Hi there. I'd like to integrate FreeIPA in a multi-location production environment. We got servers in US/Europe/South America/Pacific Ocean with some high latency links. The parc I manage is a mixed linux environment with less than 1000 servers. I also plan to use FreeIPA as backend for Radius authentication on various network equipments.
I plan to deploy a replica architecture similar to the recommandation article in official Documentation: http://www.freeipa.org/page/Deployment_Recommendations with two replicas per region and at least one replica per DC. FreeIPA will become my DNS for internal resolution. FreeIPA servers will run on latest CentOS. I've got two questions: 1) Version: Should I wait for IPA 4.2 or is IPA 4.1.4 a good / stable / trust-full solution for authentication, upgrade, maintainability, resilience ? Will 4.2.X be too young and unstable for a massive implementation ? I'm quite interested about 4.2 but don't want to wait too long for a release on Centos. How easy would be an upgrade of all replicas from 4.1.4 to 4.2 in an IPA replication topology? 2) Resiliency: How to make FreeIPA service resilient? Is there an official / easy and secure way to converge to an other IPA server (with DNS?) when a replica is down? I've got the chance to work on an MPLS network with the Anycast possibility. Is it something workable with FreeIPA/Kerberos ? Thanks by advance for your suggestions -- Youenn Piolet [email protected]
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
