I started to consider HA deployments but stopped to make this post; this is a high-effort feature that needs to be well integrated and tested.
Once I can sync two appliances on one site (for rapid failover) the inter-continental syncing should be easy.
Backups are straightforward. A cron job runs a script that dumps all data and builds a debian package with some control files that perform the restoration. The goal was to be able to deploy a new controller with terraform and restore it to a known state. I'm not sure if this is a great production strategy for other companies (do they already have a secure way to sign/encrypt/distribute packages of their clear text configuration data?), it just made my own ops very easy.
Also, for porting out of the product, a seasoned windows admin could probably transfer the LDAP data into Active Directory in an afternoon -- faster, if I took time to document/test the process.
Once I can sync two appliances on one site (for rapid failover) the inter-continental syncing should be easy.
Backups are straightforward. A cron job runs a script that dumps all data and builds a debian package with some control files that perform the restoration. The goal was to be able to deploy a new controller with terraform and restore it to a known state. I'm not sure if this is a great production strategy for other companies (do they already have a secure way to sign/encrypt/distribute packages of their clear text configuration data?), it just made my own ops very easy.
Also, for porting out of the product, a seasoned windows admin could probably transfer the LDAP data into Active Directory in an afternoon -- faster, if I took time to document/test the process.