Hmc Ntp Broadband Authentication Support - IBM z13s Technical Manual

NTP symmetric key and autokey authentication
With symmetric key and autokey authentication, the highest level of NTP security is available.
HMC Level 2.12.0 and later provide windows that accept and generate key information to be
configured into the HMC NTP configuration. They can also issue NTP commands, as shown
in Figure 11-28.
Figure 11-28 HMC NTP broadband authentication support
The HMC offers symmetric key and autokey authentication and NTP commands:
Symmetric key (NTP V3-V4) authentication
Symmetric key authentication is described in RFC 1305, which was made available in
NTP Version 3. Symmetric key encryption uses the same key for both encryption and
decryption. Users who are exchanging data keep this key secret. Messages encrypted
with a secret key can be decrypted only with the same secret key. Symmetric key
authentication supports network address translation (NAT).
Symmetric key autokey (NTP V4) authentication
This autokey uses public key cryptography, as described in RFC 5906, which was made
available in NTP Version 4. You can generate keys for the HMC NTP by clicking Generate
Local Host Key in the Autokey Configuration window. This option issues the ntp-keygen
command to generate the specific key and certificate for this system. Autokey
authentication is not available with the NAT firewall.
Issue NTP commands
NTP command support is added to display the status of remote NTP servers and the
current NTP server (HMC).
For more information about planning and setup for STP and NTP, see the following
publications:
Server Time Protocol Planning Guide, SG24-7280
Server Time Protocol Implementation Guide, SG24-7281
Server Time Protocol Recovery Guide, SG24-7380
Chapter 11. Hardware Management Console and Support Elements
421