Encrypted Volume and File System v2.2 Administrator Guide (777846-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software

# dd bs=64k if=/dev/evfs/vx/dsk/testdg/backupvol of=/dev/rmt/0m

# evfsvol close /dev/evfs/vx/dsk/testdg/backupvol

# evfsadm unmap /dev/evfs/vx/dsk/testdg/backupvol

# vxvol -g testdg stop backupvol

# vxplex -g testdg -v backupvol dis vol05-02

# vxplex -g testdg -v vol05 att vol05-02

# vxassist -g testdg remove volume backupvol

Creating encrypted backup media on a second EVS volume using a block device utility (VxVM

mirrored volumes)

If you have VxVM mirrored volumes, use the following procedure to perform online encrypted

backups to second (target) EVS volume using a block device backup utility, such as dd.

To use this backup procedure, you must have the appropriate file permissions to access the EVS

volume device file and meet at least one of the following criteria:

• You are the volume owner.

• You are an authorized user for the volume.

• A stored passphrase exists for one of the volume's user key pairs, and you know the key ID

for the key pair.

CAUTION: You must enable encryption and decryption on both the source volume and target

volume. This requirement causes the backup utility to receive cleartext data from the source EVS

volume, and causes EVFS to encrypt the data when writing it to the target EVS volume.

Do not back up data from a volume with EVFS encryption and decryption disabled to a volume

with EVFS encryption and decryption enabled. If you do, the data is encrypted twice.

1. Configure the mirror if you have not already done so. Create the mirror by using the vxassist

mirror command or by creating a plex and attaching it to a VxVM volume using the

vxplex att command. Configure EVFS on the VxVM volume using the evfsadm map and

evfsvol create commands. Enable the EVS volume using the evfsvol enable command,

and migrate data to the EVS volume if necessary.

2. Dissociate a plex from the volume using the vxplex dis command. In the following example,

the volume vol05 in disk group testdg has two plexes, vol05–01 and vol05–02, and

the administrator dissociates plex vol05–02 to use as the source for the backup:

# vxplex -g testdg -v vol05 dis vol05-02

3. Use the vxmake command to create a temporary volume for the backup, such as backupvol,

with the dissociated plex. For example:

# vxmake -g testdg -U gen vol backupvol plex=vol05-02

4. Start the backup VxVM volume using the vxvol start command. For example:

# vxvol -g testdg start backupvol

5. Map the backup VxVM volume to EVFS. For example:

# evfsvol map /dev/vx/dsk/testdg/backupvol

This creates the device files /dev/evfs/vx/dsk/testdg/backupvol and /dev/evfs/

vx/rdsk/testdg/backupvol

6. Do not create an EMD area for the EVS volume. The backup volume inherits a copy of the

EMD from the original volume. However, because the backup volume inherits its EMD, the

dirty bit is set even though the backup volume has not been enabled. You must reset the dirty

bit in the EMD of the backup volume using the evfsvol check –r command.

The syntax is as follows:

evfsvol check -r evfs_volume_path

Where evfs_volume_path is the absolute pathname for the EVS volume device file.

For example:

Backing up EVS volumes 89