AOM) subsystem, you can remove the
customized IP address from the system before returning it to F5.
- Connect to the system using the serial console.
- Open the AOM Command Menu.Esc (
- Manually assign a new management IP address, netmask, and gateway by typingnwhen prompted about using DHCP. At the prompts, enter0.0.0.0for IP address (required), and values for netmask (required), and gateway (optional).A confirmation message displays the configured management IP address, netmask, and gateway.
- Typeito verify the assigned addresses.
Remove sensitive data from an embedded hardware security
module (HSM) on BIG-IP systems
If your BIG-IP system includes an
embedded hardware security module (HSM), also referred to as a FIPS card, you
can remove the sensitive customer data from HSM before returning it to F5.
The HSM cannot be removed from the platform.
- Log in to the command line of the system using an account with root access.
- Delete all key/certificate pairs.tmsh sys crypto cert delete allThis removes all.crt,.exp, and.keyfiles from the system.
- Initialize the HSM and reconfigure it using fictitious data.run util fips-util -f initThe-foption forces initialization, which deletes all user-generated keys.For more information on using this command on a FIPS platform, seeBIG-IP Platform: FIPS Administration.This deletes all keys and makes any previously exported keys unusable.
