Encrypted Volume and File System v1.1 Administrator's Guide
7. Enable the encryption and decryption access to the backup volume using the evfsvol
enable command. For example:
# evfsvol enable –k mykey /dev/evfs/vx/dsk/testdg/backupvol
8. Use the evfsadm stat -a or evfsvol display evfs_volume_path command to
verify that EVFS is enabled on the target volume. In this example,
/dev/evfs/vx/dsk/testdg/vol06 is a spare EVFS volume that will be used as the
backup target device:
# evfsvol display /dev/evfs/vx/dsk/testdg/vol06
9. Create encrypted backup media by using a block-device utility, such as dd, to copy the entire
volume to a second EVFS volume that is also enabled.
For example:
# dd bs=64k if=/dev/evfs/vx/dsk/testdg/backupvol of=/dev/evfs/vx/dsk/testdg/vol06
10. Begin the procedure to bring the backup volume and plex back to their original state. Disable
the EVFS backup volume. For example:
# evfsvol disable -k my_key /dev/evfs/vx/dsk/testdg/backupvol
The evfsvol utility prompts you for the passphrase if a stored passphrase does not exist.
11. Unmap the backup EVFS volume using the evfsadm unmap command. For example:
# evfsadm unmap /dev/evfs/vx/dsk/testdg/backupvol
12. Stop the backup VxVM volume using the vxvol stop command. For example:
# vxvol -g testdg stop backupvol
13. Dissociate the plex from the backup VxVM volume using the vxplex dis command. For
example:
# vxplex -g testdg -v backupvol dis vol05-02
14. Attach the plex back to the original VxVM volume using the vxplex att command. For
example:
# vxplex -g testdg -v vol05 att vol05-02
15. Remove the temporary backup volume using the vxassist remove volume command.
For example:
# vxassist -g testdg remove volume backupvol
Example
In the following example, the volume vol05 in disk group testdg has two plexes, vol05–01
and vol05–02. The administrator dissociates plex vol05–02 to use as the source for the backup,
and mounts the file system on the temporary mount point /opt/evfs/backup_source. The
target is the EVFS volume /dev/evfs/vx/dsk/testdg/vol06. The dd command receives
cleartext from the source EVFS volume, and the target EVFS volume encrypts the data.
# vxplex -g testdg dis -v vol05 vol05-02
# vxmake -g testdg -U gen vol backupvol plex=vol05-02
# vxvol -g testdg start backupvol
# evfsvol map /dev/vx/dsk/testdg/backupvol
# evfsvol check -r /dev/evfs/vx/dsk/testdg/backupvol
# evfsvol enable -k mykey /dev/evfs/vx/dsk/testdg/backupvol
# evfsvol display /dev/evfs/vx/dsk/testdg/vol06 (the target volume must be enabled)
# dd bs=64k if=/dev/evfs/vx/dsk/testdg/backupvol of=/dev/evfs/vx/dsk/testdg/vol06
# evfsvol disable -k mykey /dev/evfs/vx/dsk/testdg/backupvol
# evfsadm unmap /dev/evfs/vx/dsk/testdg/backupvol
# vxvol -g testdg stop backupvol
# vxplex -g testdg -v backupvol dis vol05-02
# vxplex -g testdg -v vol05 att vol05-02
# vxassist -g testdg remove volume backupvol
116 Backing Up and Restoring Data on EVFS Volumes