[ntp:questions] General ntp architecture question

Danny Mayer mayer at ntp.org
Tue Aug 3 01:56:05 UTC 2010


On 8/2/2010 4:35 AM, konsu wrote:
> Hello list,
> 
> I work for an investment bank with 300 UNIX servers, around 3000
> workstation PCs and would like to ask some questions to more
> experience users.
> 
> a) Are there any banks relying on ntp pool project or should we
> consider having our own GPS clock ?
> b) What are the criteria to consider in deciding when ntp pool project
> is enough for our needs ?
> c) Should we decide to use ntp, for an organization of our size would
> 2 servers syncing to ntp pool project in DMZ and 2 servers inside to
> which all UNIX servers + Domain Controller will sync (PCs would sync
> to the Domain controller) suffice ?
> 

No bank, irrespective of the kind of bank should depend on the pool for
NTP servers. No only are they not tracable back to UTC, you may well
find that they are not providing reliable time. Your internal (and
external) systems need to reliably timestamp all transactions, whether
they are deposits, withdrawals, trading investments or whatever else. In
addition, even if you don't realise it you need to include all email
messages and messaging systems, documents originating from anywhere and
even IM sessions in the proper timestamping of information. Furthermore,
all servers, workstations, laptops, routers, switches, etc. within the
corporate environment should have NTP set up on them and sourced to a
reliable timesource. I'd set up 3 GPS servers in each major location of
the bank and point all of the systems to the stratum 1 systems hosting
those GPS Servers plus at least one offsite at another location. You
need to do this since any transaction can conceivably originate from any
of those systems and need to be traceable back to that system if
necessary. Additionally you should set up autokey and authenticate the
servers so you can ensure reliable sources.

In addition, since you didn't mention the country or countries that your
bank is headquartered in and does business in there may be additional
banking and financial regulations that the bank is required to follow
and you need to look at those requirements too.

Danny

> I thank you in anticipation
> Konrad



More information about the questions mailing list