[ntp:questions] Does NTPClient need to be enabled for clients
jorgesilva_pt at hotmail.com
Sat Feb 13 23:33:58 UTC 2010
Okay, I see that people are missing the point that I tried to explain. The
problem is the precedence! When you open a precedence you're (probably)
opening a "door" to problems (for those that work in medium/large systems,
they know what I mean). IMO DCs shouldn't go out to public, it doesn't
matter if is only because the PDCe needs to sync the Time with a reliable
external time source or the importance that the Time service has in a Active
Directory hierarchy. In medium, large systems that can be the argument to
open other things that might be considered low risk value in terms of
security and valuable in terms of internal functionality. What this means
is, is the time service important to Kerberos? Yes. Is Time sync important
to Active Directory? Absolutely. Will Active Directory stop working if the
PDCe doesn't sync its time with an external source? No way. Is it important
to have the correct and most accurate time inside your system? Of course,
you don't want to issue documents to your clients with the incorrect time.
Hum... What is more important: to have the most accurate time in your
internal/external systems or protect your DCs from external time sources?
THEY'RE BOTH IMPORTANT!!! :) - How to solve this? For those you who can
afford, create/expose a dedicated "Box" with one or more
external/internal/reliable Time server and sync your PDCe from there. Keep
in mind that in some companies, time is very, very, very important, and
their applications can't afford to have the %minutes skew that the Kerberos
has configured by default . So How do they solve this problem? They spend
huge amounts of money in boxes and Applications that are smart enough to
sync, compare, calculate and issue the exact/correct/time to their systems,
in some scenarios this can be done at the second :)
Conclusion of all threads:
- Is the best option to have the PDCe sync with external times sources?
-Is the Linksys a crappy router? Yes (just kidding, it's worse than that
-What Paul's router does? Mushroom cheese steak, cheese fries, and a vanilla
I hope that the information above helps you.
Have a Nice day.
MVP Directory Services
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
"Ace Fekay [MVP-DS, MCT]" <aceman at mvps.RemoveThisPart.org> wrote in message
news:edZ8Ot$qKHA.4752 at TK2MSFTNGP04.phx.gbl...
> "Richard B. Gilbert" <rgilbert88 at comcast.net> wrote in message
> news:b_ydnaulocUc6OjWnZ2dnUVZ_g-dnZ2d at giganews.com...
>> Rob wrote:
>>> Jonathan de Boyne Pollard <J.deBoynePollard-newsgroups at NTLWorld.COM>
>>>>> We use our one of our data centers internal default gateway (Router).
>>>>> Everything feeds off of that.
>>>>> It had best work well. It was $100K +.
>>>> So what benefit is that $100K extra stratum gaining you? It has to be
>>>> more than just splitting the UDP/IP path to the lower stratum servers
>>>> in twain. But it's not reliability, because if your router goes down
>>>> it still takes your NTP server with it. So what is it? Do you perhaps
>>> The big advantage of such a setup is that all your systems will agree
>>> on the same time. Locally you have short roundtrip time variations so
>>> the polls of the local NTP server have small jitter and are not affected
>>> by the loading of the internet link.
>>> It is usually more important that all systems have the same time, than
>>> that this time is very accurate.
>> If you can get all systems to agree on the time it's usually no more
>> difficult to get them to agree on the *correct* time! The rock solid
>> "beat" of a GPS is easy for most clocks to march to!
> Wait a sec, all systems *agree* on a time? It's not a political election
> process with time management in an AD infrastructure. The PDC Emulator in
> the forest root is the time source for a forest. There is no Klingon
> dissention to take over. :-) Just sync that guy, and if it is off,
> everything else will be. Nothing to agree or disagree on among machines.
More information about the questions