Manualshelf

Encrypted Volume and File System v1.1 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software
71727374757677787980
Examples
This section contains configuration examples for “Option 1” (page 75) and “Option 2” (page 76).
Option 1
Step 1a: Create an EVFS volume. If you are using LVM or VxVM, create a new LVM or VxVM
volume to use as the underlying volume. If you reuse an existing LVM or VxVM volume as the
underlying volume, you will lose all existing data. You can skip this step if you are using whole
disk access.
# lvcreate -L 64 -n lvol5 /dev/vg01
Step 1b: Map the new LVM or VxVM volume or physical volume to an EVFS volume.
# evfsadm map /dev/vg01/lvol5
Step 1c: Create the EMD on the new EVFS volume. The root user (the owner of the key named
rootkey1) will be the volume owner. evfsvol prompts for the passphrase to the owner's
private key.
# evfsvol create -k rootkey1 /dev/evfs/vg01/lvol5
Step 1d: Optional Add a recovery user key. evfsvol prompts for the passphrase to the owner's
private key.
# evfsvol add -r /dev/evfs/vg01/lvol5
Step 1e: Enable the EVFS volume. evfsvol prompts for the passphrase for your key named
rootkey1.
# evfsvol enable -k rootkey1 /dev/evfs/vg01/lvol5
Step 2a: Create a new file system on the character/raw EVFS volume.
# newfs -F vxfs /dev/evfs/vg01/rlvol5
Step 2b: Verify the file system.
# fsck /dev/evfs/vg01/rlvol5
Step 2c: Create the directory for the new mount point.
# mkdir /opt/my_secure_dir
Step 2d: Mount the new file system.
# mount -F vxfs /dev/evfs/vg01/lvol5 /opt/my_secure_dir
Step 2e: Optional—Add an entry to /etc/fstab. In this example, the administrator used the
echo command, but you can also use an editor to do this
# echo "/dev/evfs/vg01/lvol5 /opt/my_secure_dir vxfs defaults 0 2" >>
/etc/fstab
Step 3: Verify the EVFS configuration.
# evfsadm stat a
# evfsvol display /dev/evfs/vg01/lvol5
Step 4: Migrate any existing data.
To migrate an existing directory of data to the new EVFS volume, follow these steps:
Step 4b: Stop all applications accessing the existing data.
# fuser cu /opt/my_data
# fuser cku /opt/my_data
Step 4d: Copy the existing data to the new EVFS directory.
# cp R /opt/my_data /opt/my_secure_dir
Clean up the old data and create a symbolic link to the EVFS data.
Examples 75