On 04/28/2014 01:03 PM, Bret Wortman wrote:
> We are planning to reconfigure our core Freeipa servers, basically building a
> replacement infrastructure and migrating to it. What we're planning right now
> a core of three Freeipa servers each of which has a CA, with as much
> distribution of replication as we can manage. I imagine that means one of
> replicates to the other two but am open to other ideas.
You can configure them to replica to each other.
> For remote locations, we're planning to stand up caching-only DNS servers, as
> authenticating back to the main IPA servers works extremely well; it's just
> that needs a little help.
> Any thoughts before I start setting these servers (VMs, most likely) up?
You may want to read our upstream Deployment Recommendations article, it may
save you some bad decisions from the start:
If we see that we missed anything in this article, it would be great to enhance
Freeipa-users mailing list