HP UX Encrypted Volume and Filesystem (EVFS) guide

Creating Encrypted Backup Media on a Second EVFS Volume Using a File Utility (Nonmirrored Volumes)

Use the following procedure to perform an offline backup and create encrypted media on a second EVFS volume.

CAUTION: EVFS must be enabled on both the source volume and target volume. The backup utility will receive cleartext data from the source EVFS volume, and EVFS will encrypt the data when writing it to the target EVFS volume.

Do not back up data from a volume with EVFS disabled to a volume with EVFS enabled. If you do, the data will be encrypted twice.

1.For data consistency, suspend or stop all applications accessing the data on both volumes. You can use the fuser -cucommand to determine the processes accessing files, and the fuser -ckucommand to terminate the processes. See fuser(1M) for more information.

If the data is used by system processes, you might need to terminate the processes by changing the system runlevel to single-user level with the shutdown utility. See shutdown(1M) for more information.

2.Do not disable encryption and decryption on the source or target volumes. Use the following evfsadm stat command to verify that EVFS is enabled on both the source and target volume:

evfsadm stat -a

3.Use a file-based utility, such as cp, to copy data from the EVFS volume device file to the target volume. The target volume now contains the data from the source EVFS volume, encrypted using the target volume's EVFS data key.

In the following example, /opt/encrypted_data is mounted on the source EVFS volume, and /opt/evfs_backup is mounted on the EVFS volume. Both EVFS volumes are enabled:

cp -r /opt/encrypted_data /opt/evfs_backup

Example

In the following example, /dev/evfs/vg01/lvol5 is the source volume, with /opt/encrypted_data mounted on it, and /dev/evfs/vg01/lvol6 is the target volume, with /opt/evfs_backup mounted on it. The cp command receives cleartext from the source EVFS volume, and the target EVFS volume encrypts the data.

#fuser -cku /dev/evfs/vg01/lvol5

#fuser -cku /dev/evfs/vg01/lvol6

#evfsadm stat -a(verify that EVFS is enabled on the source and target volumes)

#cp -r /opt/encrypted_data /opt/evfs_backup

Creating Cleartext Backup Media to a Non-EVFS Device (Nonmirrored Volumes)

You do not need to use a special procedure to create cleartext backup media from an EVFS volume. You can back up individual files or directories from the EVFS volume, or you can specify the EVFS volume device file as the source for the backup utility. The EVFS volume must have encryption and decryption enabled.

HP UX Encrypted Volume and Filesystem (EVFS) manual Cp -r /opt/encrypteddata /opt/evfsbackup

Models: UX Encrypted Volume and Filesystem (EVFS)

evfsadm stat -a

cp -r /opt/encrypted_data /opt/evfs_backup

124 Backing Up and Restoring Data on EVFS Volumes