Manualshelf

Encrypted Volume and File System v2.0 Administrator Guide HP-UX 11i v3

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software
61626364656667686970
1. For data consistency, suspend or stop all applications accessing the data. You can use the
fuser -cu command to determine the processes accessing files and the fuser -cku
command to terminate the processes. See fuser(1M) for more information.
If the data is used by system processes, you might need to terminate the processes by changing
the system runlevel to single-user level with the shutdown utility. See shutdown(1M) for more
information.
2. Create a cleartext backup copy of the data, or copy the cleartext data from the EVS volume
to another disk device using a utility such as fbackup, cp or tar.
3. If you have a file system mounted on the EVS volume, use the umount command to unmount
the file system. See umount(1M) for more information.
4. Use the following command to disable encryption and decryption access to the volume:
evfsvol disable [-k keyname] evfs_volume_path
See “Disabling encryption and decryption access to EVS volumes” (page 62) for more
information.
5. Use the following evfsvol command to destroy the EMD for the volume:
evfsvol destroy [-f] evfs_volume_path
The -f option forcibly destroys the EMD, even if the EMD is corrupt. You must be the volume
owner to execute this command.
CAUTION: Destroying the EMD is irreversible. You cannot recover data from the EVS volume
after you destroy the EMD.
Example
# evfsvol destroy /dev/evfs/vg01/lvol5
Enter owner passphrase:(enter the passphrase for the owner's private key)
Are you sure you want to destroy "/dev/evfs/vg01/lvol5"? Continuing with this
operation will make your data permanently irrecoverable!
Answer [yes/no]: yes
6. Use the following evfsadm unmap command to remove the EVS volume device files and
delete the device entries in kernel registry:
evfsadm unmap evfs_volume_path
where:
evfs_volume_path Specifies the absolute pathname for the EVS volume device file,
such as /dev/evfs/vg01/lvol5,
/dev/evfs/vx/dsk/rootdg/vol05, or /dev/evfs/dsk/
c2t0d1.
7. You can now create a new file system on the underlying device (LVM, VxVM, or physical
volume device), mount the file system, and add an entry for the underlying device in /etc/
fstab. You can also restore the cleartext data stored in step 2.
Exporting and importing EVS volumes
This section describes procedures for exporting and importing EVS volumes. You can use these
procedures to remove EVFS data from a system when moving (exporting) a volume and disk in
from one system and installing (importing) the volume and disk on another system. This section
describes the following procedures:
“Exporting an EVS volume” (page 71)
“Importing an EVS volume” (page 72)
NOTE: Do not use the procedures in this section to configure EVS volumes for use in an HP
Serviceguard cluster. See “Using EVFS with HP Serviceguard” (page 164) for more information.
70 Administering EVS