This article is written to explain our current Network Time Protocol (NTP) offering. Having a consistent time setting across servers help when correlating logged event across servers and is used by security protocols such as SSL, TLS and Kerberos to avoid replay attacks. Since Kerberbos is a key component in Microsoft Active Directory, systems using AD will also benefit from having a good time synchronization source.

NTP Resources

Resources on what NTP is and how it works may be found here:

• http://en.wikipedia.org/wiki/Network_Time_Protocol
• http://tools.ietf.org/html/rfc5905
• http://ntp.org/

It should also be noted that NTP can be used as part of a Precision Time Protocol (PTP) configuration:

• http://en.wikipedia.org/wiki/Precision_Time_Protocol

NTP Stratum Levels

The Wikipedia article on NTP (listed above) does a good job on going over NTP stratum levels. The United States provides authoritative sources for specifying the exact time. These include radio and phone access to an atomic clock at the US Naval Observatory in Colorado and the Global Positioning System (GPS) satellites. These time sources are referred to as Stratum 0. Time servers that get time directly from one of these sources are called Stratum 1. Then, servers that get their time from Stratum 1 servers are called stratum 2 and so on. The lower the stratum level the higher the quality is considered to be since a lower stratum level should have a more accurate time.

Steadfast NTP Infrastructure

Stratum 1

Steadfast has a stratum 1 time source which get its time via GPS. The antenna for the server is on the roof of our data center facility which lprovides a good view of the sky to hold a lock on several (at least 4) of the North American GPS satellites. The actual number and which satellites are locked changes through-out the day as the positions change (the current positions can be found at http://www.nstb.tc.faa.gov/RT_WaasSatelliteStatus.htm).

The stratum 1 time source is currently only available to Steadfast customers with the following guidelines:

• They must have a connection directly on the Steadfast public network
• Cloud customers should not use the stratum 1 (the clock is already kept in sync at the hypervisor)
  • However, Windows cloud customers can still use the stratum 2 servers
• Any system configured to use the stratum 1 should also be configured to use one of the Steadfast stratum 2 NTP pools such as:
  • time.steadfast.net
  • chi.time.steadfast.net
  • nyc.time.steadfast.net
• The client should not query the stratum 1 server more often than once per minute unless approved by Steadfast support

The stratum 1 server is a highly accurate FSMLabs TimeKeeper Grandmaster Network Time Server which provides NTP version 4 service over IPv4. Not only does this regularly get accurate time updates from multiple GPS satellites, but in any case it loses GPS lock the unit also includes a Temperature Compensated Crystal Oscillator (TCXO) which helps minimize any clock drift (under 25µs/24hr holdover) until the GPS lock is once again established.

The host name for the stratum 1 server is: gps.time.steadfast.net

Stratum 2

Steadfast has six stratum 2 servers which get their time from both the Steadfast stratum 1 along with other public stratum 1 and stratum 2 servers. These servers should provide an accurate enough time source for the majority of systems.

The individual host names for the servers are:

• a.time.steadfast.net
• b.time.steadfast.net
• c.time.steadfast.net
• d.time.steadfast.net
• e.time.steadfast.net
• f.time.steadfast.net

All six servers are included in in the time.steadfast.net DNS record. The first four servers are included in chi.time.steadfast.net and the last two servers are included in the nyc.time.steadfast.net record.

Unlike the stratum 1 server, the stratum 2 server is available publicly, even to non-customers. Each of the stratum 2 NTP servers are listed in the public stratum 2 server list at: http://support.ntp.org/bin/view/Servers/StratumTwoTimeServers

Configuring Operating System to use NTP servers

CentOS

To use the stratum 2 servers on CentOS, modify the /etc/ntp.conf file and add the following line:

server time.steadfast.net

If you require stratum 1 as well, then also add the line:

server gps.time.steadfast.net

Windows

Microsoft Windows has a built-in NTP client. You can configure it by doing the following:

• Right clicking on the clock in the lower right corner
• Select "Adjust date/time"
• Select "Internet Time" tab
• Click the button "Change settings..."
• Make sure the check box is checked for "Synchronize with an Internet time server"
• Set the Server: text box to: time.steadfast.net (or gps.time.steadfast.net to use only our stratum 1 time server)
• Click the button "Update now" to test it

This can also be done from a Command Prompt (cmd.exe) window by running the following:

w32tm /config /manualpeerlist:time.steadfast.net /reliable:yes /update

The status can be confirmed by running:

w32tm /query /status

If a non-cloud Windows system requires stratum 1 service, run the following:

w32tm /config /manualpeerlist:"time.steadfast.net gps.time.steadfast.net" /reliable:yes /update

The status can then be confirm using the same command above.