[Freeipa-users] freeIPA and AD in multi-homed environment

Dmitri Pal dpal at redhat.com
Tue Apr 28 13:46:31 UTC 2015 

On 04/28/2015 07:35 AM, Alexander Frolushkin wrote:
>
> Hello. We were also planned relatively large deployment (8 sites, 19 
> IPA servers), and for now our experience told us that Red Hat official 
> support is a must-have option for IPA in mission-critical environment.
>
> IPA is still a very fresh solution and it have some issues you may face.
>
I would say that it is not that fresh, however, it is being constantly 
enhanced and actively developed. That definitely has some impact so 
having a supported version in production is strongly recommended.

> WBR,
>
> Alexander Frolushkin
>
> *From:*freeipa-users-bounces at redhat.com 
> [mailto:freeipa-users-bounces at redhat.com] *On Behalf Of *???????????????
> *Sent:* Tuesday, April 28, 2015 5:05 PM
> *To:* Alexander Bokovoy
> *Cc:* freeipa-users at redhat.com
> *Subject:* Re: [Freeipa-users] freeIPA and AD in multi-homed environment
>
> Thank you for quick response. So, did I got it right, that this 
> limitation is affecting only RedHat support agreement, and not the 
> technical side of configuration? We're considering the CentOS 7 
> deployment, and we don't have Red Hat support agreement.
>
> Maybe it's a stupid question, but since we don't have support 
> agreement, can I still ask questions in RedHat mailing list? (I 
> haven't found any forums/KBs/mailing lists dedicated solely to freeIPA 
> and CentOS).
>
> 2015-04-28 13:26 GMT+03:00 Alexander Bokovoy <abokovoy at redhat.com 
> <mailto:abokovoy at redhat.com>>:
>
> On Tue, 28 Apr 2015, ??????? ???????? wrote:
>
>   - Hi all.
>   I've got a rather big domain environment with 10 distributed locations,
>   and I'm considering using FreeIPA as an id manager for linux users and
>   servers, alongside with existing AD, using trusts. In every 
> location, there
>   are 2 DCs for windows environment, and I'm thinking about deployment 
> of 2
>   freeIPA servers for each location, with replicas. This document 
> states that
>   I can't use more than 20 servers per IPA domain:
> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/Setting_up_IPA_Replicas.html#replica-topologies
>
>   - "No more than 20 servers and replicas should be involved in a single
>   Identity Management domain."
>   - How strict is this restriction? Is there any way I can deploy freeIPA
>   in this situation, assuming that number of locations would increace over
>   time? Is there any other limitations to integrate freeIPA in AD?
>
> The limitations described above are for supported configurations
> deployed on Red Hat Enterprise Linux. If you want a larger configuration
> to be supported, you need to contact your Red Hat representatives and
> work out with them exact support statement.
>
>
> -- 
> / Alexander Bokovoy
>
>
> ------------------------------------------------------------------------
>
> ?????????? ? ???? ????????? ????????????? ????????????? ??? ?????????? 
> ???, ??????? ??? ??????????. ? ????????? ????? ??????????? 
> ???????????????? ??????????, ??????? ?? ????? ???? ???????? ??? 
> ???????????? ???-????, ????? ?????????. ???? ?? ?? ??????? ????? 
> ?????????, ?? ?????????????, ?????????????, ??????????? ??? 
> ??????????????? ?????????? ????????? ??? ??? ????? ????????? ? 
> ?????????. ???? ?? ???????? ??? ????????? ????????, ??????????, 
> ??????????????? ???????? ??????????? ?? ???? ? ??????? ?? ???? 
> ?????????? ???? ????????? ? ????? ????????? ??? ????? ? ??????????.
>
> The information contained in this communication is intended solely for 
> the use of the individual or entity to whom it is addressed and others 
> authorized to receive it. It may contain confidential or legally 
> privileged information. The contents may not be disclosed or used by 
> anyone other than the addressee. If you are not the intended 
> recipient(s), any use, disclosure, copying, distribution or any action 
> taken or omitted to be taken in reliance on it is prohibited and may 
> be unlawful. If you have received this communication in error please 
> notify us immediately by responding to this email and then delete the 
> e-mail and all attachments and any copies thereof.
>
> (c)20mf50
>
>


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150428/6a8ac7ba/attachment.htm>

More information about the Freeipa-users mailing list