Home

The Hidden Cost of Free Time

If you are reading this then you are probably aware of the importance time plays in IT systems and computer networks. Most computer administrators appreciate that precise time and accurate synchronisation are an important aspect of keeping a computer network error free and secure.

And yet, despite its importance many network administrators still rely on the Internet as a source of UTC time for their networks (UTC – Coordinated Universal Time), primarily because they see it as a quick and more importantly a free method of time synchronisation.

However, the drawbacks in using these free services may cost a lot more than the money saved on a dedicated NTP time server.

NTP (Network Time Protocol) is now present on nearly all computers and it is NTP that is used to synchronise computer systems. However, if an Internet time source is used then the source is outside the network firewall and this creates a serious vulnerability. Any external time source will require a port to be left open in the firewall to allow the time information packets through and this opening is too easy a way to exploit a network which can become victim to a DDOS attack (Distributed Denial of Service) or even allow malicious programmes through to take control of the machines themselves.

Another problem is the availability of stratum 1 time sources across the internet. Most online time sources come from stratum 2 time servers. These are devices that receive the time from a time server (stratum 1) that originally gets the information from an atomic clock (stratum 0).  While stratum 2 devices can be just as accurate as stratum 1 time servers, across the internet without NTP authentication the actual accuracy can not be guaranteed.

Furthermore, internet time sources have never been considered accurate or precise with surveys showing over half being inaccurate by over a second and the rest dependent on the distance from client as to whether they can provide any useful accuracy. Even organisations such as NIST publish  advisory notices on their time server pages about it unable to guarantee security or accuracy and yet millions of networks are still receiving time from across the internet.

With the decline in cost of dedicated radio referenced NTP time servers or GPS NTP server there has never been a better time to get one. And when you consider the cost of a computer breach or crashed network the NTP server will have paid for itself many times over.

Common Network Time Synchronisation (NTP) Server Errors (Part 2)

Radio signal goes dead for several hours

The long wave transmissions such as MSF (NPL) or WWVB (NIST) are broadcast from large antennas that often need maintenance. This often requires a shut down of the broadcast while it is being done. These outages are normally posted with at least three months notice on the websites of the signals controllers (and can be automatically emailed if you register) to give prior notice.

These outages only tend to last a few hours leaving your computer network reliant on the electronic system clocks but it is doubtful there will be too much drift in that time (and any drift will be accounted for once the signal is back on. If these outages could be a potential problem than a simple solution is to invest in a dual system that will receive both GPS time server and radio signals ensuring a continuous time signal.

No time signal coming in despite the time server being powered up

This is most often caused by either lack of power going to the antenna or failing to connect to site the antenna where it can have a clear view of the sky. GPS antennas may have battery or power connections so it is always worth checking before switching the device on. Ensuring the antenna can ‘view’ the satellites when using GPS time servers is also important, remembering that windows and skylights may prevent signals getting through.

When using radio time reference such as MSF, DCF or WWVB the NTP server antennas can receive the long wave signal indoors but they are vulnerable to topography and local interference. If there is no signal or only a weak signal then try moving the antenna around until the signal strength increases enough.

Often users of these time and frequency signals find that the signal is weak throughout the day but is boosted at night. This is because the signals are ground state but have a residual skywave which can bounce of the ionosphere during the coolness of the night (ionospheric propagation).

Some users of these signals may find that despite being well within range the local topography can prevent a strong enough signal from getting through.

Common Network Time Synchronisation (NTP) Server Errors (Part 1)

NTP servers are the easiest, most accurate and secure method of receiving a UTC time source (Coordinated Universal Time). Most dedicated NTP time servers will run in the background automatically synchronising the devices on a network completely automatically.

However, there are some common problems that occasionally occur in using a network time server but fortunately most can be solved relatively easily.

Losing A GPS time signal

GPS is one of the most efficient sources of UTC time. The GPS signal is available literally anywhere on the planet where there is a clear view of the sky. At any one time there are at least three satellites within range of any location and unlike radio referenced transmissions there are no maintenance outages so the signal is always uninterrupted.

However, some people find that they keep losing their GPS signal when using a GPS NTP time server. Very rarely this can be caused by extra terrestrial occurrences (solar flares – not little green men), however more commonly signal loss occurs when there has been insufficient time give for the initial acquisition lock.

To ensure a continuous signal make sure you follow manufacturer’s recommendation for obtaining acquisition. This usually means leaving the GPS time server to get a good lock for at least 24 hours (so all satellites have been in view). If not enough time is given to this then it is possible the GPS time server will lose a satellite and therefore timing information.

One second delay in a radio clock compared to internet or GPS

This is a very frequent occurrence when using a radio time server using signals such as the MSF transmission broadcast by the UK’s National Physical Laboratory. This occurs normally after the insertion of a Leap Second. Leap seconds are introduced once or twice a year to compensate for the slowing of the Earth’s rotation and to keep UTC in line with the Greenwich Meridian.
While NTP will automatically account for leap seconds with signals like the MSF it can often take some time as there is no Leap Second announcement. This announcement normally allows NTP to prepare for the leap second (which normally occurs in the last second of the last day in June or December). As signals such as MSF do not announce the upcoming leap second it can take some time for it to be accounted for. In some cases it can take a few days in others minutes. A simple solution is to manually announce the leap second.

However, if this is not done, NTP will eventually discover the leap second and adjust the network clocks.

Contiued……

Network Time Server Dual Signals

A network time server (commonly referred to as the NTP time server after the protocol used in synchronisation – Network Time Protocol) is a device that receives a single time signal and distributes it to all devices on a network.

Network time servers are preferred as a synchronisation tool rather than the much simpler internet time servers because they are far more secure. Using the internet as a basis for time information would mean using a source outside the firewall which could allow malicious users to take advantage.

Network time servers on the other hand work inside the firewall by receiving source of UTC time (Coordinated Universal Time) from either the GPS network or specialist radio transmissions broadcast from national physics laboratories.

Both of these signals are incredibly accurate and secure with both methods providing millisecond accuracy to UTC. However, there are downsides to both systems. The radio signals broadcast by nation time and frequency laboratories are susceptible to interference and locality, while the GPS signal, although available literally everywhere on the globe can occasional be lost too (often due to bad weather interfering with the line-of-sight GPS signals.

For computer networks where high levels of accuracy are imperative, dual systems are often incorporated. These network time servers receive the time signal from both the GPS network and the radio transmissions and select an average for even more accuracy.  However, the real advantage of using a dual system is that if one signal fails, for what ever the reason, the network will not have to rely on the inaccurate system clocks as the other method of receiving UTC time should still be operational.

Atomic Clocks and the GPS Time Server

Atomic clocks have been around since the 1950’s when NPL (National Physical Laboratory) in the UK developed the first reliable caesium based clock. Before atomic clocks, electronic clocks were the most accurate method of keeping track of time but while an electrical clock may lose a second in every week or so, a modern atomic clock will not lose a single second in hundreds of millions of years.

Atomic clocks are not just used to keep track of time. The atomic clock is an integral part of the GPS system (Global Positioning System) as each GPs satellite has its own onboard atomic clock that generates a time signal that is picked up by GPS receivers who can calculate their position by using the precise signal from three or more satellites.

Atomic clocks need to be used as the signal s from the satellites travel at the speed of light and as light travels nearly 300,000 km each second any slight inaccuracy could put navigation out by miles.

A GPS time server is a network time server that uses the time signal from the GPS network’s satellites to synchronise the time on computer networks. A GPS time server often uses NTP (Network Time Protocol) as a method of distributing time which is why these devices are often referred to as NTP GPS time servers.

Computer networks that are synchronised using a dedicated time server are normally synchronised to UTC (Coordinated Universal Time) and while the GPS signal is not UTC, GPS time, like UTC, is based on International Atomic Time (TAI) and is easily converted by NTP.

Step by Step Installing A Dedicated NTP Time Server

A time server is a crucial piece of kit for any network. Time synchronisation is imperative in keeping a network secure and reliable. Time synchronisation, however, need not be the headache many administrators assume it is going to be.

Most of the difficulties of time synchronisation have been taken care of thanks to the protocol NTP (Network Time Protocol). Whilst NTP is not the only time synchronisation software available it is by far the most widely used (due mainly to the fact that it has been around since the 1980’s and is sill being developed today).

NTP uses a single time source and distributes it from machine-to-machine checking each PC or device for drift then adjusting for it. NTP is normally installed on Windows and Linux systems (or at least a simplified version called SNTP) although it is freely downloadable from the NTP homepage. While NTP can quite easily receive any time source from the Internet this can cause major security issues no to mention a lack of accuracy that many online NTP servers suffer from.

The most accurate and secure method is to use an external network time server as these sit within the firewall. They are also receive a UTC (Coordinated Universal Time) reference direct from an atomic clock which makes them stratum 1 devices. Most internet time servers are stratum 2 servers. NTP uses strata to define how far away a server is from the source so an atomic clock is a stratum 0 device while a computer that receives time direct from a NTP server becomes a stratum 2 device and so on.

The only decision that really needs to be made when installing a dedicated NTP time server is which time reference is best. There are two main methods of receiving a secure, accurate and authenticated UTC time reference; the GPS network (Global Positioning System) or national physics laboratories long wave radio transmissions.

The latter system is not available in every country although the USA, UK and Germany have strong signals known as WWVB, MSF and DCF respectively. These can often be picked up outside the borders of these countries although the signals are vulnerable to interference, outages and local topography.

A GPS NTP server system is less vulnerable to these things and as long as there is a clear view of the sky (such as a rooftop or open window) the GPS time signal can be picked up anywhere on the globe.

Useful NTP server related resources

NTP homepage–  The home for the NTP Project who provides support and additional development resources for the Official Reference Implementation of NTP.

NTP Project support pages

THE NTP pool – list of public servers

NPL – The National Physical Laboratory in the UK who control the MSF radio signal.

The University of Delaware and David Mills’ information page, Professor Mills is the original inventor and developer of NTP

David Mills’ list of Public NTP Time Servers a list of public NTP servers

National Institute of Standards and Technology (NIST) who operate the USA’s WWVB radio signal

Europe’s largest supplier of NTP server related products.

Galleon UK – NTP server products for the UK

NTP Time Server .com  – one of the largest time and frequency suppliers in the United States

NTP – Wikipedia article on NTP

NTP server checker – free tool to ensure time server accuracy

The NTP Server and Accurate Time

Accurate time on a network is essential for all businesses and institutions. Without an accurately synchronised system a computer network can be vulnerable to all sorts of problems, from malicious hackers and other security threats to fraud and data loss.
Network Time Protocol is the key to keeping accurate time it is a software algorithm that has been constantly developed for over two decades. NTP takes a single time source that is received by the NTP server and distributes it across a network ensuring all machines in that network are running to exact same time.

Whilst NTP can maintain synchronisation of a network to within a few milliseconds it is only as good as the time source it receives. A dedicated NTP server will use a time signal from an external source and so keep the network secure as the firewall will not have to be disturbed.

The two preferred methods for most users of NTP servers is the GPS network (Global Positioning System) or specialist time and frequency transmissions put out be several national physics labs such as the UK’s NPL.

These time signals are UTC (Coordinated Universal Time) which is the world’s civil timescale. An NTP server receiving time source from either a frequency transmission or the GPS network can realistically provide accuracy to within a few milliseconds of UTC

Network time servers are preferred as a synchronisation tool rather than the much simpler internet time servers because they are far more secure. Using the internet as a basis for time information would mean using a source outside the firewall which could allow malicious users to take advantage.

Network time servers on the other hand work inside the firewall, both of these type of signals are incredibly accurate and secure with each method providing millisecond accuracy to UTC. However, there are downsides to both systems. The radio signals broadcast by nation time and frequency laboratories are susceptible to interference and locality, while the GPS signal, although available literally everywhere on the globe can occasional be lost too (often due to bad weather interfering with the line-of-sight GPS signals.

For computer networks where high levels of accuracy are imperative, dual systems are often incorporated. These dual network time servers receive the time signal from both the GPS network and the radio transmissions and select an average for even more accuracy.  However, the real advantage of using a dual system is that if one signal fails, for what ever the reason, the network will not have to rely on the inaccurate system clocks as the other method of receiving UTC time should still be operational.

Does My Business Need Accurate Time Synchronisation Five question (part 2)

Keeping accurate time on a network with a NTP time server is highly important here is the second part of the article that explains why.

Legal protection – Whether it is a payment dispute with a supplier or customer or even a case of fraud committed against your company only an accurate method of synchronisation will be accepted as a legal defence. An NTP time server is legally auditable and can be used as evidence in a court of law.

Company Credibility:
Being victim to any of these potential hazards can have devastating effects on your own business but also that of your suppliers and customers. Once word gets out too it will soon become common knowledge amongst your competitors, customers and suppliers as news travels quickly in the business world. Keeping credibility is a good enough reason in itself to ensure a computer network is adequately synchronised.

If you have answered yes to any of the above questions then it is time your company invested in a dedicated NTP time server to accurately synchronise you computer network to.  Dedicated time servers use the protocol NTP (Network Time Protocol) as a method of distributing a single time source around the internet. UTC (Coordinated Universal Time) is the preferred time standard that most networks are synchronised to.

An NTP time server can receive a secure and accurate UTC time signal from the GPS network or from long wave radio transmissions broadcast by several national physics laboratories.

Does My Business Need Accurate Time Synchronisation Five question (part 1)

Time synchronisation can be crucial for many computer networks. Correct synchronisation can protect a system from all sorts of security threats it will also ensure that the network is accurate and reliable but are dedicated NTP time server systems really necessary or can a network be run securely without a network time server?

Here are five questions to ask yourself to see if your network needs to be adequately synchronised.

1.  Does your network conduct time sensitive transactions across the internet?

If yes then accurate network time synchronisation is essential. Time is the only point of reference a computer has to identify two events so when it comes to a transaction across the internet such as sending an email, if it comes from an unsynchronised network, it may arrive before it was technically sent. This may lead to the email not being received as a computer cannot handle negative values when it comes to time.

2. Do you store valuable data?

Data loss is another ramification of not having a synchronised network. When a computer stores data it is stamped with the time. If that time is from an unsynchronised machine on a network then a computer may consider the data already saved or it may overwrite new data with older versions.

3. Is security important to your business and network?

Keeping a network secure is essential if you have any sensitive data on the machines. Malicious users have a myriad of ways of gaining access to computer networks and using the chaos caused by an unsynchronised network is one method they frequently take advantage of. Not having a synchronised network may mean it is impossible to identify if your network has been hacked into too as all records left on log files are time reliant too.