[Freeipa-users] Best practices for core servers
Bret Wortman
bret.wortman at damascusgrp.com
Mon Apr 28 11:03:33 UTC 2014
We are planning to reconfigure our core Freeipa servers, basically
building a replacement infrastructure and migrating to it. What we're
planning right now is a core of three Freeipa servers each of which has
a CA, with as much distribution of replication as we can manage. I
imagine that means one of them replicates to the other two but am open
to other ideas.
For remote locations, we're planning to stand up caching-only DNS
servers, as authenticating back to the main IPA servers works extremely
well; it's just DNS that needs a little help.
Any thoughts before I start setting these servers (VMs, most likely) up?
--
*Bret Wortman*
http://damascusgrp.com/
http://about.me/wortmanbret
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140428/19396df6/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 51f7de33e4b08d2bdb8b4860
Type: image/png
Size: 28526 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140428/19396df6/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3766 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140428/19396df6/attachment.p7s>
More information about the Freeipa-users
mailing list