[ntp:questions] Enterprise NTP Architecture

Richard B. Gilbert rgilbert88 at comcast.net
Mon Sep 29 22:00:50 UTC 2008

david.hache.david at gmail.com wrote:
> Hi,
> I need to design a new NTP architecture for my company, medium-sized
> with about 2000 workstations and servers. We use ActiveDirectory 2003
> as the main directory for workstations but we also have VMWare, UNIX
> and LINUX servers. I was wondering what architecture would suit us
> best. We have 2 lines of firewalls and DMZs before the internet, and a
> corporate switched LAN with a few core routers.
> I was thinking of a distributed time topology with two peered NTP
> servers in DMZ (on different sites if possible), with ISP external
> sources, delivering time to two peered Cisco core routers inside the
> LAN. These routers would be the masters clocks for the internal
> network, composed of our ActiveDirectory DCs (with all the
> workstations pointing on them), the internal network equipments, and
> the internal servers (including the VMWare farm). The DMZ machines
> would point to the DMZ NTP servers.
> What is your opinion ? Is it a good idea to have the DCs sync to
> routers ? If no, what should I choose as the main time server for my
> internal network (a PDC server, a router, a simple server ?)
> Thank you for your answers!
> /David

Routers do not make the best clocks!  They are highly specialized 
devices with a great deal of work to do.

Do you have an old X86 server that's not quite good enough any longer?
NTP is not terribly demanding and an old server running Linux would make 
a very good time server.

You might consider using broadcast or multicast modes.

More information about the questions mailing list