Page 1 Chapter 1 S100 User Guide SyncServer S100 User Guide Installation, Configuration, and Operation for the SyncServer S100 - OS Version 1.3 Part #: S100 User Guide, Rev. D, June 2005...
Page 2 S100 User Guide – Rev. D – June 2005...
Page 3: Table Of Contents
S100 and Time Distribution S100 and Client Software S100 and NTP v4’s Security Features S100 and the Global Positioning System 11 Chapter 3 Installation and Configuration Overview Getting Up and Running Unpacking Your S100 S100 User Guide – Rev. D – June 2005...
Page 4 Choose Your Time Source Configuring NTP IRIG-B (v.120,122,123) Using SymmTime™ Installing SymmTime To Synchronize SymmTime: Next: Use the Web-Based Interface Chapter 4 The Web-Based Interface Overview Interface: Screen Reference SyncServer S100 S100 User Guide – Rev. D – June 2005...
Page 5 Administration Shutdown/Reboot Admin Users Restart Web Interface Time Zone System Log Configuration SNMP Configuration SNMP Edit Alarms Configuration Wizard Logs NTP Log Boot Log System Log Config Log HTTP Log Help S100 User Guide – Rev. D – June 2005...
Page 6 How can we obtain NTP client software to use with the S100? 109 What are the main differences between SNTP and NTP clients? 109 Is there a way to get GPS time instead of UTC time from the S100? 109 What outputs are available on the S100? 109...
Page 7 How is the interface to the S100 secured? 112 What security functions are provided with the S100? 112 Does the S100 support any functions to restrict user access to NTP service? Can the S100 set up clients' IP address to be connected? 112...
Page 8 Appendix B Time Glossary Appendix D Customer Assistance US Assistance Center Customer Service Technical Support EMEA Assistance Center Customer Service Technical Support Appendix C Appendix E Antenna Replacement Index SyncServer S100 S100 User Guide – Rev. D – June 2005...
Page 9: Introduction And Overview
(GPS), NIST's Automated Computer Time Service (ACTS), or another NTP server as a time reference. This User Guide describes the installation and operation of the S100. It is written for network administrators familiar with network configuration and operations. The chapters and appendices address topics including: •...
Page 10: Conventions Used
The Courier typeface is used to designate file names, folder names, code, and URLs. The warning symbol alerts the user to information that if improperly used could be harmful to people, equipment, or data. SyncServer S100 S100 User Guide – Rev. D – June 2005...
Page 11: Product Details
GPS time, and the offset of the satellite’s clock relative to UTC, international standard time. The “S100 GPS” model uses GPS to obtain time. (The “S100 ACTS” model obtains time by dialing NIST's Automated Computer Time Service (ACTS).) S100 User Guide –...
Page 12: Stratum Levels
The S100 can be a Stratum 1 device, as well as Stratum 2 or 3. Time Synchronization and Business Reliable time synchronization is essential for doing business today.
Page 13: How The S100 Solves The Problem
How the S100 Solves the Problem The S100 provides your network with a single unbiased time reference based on one or more external time references. Should all external time references become unavailable, the S100 uses its own high-performance crystal oscillator to keep time.
Page 14: Special Safety Instructions
POWER CORD SELECTION: If your unit is not provided with a power cord-set, purchase only a Certi- fied cord-set suitable for your location (voltage source) with a minimum 6A current rating. SyncServer S100 S100 User Guide – Rev. D – June 2005...
Page 15: S100 Technology
Sources of Time The S100 obtains time from GPS, ACTS, or another S100, and delivers it to computers and other devices on a network. It acquires UTC (Universal Coordinated Time) from GPS signals, or using ACTS dial-up to the National Institute of Standards and Technology (in the U.S.). If there are several S100s on your network, only a few S100s need acquire UTC directly.
Page 16: Web-Based Access
Web-based Access The S100 management is web-based. Using a standard browser, you can set up and configure an S100 from any point on the Internet. See Chapter 3 for more about this web access.
Page 17: Time Distribution Model
The S100 acts as a Stratum 1 time server that derives its time from GPS and distributes this time over a TCP/IP network using NTP. Stratum 2 NTP clients can distribute time to Stratum 3 computers.
Page 18: S100 And Time Distribution
Once the S100 is locked with its time source, it will continuously provide time even if the timing signal is lost. If the GPS time signal is lost, the NTP message returned by the S100 will indicate—from the Reference Timestamp—when it last obtained time updates from the timing signal.
Page 19: S100 And The Global Positioning System
(X.509) to a trusted Certificate Authority (CA). The CA can be an outside trust authority, such as VeriSign, or the device can certify itself. The S100 itself is “self-signed”, or shipped to you with an authenticated certificate. The S100 CA digitally signs (authenticates) the request and sends it back, along with the certificate, to the person requesting it.
Page 20 SyncServer S100 S100 User Guide – Rev. D – June 2005...
Page 21: Installation And Configuration
Chapter 3 Installation and Configuration Overview Installation, setup, and getting started with the S100 are reviewed in this section. Symmetricom recommends you review beginning your installation so that you are already familiar with the references to the interface once you begin to use it.
Page 22 Antenna Mast - aluminium mast threaded to screw into the bottom of antenna Mounting Bracket Hardware - for attaching mast to railing 50-foot RG58 (Belden 8240 or equivalent) cable S100 User Guide – Rev. D – June 2005 SyncServer S100...
Page 23: Your Cd-Rom
CD. The CD contains: SymmTime, PuTTY, and TermPro23. PuTTY and TermPro23 are shareware. • SymmTime synchronizes a Windows-based PC’s clock with the time from an S100 unit or other NTP server. When executed, a small pop-up containing four clocks appears.
Page 24: Using The Software
SSH connection. PSCP.EXE is a command line application only. It uses the Windows MS- WARNING! Using PuTTY, PSCP, PSFTP, Plink is illegal in countries where encryption is forbidden. See http://rechten.kub.nl/koops/cryptolaw/cls- sum.htm SyncServer S100 S100 User Guide – Rev. D – June 2005...
Page 25: Psftp.exe
Pageant is holding your private keys, it's possible that decrypted private key data may be written to the system swap file, and an intruder who gained access to your hard disk might be able to recover that data. S100 User Guide – Rev. D – June 2005...
Page 26: Puttygen.exe
Note: Keep the packing materials for future use. These materials are custom designed to protect the S100 during storage and shipping. Use them if you need to return the unit to Symmetricom (for Customer Assistance see SyncServer S100 “Appendix D”...
Page 27: Installing Your S100
Rack Mounting The S100 is designed for mounting in a standard 19-inch (48.26 cm) rack. It is important to keep the fan inlet and outlet areas clear to maintain air flow. If the unit is installed in a closed or multi-unit rack assembly, the operating ambient temperature of the rack environment may become greater than that of the room.
Page 28: Making All Connections: An Overview
IP address from your IT department. The Serial cord connects the S100 to your computer. Connect the S100 to your network using the network port. Use your verified IP address in your web browser to reach the S100’s Configuration Wizard online.
Page 29: Setting Up The Hardware
On the S100 Front Panel Complete the following steps before turning on the power: Connect the 9-pin serial cable from the PC workstation to the S100 serial port. You are doing this so to configure the S100 using a PC; see on page 24 in the next section.
Page 30: On The S100 Rear Panel
If you are not using a Rubidium oscillator, connect the D-BNC Signal Breakout Cable (BC11576-1000) to the DB15 Connector shown in Figure 3-3. If you are using the S100 with an optional Rubidium oscillator, connect the external rubidium cable (furnished with the Rubidium oscillator) from the DB9 Connector to the DB15 connector (see Figure 3- Note: The D-BNC Signal Breakout Cable BC11576-1000 has five connectors on it.
Page 31: Installing The Gps Antenna
Installing the GPS Antenna If you are installing an S100 with the GPS option, a bullet antenna is provided. The bullet antenna provided with the S100 GPS version comes with a weatherproof housing, suitable for permanent installation in an outdoor location.
Page 32: Installing The Gps Antenna
S100. Establishing A Serial Connection This step is necessary to establish the S100’s IP address. The only time you will need to make a serial connection with the S100 is during setup. Once the S100 has an IP address, improper shutdown or power failures will not cause the IP address to be lost, also, you will use the web-based interface for communication.
Page 33 In the “Connect to” dialog, select the COM Port number you are connected to. In this example, COM Port 1 is selected. Click OK. In the “COM1 Port Properties” dialog, enter the following Port Settings. S100 User Guide – Rev. D – June 2005 Figure 3-4: Connecting the S100 S100...
Page 34: Setting Up The Ip Address
: Setting Up the IP Address Power on the S100 unit. The Linux system boots. Various bootup data scrolls on the terminal emulator’s (e.g., Hyperterminal) screen. This may last a few minutes. When prompted, at the User ID login, symmetricom <Enter>.
Page 35 A similar message should appear (if you selected DHCP) confirming an IP address (see The S100 unit now has an IP address recorded. This IP address will remain even if there is a sudden power failure or improper shutdown. Make a note of the IP address for future reference.
Page 36: Testing Network Functionality
Testing Network Functionality To ensure that your network is functioning correctly, check to see if the S100 is on the network. First, check the Ethernet connection between the client computer and the S100: Call up the client computer’s command prompt. Use the Windows MS-DOS command prompt.
Page 37: Turning Off Your S100
Now, verify the S100’s IP address. At the Unix command prompt, at the command line (Figure 3-6), type IFCONFIG and press <Enter>. The following appears Open your web browser, enter the IP address in the browser Address field and press<Enter>. The Configuration Wizard link appears. Use the Wizard to complete the S100 configuration process.
Page 38: How To Acquire Time
First, log on. Logging On In your browser, enter the IP address of the S100 (use this format: “http://ipaddress”). Add the S100 home page to your ‘Favorites’ list for future convenience. If the link/icon is not present, in your browser address window, enter the S100 IP address <Enter>.
Page 39: Administrator Log-In
Once logged in, you see the System Status screen again except now it has more information. Configuration Wizard In Versions, this information refers to the current software in the S100. In the NTP Host Reachability, this example shows that the IP address was accessed eight times and provides additional details.
Page 40: Next Step
Wizard and instead choose the item you want from the Administrative Index in the left pane. Details are then provided in the right window pane. If you have established the S100's IP address, type it in the browser's Address field and press <Enter>. The browser displays the...
Page 41: Choose Your Time Source
Wizard will remove all of that configuration. This may be considered desirable; please be sure that this is what you want to do. S100 User Guide – Rev. D – June 2005 Figure 3-16: Choose Your Time Source If you've already configured your timing engine, the Configuration...
Page 42 Wizard uses a common set of screens and only the specific information relating to the time source chosen may be different on any particular screen. S100 User Guide – Rev. D – June 2005...
Page 43: Gps
20). If you check Use dialup as backup for GPS, this Dialup Settings dialog is displayed. In Options, if you wish to use ATDP (pulse dialing), check the box, otherwise the S100 uses standard ATDT (dial tone) dialing. In the Modem Phone Number field, enter the NIST phone number preceded by any prefixes that might be required to reach those numbers.
Page 44 Then click Next for the System Information dialog. • Admin e-mail, for the administrator of the S100. After a test is conducted, this email address receives the notice. • Mail forwarder, or the SMTP server • Host name • System (S100) location Confirm the data that is in the fields.
Page 45 Test Now. Test Results dialog This displays the results of your test. This tells you if the S100’s GPS receiver is functioning properly. In this example, it is. However, failed tests are also shown. S100 User Guide – Rev. D – June 2005...
Page 46 In the US, use either of the following phone numbers to access time: • Colorado: (303) 494-4774 • Hawaii: (808) 335-4721 Outside the US, connect with your local measurement institute. Figure 3-23: Your GPS set-up is complete SyncServer S100 S100 User Guide – Rev. D – June 2005...
Page 47 Then click Next for the System Information dialog. System Information dialog This shows: • Admin e-mail, for the administrator of the S100 • Admin Password • Mail forwarder, or the SMTP server S100 User Guide – Rev. D – June 2005...
Page 48 The default is to test all the designated services, so Dialup and E-Mail, unless you un- check them, will be tested. To initiate the test, click Test Now. Figure 3-26: System Testing options SyncServer S100 S100 User Guide – Rev. D – June 2005...
Page 49 Test Results dialog This screen tells you if the dial-up time source for your S100 is functioning properly. In this example, failed tests are shown. There is no output to the “Mail test” field. That is because mail is tested by sending an e-mail to the address that you indicated earlier.
Page 50: Ntp
“S100 and NTP v4’s Security Features” on page Then click Next. ntp1.symmetricom.com Figure 3-29: Defining Your NTP Settings Figure 3-16) and click Next. (Figure SyncServer S100 3-29) appears. On this screen, name S100 User Guide – Rev. D – June 2005...
Page 51 System Information dialog The System Information dialog shows you: • Admin e-mail, for the administrator of the S100 • Mail forwarder, or the SMTP server • Host name • System (S100) location Confirm the data that is in the fields. If it is not accurate, change it to the correct information.
Page 52 Click Test Now. Test Results dialog Figure 3-32: Test Results shown This screen tells you if the NTP time source for your S100 is functioning properly or if there is a test problem. S100 User Guide – Rev. D – June 2005...
Page 53: Configuring Ntp
IRIG-B, then the Next button. If you do not want to back up your IRIG with dial-up, leave the checkbox unselected, and click Next. S100 User Guide – Rev. D – June 2005 Figure 3-33: Your set-up is complete Figure “NTP Relationships”...
Page 54 In the field, enter or paste in your modem phone number. Then click Next. A screen similar to Figure 3-35 System Information dialog This shows: • Admin e-mail, for the administrator of the S100 • Mail forwarder, or the SMTP server Figure 3-34: Dial-up Settings 3-24). now appears.
Page 55 The default is to test all the services, so unless you un-check them, they all will be tested. If you do not use dial-up as backup, it will not be listed here nor will it be tested. S100 User Guide – Rev. D – June 2005 Figure 3-36: System Testing options...
Page 56 Test Results dialog This screen shows whether the IRIG-B for your S100 failed or passed. In this example, the IRIG-B failed. There is no output to the “Mail test” field as no addresses had been provided in the System Information dialog (Figure Click Finish.
Page 57: Using Symmtime
Configure the clocks as you desire using the Build tool (select the hammer in the lower right corner, the following appears). S100 User Guide – Rev. D – June 2005 and download the latest updated files. file from the utility disk into this directory.
Page 58 Right-click the displayed clocks for the menu and select Sync Servers The following screen appears. Click Add Server. New Server dialog box, enter the IP address and location of the S100. Click OK. The IP address you use will be the one obtained in the setup of the S100.
Page 59: To Synchronize Symmtime
S100; configure it now. An affirmative response confirms you have configured the S100. Next: Use the Web-Based Interface Now that you have established the S100, configured your time source, and installed your client software, you can use the web-based interface to manage S100 operations. See Chapter 4 for a complete description.
Page 60 SyncServer S100 S100 User Guide – Rev. D – June 2005...
Page 61: The Web-Based Interface
The following is a description of the web-based software interface that you use to manage the S100. This material is designed to be a reference for you as you use the S100. It also describes some of the procedures that will help you begin using the S100.
Page 62: Logging In
Logging In Using your browser, the following dialog is displayed once you enter the S100’s IP address or click the link to or icon for the S100. Enter the default user name, Assuming this is the first time you have logged in, you will see the System Status screen (see “System Status”...
Page 63: Admin Interface: Base Menu
Admin Interface: Base Menu The first thing you see on the left of your screen is the base Administrative (Admin) Menu. This is the starting point for administration tasks on the S100. Click “+” to expand the sub-menu. Figure 4-2: Administrative Interface: Base Menu...
Page 64: Administrative Menu: Expanded
Expanding each item on the base menu shows you all the available options. Click Collapse (at the bottom of the menu) to revert to the base version of the menu. Figure 4-3: Interface Admin Menu, expanded SyncServer S100 S100 User Guide – Rev. D – June 2005...
Page 65: System Status
• Red = Unsatisfactory: System not yet ready to issue time Timing Configuration These menu options let you manage NTP, the heart of the S100 system. For more details on each of the NTP terms used here, see S100 User Guide – Rev. D – June 2005 Figure 4-4: Checking the Status “NTPD Help”...
Page 66: Ntp Relationships
In the NTP Associations panel of this screen you see the configuration of the network that you are putting the S100 on. These are all the devices from which the S100 can get time. They are named as server or peer, depending on their relationship to the S100.
Page 67 16 seconds. Minimum Poll Interval - Indicate in seconds the smallest measure of time in which you want the S100 to check the network hosts’ time. If you enter nothing here, the S100 will use the default, 0:01:04 seconds.
Page 68: Ntp Time Source Test
In the following dialog, enter or paste in your modem phone number. Then click Submit. “NTP Relationships” on page Figure 4-6: Testing the NTP Time Source Figure 4-7: NTP Dialup SyncServer S100 S100 User Guide – Rev. D – June 2005...
Page 69: Ntp Restart
Reference Time - This is the last time it synced. System Peer - This tells you which NTP server the S100 is synced to. System Peer Mode - This tells you what the S100 is—client or otherwise—to the NTP server it is synced to.
Page 70 10 = the last minute has 59 seconds 11 = alarm condition (clock not synchronized) Stratum - This is the stratum level of the S100. Precision - This is an eight-bit signed integer indicating the precision of the local clock, in seconds to the nearest power of two.
Page 71: Advanced: Ntp.conf
If you need help with the NTP config file, click the NTP Configuration Help link near the top of the screen, and you will be directed to NTP Help. Additional information about NTP is available is available at S100 User Guide – Rev. D – June 2005 Figure 4-10: Viewing the NTP Configuration File www.ntp.org...
Page 72: Advanced: Keys/Certificates
If you choose Upload Certificate, browse to the certificate request, as sent to you by the Certificate Authority, or enter its name. Then click Upload. Figure 4-11: Obtaining and Generating Keys and Certificates SyncServer S100 S100 User Guide – Rev. D – June 2005...
Page 73: Timing Engine
For more about how the S100 uses NTP keys and certificates, see Security Features” on page Timing Engine This section of the interface lets you view various aspects of the Symmetricom bc635/637 PCI board—the timing engine of the S100. Main Settings The timing engine mode choices you see in the drop-down list box are: •...
Page 74: Timecode Settings
Modulation Type - The type associated with the time code signal: • AM, for amplitude modulated • DC, for direct current level shift, or digital IRIG Figure 4-13: Timecode Settings SyncServer S100 S100 User Guide – Rev. D – June 2005...
Page 75: Gps Information
Clicking Reset lets you clear any data you’ve entered, and Submit implements changes you have made. GPS Information This section of the admin menu appears only if you have the GPS option on the S100. The following items give details on GPS activity: GPS Health This screen updates the signal status.
Page 76: Gps Signal Strength
Here, the signal strength are displayed. The data is for the satellites that are currently being tracked: • The satellite number • The signal level for each satellite Figure 4-15: GPS Signal Strength SyncServer S100 S100 User Guide – Rev. D – June 2005...
Page 77: Gps Time
: The GPS antenna described in this manual has been replaced as described in Note “Appendix E” on page S100 User Guide – Rev. D – June 2005 Figure 4-16: GPS Time Figure 4-17: GPS Position “S100 and the Global Positioning System”...
Page 78: Other Information
Other Information The following screens give additional information about the S100. Engine Time The engine time is read directly from the timing engine. Clock Settings The clock settings here are: Oscillator - This is internal to the timing engine. DAC Value - A 16-bit Digital Analog Converter is used to set the frequency on the oscillator.
Page 79: Control Settings
Event Capture Source - This setting controls the source of the external event—an external event input or strobe, for example. S100 User Guide – Rev. D – June 2005 Figure 4-20: Control Settings...
Page 80: Model Information
The following page provides basic data about the bc635/637 PCI board, the timing engine of the S100. Networking Use the following dialogs to configure several parameters of the S100 on your network. TCP/IP The following dialog enables you to define the following parameters: Network Interface - Here, choose the Ethernet port you are using.
Page 81 DHCP - This is the Dynamic Host Configuration Protocol, which assigns an IP address to each node in a network. Here, the default is Enable. Static IP - Click the radio button to Enable, then enter the S100’s IP address, subnet mask, and default gateway.
Page 82: Ifconfig Output
Ping Use the ping command to test the network route between the S100 and a remote host. This is a diagnostic tool that confirms that all is well between the two devices. The dialog shown in Figure 4-24 lets you define the following parameters:...
Page 83: Traceroute
• Allow Ping of Broadcast Address: Lets you ping broadcast addresses so all machines in a broadcast group can respond Traceroute Traceroute shows you the network route between the S100 and a remote host. Use it as a diagnostic tool. The dialog shown in Figure 4-25 lets you determine the following parameters: Host - Remote server’s IP address...
Page 84: Administration
• Skip Name Lookup: If you check this, the S100 will not take the time to look up the host names of the intermediate hosts along the path. Administration Here, configure non-NTP features of the S100. You can also shut down or restart the S100.
Page 85: Admin Users
This page lets you do a clean restart of the web server. The restart affects only the management of the system, not the time or service. S100 User Guide – Rev. D – June 2005 Figure 4-27: Changing or Adding Users...
Page 86: Time Zone
Use this option to configure the System Log. Note: Remote logging is available by specifying an IP address preceded by an @ sign. Figure 4-29: Setting the Time Zone Figure 4-30: System Log Configuration SyncServer S100 S100 User Guide – Rev. D – June 2005...
Page 87: Snmp Configuration
SNMP Edit screen. SNMP Edit Use this screen to enter your SNMP commands for configuration and any other related information. S100 User Guide – Rev. D – June 2005 Figure 4-31: SNMP Configuration Figure 4-32: SNMP Edit...
Page 88: Alarms
The next item on the Admin menu is the Configuration Wizard. This helps you select and configure your time reference. Step-by-step Configuration Wizard instructions are in page Figure 4-33: Setting Alarm Parameters SyncServer S100 “The Configuration Wizard” on S100 User Guide – Rev. D – June 2005...
Page 89: Logs
• Remove all but the last __ lines: Lets you pare down the log after you have viewed NTP Log Use this log to see NTP activity. S100 User Guide – Rev. D – June 2005 case-blind option lets the search ignore case in your search.
Page 90: Boot Log
Boot Log Use this log to see messages created during the boot process. System Log Use this log to monitor system activity. Figure 4-35: Boot Log Figure 4-36: System Log SyncServer S100 S100 User Guide – Rev. D – June 2005...
Page 91: Config Log
Config Log This log shows you S100 configuration and status messages. HTTP Log This log shows webserver messages. S100 User Guide – Rev. D – June 2005 Figure 4-37: Config Log Figure 4-38: HTTP Log...
Page 92: Table Of Contents
Help This is the last section of the S100 admin menu. Available Help functions are: SyncServer Help This is the application Help. Use the Table of Contents, Index, or Search to find information. NTPD Help For detailed information about NTP (Network Time Protocol), use the NTPD Help link (see “NTPD Help”...
Page 93: Logging Off
• Go to the Configuration Wizard, which will require you to log back in but will then take you directly to the wizard • Continue the logoff by closing your browser S100 User Guide – Rev. D – June 2005 Figure 4-40: Log Off screen...
Page 94 SyncServer S100 S100 User Guide – Rev. D – June 2005...
Page 95: Operations & Time-Protocols
How the S100 Uses the Sysplex Timer The S100 receives the signal from the GPS antenna, then provides Sysplex Timer output through its Serial Port A. The Serial Port A supplies an ASCII broadcast of UTC time that is often used by computers that cannot or do not use NTP.
Page 96 Various operational parameters for the sysplex daemon can be controlled using parameters in the .ss_profile file. Use the serial connection or SSH to login to the S100 in order to change this file. Set the value of the SYSPLEX_PROGRAM environment variable by adding or removing the # comment character in the first column.
Page 97: Time Protocol (Rfc 868)
The Daytime protocol sends the current date and time as a character string without regard to the input. When used over TCP, the S100 listens for a connection on port 13; once a connection is established the current date and time is sent out as an ASCII character string. The service closes the connection after sending the quote.
Page 98: Simple Network Time Protocol (Rfc 2030)
When used over UDP, the S100 listens for a datagram on port 13. The S100 responds to the UDP request with the current date and time as an ASCII character string. For additional information, see: Simple Network Time Protocol (RFC 2030) Simple Network Time Protocol (SNTP) is a simplified access protocol for servers and clients using NTP as it is now used on the Internet.
Page 99 0 and bit 1, respectively, coded as follows: Figure 5-42: Two-bit Leap Second Indicator Code You are alerted to an alarm condition when the S100 is first powered on—in other words, before time is initially acquired from the timing signal. An alarm condition will also signal when the timing parameters are changed.
Page 100 This is an eight-bit integer indicating the stratum level of the local clock. For the S100 this field is set to one indicating a primary reference, if the S100 is relying on its GPS receiver or dial-up modem connection for timing information. Otherwise, it will accurately reflect its location in a timing hierarchy.
Page 101: Ntp Authentication
NTP authentication enables an NTP client to ensure two things: that the time stamp received has come from a trusted source, and that it has not been modified in transit. Because Symmetricom has extended the authentication method, you can use it to deny service to unauthorized clients who submit NTP time stamp requests.
Page 102: Authentication: Ntp V4 Autokey
NTP packet is filled in and a new cryptochecksum is computed and added to the packet. The packet is then sent back to the client. More information For more about NTP authentication, see both the NTP help available from the S100 web interface and from: http://www.ntp.org Typical NTP Configuration Considerations This section provides additional information on using NTP and network configuration.
Page 103: Other Ntp Considerations
If the clients are not configured to synchronize with a specific group of servers, a rogue system can influence the synchronization process by broadcasting invalid time information. To defend against this threat, authentication and access control should be used to help limit potential synchronization sources. S100 User Guide – Rev. D – June 2005...
Page 104: Basic Ntp Configuration
In fact, for a local server with a large number of clients and a fairly constant network latency broadcasting or SyncServer S100 S100 User Guide – Rev. D – June 2005...
Page 105 There are three different ways to set up an NTP server for a large number of clients: • Set up a reference clock on a secured network that uses accurate public NTP servers • Set up a reference clock directly on a secured network S100 User Guide – Rev. D – June 2005...
Page 106 In the case of enterprise networks serving hundreds or thousands of client file servers and workstations, conventional practice is to obtain service from stratum-1 primary servers. It is important to avoid loops and possible common points of failure when S100 User Guide – Rev. D – June 2005...
Page 107 The following diagrams depict typical NTP configurations from large to small networks. Use these as a guide when creating your own. S100 User Guide – Rev. D – June 2005...
Page 108 SyncServer S100 Figure 5-43: Large Net NTP Configuration S100 User Guide – Rev. D – June 2005...
Page 109 Figure 5-44: Large Net NTP Configuration 2 S100 User Guide – Rev. D – June 2005...
Page 110 SyncServer S100 Figure 5-45: Small Net NTP Configuration Figure 5-46: Small Net NTP Configuration S100 User Guide – Rev. D – June 2005...
Page 111: Peers
The Automated Computer Time Service (ACTS) is maintained by the U. S. National Institute of Standards and Technology (NIST). More information is in the next section. In most of this guide, the term dial-up is used instead. S100 User Guide – Rev. D – June 2005 Figure 5-47: Minimum Net NTP Configuration...
Page 112: Acts Operation
S100 units. When services are available, an ACTS client call will not modify the S100 clock if the unit is currently decoding a valid time code signal.
Page 113: Version 1
(CLNS), AppleTalk Datagram-Delivery Protocol (DDP), and Novell Internet Packet Exchange (IPX). SNMP v1 is widely used and is the de facto network-management protocol in the Internet community. S100 User Guide – Rev. D – June 2005 ) and functions within the specifications RFC 1157...
Page 114: Version 3
The privProtocol can only be DES at this time. Messages can be be sent unauthenticated, authenticated, or authenticated and encrypted by setting the securityLevel to use. RFC 2574 SyncServer S100 RFC 2575 S100 User Guide – Rev. D – June 2005...
Page 115 The UCD Demo Password defVersion 3 defAuthType MD5 defSecurityLevel authNoPriv COMMAND: snmpget test.net-snmp.org sysUpTime.0 RESPONSE: system.sysUpTime.3.0 = Timeticks: (83517052) 9 days, 15:59:30.52 S100 User Guide – Rev. D – June 2005 Snmp.conf token defSecurityName NAME defAuthType (MD5|SHA) defPrivType DES defAuthPassphrase PASSPHRASE...
Page 116 SyncServer S100 S100 User Guide – Rev. D – June 2005...
Page 117: Frequently Asked Questions
Is there a way to get GPS time instead of UTC time from the S100? The S100 normally provides UTC time. However, it can be configured to output GPS time—...
Page 118: How Does The S100 Handle Leap Second
The GPS satellites send notice of an upcoming leap second about two months in advance. The S100 receives this notice and, following NTP specifications, starts advising clients 24 hours in advance. At the leap second event, the S100 will add or delete the leap second from the transmitted time.
Page 119: How Many Satellites Are Necessary For Me To Operate The S100
How do I know if the satellite signal strength is good? Any signal over 6 is good and usable by the S100. The unit will continue to track a satellite down to 3 once it has acquired it at a level 6 or over.
Page 120: How Many Ntp Requests Can Be Processed By The S100 Each Second
• Https: SSL v3 (web based user interface) • SSH: SSL v3 remote login (secure terminal interface) Does the S100 support any functions to restrict user access to NTP service? Can the S100 set up clients' IP address to be connected? The S100 can be configured with a IP address-based restrict list to selectively deny NTP service to a subnet or a single network client.
Page 121: Is Ntp V4 Compatible With Network Address Translation (Nat) Gateways
NTP v4 autokey sessions do not work when the client and/or server are installed on a network behind a Network Address Translation (NAT) gateway. S100 users who wish to use NTP v4 should be aware that a NAT device cannot exist between the client and server.
Page 122: How To Install Ntp V4 On A Unix System
(ok) and watch output for crypto statements and packet sizes “Installing Your S100” on page for details about this. SyncServer S100 installed. openssl > ./configure --with- ipaddress S100 User Guide – Rev. D – June 2005 >...
Page 123: Introduction And Overview 1
“Introduction and Overview” on page 1 How to change the root password The S100 is shipped with a default root password of a very good idea to change that password immediately. To change the root password, use the following steps: Use HyperTerminal or Tera Term (included on the enclosed CD) on the serial port, or SecureShell using PuTTY (included on the enclosed CD).
Page 124: How To Get Information About Ntp
[root@syncserv1 /root]# This is really an advisory in the form of an error message. The S100 will still accept a “dictionary” word as your password, despite this error message. However, we suggest that you take its advice seriously and use a random combination of letters and numbers.
Page 125: My S100 Won't Track Satellites
Also check that the configuration settings are set to a VT100 ASCII terminal using 9600, 8, N, 1 and hardware flow control. Try pinging the S100 from your management PC, and the PC from the S100. Then use traceroute (see “Traceroute”...
Page 126 SyncServer S100 S100 User Guide – Rev. D – June 2005...
Page 127: S100 Specifications
Channels and Frequency Cable Type Antenna Chassis A/C Power In Size and Weight S100 User Guide – Rev. D – June 2005 141. Description IEEE 802.3 specifications Dual 10/100BaseT, Twisted Pair RJ45 NTP v2 (RFC 1119), NTP v3 (RFC 1305), NTP...
Page 128: Pin Descriptions
RS-232 Data Terminal Ready (out) Ground RS-232 Data Set Ready (in) RS-232 Request to Send (out) RS-232 Clear to Send (in) RS-232 Ring Indicator (in) Description 0°C to +45°C/5-95% @ 40°C S100 User Guide – Rev. D – June 2005 SyncServer S100...
Page 129: Time Glossary
Asynchronous Transfer Mode, or ATM switching. This is a type of packet switching that makes it possible to transmit data at high speeds over a network. It also allows dynamic S100 User Guide – Rev. D – June 2005 NIST...
Page 130 Certificates are used to verify the identity of an individual, organization, Web server, or hardware device. They are also used to ensure non-repudiation in business transactions, as well as enable confidentiality through the use of public-key encryption. S100 User Guide – Rev. D – June 2005...
Page 131 Two or more Certificate Authorities (CAs) that issue certificates (cross-certificates) to establish a trust relationship between themselves. Cryptography Encryption S100 User Guide – Rev. D – June 2005 standard that lets the certificate hold additional identifying in order to receive a certificate.
Page 132 Encryption method in which both the sender and receiver of a message share a single key that decrypts the message. Symmetricom Secure Network Time Protocol (SS/NTP) The protocol created by Symmetricom, based on NTP, that includes additional security features. DCLS Direct Current Level Shift, or digital IRIG.
Page 133 The directory is the storage area for network security information such as keys or server names. Digital Signature Algorithm SS/NTP Symmetricom Secure Network Time Protocol, the protocol created by Symmetricom, based on NTP, that includes additional security features. Digital Signature Standard (DSS) Symmetricom Temporal Token Element Manager (ENMTMS) Software that manages the components of an application.
Page 134 Internet protocols in their Request for Comment (RFC) papers. These papers are numbered (RFC 1305, RFC 868, and so on) and are referred to by engineers worldwide as they work on technologies that support IETF standards. S100 User Guide – Rev. D – June 2005...
Page 135 Two integrated keys: one public, one private. Key Recovery The process of recovering a private decryption key from a secure archive for the purposes of recovering data that has been encrypted with the corresponding encryption key. S100 User Guide – Rev. D – June 2005...
Page 136 Management Information Base, a database on the network that tracks, records, and corrects performance for each device on the network. MTBF Mean Time Between Failure, a measure of reliability. The longer the time span between failures, the more reliable the device. S100 User Guide – Rev. D – June 2005...
Page 137 Certification of the identity of the party in a transaction based on identifying credentials. NTMS Network Time Management System is a Symmetricom network management platform that provides secure management of infrastructure devices. Network Time Protocol is a protocol that provides a reliable way of transmitting and receiving the time over the TCP/IP networks.
Page 138 Public Switched Telephone Network, a voice and data communications service for the general public that uses switched lines. Public Key Messages are sent encrypted with the recipient's public key, which is known to others; the recipient decrypts them using their private key. S100 User Guide – Rev. D – June 2005...
Page 139 A card the size of a credit card, which holds a microprocessor that stores information. S/MIME Secure Multipurpose Internet Mail Extensions. The standard for secure messaging. S100 User Guide – Rev. D – June 2005 whose certificate is self-signed; that is, the issuer and the subject...
Page 140 Telnet Telnet is a terminal emulation application protocol that enables a user to log in remotely across a TCP/IP network to any host supporting this protocol. The keystrokes that the user S100 User Guide – Rev. D – June 2005...
Page 141 Time-Stamp Token Tool box A group of software applications that have similar functions. Time Master Clock (TMC) Third-party Certificate See also: Certificate TPCA Third-party Certification/Certificate Authority. See also: Certificate Authority (CA) S100 User Guide – Rev. D – June 2005...
Page 142 Time StampServer (TSS) Symmetricom’s Time StampServer (TSS) services time-stamp requests from applications, transactions, or computer logs. Time Master Clock (TMC) Symmetricom’s Master Clock is a Rubidium-based master clock synchronized to UTC time and certified by a National Measurement Institute Time-Stamping Authority...
Page 143 Wireless Application Protocol, a worldwide standard for applications used on wireless communication networks. WPKI Wireless Public Key Infrastructure WTLS Wireless Transport Layer Security X.509 The ITU's X.509 standard defines a standard format for digital certificates, the most-widely used standard. S100 User Guide – Rev. D – June 2005...
Page 144 SyncServer S100 X.509 v3 Certificate Extension The X.509 standard with extended features approved by the IETF. S100 User Guide – Rev. D – June 2005...
Page 145: Customer Assistance
Appendix D Customer Assistance Symmetricom's Customer Assistance Centers are a centralized resource to handle all your customer needs. Our Centers are staffed with logistics personnel to handle product quotes, order status and scheduling as well as technical personnel for technical support, installations or service quotes.
Page 146: Customer Service
For technical support 24 hours a day, 7 days a week, every day of the year, contact us at: emea_support@symmetricom.com Comments, complaints and suggestions are always gladly accepted. customer_relations@symmetricom.com SyncServer S100 S100 User Guide – Rev. D – June 2005...
Page 147: Declaration Of Conformity
I declare that the equipment specified above conforms to the above Directives and Standards. European Representative: Company Name and Address Date Name S100 User Guide – Rev. D – June 2005 Symmetricom, Inc. 3750 Westwind Blvd. Santa Rosa, Ca. 95403 USA Declares that the...
Page 148 Santa Rosa, Ca. 95403 USA Declares that the following Model: MODEL S100 NETWORK TIME SERVER MODEL NO. S100 MODEL NO. S100/GPS MODEL NO. S100/RB MODEL NO. S100/GRB/GPS Quality Engineer Title SyncServer S100 Signature S100 User Guide – Rev. D – June 2005...
Page 149: Antenna Replacement
• For cable runs longer than 300 feet, an optional GPS Down/Up Converter kit is available Other GPS Antenna Options: • A Lightning Arrestor kit • A 1:2 splitter (distributes the signal from a single antenna to two GPS receivers) S100 User Guide – Rev. D – June 2005...
Page 150 SyncServer S100 S100 User Guide – Rev. D – June 2005...
Page 151: Index
Restart Web Interface Shutdown/Reboot Time Zones 78, 79 Administrator Log-In Advanced Keys/Certificates ntp.conf Advanced Encryption Standard (AES) Alarms Algorithm Allow Broadcast Address ANSI Antenna Cable length Antenna Replacement Kit Antiwarrant ASCII S100 User Guide – Rev. D – June 2005...
Page 152 Cancel Pending Shutdown Case-blind CDMA CDSA Certificate Certificate Authority Certificate Authority (CA) Certificate Extension Certificate Request 11, 64, 112 Certificate Request Message Certificate Revocation List (CRL) Certification Path Chassis Client role SyncServer S100 S100 User Guide – Rev. D – June 2005...
Page 153 Data Encryption Standard (DES) Daylight Savings Time Daytime Protocol (RFC 867) D-BNC Signal Breakout Cable D-BNC Signal Breakout Cable BC11576-1000 DCLS Declaration of Conformity Decryption Default gateway Default password Default user name S100 User Guide – Rev. D – June 2005 22, 45...
Page 154 Dynamic Host Configuration Protocol Electrical Safety Instructions Element Manager (ENMTMS) E-mail Address EMEA Assistance Center Encryption 59, 125 Engine Time Ephemeris Time eth0 Ethernet Event Capture Lockout Event Capture Source SyncServer S100 S100 User Guide – Rev. D – June 2005...
Page 155 GPS Position GPS Receiver GPS Signal Strength GPS Time GPS Time Format GPS Week GPS Week Number GPS/UTC Offset Hack/crack Hardware setup 21, 23 Hash HeartBeat Heartbeat HeartBeat Counter S100 User Guide – Rev. D – June 2005 3, 65, 126...
Page 156 3, 4, 126 Important Safety Instructions! In-band Authentication installations Installing Your SyncServer S100 Integrity Interface NTP Status Web-based 8, 53 International Bureau of Weights and Measures (BIPM) Internet Protocol SyncServer S100 S100 User Guide – Rev. D – June 2005...
Page 157 L1 Band, L2 Band LDAP Leap Second Leap Indicator Leap Seconds Line numbers Lithium Battery Disposal Instructions Local area network Local clock phase shifting Local Domain Local Offset Log Out 31, 85 S100 User Guide – Rev. D – June 2005...
Page 158 Network Interface 72, 119 Network Time Management System (NTMS) Network Time Protocol (RFC 1305 and RFC 1119) Networking ifconfig Output Ping TCP/IP Configuration Traceroute NIST 9, 103, 129 5, 129 SyncServer S100 S100 User Guide – Rev. D – June 2005...
Page 159 NTP Test NTPD Help 53, 84 NTPv3 NTPv4 7, 10, 94 OCSP One Pulse Per Second (1PPS) Online validation Operating and Storage Environments order status order status and scheduling Oscillator 65, 70 S100 User Guide – Rev. D – June 2005...
Page 160 62, 92 Prefer Private Key Product Overview product quotes Propagation Delay Prune PSTN Public Domain xNTP Package Public Key Public Key Certificate Quiet quotes Rack Mounting Real-Time Clock Reboot SyncServer S100 S100 User Guide – Rev. D – June 2005...
Page 161 Root Trust Time Services (RTTS) Route S/MIME Safety Instructions Scheduled Leap Event Flag Scheduled Leap Event Time Search Search Domains Search NTPD Manual Seconds of Week Secure NTP Serial Connection 24, 119 Serial port S100 User Guide – Rev. D – June 2005...
Page 162 How it uses the Sysplex timer SyncServer Operations and Time-Related Protocols SyncServer Product Specifications SyncServer S100 Accessories Photo of The technology Sysplex Timer 87, 132 SYSPLEX_PROGRAM environment variable System Flags SyncServer S100 S100 User Guide – Rev. D – June 2005...
Page 163 Time Master Clock (TMC) Time Protocols Time Signing Time Source, choosing Time StampServer (TSS) Time to Live Timecode Settings Time-of-fix Time-Stamp Time-Stamp Request Time-Stamp Token Time-Stamping Authority Timing Accuracy Timing Configuration Timing Engine S100 User Guide – Rev. D – June 2005...
Page 164 53, 84 Update Upload Certificate US Assistance Center User Datagram Protocol (UDP) User name, default Using the Online Help USNO 3, 5, 135 Vault Verification Version Virus Wait time SyncServer S100 S100 User Guide – Rev. D – June 2005...
Page 165 Warrant Web-based interface When Wide area network Wireless Application Protocol (WAP) WPKI WTLS X Coordinate X.509 11, 135 X.509 v3 Certificate Extension Y Coordinate Year Z Coordinate S100 User Guide – Rev. D – June 2005...
Page 166 SyncServer S100 S100 User Guide – Rev. D – June 2005...

Symmetricom SyncServer S100 User Manual

Table of Contents

Chapter 1 Introduction and Overview

Chapter 2 S100 Technology

Chapter 3 Installation and Configuration

Chapter 4

Syncserver Help/Ntpd Help

Chapter 5 Operations & Time-Protocols

Chapter 6 Frequently Asked Questions

Appendix A S100 Specifications

Appendix B

Appendix D Customer Assistance

Appendix C

Appendix E

Quick Links

Chapters

Related Manuals for Symmetricom SyncServer S100

Summary of Contents for Symmetricom SyncServer S100

Table of Contents