Encrypted Volume and File System v1.1 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software

121

122

123

124

125

126

127

128

129

130

Creating Encrypted Backup Media on a Second EVFS Volume Using a File Utility (Nonmirrored

Volumes)

Use the following procedure to perform an offline backup and create encrypted media on a

second EVFS volume.

CAUTION: EVFS must be enabled on both the source volume and target volume. The backup

utility will receive cleartext data from the source EVFS volume, and EVFS will encrypt the data

when writing it to the target EVFS volume.

Do not back up data from a volume with EVFS disabled to a volume with EVFS enabled. If you

do, the data will be encrypted twice.

1. For data consistency, suspend or stop all applications accessing the data on both volumes.

You can use the fuser -cu command to determine the processes accessing files, and the

fuser -cku command to terminate the processes. See fuser(1M) for more information.

If the data is used by system processes, you might need to terminate the processes by

changing the system runlevel to single-user level with the shutdown utility. See shutdown(1M)

for more information.

2. Do not disable encryption and decryption on the source or target volumes. Use the following

evfsadm stat command to verify that EVFS is enabled on both the source and target

volume:

evfsadm stat -a

3. Use a file-based utility, such as cp, to copy data from the EVFS volume device file to the

target volume. The target volume now contains the data from the source EVFS volume,

encrypted using the target volume's EVFS data key.

In the following example, /opt/encrypted_data is mounted on the source EVFS volume,

and /opt/evfs_backup is mounted on the EVFS volume. Both EVFS volumes are enabled:

cp -r /opt/encrypted_data /opt/evfs_backup

Example

In the following example, /dev/evfs/vg01/lvol5 is the source volume, with

/opt/encrypted_data mounted on it, and /dev/evfs/vg01/lvol6 is the target volume,

with /opt/evfs_backup mounted on it. The cp command receives cleartext from the source

EVFS volume, and the target EVFS volume encrypts the data.

# fuser -cku /dev/evfs/vg01/lvol5

# fuser -cku /dev/evfs/vg01/lvol6

# evfsadm stat -a (verify that EVFS is enabled on the source and target volumes)

# cp -r /opt/encrypted_data /opt/evfs_backup

Creating Cleartext Backup Media to a Non-EVFS Device (Nonmirrored Volumes)

You do not need to use a special procedure to create cleartext backup media from an EVFS

volume. You can back up individual files or directories from the EVFS volume, or you can specify

the EVFS volume device file as the source for the backup utility. The EVFS volume must have

encryption and decryption enabled.

124 Backing Up and Restoring Data on EVFS Volumes