Archive for February, 2009

Simple Linux NTP Server Configuration

Having been designed on Linux, NTP (Network Time Protocol) is relatively simple to configure on a Linux machine. By using NTP (available free to download via NTP.org) any Linux machine can be easily set up to run as an NTP server.

Once downloaded the NTP distribution should contain the NTP daemon and also a number of utilities and configuration scripts. These aid the installation process and provide debugging facilities. The NTP daemon is configured using the file ‘ntp.conf’. A list of commands can be specified in the ‘ntp.conf’ file to indicate which servers to synchronise to and to specify various authentication and access options.

The NTP daemon synchronises to an external reference clock. The internet can be used as a time source but these can’t be authenticated and being the wrong side of the firewall could leave the system compromised. It’s much better to use an external source such as a GPS clock or radio clock that receive time from long wave transmissions (broadcast by such institutions as NIST or NPL).

Multiple external time servers can be specified in the configuration file, which allows NTP server to select the most appropriate time server and to use an average of the most reliable sources ensuing a higher level of accuracy.

The NTP daemon is controlled by a series of scripts such as ‘ntpd start’, ‘ntp stop’ or ‘ntpd restart’. Debugging and querying can be done by using the ‘ntpq’ utility. This utility provides information relating to the synchronisation status of the NTP daemon.

The NTP Server and Accurate Time

Accurate time on a network is essential for all businesses and institutions. Without an accurately synchronised system a computer network can be vulnerable to all sorts of problems, from malicious hackers and other security threats to fraud and data loss.

Network Time Protocol
is the key to keeping accurate time it is a software algorithm that has been constantly developed for over two decades. NTP takes a single time source that is received by the NTP server and distributes it across a network ensuring all machines in that network are running to exact same time.

Whilst NTP can maintain synchronisation of a network to within a few milliseconds it is only as good as the time source it receives. A dedicated NTP server will use a time signal from an external source and so keep the network secure as the firewall will not have to be disturbed.

The two preferred methods for most users of NTP servers is the GPS network (Global Positioning System) or specialist time and frequency transmissions put out be several national physics labs such as the UK’s NPL.

These time signals are UTC (Coordinated Universal Time) which is the world’s civil timescale. A NTP server receiving time source from either a frequency transmission or the GPS network can realistically provide accuracy to within a few milliseconds of UTC

The NTP Server – Selecting a Time Source Check List

In selecting a timing source to synchronise a computer network to using a NTP server (Network Time Protocol) it is important that the time source is accurate, secure and a source of UTC (Coordinated Universal Time). UTC is a global timescale used by computer networks, business and commerce across the globe.

Whilst UTC is freely available across the Internet it is neither accurate nor secure (being as it is external to your firewall).  Also Internet time sources cannot be authenticated which is NTP’s own method of ensuring a time source is what it says it is. There are two secure, accurate and reliable methods for receiving UTC via a NTP server and both come with their own advantages and drawbacks.

The first method is to use the GPS network (Global Positioning System).The main advantage of using the signals transmitted from a GPS satellite’s onboard atomic clock is that a signal is available anywhere on the planet. However it does come with a downside. As the signals are all line-of-sight it means that the GPS antenna needs to be placed on a roof to ensure connectivity with a satellite.

An alternative to the GPS signal but equally as accurate and reliable is to make use of the long wave radio transmissions broadcast by several national physics laboratories. These signals, such as the UK’s MSF, Germany’s DCF-77 and the United States’ WWVB transmissions, can often be picked up inside buildings making them ideal for a solution if a rooftop is unavailable for a GPS antenna. It must be noted that not every country broadcasts such a signal and whilst most transmissions can be picked up in neighbouring countries the signals are vulnerable to interference and local geography.