On 04/28/2014 01:03 PM, Bret Wortman wrote:
> We are planning to reconfigure our core Freeipa servers, basically building a 
> replacement infrastructure and migrating to it. What we're planning right now 
> is 
> a core of three Freeipa servers each of which has a CA, with as much 
> distribution of replication as we can manage. I imagine that means one of 
> them 
> replicates to the other two but am open to other ideas.

You can configure them to replica to each other.

> For remote locations, we're planning to stand up caching-only DNS servers, as 
> authenticating back to the main IPA servers works extremely well; it's just 
> DNS 
> that needs a little help.
> Any thoughts before I start setting these servers (VMs, most likely) up?

You may want to read our upstream Deployment Recommendations article, it may
save you some bad decisions from the start:


If we see that we missed anything in this article, it would be great to enhance 


Freeipa-users mailing list

Reply via email to