Applies To:Show Versions
Returned Material Data Security Statement
About returned material data security
Follow these data security guidelines when returning equipment to F5® for reprocessing or repair. The guidelines include reprocessing procedures and optional customer-end procedures.
About memory technologies used in F5 equipment
F5® equipment contains volatile, battery-backed volatile, and non-volatile memory. Volatile memory loses all traces of data on power down. Battery-backed volatile memory retains data as long as battery charge is maintained. Non-volatile memory retains data indefinitely.
Volatile memory loses all traces of data on power down; therefore, customer data that is stored in volatile memory is secure when power is removed from the platform. No further action is required by customers for equipment that includes volatile memory.
Battery-backed volatile memory
This F5® platform contains a coin battery for maintaining BIOS settings and the system clock. All data maintained by the coin battery is used only for system specific tasks. No customer data is maintained by the battery-backed volatile memory. No further action is required by customers for equipment that includes volatile memory.
F5® platforms include various non-volatile memory components. These non-volatile memory components can be categorized as either user inaccessible or user accessible.
Inaccessible non-volatile memory components are programmed during manufacture or software installation. The data stored in user inaccessible non-volatile memory is used for setting voltage levels, determining the sequence of operational events, and the managing appliance operational condition. Data held within user inaccessible, non-volatile memory represents no data security risk to customers. User inaccessible, non-volatile memory cannot be modified by appliance users, and therefore, contains no customer data.
Inaccessible non-volatile memory
This table lists the inaccessible non-volatile memory in this system.
|Programmable firmware stores||Firmware||No|
|Switch Card SEEPROM||Platform ID, serial number, part number, and so on.||No|
|PHY EEPROMs||PHY MAC address||No|
Accessible non-volatile memory
This table lists the accessible non-volatile memory in this system. Not all platform variants include all of these non-volatile memory items.
|Description||Data||Customer data||Data security method|
|Hard disk drive (HDD)||F5® product software, customer configuration, and log files||Yes||Standard reprocessing or customer removal|
|Solid-state drive (SSD)||F5 product software, customer configuration and log files||Yes||Standard reprocessing or customer removal|
|Always-On Management (AOM) Flash chip (soldered-down flash chip)||AOM boot code and customer custom configuration||Yes||Standard reprocessing or customer action|
|FIPS card (if present)||FIPS security domain and private keys||Yes||Standard reprocessing or customer action|
About removing data from F5 components
For components that contain sensitive customer data and cannot be removed from your F5® system, you can take optional steps to remove the data from these components before you return the system to F5 for processing.
Removing sensitive data from storage drives
- On systems running BIG-IP® software version 11.6.0 and later, you can use the F5 Disk Erase utility to remove all data on hard disk drives (HDDs) or solid-state drives (SSDs) using a single-pass, zero write disk erase operation. For more information, see support.f5.com/csp/article/K15521.
- On systems running earlier versions of BIG-IP software, you can create and use a bootable USB drive to rebuild the system with a clean image of BIG-IP software. This runs a disk erase operation and removes the master boot record (MBR). For more information, see F5 Platforms: Essentials at support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/f5-plat-hw-essentials.html.
Removing IP address data from Always-On Management
- Connect to the system using the serial console.
Open the AOM Command Menu.
Assign a new management IP address, netmask, and gateway:
A confirmation message displays the configured management IP address, netmask, and gateway.
- To use DHCP to assign the addresses, type y when prompted about using DHCP.
- To manually assign the addresses, type n when prompted about using DHCP. At the prompts, type values for IP address (required), netmask (required), and gateway (optional).
- Optional: Type i to verify the assigned addresses.
Removing sensitive data from an internal hardware security module (HSM)
Use the Configuration utility to delete all key/certificate
This removes all .crt, .exp, and .key files from the system.
On the Main tab, click
.This displays the list of certificates installed on the system.
- Select the certificates that you want to delete and click Delete.
- On the Main tab, click .
- Log in to the command line of the system using an account with root access.
Initialize the HSM and reconfigure it using fictitious data.
run util fips-util -f initFor more information on using this command on a FIPS platform, see BIG-IP® Platform: FIPS Administration at support.f5.com.Important: This deletes all keys and makes any previously exported keys unusable.