Hi there.

I'd like to integrate FreeIPA in a multi-location production environment.
We got servers in US/Europe/South America/Pacific Ocean with some high
latency links. The parc I manage is a mixed linux environment with less
than 1000 servers. I also plan to use FreeIPA as backend for Radius
authentication on various network equipments.

I plan to deploy a replica architecture similar to the recommandation
article in official Documentation:
http://www.freeipa.org/page/Deployment_Recommendations with two replicas
per region and at least one replica per DC. FreeIPA will become my DNS for
internal resolution.

FreeIPA servers will run on latest CentOS.

I've got two questions:

1) Version:
Should I wait for IPA 4.2 or is IPA 4.1.4 a good / stable / trust-full
solution for authentication, upgrade, maintainability, resilience ? Will
4.2.X be too young and unstable for a massive implementation ? I'm quite
interested about 4.2 but don't want to wait too long for a release on
Centos. How easy would be an upgrade of all replicas from 4.1.4 to 4.2 in
an IPA replication topology?

2) Resiliency:
How to make FreeIPA service resilient? Is there an official / easy and
secure way to converge to an other IPA server (with DNS?) when a replica is
down? I've got the chance to work on an MPLS network with the Anycast
possibility. Is it something workable with FreeIPA/Kerberos ?

Thanks by advance for your suggestions
Youenn Piolet
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to