Include decommissioning step for old servers (migration docs). Includ…

…e warning about data recovery and link to decomm docs in focal migration guide.
freedomofpress · Mar 11, 2021 · 487ba63 · 487ba63
1 parent b9367dc
commit 487ba63
Show file tree

Hide file tree

Showing 2 changed files with 43 additions and 11 deletions.
diff --git a/docs/backup_and_restore.rst b/docs/backup_and_restore.rst
@@ -281,6 +281,10 @@ Migrating Using a V2+V3 or V3-Only Backup
       cp $SD_OLD/sd.{crt,key} $SD_NEW/
       cp $SD_OLD/ca.crt $SD_NEW/
 
+#. If you are migrating to new hardware, ensure your old servers have been
+   decommissioned and/or destroyed by following the relevant sections of
+   :doc:`our decommissioning documentation <decommission>`.  
+
 #. Install Ubuntu 20.04 on the *Application* and *Monitor Servers*, following
    the :doc:`server setup instructions<servers>` to install with the correct
    settings, test connectivity, and set up SSH keys to allow for
@@ -429,6 +433,10 @@ source accounts, and journalist accounts. To do so, follow the steps below:
       cp $SD_OLD/SecureDrop.asc $SD_NEW/
       cp $SD_OLD/ossec.asc $SD_NEW/
 
+#. If you are migrating to new hardware, ensure your old servers have been
+   decommissioned and/or destroyed by following the relevant sections of
+   :doc:`our decommissioning documentation <decommission>`.  
+
 #. Install Ubuntu 20.04 on the *Application* and *Monitor Servers*, following
    the :doc:`server setup instructions<servers>` to install with the correct
    settings, test connectivity, and set up SSH keys to allow for

diff --git a/docs/upgrade/focal_migration.rst b/docs/upgrade/focal_migration.rst
@@ -212,16 +212,28 @@ you have completed the :ref:`preparatory steps <focal_prep>`.
 #. :doc:`Take a backup of the current instance <../backup_and_restore>`. Once 
    you have taken a backup of the servers, power them off.
 
-    .. warning::
+   .. warning::
 
-     The next steps will overwrite existing data on the servers.
+      The next steps will overwrite existing data on the servers.
+
+      Data from the *Monitor Server* will not be restored after the backup.
+      If you require historical data from the *Monitor Server*, archive it
+      separately before proceeding.
+
+   .. note::
+
+      If you are reusing the same hardware (servers), your old data will
+      be overwritten by the new operating system installation, but traces 
+      of this data may still be recoverable. 
+
+      In most cases, this is not a concern, since you will be restoring data 
+      from your backup file as part of the migration process. However, if this 
+      is a concern, refer to our 
+      :doc:`decommissioning documentation <../decommission>` 
+      for instructions on securely erasing and destroying server data.  
 
-     Data from the *Monitor Server* will not be restored after the backup.
-     If you require historical data from the *Monitor Server*, archive it
-     separately before proceeding.
 #. Follow the instructions on 
    :ref:`hardware migration for instances using v2+v3 or v3 onion services <migrate_v3>`. 
-
    As part of this process, you will be instructed to 
    reinstall your servers, restore your backup, and configure access
    via your *Admin Workstation*.
@@ -261,13 +273,25 @@ Ensure you have completed the :ref:`preparatory steps <focal_prep>`.
 #. :doc:`Take a backup of the current instance <../backup_and_restore>`. 
    Once you have taken a backup of the servers, power them off.
 
-    .. warning::
+   .. warning::
+
+      The next steps will overwrite existing data on the servers.
 
-     The next steps will overwrite existing data on the servers.
+      Data from the *Monitor Server* will not be restored after the backup.
+      If you require historical data from the *Monitor Server*, archive it
+      separately before proceeding. 
+
+   .. note::
 
-     Data from the *Monitor Server* will not be restored after the backup.
-     If you require historical data from the *Monitor Server*, archive it
-     separately before proceeding.
+      If you are reusing the same hardware (servers), your old data will
+      be overwritten by the new operating system installation, but traces 
+      of this data may still be recoverable. 
+
+      In most cases, this is not a concern, since you will be restoring data 
+      from your backup file as part of the migration process. However, if this 
+      is a concern, refer to our 
+      :doc:`decommissioning documentation <../decommission>` 
+      for instructions on securely erasing and destroying server data.  
 
 #. Follow our documentation on 
    :ref:`hardware migration using a v2-only backup <migrate_v2>`.