Creating Encrypted Backup Media on a Second EVFS Volume Using a Block Device Utility (LVM Mirrored Volumes)

If you have LVM mirrored volumes, use the following procedure to perform online encrypted backups to a second (target) EVFS volume using a block device backup utility, such as dd.

To use this backup procedure, you must have the appropriate file permissions to access the EVFS volume device file and meet at least one of the following criteria:

You are the volume owner.

You are an authorized user for the volume.

A stored passphrase exists for one of the volume's user key pairs, and you know the key ID for the key pair.

CAUTION: Encryption and decryption must be enabled on both the source volume and target volume. The backup utility will receive cleartext data from the source EVFS volume, and EVFS will encrypt the data when writing it to the target EVFS volume.

Do not back up data from a volume with EVFS encryption and decryption disabled to a volume with EVFS encryption and decryption enabled. If you do, the data will be encrypted twice.

1.Configure the mirror, if you have not already done so. Create the mirror copy using the lvcreate –mor lvextend –mcommand. Configure EVFS on the LVM volume using the evfsadm map and evfsvol create commands. Enable the EVFS volume using the evfsvol enable command and migrate data to the EVFS volume, if necessary.

2.Split the mirrored LVM volume into two logical volumes using the lvsplit command. In the example below, the mirror LVM volume device file is /dev/vg01/lvol5 and the –s backup option creates a backup mirror volume name using the suffix backup

(/dev/vg01/lvol5backup):

# lvsplit –s backup /dev/vg01/lvol5

Logical volume "/dev/vg01/lvol5backup" has been successfully created with character device "/dev/vg01/rlvol5backup".

Logical volume "/dev/vg01/lvol5" has been successfully split. Volume Group configuration has been saved in /etc/lvmconf/vg01.conf

3.Map the backup volume to EVFS. For example:

# evfsvol map /dev/vg01/lvol5backup

This creates the device files /dev/evfs/vg01/lvol5backup and /dev/evfs/vg01/rlvol5backup.

4.Do not create an EMD area for the EVFS volume. The backup volume inherits a copy of the EMD from the original volume. However, because the backup volume inherits its EMD, the dirty bit is set even though the backup volume has not been enabled. You must reset the dirty bit in the EMD of the backup volume using the evfsvol check –rcommand.

The syntax is as follows:

evfsvol check -r evfs_volume_path

Where evfs_volume_path is the absolute pathname for the EVFS volume device file. For example:

# evfsvol check -r /dev/evfs/vg01/lvol5backup

Encrypted volume "/dev/evfs/vg01/lvol5backup" has not been properly shut down. Resetting dirty bit...

Encrypted volume "/dev/evfs/vg01/lvol5backup" has been successfully recovered

5.Enable the EVFS backup volume using the evfsvol enable command. You must be the volume owner or authorized user for the original EVFS volume to complete this step, and EVFS prompts you for a passphrase if one is not stored. For example:

# evfsvol enable –k mykey /dev/evfs/vg01/lvol5backup

Backing Up EVFS Volumes 107

Page 106 Page 108
Page 107
Image 107
HP UX Encrypted Volume and Filesystem (EVFS) manual Dev/vg01/lvol5backup, Syntax is as follows
Page 106 Page 108
Top Page Image Contents