Precision timing is critical for defense, commercial industries, and powering essential network operations. Safran offers network time servers and solutions for precise synchronization, security, compliance, and adherence to resilient timing best practices. Whenever accuracy, safety, security and reliability are critical, Safran leads the way.
A low SWaP, high performance GPSGlobal Positioning System is a navigation satellite system. See also master clock that delivers accurate, software configurable time and frequency signals. VersaSync is your solution for mobile mission rugged timing.
White Rabbit is a collaborative project including CERN (the European Organization for Nuclear Research), GSI Helmholtz Centre for Heavy Ion Research and other partners from universities and industry to develop a fully deterministic Ethernet-based network for general purpose data transfer and sub-nanosecond accuracy time transfer.
Synchronize one or more computer- or instrument chassis-based systems to a time code, providing accurate timing, time stamps for external events, time-based interrupts, and time reference & frequency signals to other devices.
What Makes Network Time Synchronization Secure, Reliable & Accurate
NTP Stratum Levels and Accuracy
What is NTP (network time protocol)?
While a variety of time services are available to use for network time synchronization, the most widely used and well established protocol is known as network time protocol or NTP. NTP is a UDP protocol for IP networks. The Internet Engineering Task Force has formalized the current standard of NTP (version 4) in RFC 5905. Simple network time protocol, SNTP, the latest standard formalized as RFC 4330, uses a less complex client implementation.
A time synchronization solution requires client software to read NTP packets generated by an NTP server and synchronize the local clock. The time server function is the same in either NTP or SNTP, the only difference is with the client software.
How do I configure NTP clients?
Client software for network time protocol is widely available for a variety of operating systems and is typically pre-installed in servers, workstations, firewalls and routers. Configuring an NTP or SNTP client is straightforward. Support can be found on this site and many others for configuring Windows time services such as W32time. Third-party software is available to improve the functionality of the NTP client application. We offer a suite of NTP software for Windows clients called PresenTense. PresenTense greatly improves the management and reliability of the time synchronization application through the use of real-time monitoring, extensive logging, email alerts, built-in redundancy, and higher accuracy.
Why not use an internet time server?
Internet-based time servers operated by universities and government organizations are available for public use. However, NTP requires an open port (UDP port 123) in the firewall for the NTP packets to get through. Open ports in the firewall are a security risk for you, as a network operator, and can affect the reliability and accuracy of public time servers as they are easily exploited in “Denial of Service” attacks even if inadvertent.
In May 2003, an internet time server operated by the University of Wisconsin, Madison was the recipient of a continuous large-scale flood of traffic resulting in greatly reduced availability of the server for many months. It was later determined that the source of the “attack” was based on a programming bug in the firmware of inexpensive routers for home and small business use.
Accuracy is another concern of internet time servers. The latest survey of the NTP time server network from MIT uncovered two problems: the number of bad time servers on the internet, as well as the unbalanced load. Only 28% of the time servers indicated as stratum 1, appeared to be useful.
Another concern effecting accuracy is the concern over spoofing. Spoofing is the act by a third party to create IP packets using someone else’s IP address. Don’t take the chance of using fake NTP packets for your network synchronization.
NTP vs. SNTP: What’s the Difference?
And Which One Do You Really Need?
NTP (Network Time Protocol) and SNTP (Simple Network Time Protocol) are similar TCP/IP protocols in that they use the same time packet from a time server message to compute accurate time. The procedure used by the Time Server to assemble and send out a time stamp is exactly the same whether NTP (i.e., full implementation NTP) is used, or SNTP is used.
The difference between NTP and SNTP is important in the time synchronization program running on the client side on each system.
The time synchronization program, whether it is a Windows built-in program like W32Time (which uses the SNTP protocol) or a third-party add-on, determines which protocol is being used — not the time server. The time server does not care. The difference between NTP and SNTP is in the error checking and the algorithm for the actual correction to the time itself.
The NTP algorithm is much more complicated than the SNTP algorithm. NTP normally uses multiple time servers to verify the time and then controls the slew rate of the system. The algorithm determines if the values are accurate using several methods, including fudge factors and identifying time servers that don’t agree with the other time servers. It then speeds up or slows down the system clock’s drift rate so that (1) the system’s time is always correct and (2) there won’t be any subsequent time jumps after the initial correction.
Unlike NTP, SNTP usually uses just one time server to calculate the time, then “jumps” the system time to the calculated time. It can, however, have back-up time servers in case one is not available. During each interval, it determines whether the time is off enough to make a correction and if it is, applies the correction.
Clear as Mud?
If this is not completely clear, consider an analogy of comparing and adjusting a wristwatch to a clock on the wall. The wristwatch is analogous to the “client” device (like a PC) and the clock on the wall is the time server. With SNTP, you always look at the clock at pre-determined intervals. Let’s say one per hour. (As an aside, the act at comparing time for computer synchronization is known as a “poll.”)
When you think it is 12:00:00 you look at (poll) the clock to see that it is 11:59:57. You are three seconds fast, so you set your watch back three seconds. You do not do anything else until 1:00:00. You look again at the clock to see that it is 12:59:57 – again, three seconds fast — and again you set your watch back three seconds. Every hour, you reset your watch 3 seconds to be in sync with the clock on the wall.
From an error perspective, you are most accurate immediately after the poll and you progressively get worse. The maximum error happens immediately before the poll, when a sudden adjustment occurs, such as when time goes from 12:59:57 to 12:59:58 to 12:59.59 to 1:00:00 to 12:59:57.
If a maximum error of three seconds and the discontinuity of the time scale bothers you, consider the NTP case. Here, you want to react knowing that your watch is gaining three seconds every hour, so you don’t have to change it so often.
Simply compensate for the drift by using your error vs. time measurements. You do not need to use the same measurement period all the time. All you need to know is the rate and direction of the change.
After you have a pretty good feel for the drift, you can program your watch to adjust in real time. You want to make very small adjustments, so that at any given time you are in sync with the clock on the wall, without even looking at it.
Of course, the drift rate may change over time, so you do want to continually poll the clock, and apply the best correction you can come up with. And with that you get a wristwatch that is seemingly never out of synchronization!
Which One Do You Need?
It all depends on your application, but in general, SNTP clients should only be used where time synchronization is not critical for your systems. For all other clients, and for systems that will also serve time to other systems, you should utilize full NTP implementations to include reference selection and clock steering algorithms to maintain accuracy through the full timing path.
Looking at the timeservers themselves, the selection of a time server that uses SNTP or NTP to serve time only should focus on whether that time server would ever synchronize to NTP as a primary or secondary reference — in which case, only full NTP should be used. To simplify things, SNTP should be used only at the start or end of the network timing path, and only at the end of the network timing path where time synchronization is not critical for your systems.
How a Time Server Supports Regulatory Compliance
The Sarbanes-Oxley Act
“SOX” requires top executives of public companies to personally certify the accuracy of financial reports. Section 404 requires an organization to assess internal control systems for accuracy. Typically you need to answer the following questions: who was in what system, what they did, why they were there, and how long they were there. The accuracy of log files and time stamps is important for the network control required to ensure compliance. Accurate time synchronization of the entire IT infrastructure supports SOX compliance.
The Health Insurance Portability and Accountability Act (HIPAA)
HIPAA legislation was a wide ranging act to improve various aspects of the health care industry. In addition to ensuring portability and continuity of health insurance coverage, rules and standards have been added to ensure privacy of patient records and specifically for the security of health information. A network access control is crucial to show compliance to HIPAA. Accurate time stamps are particularly called out in the regulation as a contributing factor for appropriate access controls. Time synchronization of the network of health care providers helps ensure compliance to the HIPAA regulations.
NASD’s Order Audit Trail System (OATS)
National Association of Securities Dealers (NASD) order audit trail system (OATS) requires those involved with financial exchanges to track trades to within 3 seconds of the international time standard known as UTC, including latencies.
Gramm-Leach-Bliley Act
In an attempt to reduce identity theft, this 1999 law protects the privacy of customers of financial institutions. It is crucial that financial organizations take reasonable steps to secure the privacy of customer records from the inside and outside the network. Similar to other regulations, time synchronization of the business systems is an enabler for securing records such as customer data.
Code of Federal Regulations (FDA)
The code of federal regulations includes Food and Drug Administration’s guidelines for the development, manufacture and sale of products that can affect the health and safety of the public. Specifically title 21, part 11 requires businesses in certain industries such as pharmaceutical manufacturing to employ procedures and controls to ensure the authenticity, integrity and confidentiality of electronic records. To satisfy this requirement, organizations must ensure that computer generated time stamps are accurate.
Payment Card Industry – Data Security Standards
PCI-DSS applies to all who store, process or transmit cardholder data. A requirement include data and time stamping with synchronized system clocks.
North American Electric Reliability Council (NERC)
The Federal Energy Regulatory Commission (FERC) has backed NERC’s requirements for all users, owners and oeprators of the bulk-power system including mandatory cyber security standards. NERC’s Control System Working Group lists inadequate or non-existant digital forensic and audit trails as a top 10 vulnerabilty of the power grid. Top mitigation requirements include time synchronization of system logs and sequence-of-event recorders as described in Security Guideline for the Electricity Sector: Time Stamping of Operational Data Logs. Along with the benefits of new network applications, controls are required to ensure the accuracy and security of data. A NetClock time synchronization solution directly supports the mission of the network administrator.
