Hi.
I have a scenario where we're looking to deploy a standalone root CA with Enterprise Sub CA. We will also be using cross forest certification. However, we're looking at deploying a second Sub CA at the DR site. My question is how do we provide a single consistent database across the two sites? As I understand it, each CA will have its own database so if we did failover, the DR CA will not have any information about certs that have been processed by the primary site CA. It will also then start issuing certs during the site failure period. Once the primary site is back online and services restored, any cert info from the DR CA will not be available to the Primary Site CA. I can't seem to find any information that covers the implications of split-brain database scenario. Also, what would be the recommended approach for site failure scenario. We have a virtual infrastructure (VMware) but no replication at present.
Thanks for any help on this.