Encrypted Volume and File System v2.0 Administrator Guide HP-UX 11i v3

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software

100

2. For data consistency, suspend or stop any applications accessing data on the target volume.

You can use the fuser -cu command to determine the processes accessing files, and the

fuser -cku command to terminate the processes.

If the data is used by system processes, you might need to terminate the processes by changing

the system runlevel to single-user level with the shutdown utility. See shutdown(1M) for more

information.

3. If a file system exists on the target volume, use the umount command to unmount the file

system on the target volume. See umount(1M) for more information.

4. Use the following command to disable encryption and decryption access to the target volume:

evfsvol disable [-k keyname] evfs_volume_path

See “Disabling encryption and decryption access to EVS volumes” (page 62) for more

information.

5. Use the following command to enable raw access to the target volume:

evfsvol raw evfs_volume_path

This enables the utility you use in the next step to write data to the EVS volume without

encrypting the data.

CAUTION: After you open the volume for raw access, any entity reading data from the EVS

volume receives encrypted data. Any entity writing data to the EVS volume writes directly to

the underlying disk; EVFS does not encrypt the text. HP recommends that you use the evfsvol

raw command only when creating encrypted backup media or restoring encrypted backup

media.

6. Use a block device utility, such as dd, to copy the encrypted data from the source device,

such as the /dev/rmt/0m tape device file, to the target EVS volume.

7. Use the evfsvol close evfs_volume_path command to close raw access to the EVS

volume.

8. Use the evfsvol enable evfs_volume_path command to re-enable encryption and

decryption on the volume.

9. If a file system exists on the volume, use the mount command to remount the file system. See

mount(1M) for more information.

Example

In the following example, the tape device /dev/rmt/0m has a tape with encrypted backup data

created from the /dev/evfs/vg01/lvol5 EVS volume.

# fuser -cku /dev/evfs/vg01/lvol5

# umount /dev/evfs/vg01/lvol5

# evfsvol disable -k my_key /dev/evfs/vg01/lvol5(evfsvol prompts for

a passphrase if there is no stored passphrase)

# evfsvol raw /dev/evfs/vg01/lvol5 (EVFS prompts if you want to continue)

# dd bs=64k if=/dev/rmt/0m of=/dev/evfs/vg01/lvol5

# evfsvol close /dev/evfs/vg01/lvol5

# evfsvol enable -k my_key /dev/evfs/vg01/lvol5

# mount -F vxfs /dev/evfs/vg01/lvol5 /opt/encrypted_data

Restoring backup data from an EVS volume to an EVS volume

Use the following procedure to restore backup data when the source volume and the target device

are both EVS volumes. You must also have the appropriate file permissions to access the EVS

volume device file.

CAUTION: EVFS must be enabled on the source and target volumes.

Restoring backup media 95