I'm also interested in how people are handling this - especially when using AD 
Trusts.

When using a trust, the IPA host not only has to communicate with IPA servers, 
but with potentially every AD domain controller in your HUB site.  For us, this 
is a large number of domain controllers which means we would need a large 
number of ACL's on our firewalls to permit the IPA DMZ client access to the AD 
domain controllers.

Any suggestions?

Thanks,

Josh

From: freeipa-users-boun...@redhat.com 
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Aly Khimji
Sent: Wednesday, October 07, 2015 1:12 PM
To: freeipa-users@redhat.com
Subject: [Freeipa-users] FreeIPA DMZ topology

Hey guys,

Question for you, would having a replica be the ideal solution for authorizing 
hosts in a DMZ?

Do you have any use cases for DMZ access/authorization or topologies you can 
share for DMZ zones where FreeIPA is used?

Aly


-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to