Encrypted Volume and File System v1.1 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software

101

102

103

104

105

106

107

108

109

110

Backups Using LVM Mirrored Volumes

If you have EVFS volumes configured on LVM mirrored volumes, you can back up the EVFS

volumes on line, without disabling the EVFS volume or interrupting access to the data.

To create LVM mirrored volumes, you must have the MirrorDisk/UX product installed. If you

do not have the MirrorDisk/UX product, you can backup an EVFS volume to a spare EVFS

volume, or you can back up an EVFS volume to a tape or other non-EVFS device by disabling

the EVFS volume and performing offline backups. See “Backups Using Nonmirrored Volumes”

(page 121) for more information.

This section describes the following procedures:

• “Creating Encrypted Backup Media on a Non-EVFS Device (LVM Mirrored Volumes) ”

(page 105)

• “Creating Encrypted Backup Media on a Second EVFS Volume Using a Block Device Utility

(LVM Mirrored Volumes)” (page 107)

• “Creating Encrypted Backup Media on a Second EVFS Volume Using a File Utility (LVM

Mirrored Volumes)” (page 109)

• “Creating Cleartext Backup Media (LVM Mirrored Volumes)” (page 111)

Creating Encrypted Backup Media on a Non-EVFS Device (LVM Mirrored Volumes)

If you have LVM mirrored volumes, use the following procedure to perform online encrypted

backups to a non-EVFS target device, such as a tape drive. You must use a block device backup

utility, such as dd.

You must have the appropriate file permissions to access the EVFS volume device file to use this

procedure.

1. Configure the mirror, if you have not already done so. Create the mirror copy using the

lvcreate –m or lvextend –m command. Configure EVFS on the LVM volume using the

evfsadm map and evfsvol create commands. Enable the EVFS volume using the

evfsvol enable command and migrate data to the EVFS volume, if necessary.

2. Create a backup copy of the user key database (user key pairs and any passphrase files) if

a copy does not already exist. Determine the directories used for the key database by checking

the pkey attribute statement in the /etc/evfs/evfs.conf file and back up the database.

By default, EVFS stores the user key database in subdirectories below the /etc/evfs/pkey

directory.

If you will be restoring the data to another system, you must know and make note of the

passphrase for the volume owner's private key. Stored passphrase files are encrypted with

system-specific information, so a stored passphrase created on one system is unusable on

any other system.

3. Split the mirrored LVM volume into two logical volumes using the lvsplit command.

command. In the following example, the mirror LVM volume device file is

/dev/vg01/lvol5, and the –s backup option creates a backup mirror volume name

using the suffix backup (/dev/vg01/lvol5backup):

# lvsplit –s backup /dev/vg01/lvol5

Logical volume "/dev/vg01/lvol5backup" has been successfully created

with character device "/dev/vg01/rlvol5backup".

Logical volume "/dev/vg01/lvol5" has been successfully split.

Volume Group configuration has been saved in /etc/lvmconf/vg01.conf

4. Map the backup volume to EVFS. For example:

# evfsvol map /dev/vg01/lvol5backup

This creates the device files /dev/evfs/vg01/lvol5backup and

/dev/evfs/vg01/rlvol5backup.

Backing Up EVFS Volumes 105