HP UX Encrypted Volume and Filesystem (EVFS) manual # vxplex -g testdg -v vol05 dis vol05-02

Creating Encrypted Backup Media on a Second EVFS Volume Using a Block Device Utility (VxVM Mirrored Volumes)

If you have VxVM mirrored volumes, use the following procedure to perform online encrypted backups to second (target) EVFS volume using a block device backup utility, such as dd.

To use this backup procedure, you must have the appropriate file permissions to access the EVFS volume device file and meet at least one of the following criteria:

•You are the volume owner.

•You are an authorized user for the volume.

•A stored passphrase exists for one of the volume's user key pairs, and you know the key ID for the key pair.

CAUTION: You must enable encryption and decryption on both the source volume and target volume. This requirement causes the backup utility to receive cleartext data from the source EVFS volume, and causes EVFS to encrypt the data when writing it to the target EVFS volume.

Do not back up data from a volume with EVFS encryption and decryption disabled to a volume with EVFS encryption and decryption enabled. If you do, the data is encrypted twice.

1.Configure the mirror if you have not already done so. Create the mirror by using the vxassist mirror command or by creating a plex and attaching it to a VxVM volume

using the vxplex att command. Configure EVFS on the VxVM volume using the evfsadm map and evfsvol create commands. Enable the EVFS volume using the evfsvol enable command, and migrate data to the EVFS volume if necessary.

2.Dissociate a plex from the volume using the vxplex dis command. In the following example, the volume vol05 in disk group testdg has two plexes, vol05–01and vol05–02, and the administrator dissociates plex vol05–02to use as the source for the backup:

#vxplex -g testdg -v vol05 dis vol05-02

3.Use the vxmake command to create a temporary volume for the backup, such as backupvol, with the dissociated plex. For example:

#vxmake -g testdg -U gen vol backupvol plex=vol05-02

4.Start the backup VxVM volume using the vxvol start command. For example:

#vxvol -g testdg start backupvol

5.Map the backup VxVM volume to EVFS. For example:

#evfsvol map /dev/vx/dsk/testdg/backupvol

This creates the device files /dev/evfs/vx/dsk/testdg/backupvol and /dev/evfs/vx/rdsk/testdg/backupvol

6.Do not create an EMD area for the EVFS volume. The backup volume inherits a copy of the EMD from the original volume. However, because the backup volume inherits its EMD, the dirty bit is set even though the backup volume has not been enabled. You must reset the dirty bit in the EMD of the backup volume using the evfsvol check –rcommand.

The syntax is as follows:

evfsvol check -r evfs_volume_path

Where evfs_volume_path is the absolute pathname for the EVFS volume device file. For example:

Backing Up EVFS Volumes 115