Encrypted Volume and File System v1.1 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software

111

112

113

114

115

116

117

118

119

120

Creating Encrypted Backup Media on a Second EVFS Volume Using a Block Device Utility (VxVM

Mirrored Volumes)

If you have VxVM mirrored volumes, use the following procedure to perform online encrypted

backups to second (target) EVFS volume using a block device backup utility, such as dd.

To use this backup procedure, you must have the appropriate file permissions to access the EVFS

volume device file and meet at least one of the following criteria:

• You are the volume owner.

• You are an authorized user for the volume.

• A stored passphrase exists for one of the volume's user key pairs, and you know the key ID

for the key pair.

CAUTION: You must enable encryption and decryption on both the source volume and

target volume. This requirement causes the backup utility to receive cleartext data from the

source EVFS volume, and causes EVFS to encrypt the data when writing it to the target EVFS

volume.

Do not back up data from a volume with EVFS encryption and decryption disabled to a volume

with EVFS encryption and decryption enabled. If you do, the data is encrypted twice.

1. Configure the mirror if you have not already done so. Create the mirror by using the

vxassist mirror command or by creating a plex and attaching it to a VxVM volume

using the vxplex att command. Configure EVFS on the VxVM volume using the evfsadm

map and evfsvol create commands. Enable the EVFS volume using the evfsvol

enable command, and migrate data to the EVFS volume if necessary.

2. Dissociate a plex from the volume using the vxplex dis command. In the following

example, the volume vol05 in disk group testdg has two plexes, vol05–01 and vol05–02,

and the administrator dissociates plex vol05–02 to use as the source for the backup:

# vxplex -g testdg -v vol05 dis vol05-02

3. Use the vxmake command to create a temporary volume for the backup, such as backupvol,

with the dissociated plex. For example:

# vxmake -g testdg -U gen vol backupvol plex=vol05-02

4. Start the backup VxVM volume using the vxvol start command. For example:

# vxvol -g testdg start backupvol

5. Map the backup VxVM volume to EVFS. For example:

# evfsvol map /dev/vx/dsk/testdg/backupvol

This creates the device files /dev/evfs/vx/dsk/testdg/backupvol and

/dev/evfs/vx/rdsk/testdg/backupvol

6. Do not create an EMD area for the EVFS volume. The backup volume inherits a copy of the

EMD from the original volume. However, because the backup volume inherits its EMD, the

dirty bit is set even though the backup volume has not been enabled. You must reset the

dirty bit in the EMD of the backup volume using the evfsvol check –r command.

The syntax is as follows:

evfsvol check -r evfs_volume_path

Where evfs_volume_path is the absolute pathname for the EVFS volume device file.

For example:

# evfsvol check -r /dev/evfs/vx/dsk/testdg/backupvol

Encrypted volume "/dev/evfs/vx/dsk/testdg/backupvol" has not been properly shut down.

Resetting dirty bit...

Encrypted volume "/dev/evfs/vx/dsk/testdg/backupvol" has been successfully recovered

Backing Up EVFS Volumes 115