[Freeipa-users] Best practices for core servers
Martin Kosek
mkosek at redhat.com
Wed Apr 30 07:15:52 UTC 2014
On 04/28/2014 01:03 PM, Bret Wortman wrote:
> We are planning to reconfigure our core Freeipa servers, basically building a
> replacement infrastructure and migrating to it. What we're planning right now is
> a core of three Freeipa servers each of which has a CA, with as much
> distribution of replication as we can manage. I imagine that means one of them
> replicates to the other two but am open to other ideas.
You can configure them to replica to each other.
> For remote locations, we're planning to stand up caching-only DNS servers, as
> authenticating back to the main IPA servers works extremely well; it's just DNS
> that needs a little help.
>
> Any thoughts before I start setting these servers (VMs, most likely) up?
You may want to read our upstream Deployment Recommendations article, it may
save you some bad decisions from the start:
http://www.freeipa.org/page/Deployment_Recommendations
If we see that we missed anything in this article, it would be great to enhance it.
Martin
More information about the Freeipa-users
mailing list