Encrypted Volume and File System v2.2 Administrator Guide (777846-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software

1. Configure the mirror, if you have not already done so. Create the mirror copy using the

lvcreate –m or lvextend –m command. Configure EVFS on the LVM volume using the

evfsadm map and evfsvol create commands. Enable the EVS volume using the evfsvol

enable command and migrate data to the EVS volume, if necessary.

2. Split the mirrored LVM volume into two logical volumes using the lvsplit command. In the

example below, the mirror LVM volume device file is /dev/vg01/lvol5 and the –s backup

option creates a backup mirror volume name using the suffix backup (/dev/vg01/

lvol5backup):

# lvsplit –s backup /dev/vg01/lvol5

Logical volume "/dev/vg01/lvol5backup" has been successfully created

with character device "/dev/vg01/rlvol5backup".

Logical volume "/dev/vg01/lvol5" has been successfully split.

Volume Group configuration has been saved in /etc/lvmconf/vg01.conf

3. Map the backup volume to EVFS. For example:

# evfsvol map /dev/vg01/lvol5backup

This creates the device files /dev/evfs/vg01/lvol5backup and /dev/evfs/vg01/

rlvol5backup.

4. Do not create an EMD area for the EVS volume. The backup volume inherits a copy of the

EMD from the original volume. However, because the backup volume inherits its EMD, the

dirty bit is set even though the backup volume has not been enabled. You must reset the dirty

bit in the EMD of the backup volume using the evfsvol check –r command.

The syntax is as follows:

evfsvol check -r evfs_volume_path

Where evfs_volume_path is the absolute pathname for the EVS volume device file.

For example:

# evfsvol check -r /dev/evfs/vg01/lvol5backup

Encrypted volume "/dev/evfs/vg01/lvol5backup" has not been properly shut down.

Resetting dirty bit...

Encrypted volume "/dev/evfs/vg01/lvol5backup" has been successfully recovered

5. Enable the EVFS backup volume using the evfsvol enable command. You must be the

volume owner or authorized user for the original EVS volume to complete this step, and EVFS

prompts you for a passphrase if one is not stored. For example:

# evfsvol enable –k mykey /dev/evfs/vg01/lvol5backup

6. EVFS encryption and decryption must be enabled on the target volume also. Use the evfsadm

stat -a or evfsvol display evfs_volume_path command to verify that EVFS is

enabled on the target volume. In this example, /dev/evfs/vg01/lvol6 is a spare EVS

volume that will be used as the backup target device:

# evfsvol display /dev/evfs/vg01/lvol6

7. Create encrypted backup media by using dd to copy the entire volume to a second EVS volume

that is also enabled.

For example:

# dd bs=64k if=/dev/evfs/vg01/lvol5backup of=/dev/evfs/vg01/lvol6

8. Disable the EVFS backup volume to begin the procedure to return the backup volume to its

original state. For example:

# evfsvol disable -k mykey /dev/evfs/vg01/lvol5backup

The evfsvol utility prompts you for the passphrase if a stored passphrase does not exist.

9. Unmap EVS volume using the evfsadm unmap command. For example:

# evfsadm unmap /dev/evfs/vg01/lvol5backup

Backing up EVS volumes 83