[ntp:questions] Enterprise NTP Architecture

david.hache.david at gmail.com david.hache.david at gmail.com
Mon Sep 29 21:20:40 UTC 2008


I need to design a new NTP architecture for my company, medium-sized
with about 2000 workstations and servers. We use ActiveDirectory 2003
as the main directory for workstations but we also have VMWare, UNIX
and LINUX servers. I was wondering what architecture would suit us
best. We have 2 lines of firewalls and DMZs before the internet, and a
corporate switched LAN with a few core routers.

I was thinking of a distributed time topology with two peered NTP
servers in DMZ (on different sites if possible), with ISP external
sources, delivering time to two peered Cisco core routers inside the
LAN. These routers would be the masters clocks for the internal
network, composed of our ActiveDirectory DCs (with all the
workstations pointing on them), the internal network equipments, and
the internal servers (including the VMWare farm). The DMZ machines
would point to the DMZ NTP servers.

What is your opinion ? Is it a good idea to have the DCs sync to
routers ? If no, what should I choose as the main time server for my
internal network (a PDC server, a router, a simple server ?)

Thank you for your answers!


More information about the questions mailing list