Manualshelf

Encrypted Volume and File System v1.1 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software
31323334353637383940
3 Preparing EVFS for Configuration
This chapter describes how to prepare the HP-UX Encrypted Volume and File System (EVFS)
product for configuration. This chapter addresses the following topics:
“Verifying for Preconfiguration” (page 35)
“Preparation Overview” (page 36)
“Step 1: Configuring an Alternate EVFS Pseudo-User” (page 37)
“Step 2: (Optional) Configuring Alternate Key Database Directories” (page 39)
“Step 3: (Optional) Modifying EVFS Global Parameters” (page 42)
“Step 4: Starting the EVFS Subsystem” (page 43)
“Step 5: Creating User Key Pairs” (page 44)
“Examples” (page 47)
Verifying for Preconfiguration
Before configuring EVFS, verify the following items:
Verify that EVFS supports the applications that you want to use with EVFS. See “Supported
Software” (page 26) for more information.
Verify that EVFS supports the directories you want to encrypt with EVFS. See “Product
Limitations and Precautions” (page 27) for more information.
EVFS does not automatically convert existing volume data to encrypted data. To encrypt
existing volume data, use the inline encryption feature in this release of EVFS.
CAUTION: If you improperly configure EVFS on a volume that already contains data, the
existing data will be unusable.
IMPORTANT: To use inline encryption, 3 MB of spare disk space are required at the end
of the volume, and the minimum volume size must be 4 MB. If the entire volume is used,
extend the volume using lvextend for LVM, or vxassist for VXVM.
Each EVFS volume requires approximately 1 MB for the encryption metadata (EMD). Verify
that the volumes you want to encrypt have sufficient space for the EMD.
To create encrypted backup media to a tape or other non-EVFS device, you must back up
the volume as a volume device (as a single unit), not as a file system or group of files. You
can create encrypted backup media using block device utilities such as dd. Verify that the
size of the LVM, VxVM or physical volumes you are going to encrypt are appropriate for
the backup media you are using and for the time it will take to back up a whole volume.
Verifying for Preconfiguration 35