Home

Configuring a Network to use a NTP Server Part one: Finding a Time Source

Keeping your network synchronized with the correct time is crucial for modern networking. Because of the value of timestamps in communciating globally and across multi-networks, it is imperative that every machine is running a source of UTC (Coordinated Universal Time).

UTC was developed to allow the entire global community to use the same time no matter where they are on the globe as UTC doesn’t use time-zones so it allows accurate communication regardless of location.

However, finding a source of UTC is often where some network administrators fall down when they are attempting to synchronize a network. There are many areas that a source of UTC can be received from but very few that will provide both accurate and secure reference to the time.

The internet is full of purported sources of UTC, however, many of them offer no where near their acclaimed accuracy. Furthermore, resorting to the internet can lead to security vulnerabilities.

Internet time sources are external to the firewall and therefore a hole has to be left open which can be taken advantage of by malicious users. Furthermore, NTP, the protocol used to distribute and receive time sources, cannot instigate its authentication security measure across the internet so it is not possible to ensure the time is coming from where it is supposed to.

External sources of UTC time are far more secure. There are two methods used by most administrators. Long wave radio signals as broadcast by national physics laboratories and the GPS signal which is available everywhere on the globe.

The external sources of UTC ensure your NTP network is receiving not just an accurate source of UTC but also a secure one.

Reasons for Atomic Clock Timing

Atomic clocks have, unbeknown to most people, revolutionised our technology. Many of the ways we trade, communicate and travel are now solely dependent on timing from atomic clock sources.

A global community often means that we have to communicate with people on other areas of the world and in other time zones. For this purpose a universal time zone was developed, known as UTC (Coordinated Universal Time), which is based on the time told by atomic clocks.

Atomic clocks are incredibly accurate, losing only a second in every hundred million years, which is staggering when you compare it to digital clocks that will lose that much time in a week.

But why do we need such accuracy in timekeeping? Much of the technology we employ in modern times is designed for global communication. The Internet is a good example. So much trade is done across continents in fields such as the stock exchange, seat reservation and online auctioning that exact time is crucial. Imagine you are bidding for an item on the Internet and you place a bid a few seconds before the end, the last and highest bid, would it be fair to lose the item because the clock on your ISP was a little fast and the computer therefore thought the bidding was over. Or what about seat reservation; if two people on different sides of the globe book a seat at the same time, who gets the seat. This is why UTC is vital for the internet.

Other technologies too such as global positioning and air traffic control are reliant on atomic clocks to provide accuracy (and in the case of air traffic is paramount for safety). Even traffic lights and speed cameras have to be calibrated with atomic clocks otherwise speeding ticket may not be valid as they could be questioned in court.

For computer systems NTP time servers are the preferred method for receiving and distributing a source of UTC time.

Time Server Basic Questions Answered

What is a time server?

A time server is a device that receives and distributes a single time source across a computer network for the purposes of time synchronization. These devices are often referred to as a NTP server, NTP time server, network time server or dedicated time server.

And NTP?

NTP – Network Time Protocol is a set of software instructions designed to transfer and synchronize time across LANs (Local Area Network) or WANS (Wider Area Network). NTP is one of the oldest known protocols in use today and is by far the most commonly used time synchronization application.

What timescale should I use?

Coordinated Universal Time (UTC) is a global timescale based on the time told by atomic clocks. UTC doesn’t take into account time zones and is therefore ideal for network applications as in principle by synchronizing a network to UTC you are in effect synchronizing it to every other network that utilises UTC.

Where does a time server receive the time from?

A time server can utilise the time from anywhere such as a wrist watch or wall clock. However, any sensible network administrator would opt to use a source of UTC time to ensure the network is as accurate as possible. UTC is available from several ready sources. The most used is perhaps the internet. There are many ‘time servers’ on the internet that distribute UTC time. Unfortunately, many are not at all accurate an in using an internet time source you could be leaving the network vulnerable as malicious users can take advantage of the open port in the firewall where the timing information flows.

It is far better to use a dedicated NTP time server that receives the UTC time signal external to the network and firewall. The best methods for doing this is to either use the GPS signals transmitted from space or the national time and frequency transmissions broadcast by several countries in long wave.

Using NTP Networks

Network Time Protocol is by far the most widely used application for synchronizing computer time across local area networks and wider areas networks (LANs and WANs). The principles behind NTP are fairly simple. It checks the time on a system clock and compares it with an authoritative, single source of time, making corrections to the devices to ensure they are all synchronized to the time source.

Selecting the time source to use is perhaps the fundamentally most important thing in setting up a NTP network. Most network administrators opt, quite rightly to use a source of UTC time (Coordinated Universal Time). This is a global timescale and means that a computer network synchronized to UTC is not only using the same timescale as every other UTC synchronized network but also there is no need to worry about different time zones around the globe.

NTP uses different layers, known as strata, to determine the closeness and therefore accuracy, to a time source. As UTC is governed by atomic clocks, any atomic clock giving out a time signal is referred to as stratum 0 and any device that receives the time directly from an atomic clock is stratum 1. Stratum 2 devices are devices that receive the time from stratum 1 and so on. NTP supports over 16 different stratum levels although accuracy and reliable decrease with each stratum layer further away you get.

Man network administrators opt to use an internet source of UTC time. Apart from the security risks of using a time source from the internet and allowing it access through your firewall. Internet time servers are also stratum 2 devices in that they are normally servers that receive the time from single stratum 1 device.

A dedicated NTP time server on the other had are stratum 1 devices in themselves. They receive the time directly from atomic clocks, either via GPS or long wave radio transmissions. This makes them far more secure than internet providers as the time source is external to the network (and firewall) but also it makes them more accurate.

With a stratum 1 time server a network can be synchronized to within a few milliseconds of UTC without risk of compromising your security.

Perfect Time Synchronization for Windows

Most Windows operating systems have an integrated time synchronisation service, installed by default that can synchronise the machine or indeed a network. However, for security reasons, it is highly recommended by Microsoft, amongst others, that an external time source is used.

NTP time servers
securely and accurately receive the UTC time signal from the GPS network or the WWVB radio transmissions (or European alternatives).  NTP time servers can synchronize a single Windows machine or an entire network to within fractions of a second of the correct UTC time (Coordinated Universal Time).

A NTP time server provides precise timing information 24 hours-a-day, 365 days-a-year anywhere on the entire globe. A dedicated NTP time server is the only secure, safe and reliable method of synchronizing a computer network to UTC (Coordinated Universal Time). External to the firewall, an NTP time server does not leave a computer system vulnerable to malicious attacks unlike Internet timing sources via the TCP-IP port.

A NTP time server is not only secure, it receives a UTC time signal direct from atomic clocks unlike Internet timing sources which are really time servers themselves. NTP servers and other time synchronization tools can synchronize entire networks, single PCs, routers and a whole host of other devices. Using either GPS or the North American WWVB signal, a dedicated NTP time server from will ensure all your devices are running to within a fraction of UTC time.

A NTP time server will:

•    Increase network security
•    Prevent data loss
•    Enable logging and tracking of errors or security breaches
•    Reduce confusion in shared files
•    Prevent errors in billing systems and time sensitive transactions
•    Can be used to provide incontestable evidence in legal and financial disputes

Computer Network Timing Solutions

Computer networks and the internet have dramatically changed the way we live our lives. Computers are now in constant communication with each other making possible transactions such as online shopping, seat reservation and even email.

However, all this is only possible thanks to accurate network timing and in particular the use of Network Time Protocol (NTP) used to ensure all machines on a network are running the same time.

Timing synchronization is crucial for computer networks. Computers use time in the form of timestamps as the only marker to separate two events, without synchronization computers have difficulty in establishing the order of events or indeed if an event has happened or not.

Failing to synchronize a network can have untold effects. Emails may arrive before they are sent (according to the computer’s clock), data may get lost or fail to store and worst-of-all, the entire network could be vulnerable to malicious users and even fraudsters.

Synchronization with NTP is relatively straight forward as most operating systems have a version of the time protocol already installed; however, choosing a timing reference to synchronize to is more challenging.

UTC (Coordinated Universal Time) is a global timescale governed by atomic clocks and is used by nearly all computer networks across the globe. By synchronizing to UTC a computer network is essentially synchronizing the network time with ever other computer network in the world that uses UTC.

The internet has plenty of sources of UTC available but security issues with the firewall means the only safe method of receiving UTC is externally. Dedicated NTP time servers can do this using either long wave radio or GPS satellite transmissions.

Using Atomic Clocks to Synchronize a Network

Most computer networks have to be synchronized to some degree. Allowing the clocks on computers across a network to all be telling different times is really asking for trouble. All sorts of errors can occur such as emails not arriving, data getting lost, and errors get unnoticed as the machines struggle to makes sense of the paradoxes that unsynchronized time can cause.

The problem is computers use time in the form of timestamps as the only point of reference between different events. If these don’t match then computers struggle to establish not only the order of events but also if the events took place at all.

Synchronizing a computer network
together is extremely simple, thanks largely to the protocol NTP (Network Time Protocol). NTP is installed on most computer operating systems including Windows and most versions of Linux.

NTP uses a single time source and ensures that every device on the network is synchronized to that time. For many networks this single time source can be anything from the IT manager’s wrist watch to the clock on one of the desktop machines.

However, for networks that have to communicate with other networks, have to deal with time sensitive transactions or where high levels of security are required then synchronization to a UTC source is a must.

Coordinated Universal Time (UTC) is a global timescale used by industry all over the world. It is governed by a constellation of atomic clocks making it highly accurate (modern atomic clocks can keep time for 100 million years without losing a second).

For secure synchronization to UTC there is really only one method and that is to use a dedicated NTP time server. Online NTP servers are used by some network administrators but they are taking a risk not only with the accuracy of the synchronization but also with security as malicious users can imitate the NTP time signal and penetrate the firewall.

As dedicated NTP servers are external to the firewall, relying instead on the GPS satellite signal or specialist radio transmissions they are far more secure.

Using a NTP Server in your Network

The Network Time Protocol server is used in computer networks all over the world. It keeps an entire network’s systems and devices synchronised to the same time, normally a source of UTC (Coordinated Universal Time).

But is a NTP time server a necessary requirement and can your computer network survive without one?  The short answer is perhaps yes, a computer network can survive without a NTP server but the consequences can be dramatic.

Computers are meant to make our lives easier but any network administrator will tell you they can cause an awful amount of difficulty when they inevitably go wrong and without adequate time synchronisation, identifying an error and putting it right can be nearly impossible.

Computers use the time in the form of a timestamp as the only reference they have to distinguish between two events. Whilst computers and networks will still function without adequate synchronisation they are extremely vulnerable. Not only is locating and correcting errors extremely difficult if machines are not synchronised the network will be vulnerable to malicious users and viral software that can take advantage of it.

Furthermore, failing to synchronise to UTC can cause problems if the network is to communicate with other networks that are synchronised. Any time sensitive transactions could fail and the system could be open to potential fraud or other legal implications as proving the time of a transaction could be near impossible.

NTP servers are easy to install and receive the UTC time signal from either long wave transmissions or the GPS satellite network which they then distribute amongst the network’s machines. As a dedicated NTP time server operates externally to the network firewall it does so without compromising security.

Differences in Time

We are all aware of the differences in time zones. Anybody that has travelled across the Atlantic or Pacific will feel the effects of jet lag caused by having to adjust our own internal body clocks. In some countries, such as the USA, several different time zones exist in the one country meaning there are several hours difference in time from the East Coast to the West.

This difference in time zones can cause confusion although for residents of countries that straddle more than one time zone they soon adapt to the situation. However, there are more timescales and differences in time than just time zones.

Different time standards have been developed for decades to cope with time zone differences and to allow for a single time standard that the whole world can synchronize too. Unfortunately since the first time standards were developed such as British Railway Time and Greenwich Mean Time, other standards have had to be developed to cope with different applications.

One of the problem of developing a time standard is choosing what to base it on. Traditionally, all systems of time have been developed on the rotation of the Earth (24 hours). However, following the development of atomic clocks, it was soon discovered that no two days are exactly the same length and quite often they can fall short of the expected 24 hours.

New time standards where then developed based on Atomic clocks as they proved to be far more reliable and accurate than using the Earth’s rotation as a starting point. Here is a list of some of the most common time standards in use. They are divided into two types, those that are based on Earth’s rotation and those that are based on atomic clocks:

Time standards based on Earth’s rotation
True solar time is based on the solar day – is the period between one solar noon and the next.

Sidereal time is based on the stars. A sidereal day is the time it takes Earth to make one revolution with respect to the stars (not the sun).

Greenwich Mean Time (GMT) based upon when the sun is highest (noon) above the prime meridian (often called the Greenwich meridian). GMT used to be an international time standard before the advent of precise atomic clocks.

Time standards based on atomic clocks

International Atomic Time (TAI) is the international time standard from which the time standards below, including UTC, are calculated. TAI is based on a constellation of atomic clocks from all over the world.

GPS Time Also based on TAI, GPS time is the time told by atomic clocks aboard GPS satellites. Originally the same as UTC, GPS time is currently 17 seconds (precisely) behind as 17 leap seconds have been added to UTC since the satellites were launched.
Coordinated Universal Time (UTC) is based on both atomic time and GMT. Additional Leap seconds are added to UTC to counter the imprecision of Earth’s rotation but the time is derived from TAI making it as accurate.

UTC is the true commercial timescale. Computer systems all over the world synchronize to UTC using NTP time servers. These dedicated devices receive the time from an atomic clock (either by GPS or specialist radio transmissions from organisations like NIST or NPL).

Does my Computer Network Need to be Synchronized to an Atomic Clock?

Time synchronization with network time protocol servers (NTP servers) is now a common consideration for network administrators, although, keeping exact time as told by an atomic clock on a computer network is often seen as unnecessary by some administrators

So what are the advantages of synchronizing to an atomic clock and is it necessary for your computer network?  Well the advantages of having accurate time synchronization are manifold but it is the disadvantages of not having it that are most important.

UTC time (Coordinated Universal Time) is a global timescale that is kept accurate by a constellation of atomic clocks from all over the world. It is UTC time that NTP time servers normally synchronize too. Not just that it provides a very accurate time reference to for computer networks to synchronize too but also it is used by millions of such networks across the globe therefore synchronizing to UTC is equivalent to synchronizing a computer network to every other network on the globe.

For security reasons it is imperative that all computer networks are synchronized to a stable time source. This doesn’t have to be UTC any single time source will do unless the network conducts time sensitive transactions with other networks then UTC becomes crucial otherwise errors may occur and these can vary from emails arriving before they were despatched to loss of data.  However, as UTC is governed by atomic clocks it makes it a highly accurate and auditable source of time.

Some network administrators take the shortcut of using an internet time server as a source of UTC time, forgoing the need for a dedicated NTP device. However, there are security risks in doing such a thing. Firstly, the inbuilt security mechanism used by NTP, called authentication, which confirms a time source is where and who it claims it is, is unavailable across the internet. Secondly, internet time servers are outside the firewall which means a UDP port needs to be left open to allow the time signal traffic. This can be manipulated by malicious users or viral programs.

A dedicated NTP time server is external to the network and receives the UTC atomic clock time from with either the GPS satellite system (global positioning system) or specialist radio transmissions broadcast by national physics laboratories.