Black Box ET1000A, ET0010A, EncrypTight manual Network Clock Synchronization, IPv6 Address Support

Network Clock Synchronization

Network Clock Synchronization

CAUTION

Failure to synchronize the time of all EncrypTight components can result in a loss of packets or compromised security.

EncrypTight requires that the clocks on all the system’s components be synchronized. If the clocks are not synchronized, communications between the components can be delayed, which can prevent the system from working as planned.

For example, the keys on the PEPs all have an expiration time. The ETKMSs must generate new keys and policies prior to that expiration time in order to prevent a lapse in security or loss of network data. In addition, PEPs that implement the same policy require matching sets of keys for communications to occur. If one PEP’s keys expire before another PEP’s keys or if one PEP’s keys become active before another PEP’s keys, packets can be improperly dropped or passed in the clear.

It is essential that ETPM, ETKMS, and PEPs are synchronized to the same time source.

●Configure the workstation running EncrypTight to synchronize with a corporate time server within your network or with a public time server located somewhere on the Internet, or install a time service on the management station.

●External ETKMSs run on Linux servers that have Network Time Protocol (NTP) installed. Each of these ETKMSs can operate as an NTP server or an NTP client, or both. You can configure each ETKMS to synchronize with a timer server, or you can configure the ETPM, ETKMSs and PEPs to synchronize with one of the ETKMS servers.

●The PEPs include a Simple Network Time Protocol (SNTP) client, which can connect to an NTP server. The PEP SNTP client supports unicast client mode, in which the client sends a request to the designated NTP server and waits for a reply from the server.

You can check the current time of your PEPs in the ETEMS Appliance Manager. Refresh the status of the appliances and then view the Date/Time column (you may need to resize the columns).

NOTE

●After you enable SNTP on ETEP PEPs and push the configuration, the ETEP PEPs immediately synchronize with the NTP server.

●If you re-provision a PEP that has been out of service, it is recommended that you synchronize the appliance with an NTP server and reboot it before you attempt to use the PEP with either ETEMS or ETPM. For more information on using SNTP, see the configuration chapter for your PEP.

IPv6 Address Support

EncrypTight supports using both IPv4 and IPv6 addresses for the ETKMS and the management port of the ETEPs, as well as on the management workstation. The IPv6 standard was developed to provide a larger address space than the IPv4 standard and is intended to replace it as the IP addresses that are available with the older standard are exhausted. IPv6 addressing also provides other benefits, such as more efficient routing.