Encrypted Volume and File System v2.2 Administrator Guide (777846-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software

100

# vxvol -g testdg stop backupvol

# vxplex -g testdg -v backupvol dis vol05-02

# vxplex -g testdg -v vol05 att vol05-02

# vxassist -g testdg remove volume backupvol

Backups using nonmirrored volumes

This section contains procedures for performing backups without mirrored volumes.

NOTE: To create encrypted backup media to a tape or other non-EVFS device without using

mirrored volumes , you must disable access to the EVS volume. The EVS volume will be off line

and unavailable to users or applications. If you do not have mirrored volumes, you can still perform

online encrypted backups, but you must use a second EVS volume as the target device.

This section describes the following procedures:

• “Creating encrypted backup media to a non-EVFS device (nonmirrored volumes)” (page 94)

• “Creating encrypted backup media on a second EVS volume using a block device utility

(nonmirrored volumes)” (page 95)

• “Creating encrypted backup media on a second EVS volume using a file utility (nonmirrored

volumes)” (page 96)

• “Creating cleartext backup media to a non-EVFS device (nonmirrored volumes)” (page 97)

Creating encrypted backup media to a non-EVFS device (nonmirrored volumes)

Use the following procedure to create encrypted backup media to a non-EVFS device, such as a

tape drive. You must disable access to the EVS volume to complete this procedure, and you must

use a block device utility, such as dd.

To use this backup procedure, you must have the appropriate file permissions to access the EVS

volume device file and meet at least one of the following criteria:

• You are the volume owner.

• You are an authorized user for the volume.

• A stored passphrase exists for one of the volume's user key pairs, and you know the key ID

for the key pair.

1. Create a backup copy of the user key database (user key pairs and any passphrase files) if

a copy does not already exist. Determine the directories used for the key database by checking

the pkey attribute statement in the /etc/evfs/evfs.conf file, and back up the database.

By default, EVFS stores the user key database in subdirectories below the /etc/evfs/pkey/

users directory.

If you are restoring the data to another system, you must know the passphrase for the volume

owner's private key. Stored passphrase files are encrypted with system-specific information,

so a stored passphrase created on one system is unusable on any other system.

2. For data consistency, suspend or stop all applications accessing the data. You can use the

fuser -cu command to determine the processes accessing files on the source volume, and

the fuser -cku command to terminate the processes. For more information, see fuser(1M).

If the data is used by system processes, you might need to terminate the processes by changing

the system runlevel to single-user level with the shutdown utility. For more information, see

shutdown(1M).

3. If a file system exists on the volume, use the umount command to unmount the file system on

the source volume. For more information, see umount(1M).

4. Disable the EVFS backup volume. This is required to open the EVS volume for raw access. For

example:

# evfsvol disable -k my_key /dev/evfs/vg01/lvol5

94 Backing up and restoring data on EVS volumes