vertexsys

Especially 'new' drives on ebay!! It is dead simple to reset or change SMART data, serial numbers, or G-list data for drives. Blow the dust off and suddenly they are brand new.

Well... there are many many shady vendors on that platform for sure, but there are also many who are not shady. The shady vendors who represent brokered inventory as their own give the rest of the vendors a bad name. And it is unfortunately a common thing. They will quote a part, price it from another vendor with a markup, make the sale, then use a 1-2 week lead time to order in the parts, repackage and reship. We have caught vendors doing this; not the vendor in this thread but another well known US vendor. There is a vetting process as well as a complaints process on BrokerBin to help keep the most shady vendors out, but it's certainly not perfect. The platform is really best for sourcing specific parts, particularly esoteric and hard to find parts. Say you're a TPM company and need a replacement tape library robot for an HP library from 2010... where would you source it? BrokerBin, that's where. But it is not by any means cheaper, unless you are buying parts from the cheapest provider, which is where you'll run into issues with non-genuine parts, used sold as new, drives with reset SMART data, untested parts, etc. And since it's intended for broker to broker part sales, warranty is typically limited to 30 days DOA. That's why you're much better off buying from a qualified vendor who will back their hardware with at least a 1 year warranty, and test reports for hardware. By the way: the OEMs occasionally use this platform to fulfill RMA part replacements.

It was bulk pull new ram, our warranty.

Lol, that's a fairly important detail They were 32GB 2Rx4 That's $3000 CAD? Absolutely insane. Here I was thinking DDR4 pricing is crazy.

We recently quoted 384GB of Dell brand DDR5, refurb. Is it true that Dell won't sell ram except within a server order? We came in around $1500 CAD each, 1 week lead time. 5yr warranty. What is the current price and availability on standalone DDR5 server ram?

Sorry, you're saying the concern is that aftermarket hardware might have been bugged? Are you thinking like full servers with hacked firmware, or parts like a NIC that's been hacked to snoop and send data home? Or a keyboard with a baked in keylogger? I don't think those fears are grounded in reality, but the best resolution would be to buy from a trusted supplier who can show hardware provenance. And avoid buying from China, where suppliers tend to have a higher likelihood of counterfeits (intentional or otherwise) Also worth noting that most of the OEMs maintain a presence on the secondary market to source hard to find spares for support contracts. This is especially prevalent now and back during COVID when they need to hit their SLA. This is not a well known fact, but it's true. Parts replaced under OEM warranty are going to be refurbished and when the OEM can't fulfill the spares internally they turn to the same network of refurb vendors as they actually refurbishers do.

Yeah, pricing moves with market, but as you said it's not that different from new from OEMs. Failure rates are generally quite low due to burn-in, as long as you pick a vendor that sources their hardware properly. Lots of cheap companies buy from recyclers by the pound and 'you get what you pay for'. Generally you want companies that either decommission and pick up direct from datacenters, or only source from partners that do so. That, coupled with extensive testing (Unit test, component tests, tear down, drive test and erasure, firmware updates, etc) and strong warranty/support, and you should be covered.

Depends. NetApp allows ownership and support transfer in some cases. The prices are higher, but the support is there. Same goes with Dell, with some caveats. For example I just received a 1PB PowerStore 9400, but the licenses transferred to the replacement appliance. So ownership can be transferred and licenses/support can be re-added from Dell, but don't come with the unit. That said, I had a Unity 480F last year which came with ownership transfer and full ProSupport MC support as well to the new owner. So it varies. For HPE, ownership can be transferred but it's difficult. But support can be given through third party instead, and since these are usually 1-2 gen behind anyways, they would come with the most recent firmware anyways. We received some HPE Nimble HF40s which the previous owner had updated to 6.1.2.300 which I believe is the latest supported firmware on that line. No more firmware updates available, but it's mature and reliable. As always, the answer is: It's complicated

Well I don't know if the OEMs will sell you an empty CTO either. The cost of procurement and shipping on an empty chassis isn't worth selling it alone, as most of the margin comes from the parts installed inside. Not to mention added complexity of warranty support, as you don't know if your motherboard or backplane issue (should be covered under warranty) is actually a failure on that part or due to a mismatch with hardware purchased elsewhere. Same can be said of storage appliances which require specific part numbers and firmware to be compatible, and as mentioned also often have a capacity license involved. Any storage appliances sold from a qualified refurb vendor will be part number and firmware compatible and tested/requalified as a whole system. That can be confusing as hell, for example with Dell Compellent which uses the exact same part number for, say, 1.92TB SAS SSD across their server line, Compellent SC, and Compellent SCv lines. And neither is compatible with the other. Servers can use compellent drives with some finesse, but Compellent require exact firmware matches. As for support on them, again, any reputable vendor would be carrying model and firmware specific spares on hand for RMA replacements, or ship a cold spares kit to the client with the appliance purchase.

What about new OEM ram procured from the secondary market? That would solve your paperweight problem. As long as the parts are vendor matched and from a reputable source they should be covered under the OEM support. When the server RAM finally comes, resell on the secondary market at elevated prices for a profit ;)

$45K USD for an ML110? Holy moley. Even with the lower availability / higher price of refurb tower servers, that spec as an ML350 gen10 with 2 Xeon Gold 6244, 16C, higher passmark score than the single Xeon Silver CPU, all specs the same otherwise (DDR4 instead of DDR5), would be well under $15K with support. As a rack mount server, it would be 20% cheaper.

Honest question, I know a lot of folks just won't go anything but new (historically). That said, in the last 2 quarters we've had a wave of those types of companies overcome their doubts and come to us for refurb. What are the real roadblocks keeping companies from sourcing refurb, either full servers and storage appliances or parts for them? Is it warranty and support? Because that is provided. Hardware quality? Burned in, fully tested, past infant mortality but well before end of life. Someone in the post above mentioned a shortage on 1.2TB 10K SAS HDD. I can tell you that that part is not on short supply on the refurb side. At any given time we have 100s in stock, and easily 5000+ in stock at 100% health, erased and tested, across Canada and CONUS. They're a fraction of the price of new and available with spares kits and overnight advance RMA. It seems like this is the time for some of the refurbished hurdles to be overcome and more companies to start embracing a circular economy. That's why I'm curious what the actual real life hurdles are so that we can overcome them and position ourselves as good alternative to new, as prices and lead times keep going up.

Go with new-to-you but not current gear (refurb), it's a good way to save money

Sure, send me a PM. Might not be worth it for a single server that you'll have to pack yourself but let's talk anyways

Hell, I'll buy those off you and give you more than the $2K trade in value! USD? CAD?

Sounds good, I'll send you a message. We're in Edmonton btw.

Sheesh, I'll sell you ddr3 server ram, we just pulled out some Sun Oracle servers full of 16GB PC3-12800R Not if you're in the US though, import tariffs are dumb.

For a Canadian option, we are refurbished VAR out of Alberta. Generally speaking we'll be at or below the prices of the major US refurbish shops, and we cover everything with NBD warranty replacement. For the Canadians buying from US shops, they usually don't cover shipping costs, or things get stuck at the border, and some don't even extend their warranty to Canada. But to OP - even a 14G R640 or R740 will be a huge boost in performance and reliability over an R260. 15G doesn't give enough of a performance boost for the price increase IMO. CPUs are marginally faster, you're still on DDR4 (depending on the CPU, the ram might actually clock slower), it's the same 12G SAS backplane with NVMe options, iDRAC is the same and the major components are the same. You only really gain PCIe 4 and a move from rNDC to OCP for the daughter card.

Oh, I don't disagree that there are cases where the risk dictates shredding as the only option, only that the blanket assumption that shredding is the only safe option is not correct. I have heard it mentioned a few times about OEM mis-implementation of secure erase, but haven't seen any real life examples of that. Have you seen any studies or OEM whipepapers on the subject? Would love to do some reading. That said, there is a lot of FUD around data security which in turn generates a lot of unneeded waste. Shredding sticks of ram and CPUs, for example. The reality is that is always going to be some risk, even with shredding - particularly with regards to SSDs and shred particulate size. Due to the density of memory chips, it's possible to have whole or partial chips escape unscathed through the shredder, which poses a much more real life risk than a hypothetical OEM command malfunction. The hard drive shredder manufacturers provide special hardware for finer particulate size for flash vs HDD but there's no guarantee that they are used by the recycler. The add-on hardware, or dedicated shredders are expensive, and there's also the risk that an SSD be shredded in an HDD shredder. Interesting topic either way.

Yep, which is why that question is better posed to the people that sign your paycheque. There's already enough e-waste being generated on a daily basis. Shredding drives with 95% health left on them just adds to that.

Jumping in here, a good ITAD can erase, test and process hundreds of drives an hour. We are comparably small and can process about 800 drives concurrently. For example, 800 12TB drives - about 10PB - takes about 24 hours from start to finish including erase, verify, test and recording. For hands on labour that's about 60 min for a 2 person crew to load, unload and label the drives.

Ok then how is that different from a tech securely erasing a drive under surveillance in a locked cage? If the secure erase is equally sufficient at purging data, why generate the unnecessary e-waste? In the end either way you're relying on the recycling company, and you're protected by the certs they give you.

That's no longer a thing, it hasn't been for a long long time. Spinning drives can be easily and verifiably zeroed, including bad and reallocated sectors as well as unused sectors if the drive is short-stroked. That has been solved years ago and the technology to implement this is commodity now. SSDs are even easier, as secure erase commands are baked in at the manufacturer level to instantly purge a drive of all data. We erase drives, usually a couple dozen to almost 1000 simultaneously. For SSDs to add further ability to verify down the road we zero after secure erase. All drives are erased by either writing zeroes (spinning) or secure erase + writing zeroes (SSD) and then verified with a full drive read. As for identifying which drives have been erased, everything is logged, and if needed, we have a tool that can spot check any number of drives simultaneously to check if it's zeroed - it checks the first and last 64MB and a number of random 64MB chunks throughout the drive. I check in every few months but of yet I have not seen anyone be able to recover more than a few bytes of data from a properly erased drive. I wish I could dig up one of the studies I read, they took a drive which had been erased with single pass write zeroes and used an electron microscope and lots of specialized equipment and they came up with a few ASCII characters, "ump" or something like that. Could be a reference to the current president - could also be someone commenting on the quality of the last hotel they stayed at. Basically, no one has ever recovered actual useful information from a drive zeroed even with a single pass in the past 20 years.

Omada Pro here, also love it. We're a distributor up here in Canada, so I'm biased, but they give out internal use hardware and licenses so I have my home set up with it. I've used both the cloud and local controller, it's rock solid on either and dead simple to configure and use.

What's the story with NetApp ownership transfer? I've always understood that aftermarket NetApp is exempt from support, but some of the refurb VARs I work with are offering appliances with one time ownership transfer baked in - unit can go back on OEM support. Current, not EOL gear - in this case an A800. Has NetApp changed their policy? Can the original owner pay for resale rights or something? Just curious.... NetApp is always popular as an aftermarket storage appliance because it's easy to support with third party maintenance, but obviously OEM support is a nice perk.

Not sure about nationwide, but for the Western provinces at least, Innov8 handles Canon (but not HP) and NextGen automation handles both HP and Canon. I can make introductions to colleagues at both if you'd like. As for our East I believe that Innov8 has some coverage out there but there are probably better local providers.

Any good refurbished vendor who sells UPS will include brand new batteries and at least a 2 year warranty (at least, we do). The comments about the UPS electronics having a higher risk of failure is true for older models but most of the newer aftermarket stock on UPS is less than 5 years old and goes to the secondary market for the usual reasons - office closure, upgrade, or even new 200-240V units that were bought by mistake and not used (the last one is a lot more common than you think). Refurbished UPS stock never comes from environments where they were abused. And even so, business grade UPS have many self checks to detect failing internals, which are all checked as part of the build and test process for a refurbishing company. Long story short - get a good warranty, make sure it comes with the latest firmware, but don't worry about buying refurbished.

I'm on the opposite side of this. Looking to hire a technology inside sales rep, high commission, no base compensation. Perfect for moonlighting. Seems like traditional sales reps want base pay, but if someone already has a 9-5 and just wants to leverage their IT background and hang out on linkedIn, it would be pretty easy to earn a couple thousand bucks on evenings and weekends. The only hurdle is that sales reps are presumably already employed in a sales position and so their existing book of business might not be available.

What's wrong with refurb drives? Is there a significant difference between brand new SSDs with 100% health and 0TB written, and the same model refurb SSD with 100% health and 200TB written?

Yeah and Dell allows resources like updateyodell.net to exist to update 12G and older servers that rely on the old Dell ftp site and don't support the https site. It's a nice change from some vendors who actively prevent access. An R730 is more than powerful enough for a NAS or backup with 12G SAS and some NVMe support.

for Unify, no resellers will buy them as previously mentioned, but cut your prices and they will sell pretty quick on r/homelabsales. But, expect to deal with the hassles that come with selling to hobbyist end users - they like to pay less and get more, for the most part. And you will have to pack well so they arrive in one piece.

You're absolutely right, my apologies. In the deployment guide it says that the controllers have an FT4232 chipset embedded, hence the cable can be a standard cable. I'm not sure why my cable didn't work, the cable is known working. I'm thinking there might have been a conflict with other USB to serial breakout devices on the same PC. I previously reset an ME4024 and there is a different driver for that unit. Will try again and report back

I'm thinking of this cisco-style console cable, which has an FTDI chipset and requires a driver to create a virtual COM port: https://www.infinitecables.com/products/6ft-usb-a-male-to-rj45-male-cisco-console-cable-white-ftdi-chip Normal USB cables do not have the required FTDI chipset FWIW as a last resort there actually is a full DB-9 pinout on the controller motherboard which could be soldered to directly for serial console access ... Not something I am keen to do.

No, not from my understanding. I have one such cable and it doesn't work. These units use a USB to serial cable with an FTDI chip - think of the standard Cisco USB serial cable - but rather than RJ-11 on the end, it's micro-USB. The FTDI drivers that Dell provides then splits this virtually into 4 com ports, one of which is for iDRAC and one is for SCOS and the other two are unused.

Unfortunately there is no password on the service tag I assume there are going to be different passwords for the iDRAC and unisphere as well?

In Canada we use ThomasTech or Keltech when we sell support contracts on our refurbished hardware. If you're considering moving to HPE have you taken a look at a refurbished Nimble? They are available at very steep discounts over new, and even EOL versions run the same software and very similar hardware to current models (with the exception of the all-NVMe flash models). They are also easy to service, so support costs are lower. Just food for thought.

Thank you, that helps. Is there a process to do bulk erase via LTT? Is it scriptable?

Sorry for the confusion, we are providing the COD. Overwriting a tape is an approved method of certified erasure per NIST 800-88. Shredding is not required.

Well LPE LTT has 3 erase types, one is the equivalent of a format, and the other two are full write erase cycles. So this would be a write erase by default

Well timed! Sadly degaussing and shredding are the bane of my existence - why destroy when you can reuse?

Depends. The bootable ISO update mechanism for the 12th gen has issues with following iDRAC prerequisites and can skip them during update, causing bricking. It's one of the reasons we don't use bootable ISOs to update any more, and we update a lot of servers of all generations.

That is true. Sometimes we zero drives for other reasons that do not involve secure erasure, and in those cases, we don't secure erase first. Every time we do a certified erasure on an SSD, we perform a secure erase followed by a single pass write zero.

Yes, we always perform a single pass zero after secure erase as a final burn-in, and as an internal audit control. There's no way to tell a secure erased SSD from an unerased SSD, so zeroing it allows for verification by both us and the end user that it was processed properly. It's just an added step that we perform. And I haven't been arguing, just discussing the interesting properties of modern SSDs - they have quite a lot more endurance than is generally understood. Most of the enterprise SSDs that we process, at 5 years old, have lost less than 2% of their total endurance. In their second life, which is often a less strenuous use-case, they generally last forever. Outside of firmware issues with proprietary firmware on ex-SAN drives, and the odd overused consumer SSD, we have a nil failure rate.

Yes and no. As a simple fix and barring the availability of other tools, wipe and verify will clear data. It's not to be used obviously for sensitive info or where certified erasure is required, but it does clear data in such a way that it can't be immediately recovered without specialized tools. As for depreciation of the drive, that is not true. We zero thousands of SSDs per year, often after a secure erase, because it allows for easy verification of erasure (by reading back zeros). The only metric for SSD health is write endurance, which is calculated by TB written, combined with various manufacturer specific variables such as write amplification, etc. But generally, SSDs are rated for a certain level of endurance before they start to have increased failure levels. Endurance is rated in Drive Writes Per Day (DWPD). For a laptop consumer drive that is typically 0.3 DWPD for 3 years. For an enterprise SSD that varies between 1 DWPD and 10 DWPD, every day for 5 years. For the laptop SSDs in question here, a 1-pass zero represents 3.3 days of usage (1/0.3). Over 3 years that is 0.3% write endurance burned. So a 100% health drive will drop to 99.7% health. For a WI drive rated for 10 DWPD/5Y, that health hit drops to 0.005% per write pass.

Dban won't kill an SSD, where did you get that idea? Write zeros and verify. It's a single write and read operation across the whole drive. It's perfectly effective unless those laptops have a legal requirement for secure erasing. In which case use PartedMagic Btw, dban is long since deprecated. The modern open source replacement is nwipe.

Gotcha. I'm thinking that if there is equipment with value left on it, we can pick up and shred for you, and provide the shredding with COD for free in exchange for equipment. We're not in Iowa but can send a partner - generally, we pay for equipment, or at least offset service charges with equipment value. We're different that way.

Ok. Is other equipment being recycled that could offset the cost of drive shredding?

Where are you located? Are you just shredding drives or recycling other hardware? If you are recycling other hardware, we could do the pick up and shredding for free as long as there is comparable value in the hardware being recycled. CODs provided, of course. For compliance and safety reasons this is not something you generally want to do yourself.

""What if someone does not follow the process or a drive is missed, bad inventories, shadow IT, lack of internal processes" That's an issue whether you shred or wipe. You can't conceive of an employee stealing a $1000 SSD before it goes through the shredder? That's why you engage an ITAD firm. The method of data sanitization doesn't matter, what matters is working with a firm utilizing rigorous ISO / R2 controls. Otherwise, glad we see eye to eye on the unnecessary nature of shredding useful hardware.

Maybe if the word is 'redrum' Otherwise some nation state spends $3M to deduce the word "Mike"