Manualshelf

HP-UX 11i Encrypted Volume and File System (EVFS) Best Practice (2009)

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software
6789101112131415
11
EVS mode
For auto boot, volumes in EVS mode must be assigned a level during startup boot_local,
boot_local2 or boot_remote. See the restriction for EVS volumes in /etc/fstab below.
Level Description Key Storage
boot_local Enable the EVFS volume before all the local file systems are
mounted and before NFS and other networking subsystems
are started.
If this volume is listed in /etc/fstab, it is automatically
mounted during system startup.
Located at the
root disk of the
local system.
boot_local2 Enable the EVFS volume after all the local file systems are
mounted and before NFS and other networking subsystems
are started.
Do not place this volume in the /etc/fstab since the
mount will fail during startup. This volume either has to be
mounted manually, or mounted via a start-up script after all
the local file systems are mounted.
Located at a non-
root disk of the
local system.
boot_remote Enable the EVFS volume after NFS and other networking
subsystems are started.
Do not place this volume in the /etc/fstab since the
mount will fail during startup. This volume either has to be
mounted manually, or mounted via a start-up script after all
the remote file systems are mounted.
Located on a
remote system,
such as an NFS
directory.
The boot_local level is the most commonly used level for EVS volume auto start since
administrators can simply insert the entry in the /etc/fstab configuration file.
EFS mode
Volumes in EFS mode can be placed in /etc/fstab and do not need to be assigned a level.
The evfsrun u user command can be used to start the applications in a secure session if
auto start is required. An example is if a cron job needs to access an encrypted file.
CPU usage
For a typical EVFS deployment, one extra CPU per system is recommended to handle the extra
encryption load. Administrators should monitor CPU usage and adjust EVFS threads
accordingly. On multiprocessor systems, the maximum number of threads is the number of
processors in the system. The default is the number of processors minus 1. Note that setting the
number of threads to a lower value can decrease EVFS throughput.