We are planning to reconfigure our core Freeipa servers, basically
building a replacement infrastructure and migrating to it. What we're
planning right now is a core of three Freeipa servers each of which has
a CA, with as much distribution of replication as we can manage. I
imagine that means one of them replicates to the other two but am open
to other ideas.
For remote locations, we're planning to stand up caching-only DNS
servers, as authenticating back to the main IPA servers works extremely
well; it's just DNS that needs a little help.
Any thoughts before I start setting these servers (VMs, most likely) up?
Description: S/MIME Cryptographic Signature
Freeipa-users mailing list