Encrypted Volume and File System v2.2 Administrator Guide (777846-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software

Backups using VxVM mirrored volumes

If you have VxVM mirrored volumes, you can back up the EVS volumes on line, without disabling

the EVS volume or interrupting access to the data.

This section describes the following procedures:

• “Creating encrypted backup media on a non-EVFS device (VxVM mirrored volumes)” (page 87)

• “Creating encrypted backup media on a second EVS volume using a block device utility (VxVM

mirrored volumes)” (page 89)

• “Creating encrypted backup media on a second EVS volume using a file utility (VxVM mirrored

volumes)” (page 91)

• “Creating cleartext backup media (VxVM mirrored volumes)” (page 93)

Creating encrypted backup media on a non-EVFS device (VxVM mirrored volumes)

If you have VxVM mirrored volumes, use the following procedure to perform online encrypted

backups to a non-EVFS target device, such as a tape drive. You must use a block device backup

utility, such as dd.

You must have the appropriate file permissions to access the EVS volume device file to use this

procedure.

1. Configure the mirror, if you have not already done so. Create the mirror by using the

vxassist mirror command or by creating a plex and attaching it to a VxVM volume using

the vxplex att command. Configure EVFS on the VxVM volume using the evfsadm map

and evfsvol create commands. Enable the EVS volume using the evfsvol enable

command, and migrate data to the EVS volume if necessary.

2. Create a backup copy of the user key database (user key pairs and any passphrase files) if

a copy does not already exist. Determine the directories used for the key database by checking

the pkey attribute statement in the /etc/evfs/evfs.conf file, and back up the database.

By default, EVFS stores the user key database in subdirectories below the /etc/evfs/pkey/

users directory.

If you are restoring the data to another system, you must know the passphrase for the volume

owner's private key. Stored passphrase files are encrypted with system-specific information,

so a stored passphrase created on one system is unusable on any other system.

3. Dissociate a plex from the volume using the vxplex dis command. In the following example,

the vol05 volume in the testdg disk group has two plexes, vol05–01 and vol05–02,

and the administrator dissociates the vol05–02 plex to use as the source for the backup:

# vxplex -g testdg dis -v vol05 vol05-02

4. Use the vxmake command to create a temporary volume for the backup, such as backupvol,

with the dissociated plex. For example:

# vxmake -g testdg -U gen vol backupvol plex=vol05-02

5. Start the backup VxVM volume using the vxvol start command. For example:

# vxvol -g testdg start backupvol

6. Map the backup VxVM volume to EVFS. For example:

# evfsvol map /dev/vx/dsk/testdg/backupvol

This creates the device files /dev/evfs/vx/dsk/testdg/backupvol and /dev/evfs/

vx/rdsk/testdg/backupvol.

7. Do not create an EMD area for the EVS volume. The backup volume inherits a copy of the

EMD from the original volume. However, because the backup volume inherits its EMD, the

dirty bit is set even though the backup volume has not been enabled. You must reset the dirty

bit in the EMD of the backup volume using the evfsvol check –r command.

The syntax is as follows:

Backing up EVS volumes 87