Network Time Synchronization
Most people assume that computer clocks in servers, workstations and network devices are inherently accurate. This is incorrect. Most of these clocks are set by hand to within a minute or two of actual time and are rarely checked after that. Many of these clocks are maintained by a battery-backed, clock-calendar device that may drift as much as a second per day. Having any sort of meaningful time synchronization is impossible if such clocks are allowed to run on their own.
The Importance of Time Synchronization for Your Network
In modern computer networks time synchronization is critical because every aspect of managing, securing, planning, and debugging a network involves determining when events happen. Time also provides the only frame of reference between all devices on the network. Without synchronized time, accurately correlating log files between these devices is difficult, even impossible.
Following are just a few specific reasons:
* Tracking security breaches, network usage, or problems affecting a large number of components can be nearly impossible if timestamps in logs are inaccurate. Time is often the critical factor that allows an event on one network node to be mapped to a corresponding event on another.
* To reduce confusion in shared filesystems, it is important for the modification times to be consistent, regardless of what machine the filesystems are on.
* Billing services and similar applications must know the time accurately.
* Some financial services require highly accurate timekeeping by law.
* Sarbanes-Oxley and HIPAA Security Rules both require accurate timestamping.
One Way to Synchronize Time on Your Network
The Network Time Protocol (NTP) has long been the king of time-setting software. Some companies solve the problem of synchronizing their networks by using NTP to go out on the Internet to get time from a public Internet Time Server. But, this approach is prone to problems because:
* The source of time is beyond your firewall. This means there must be a "hole" left open in the firewall (UDP port 123) to allow packets containing the time information through.
* Time accuracy degrades when using an Internet Time Server because of asymmetrical latency (delays between when the time packets leave the time source and when they arrive at your network).
* External agencies (e.g. universities) who provide Public Domain Time Servers are not obliged to continue service or guarantee availability and accuracy.
A Better Way to Synchronize Time on Your Network
A dedicated network time server protects you from the security risks inherent in obtaining Internet time. By installing a time server within your firewall, risks from the outside are minimized and the timing accuracy on your network is maximized:
* Installing a network time server behind your firewall and insulating it from the Internet provides the best security.
* You avoid the extra work of reconfiguring firewalls and routers that may be required to allow the devices on your LAN access to a Public Time Server.
* Because of minimal latency, a network time server on your LAN can reliably keep all the servers, workstations and network devices synchronized to within 1/2 to 2 milliseconds of each other.