Skip to main content

 

Druva Documentation

Decommission Workflow

inSync Private Cloud Editions: File:/tick.png Elite File:/tick.png Enterprise

Decommission Workflow for laptops and desktops

Laptops and desktops on Windows OS

  • The decommission process is started for the Windows laptop or desktop. The DLP status for the device changes to Decommissioning and the Device Status changes to Disabled.
  • The inSync client starts to erase all files that were configured for backup up from the device.
  • inSync overwrites the free space of that partition by creating an SErase file and increasing the size of SErase until it gets a No free space error. By doing this, inSync is able to clean up the free space of the drive.
  • inSync then creates SMFT (Secure Master File Table) 0 byte files to clean the MFT table so that no one can see the name of the files that were there on the system.
  • inSync then deletes the SErase file (the file used to fill up the free space).
  • After the decommission process is complete, the DLP status for the device changes to Decommissioned.

Laptops and desktops on Mac OS

  • The decommission process is started for the Mac laptop or desktop. The DLP status for the device changes to Decommissioning and the Device Status changes to Disabled.
  • The inSync client starts to erase all files that were configured for backup up from the device.
  • inSync uses the built-in OS tool, SRM, to perform secure deletion of the data on the device. This ensures that each file is overwritten, renamed, and truncated before it is unlinked. This prevents other people recovering any information about the file from the command line.
  • After the decommission process is complete, the DLP status for the device changes to Decommissioned.

Note: Decommissioning is not supported for laptops and desktops that are on Linux OS.

Decommission Workflow for Mobile Devices

Android Devices

  • The decommission process is started for the mobile device. The DLP status for the device changes to Decommissioning and the Device Status changes to Disabled.
  • The inSync Cloud Master sends a push notification to the inSync app via the Google Cloud Messaging server.
  • The Android inSync application receives the push notification and starts deleting data according to the decommission type that the Administrator selected.

If the Administrator selected the Delete only inSync data on device option while decommissioning the device:

  • inSync deletes recent documents, favorites, or inSync cache files from the inSync mobile app.
  • The user is logged out from the inSync mobile app.

If the Administrator selected the Deactivate entire device option while decommissioning the device:

  • The user device is restarted.
  • inSync erases all data on the mobile device. All non-inSync data and the SD card are also wiped out.
  • After the decommission process is complete, the DLP status for the device changes to Decommissioned.

iOS Devices

  • The decommission process is started for the mobile device. The DLP status for the device changes to Decommissioning and the Device Status changes to Disabled.
  • The inSync Cloud Master sends a push notification to the iOS device via the Apple server.
  • The iOS device receives the push notification and starts deleting data according to the decommission type that the Administrator selected.

If the Administrator selected the Delete only inSync data on device option while decommissioning the device:

  • inSync deletes recent documents, favorites, or inSync cache files from the inSync mobile app.
  • The user is logged out from the inSync mobile app.

If the Administrator selected the Deactivate entire device option while decommissioning the device:

  • The user device is restarted.
  • inSync erases all data from the mobile device. All non-inSync data are also wiped out.
  • After the decommission process is complete, the DLP status for the device changes to Decommissioned.

Windows Phone 8 Devices

  • The decommission process is started for the mobile device. The DLP status for the device changes to Decommissioning and the Device Status changes to Disabled.
  • When the Windows Phone 8 device connects with inSync Master, the recently accessed documents or favorites from the inSync cache files are deleted.

Note: Only the Delete only inSync data on device option is available for Windows Phone 8.

For more information, see Manually Decommission a Mobile Device.

  • The user is logged out from the inSync mobile app.

Frequently-asked questions

What to expect after changing the decommission status to 'On Hold'?

inSync Server marks the status of decommission to On hold, thereby preventing decommissioning. If a device is offline and user marks the device as On hold, the setting is not relayed to the device. This option can be used in a scenario where in you have configured the Auto Delete option for a device and you know that the device will not be connected to inSync Server for “n” number of days. 

For more information, see Automatically decommission a device.

When to mark a device as Normal?

To remove the device from On hold, you need to mark the device as Normal.

What are SMFT files? How are they created during the decommission process?

A file is deleted from the hard drive and the free space is securely overwritten (wiped). However,  the file entry remains intact in Master File Table (MFT) even after deleting the file. MFT contains an index of files on NTFS drives. inSync creates SMFT files that wipe MFT Free Space called Secure file deletion. 

In which folder are SMFT files created?

During decommissioning, inSync overwrites the free space of that partition by creating an SErase file. Thereafter, inSync creates SMFT files in shared folders which are configured for backup. If there are no folders that are configured for backup, no SErase or SMFT files get created. The process only removes all files from inSync Share and finishes the decommission.

How to verify that the device is decommissioned successfully?

inSync cannot guarantee that a device can update the status on Server after decommission completes. The person that steals the device may not connect the device to a network. Hence, the status will not get updated on the server.

To ensure that the device has decommissioned successfully, check the following:

  • Status of device on DLP page must be "decommissioned"
  • Device status on device page must be "disabled"
  • inSync client should give error like "can't connect to server" when one tries to perform backup or restore operations.
  • Configured folder should be filled with the SMFT files.

 

  • Was this article helpful?