Hello
Best practises say to deploy 2 - 3 IPA server per site (Deployment Recommendations)
however I've never really understood why. We run 2 IPA servers in each of our primary
DCs and then connect our smaller remote sites to those IPA servers over IPSEC VPNs. For
example, IPA clients in a small site in Italy connect to an IPA server in London and an
IPA server in Paris (I haven't yet looked at service discovery.)
Regards
Angus
> On 22 May 2019 at 22:46 Alex Corcoles via FreeIPA-users
<freeipa-users(a)lists.fedorahosted.org> wrote:
>
>
> Well, in that scenario site-to-site VPNs should not be too terrible (AWS
> provides one, for instance).
>
> I think that certainly having a default install which is "safe" to
> expose to the Internet would be a very nice feature. However, I realize
> that has its cost and maybe its drawbacks, so of course I'm not sure if
> it's the best use of development time for the project.
>
> I can say that it would be one of the top items in my features wishlist
> for FreeIPA*, but then again I'm neither a typical, nor paying, nor
> particularly smart customer, so I'm just talking here and I don't think
> I should be listened much. I think VPNs also have a cost, so not having
> to setup them up and maintain them is a huge plus in my book.
>
> Cheers,
>
> Álex
>
> * the other two would be very low effort monitoring (e.g. a built-in
> health check URL or command line tool included in the default install)
> and low effort full backup/restore + recovery.
>
> On 5/22/19 6:42 PM, Stepan Vardanyan via FreeIPA-users wrote:
> > See this image to have basic understanding of our infrastructure -
> >
https://imgur.com/a/R5c8BWW
> > _______________________________________________
> > FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
> > To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
> > Fedora Code of Conduct:
https://getfedora.org/code-of-conduct.html
> > List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> > List Archives:
> >
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
> Fedora Code of Conduct:
https://getfedora.org/code-of-conduct.html
> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...