[ntp:questions] Re: NTP client on Windows platform provides less accurate results then on the UNIX or Linux. Why?
malayter at gmail.com
Sun Apr 2 06:30:30 UTC 2006
On 4/1/06, Danny Mayer <mayer at ntp.isc.org> wrote:
> Why? There is very rarely a need to reboot a Windows machine. 99% of all
> hotfixes should not require a reboot. I probably reboot once every 3
> months. Only badly written installers require reboots.
I agree, but tell that to Microsoft and other Windows software vendors.
Many of the more recent MS application patches don't requrie reboots,
but it seems at least one of the patches every 2nd Tuesday of the month
does despite the fact that they don't patch the kernel, HAL, or any
other "critical" subsystem. All IE-related patches still require a
restart. And MS isn't the only offender; I recently had to bounce all
of my Windows servers for a Symantec patch.
If you're not applying the MS patches, well, that's your choice I
suppose. If it's a server running very few applications, and you're
sure no junior network admin will ever browse the web from it, there's
proabably no real reason for the majority of MS patches. But most
people who deal with network security believe in defense-in-depth,
which means not just relying on a perimeter firewall and permissions to
secure a machine.
> NTP will always perform worse in comparison with a
> > Linux box that is always on.
> Most people running NTP on Windows would disagree with you.
You're misunderstanding me. All I meant was that a machine that is
rebooted frequently will never run NTP as well as well as an NTP box
that is not restarted frequently, regardless of the platform.
> > If your hardware has any power-management features...
> That's almost unavoidable and is not just Windows.
CPU clock-throttling features are typically not enabled by default on
any OS *except* Windows and MacOS. Which is not a bad thing, as those
power-saving features are a definite bonus for just about every
application other than NTP.
> All systems have firewalls, routers, switches, etc. There's no real
> difference here.
Yes there is. Very few non-Windows boxes run AV/IPS software that
actively pattern-scans network connections as many of the popular
client security packages do. Many organizations do this scanning at the
gateway/firewall as well, which would affect all machines running any
OS. But the client-machine AV scanning of network connections (not just
file activity) is probably unique to Windows boxes (such as the client
Windows workstations the original poster described).
That said, I do have stable stratum-2 Windows servers running NTP that
see ~1ms average offsets after running for a few days. This is about
the same performance as my other stratum-2 NTP platforms. But overall,
the Windows machines get restarted more frequently, and therefore are
generally worse-performing as NTP servers.
Please note that I am most certainly not an anti-MSFT zealot. I manage
a shop with 20+ servers, and all but three run Windows 2003 SP1. It's
the best choice for a huge number of applications. And ntpd *can* run
servicably on it; I use the Meinberg distribution on many machines
myself. But I believe the original poster was talking about poor ntpd
performance on a bunch of Windows workstations. Who knows what sort of
activity those workstations see. At the very least, they need to reboot
for all of the IE-related patches. And aside from patches, those
workstations are probably restarted more frequently that servers,
whether they need it or not.
More information about the questions