Manualshelf

Encrypted Volume and File System v2.2 Administrator Guide (777846-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software
21222324252627282930
4 Preparing EVFS for configuration
This chapter describes how to prepare the EVFS product for configuration.
“Verifying for preconfiguration” (page 28)
“Preparation overview” (page 28)
“Step 1: Configuring an alternate EVFS pseudo-user” (page 29)
“Step 2: (Optional) Configuring alternate key database directories” (page 30)
“Step 3: (Optional) Modifying EVFS global parameters” (page 32)
“Step 4: Configuring FIPS compliant EVFS” (page 33)
“Step 5: Starting the EVFS subsystem” (page 33)
“Step 6: (Optional) Configuring the autostart feature” (page 34)
Verifying for preconfiguration
Before configuring EVFS, verify the following items:
Verify that EVFS supports the applications that you want to use with EVFS. See “Supported
software” (page 17) for more information.
Verify that EVFS supports the directories you want to encrypt with EVFS. See “Product limitations
and precautions” (page 18) for more information.
EVFS does not automatically convert existing volume data to encrypted data. To encrypt
existing volume data in EVS mode, use the inline encryption feature in this release of EVFS.
CAUTION: If you improperly configure EVFS on a volume that already contains data, the
existing data will be unusable.
IMPORTANT: To use inline encryption, 3 MB of spare disk space are required at the end of
the volume, and the minimum volume size must be 4 MB. If the entire volume is used, extend
the volume using lvextend for LVM, or vxassist for VXVM.
To create encrypted backup media to a tape or other non-EVFS device, you must back up the
EVS volume as a volume device (as a single unit), not as a file system or group of files. You
can create encrypted backup media using block device utilities such as dd. Verify that the
size of the LVM, VxVM or physical volumes you are going to encrypt are appropriate for the
backup media you are using and for the time it will take to back up a whole volume.
Preparation overview
Use the following procedure to prepare EVFS for configuration:
1. Configure an alternate EVFS pseudo-user account. You can skip this step if you can use evfs
as the user name and group name for the EVFS pseudo-user. See “Step 1: Configuring an
alternate EVFS pseudo-user” (page 29).
2. (Optional) Configure alternate directories for the key database. See “Step 2: (Optional)
Configuring alternate key database directories” (page 30).
3. (Optional) Modify EVFS global parameters. See “Step 3: (Optional) Modifying EVFS global
parameters” (page 32).
4. Configuring FIPS compliant EVFS. See “Step 4: Configuring FIPS compliant EVFS” (page 33).
5. Start the EVFS subsystem. See “Step 5: Starting the EVFS subsystem” (page 33).
28 Preparing EVFS for configuration