Creating Encrypted Backup Media on a Second EVFS Volume Using a Block Device Utility (Nonmirrored Volumes)

Use the following procedure to perform an offline backup and create encrypted media on a second EVFS volume. You must have the appropriate file permissions to access the EVFS volume device file.

CAUTION: EVFS must be enabled on both the source volume and target volume. The backup utility will receive cleartext data from the source EVFS volume, and EVFS will encrypt the data when writing it to the target EVFS volume.

Do not back up data from a volume with EVFS disabled to a volume with EVFS enabled. If you do, the data will be encrypted twice.

1.For data consistency, suspend or stop all applications accessing the data on both volumes. You can use the fuser -cucommand to determine the processes accessing files, and the fuser -ckucommand to terminate the processes. See fuser(1M) for more information.

If the data is used by system processes, you might need to terminate the processes by changing the system runlevel to single-user level with the shutdown utility. See shutdown(1M) for more information.

2.(Optional) If file systems are mounted on the EVFS volumes, use the umount command to unmount the file systems and prevent any new I/O requests to the volume. See umount( (1M)) for more information.

3.Do not disable encryption and decryption on the source or target volumes. Use the following evfsadm stat command to verify that EVFS is enabled on both the source and target volume:

evfsadm stat -a

4.Use a block device utility to copy data from the EVFS volume device file to the target volume. The target volume now contains the data from the source EVFS volume, but encrypted using the target volume's EVFS data key.

For example, you can use a dd command similar to the following: dd if=/dev/evfs/vg01/lvol5 of=/dev/evfs/vg01/lvol6

Example

In the following example, /dev/evfs/vg01/lvol5 is the source volume and /dev/evfs/vg01/lvol6 is the target volume. The dd command receives cleartext from the source EVFS volume, and the target EVFS volume encrypts the data.

#fuser -cku /dev/evfs/vg01/lvol5

#fuser -cku /dev/evfs/vg01/lvol6

#evfsadm stat -a(verify that EVFS is enabled on the source and target volumes)

#dd if=/dev/evfs/vg01/lvol5 of=/dev/evfs/vg01/lvol6

Backing Up EVFS Volumes 123

Page 123
Image 123
HP UX Encrypted Volume and Filesystem (EVFS) manual Evfsadm stat -a