nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [c-nsp] NTP Servers

From: PC <paul4004 () gmail com>
Date: Sun, 1 Jul 2012 13:03:13 -0600
Many folks have more than just windows desktop PCs syncing their time.

If your application requires sub-5 second accuracy, (such as end of a
banking day), then Windows NTP is unsuitable for the purpose.

If your only objective is to sync the times on a bunch of user laptops so
they can get Kerbeos tickets within the 5 minute tolerance, it works fine.

For me, even a few seconds apart can be frustrating for comparing log files
between busy devices.

Your reason would be whether or not you fall inside or outside the
Microsoft guidelines below:


From Microsoft:


http://support.microsoft.com/kb/939322

We do not guarantee and we do not support the accuracy of the W32Time
service between nodes on a network. The W32Time service is not a
full-featured NTP solution that meets time-sensitive application needs. The
W32Time service is primarily designed to do the following:

   - Make the Kerberos version 5 authentication protocol work.
   - Provide loose sync time for client computers.

The W32Time service cannot reliably maintain sync time to the range of 1 to
2 seconds. Such tolerances are outside the design specification of the
W32Time service.


On Sat, Jun 30, 2012 at 5:23 PM, Jimmy Hess <mysidia () gmail com> wrote:


On 6/30/12, Grant Ridder <shortdudey123 () gmail com> wrote:

I don't understand why anyone would use windows server for anything that
needed precision like time.


Probably because they realize that in a Windows domain, their domain
controllers already provide a SNTP service with the Windows NT PDC
Emulator providing authoritative time for windows time service, and
all those windows servers can be enabled as a NTP server with a small
configuration change,  and   Windows Domain  clients are required  to
be synchronized with this  using the Windows time service,  as a
condition for Kerberos authentication and domain logon,  for the
configuration to be a supported one.

So, given you already have those capabilities and those constraints...
  how do you justify deploying another server for providing a separate
time service,  running a new OS,  instead of just using the same one
for all hosts?

In many cases  it's not  "Why use a windows time server"  that has to
be justified;
the burden of proof is to answer the question  "What can you say that
indicates you should definitely not use a windows time server for the
application?"   :)

--
-JH
Previous By Date Next
Previous By Thread Next

Current thread: