[Freeipa-users] freeIPA and AD in multi-homed environment
Dmitri Pal
dpal at redhat.com
Tue Apr 28 13:46:31 UTC 2015
On 04/28/2015 07:35 AM, Alexander Frolushkin wrote:
>
> Hello. We were also planned relatively large deployment (8 sites, 19
> IPA servers), and for now our experience told us that Red Hat official
> support is a must-have option for IPA in mission-critical environment.
>
> IPA is still a very fresh solution and it have some issues you may face.
>
I would say that it is not that fresh, however, it is being constantly
enhanced and actively developed. That definitely has some impact so
having a supported version in production is strongly recommended.
> WBR,
>
> Alexander Frolushkin
>
> *From:*freeipa-users-bounces at redhat.com
> [mailto:freeipa-users-bounces at redhat.com] *On Behalf Of *???????????????
> *Sent:* Tuesday, April 28, 2015 5:05 PM
> *To:* Alexander Bokovoy
> *Cc:* freeipa-users at redhat.com
> *Subject:* Re: [Freeipa-users] freeIPA and AD in multi-homed environment
>
> Thank you for quick response. So, did I got it right, that this
> limitation is affecting only RedHat support agreement, and not the
> technical side of configuration? We're considering the CentOS 7
> deployment, and we don't have Red Hat support agreement.
>
> Maybe it's a stupid question, but since we don't have support
> agreement, can I still ask questions in RedHat mailing list? (I
> haven't found any forums/KBs/mailing lists dedicated solely to freeIPA
> and CentOS).
>
> 2015-04-28 13:26 GMT+03:00 Alexander Bokovoy <abokovoy at redhat.com
> <mailto:abokovoy at redhat.com>>:
>
> On Tue, 28 Apr 2015, ??????? ???????? wrote:
>
> - Hi all.
> I've got a rather big domain environment with 10 distributed locations,
> and I'm considering using FreeIPA as an id manager for linux users and
> servers, alongside with existing AD, using trusts. In every
> location, there
> are 2 DCs for windows environment, and I'm thinking about deployment
> of 2
> freeIPA servers for each location, with replicas. This document
> states that
> I can't use more than 20 servers per IPA domain:
> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/Setting_up_IPA_Replicas.html#replica-topologies
>
> - "No more than 20 servers and replicas should be involved in a single
> Identity Management domain."
> - How strict is this restriction? Is there any way I can deploy freeIPA
> in this situation, assuming that number of locations would increace over
> time? Is there any other limitations to integrate freeIPA in AD?
>
> The limitations described above are for supported configurations
> deployed on Red Hat Enterprise Linux. If you want a larger configuration
> to be supported, you need to contact your Red Hat representatives and
> work out with them exact support statement.
>
>
> --
> / Alexander Bokovoy
>
>
> ------------------------------------------------------------------------
>
> ?????????? ? ???? ????????? ????????????? ????????????? ??? ??????????
> ???, ??????? ??? ??????????. ? ????????? ????? ???????????
> ???????????????? ??????????, ??????? ?? ????? ???? ???????? ???
> ???????????? ???-????, ????? ?????????. ???? ?? ?? ??????? ?????
> ?????????, ?? ?????????????, ?????????????, ??????????? ???
> ??????????????? ?????????? ????????? ??? ??? ????? ????????? ?
> ?????????. ???? ?? ???????? ??? ????????? ????????, ??????????,
> ??????????????? ???????? ??????????? ?? ???? ? ??????? ?? ????
> ?????????? ???? ????????? ? ????? ????????? ??? ????? ? ??????????.
>
> The information contained in this communication is intended solely for
> the use of the individual or entity to whom it is addressed and others
> authorized to receive it. It may contain confidential or legally
> privileged information. The contents may not be disclosed or used by
> anyone other than the addressee. If you are not the intended
> recipient(s), any use, disclosure, copying, distribution or any action
> taken or omitted to be taken in reliance on it is prohibited and may
> be unlawful. If you have received this communication in error please
> notify us immediately by responding to this email and then delete the
> e-mail and all attachments and any copies thereof.
>
> (c)20mf50
>
>
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150428/6a8ac7ba/attachment.htm>
More information about the Freeipa-users
mailing list