What is best practice or recommendation to set up KDC between PROD and DR clusters? We are considering two options:
1. Setup different KDC servers and realms for each cluster and enable cross realm trust between them.
2. Set up KDC with master-slave and same realm for both clusters, kdc-master will be hosted along with PROD machines and kdc-slave with DR cluster?
Any thoughts on these approaches or other options are helpful.
As long as you have KDC at each site (master and DR), both approaches will work. Setting cross realm is a little bit more time consuming than setting 2 KDCs. So, you can pick whichever you prefer.
Thanks for reply Ravi. In the second approach, will there be any performance issues with jobs in DR cluster since they need to talk to kdc-master in PROD cluster everytime for a ticket? We have .5 gb connectivity between two clusters and we will be running falcon based replication.