On 04/28/2014 01:03 PM, Bret Wortman wrote: > We are planning to reconfigure our core Freeipa servers, basically building a > replacement infrastructure and migrating to it. What we're planning right now > is > a core of three Freeipa servers each of which has a CA, with as much > distribution of replication as we can manage. I imagine that means one of > them > replicates to the other two but am open to other ideas.
You can configure them to replica to each other. > For remote locations, we're planning to stand up caching-only DNS servers, as > authenticating back to the main IPA servers works extremely well; it's just > DNS > that needs a little help. > > Any thoughts before I start setting these servers (VMs, most likely) up? You may want to read our upstream Deployment Recommendations article, it may save you some bad decisions from the start: http://www.freeipa.org/page/Deployment_Recommendations If we see that we missed anything in this article, it would be great to enhance it. Martin _______________________________________________ Freeipa-users mailing list Freeipafirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/freeipa-users