HP UX Encrypted Volume and Filesystem (EVFS) instruction

Backups Using Nonmirrored Volumes

This section contains procedures for performing backups without mirrored volumes.

NOTE: To create encrypted backup media to a tape or other non-EVFS device without using mirrored volumes , you must disable access to the EVFS volume. The EVFS volume will be off line and unavailable to users or applications. If you do not have mirrored volumes, you can still perform online encrypted backups, but you must use a second EVFS volume as the target device.

This section describes the following procedures:

•“Creating Encrypted Backup Media to a Non-EVFS Device (Nonmirrored Volumes)” (page 121)

•“Creating Encrypted Backup Media on a Second EVFS Volume Using a Block Device Utility (Nonmirrored Volumes)” (page 123)

•“Creating Encrypted Backup Media on a Second EVFS Volume Using a File Utility (Nonmirrored Volumes)” (page 124)

•“Creating Cleartext Backup Media to a Non-EVFS Device (Nonmirrored Volumes)” (page 124)

Creating Encrypted Backup Media to a Non-EVFS Device (Nonmirrored Volumes)

Use the following procedure to create encrypted backup media to a non-EVFS device, such as a tape drive. You must disable access to the EVFS volume to complete this procedure, and you must use a block device utility, such as dd.

To use this backup procedure, you must have the appropriate file permissions to access the EVFS volume device file and meet at least one of the following criteria:

•You are the volume owner.

•You are an authorized user for the volume.

•A stored passphrase exists for one of the volume's user key pairs, and you know the key ID for the key pair.

1.Create a backup copy of the user key database (user key pairs and any passphrase files) if a copy does not already exist. Determine the directories used for the key database by checking the pkey attribute statement in the /etc/evfs/evfs.conf file, and back up the database. By default, EVFS stores the user key database in subdirectories below the /etc/evfs/pkey directory.

If you are restoring the data to another system, you must know the passphrase for the volume owner's private key. Stored passphrase files are encrypted with system-specific information, so a stored passphrase created on one system is unusable on any other system.

2.For data consistency, suspend or stop all applications accessing the data. You can use the fuser -cucommand to determine the processes accessing files on the source volume, and the fuser -ckucommand to terminate the processes. See fuser(1M) for more information.

If the data is used by system processes, you might need to terminate the processes by changing the system runlevel to single-user level with the shutdown utility. See shutdown(1M) for more information.

3.If a file system exists on the volume, use the umount command to unmount the file system on the source volume. See umount(1M) for more information.

4.Disable the EVFS backup volume. This is required to open the EVFS volume for raw access. For example:

# evfsvol disable -k my_key /dev/evfs/vg01/lvol5

The evfsvol utility prompts you for the passphrase if a stored passphrase does not exist.

HP UX Encrypted Volume and Filesystem (EVFS) manual Backups Using Nonmirrored Volumes

Models: UX Encrypted Volume and Filesystem (EVFS)

Backups Using Nonmirrored Volumes

Backing Up EVFS Volumes 121