Table of Contents
Advertisement
It is not normally recommended to select more than one NTP Server in the NTP Servers table as
being
only be selected if the box
The maximum number of NTP Peers (or NTP Servers) that can be configured as time references is
twelve (12). For best results, more than four NTP time servers are recommended. As few as one
NTP time server may be used, however, depending on your needs and network timing archi-
tecture. A specific NTP server is recommended to be configured as the preferred time reference by
selecting the preferred checkbox.
For both NTP Peers and NTP Servers the Minimum and Maximum Poll rate for NTP packets can
be configured. Both NTP Peers and NTP Servers support either manually configured Symmetric
Key-ID/Key string pairs or the use of Auto-Key. However, these choices are mutually exclusive
and must be identically configured on both the SecureSync and the NTP Peer or NTP Server. If the
Symmetric Key-ID/Key string pair method is selected the Key-ID must be first defined on the Sym-
metric Key page.
The entry for NTP Peer or NTP Server can be deleted by selecting the Clear checkbox and press-
ing Submit.
The grids on the NTP Peers and Servers tabs allow the user to define, by IP address or hostname,
the locations of other NTP servers to use as time references (instead of, or in addition to, the con-
figured SecureSync's primary reference) and the locations of other NTP servers to use as peers.
The maximum number of Peers allowed is twelve (12).
3.4.5
NTP Keys
3.4.5.1 NTP Autokey
The NTP version installed on SecureSync supports the Autokey Protocol. The Autokey Protocol
uses the OpenSSL library which provides security capabilities including message digests, digital
signatures and encryption schemes. The Autokey Protocol provides a means for NTP to authen-
ticate and establish a chain of trusted NTP servers.
NTP Autokey—Support & Limitations
Currently, SecureSync supports only the IFF (Identify Friend or Foe) Autokey Identity Scheme.
The SecureSync product web interface automates the configuration of the IFF using the MD5
digests and RSA keys and certificates. At this time the configuration of other key types or other
digests is not supported.
NTP Autokey—IFF Autokey Support
The IFF Autokey Support is demonstrated in the figure below. The IFF identity scheme is used
with Multiple Stratum NTP Time Servers. The example below shows 3 Stratum layers. Stratum 1
CHAPTER
•
3
SecureSync User Reference Guide Rev. 18
Prefer
. Typically, only one NTP server in the table should be selected as
Prefer Timing System Reference:
NOTE –
When you configure NTP Autokey, you must disable the NTP service first,
and then re-enable it after Autokey configuration is completed.
3.4 Network Time Protocol (NTP)
Prefer
(and should
is not checked).
103
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
Need help?
Do you have a question about the SecureSync and is the answer not in the manual?
Questions and answers