Encrypted Volume and File System v2.2 Administrator Guide (777846-001, April 2014)
on the EVS volume/dev/evfs/vg01/lvol6. The cp command receives cleartext from the source
EVS volume and the target EVS volume encrypts the data.
# lvsplit –s backup /dev/vg01/lvol5 (LVM creates the /dev/vg01/lvol5backup volume)
# evfsvol map /dev/vg01/lvol5backup
# evfsvol check -r /dev/evfs/vg01/lvol5backup
# evfsvol enable -k mykey /dev/evfs/vg01/lvol5backup (evfsvol prompts for
a passphrase if there is no stored passphrase.)
# fsck -F vxfs /dev/evfs/vg01/lvol5backup
# mkdir /opt/evfs/backup_source
# mount -F vxfs /dev/evfs/vg01/lvol5/backup /opt/evfs/backup_source
# evfsvol display /dev/evfs/vg01/lvol6 (Verify that the target EVFS volume is enabled.)
# cp -r /opt/evfs/backup_source /opt/evfs/backup_target (/opt/evfs/backup_target is
mounted on /dev/evfs/vg01/lvol6)
# umount /opt/evfs/backup_source
# evfsvol disable -k mykey /dev/evfs/vg01/lvol5backup (evfsvol prompts for
a passphrase if there is no stored passphrase.)
# evfsadm unmap /dev/evfs/vg01/lvol5backup
# lvmerge /dev/vg01/lvol5backup /dev/vg01/lvol5
Creating cleartext backup media (LVM mirrored volumes)
If you have mirrored LVM volumes, you can create cleartext backup media using the procedure
described in “Creating encrypted backup media on a second EVS volume using a block device
utility (LVM mirrored volumes)” (page 82) or “Creating encrypted backup media on a second EVS
volume using a file utility (LVM mirrored volumes)” (page 84). However, instead of using a second
EVS volume as the target for the backup utility, use a non-EVFS device as the target. In both cases,
the source EVS volume is enabled when you execute the backup utility, so the backup utility receives
the data in cleartext.
Example: Block device utility
In the following example, the administrator splits the /dev/vg01/lvol5 mirror volume and
creates the /dev/vg01/lvol5backupvolume. The target is the /dev/rmt/0m tape device. The
dd command receives cleartext from the source EVS volume.
# lvsplit –s backup /dev/vg01/lvol5 (LVM creates the /dev/vg01/lvol5backup volume.)
# evfsvol map /dev/vg01/lvol5backup
# evfsvol check -r /dev/evfs/vg01/lvol5backup
# evfsvol enable -k mykey /dev/evfs/vg01/lvol5backup (evfsvol prompts for
a passphrase if there is no stored passphrase.)
# dd bs=64k if=/dev/evfs/vg01/lvol5backup of=/dev/rmt/0m
# evfsvol disable -k mykey /dev/evfs/vg01/lvol5backup (evfsvol prompts for
a passphrase if there is no stored passphrase.)
# evfsadm unmap /dev/evfs/vg01/lvol5backup
# lvmerge /dev/vg01/lvol5backup /dev/vg01/lvol5
Example: File utility
In the following example, the administrator splits the /dev/vg01/lvol5 mirror volume, creates
the /dev/vg01/lvol5backup volume, and mounts the file system on /opt/evfs/
backup_source. The target is the non-encrypted directory /opt/foo/backup_target. The
cp command receives cleartext from the source EVS volume.
# lvsplit –s backup /dev/vg01/lvol5 (LVM creates the /dev/vg01/lvol5backup volume.)
# evfsvol map /dev/vg01/lvol5backup
# evfsvol check -r /dev/evfs/vg01/lvol5backup
# evfsvol enable -k mykey /dev/evfs/vg01/lvol5backup (evfsvol prompts for
a passphrase if there is no stored passphrase.)
# fsck -F vxfs /dev/evfs/vg01/lvol5backup
# mkdir /opt/evfs/backup_source
# mount -F vxfs /dev/evfs/vg01/lvol5/backup /opt/evfs/backup_source
# cp -r /opt/evfs/backup_source /opt/foo/backup_target
# umount /opt/evfs/backup_source
# evfsvol disable -k mykey /dev/evfs/vg01/lvol5backup (evfsvol prompts for
a passphrase if there is no stored passphrase.)
# evfsadm unmap /dev/evfs/vg01/lvol5backup
# lvmerge /dev/vg01/lvol5backup /dev/vg01/lvol5
86 Backing up and restoring data on EVS volumes