Encrypted Volume and File System v2.0 Administrator Guide HP-UX 11i v3
1. For data consistency, suspend or stop all applications accessing the data on both volumes.
You can use the fuser -cu command to determine the processes accessing files, and the
fuser -cku command to terminate the processes. See fuser(1M) for more information.
If the data is used by system processes, you might need to terminate the processes by changing
the system runlevel to single-user level with the shutdown utility. See shutdown(1M) for more
information.
2. (Optional) If file systems are mounted on the EVS volumes, use the umount command to
unmount the file systems and prevent any new I/O requests to the volume. See umount( (1M))
for more information.
3. Do not disable encryption and decryption on the source or target volumes. Use the following
evfsadm stat command to verify that EVFS is enabled on both the source and target volume:
evfsadm stat -a
4. Use a block device utility to copy data from the EVS volume device file to the target volume.
The target volume now contains the data from the source EVS volume, but encrypted using
the target volume's EVFS data key.
For example, you can use a dd command similar to the following:
dd if=/dev/evfs/vg01/lvol5 of=/dev/evfs/vg01/lvol6
Example
In the following example, /dev/evfs/vg01/lvol5 is the source volume and /dev/evfs/
vg01/lvol6 is the target volume. The dd command receives cleartext from the source EVS volume,
and the target EVS volume encrypts the data.
# fuser -cku /dev/evfs/vg01/lvol5
# fuser -cku /dev/evfs/vg01/lvol6
# evfsadm stat -a (verify that EVFS is enabled on the source and target volumes)
# dd if=/dev/evfs/vg01/lvol5 of=/dev/evfs/vg01/lvol6
Creating encrypted backup media on a second EVS volume using a file utility (nonmirrored volumes)
Use the following procedure to perform an offline backup and create encrypted media on a second
EVS volume.
CAUTION: EVFS must be enabled on both the source volume and target volume. The backup
utility will receive cleartext data from the source EVS volume, and EVFS will encrypt the data when
writing it to the target EVS volume.
Do not back up data from a volume with EVFS disabled to a volume with EVFS enabled. If you
do, the data will be encrypted twice.
1. For data consistency, suspend or stop all applications accessing the data on both volumes.
You can use the fuser -cu command to determine the processes accessing files, and the
fuser -cku command to terminate the processes. See fuser(1M) for more information.
If the data is used by system processes, you might need to terminate the processes by changing
the system runlevel to single-user level with the shutdown utility. See shutdown(1M) for more
information.
2. Do not disable encryption and decryption on the source or target volumes. Use the following
evfsadm stat command to verify that EVFS is enabled on both the source and target volume:
evfsadm stat -a
Backing up EVS volumes 93