[c-nsp] NTP Servers

PC paul4004 at gmail.com
Sun Jul 1 19:03:13 UTC 2012


Many folks have more than just windows desktop PCs syncing their time.

If your application requires sub-5 second accuracy, (such as end of a
banking day), then Windows NTP is unsuitable for the purpose.

If your only objective is to sync the times on a bunch of user laptops so
they can get Kerbeos tickets within the 5 minute tolerance, it works fine.

For me, even a few seconds apart can be frustrating for comparing log files
between busy devices.

Your reason would be whether or not you fall inside or outside the
Microsoft guidelines below:

>From Microsoft:

http://support.microsoft.com/kb/939322

We do not guarantee and we do not support the accuracy of the W32Time
service between nodes on a network. The W32Time service is not a
full-featured NTP solution that meets time-sensitive application needs. The
W32Time service is primarily designed to do the following:

   - Make the Kerberos version 5 authentication protocol work.
   - Provide loose sync time for client computers.

The W32Time service cannot reliably maintain sync time to the range of 1 to
2 seconds. Such tolerances are outside the design specification of the
W32Time service.


On Sat, Jun 30, 2012 at 5:23 PM, Jimmy Hess <mysidia at gmail.com> wrote:

> On 6/30/12, Grant Ridder <shortdudey123 at gmail.com> wrote:
> > I don't understand why anyone would use windows server for anything that
> > needed precision like time.
>
> Probably because they realize that in a Windows domain, their domain
> controllers already provide a SNTP service with the Windows NT PDC
> Emulator providing authoritative time for windows time service, and
> all those windows servers can be enabled as a NTP server with a small
> configuration change,  and   Windows Domain  clients are required  to
> be synchronized with this  using the Windows time service,  as a
> condition for Kerberos authentication and domain logon,  for the
> configuration to be a supported one.
>
> So, given you already have those capabilities and those constraints...
>   how do you justify deploying another server for providing a separate
> time service,  running a new OS,  instead of just using the same one
> for all hosts?
>
> In many cases  it's not  "Why use a windows time server"  that has to
> be justified;
> the burden of proof is to answer the question  "What can you say that
> indicates you should definitely not use a windows time server for the
> application?"   :)
>
> --
> -JH
>
>



More information about the NANOG mailing list