S100 User Guide Rev. D June | Symmetricom specification

selecting these sources. Note that, while NTP detects and rejects loops involving neighboring servers, it does not detect loops involving intervening servers.

It is strongly advised, and in practice for most primary servers today, to employ the authentication or access-control features of the NTP specification in order to protect against hostile intruders and possible destabilization of the time service. Using this or similar strategies, the remaining hosts in the same administrative domain can be synchronized to the three (or more) selected time servers. Assuming these servers are synchronized directly to stratum-1 sources and operate normally as stratum-2, the next level away from the primary source of synchronization, for instance various campus file servers, will operate at stratum 3 and dependent workstations at stratum 4. Engineered correctly, such a subnet will survive all but the most exotic failures or even hostile penetrations of the various, distributed timekeeping resources.

When planning your network, keep in mind a few generic don'ts, in particular:

•Don't synchronize a local time server to another peer at the same stratum, unless the latter is receiving time from lower stratum sources the former doesn't talk to directly. This minimizes the occurrence of common points of failure, but does not eliminate them in cases where the usual chain of associations to the primary sources of synchronization are disrupted due to failures.

•Don't configure peer associations with higher stratum servers. Let the higher strata configure lower stratum servers, but not the reverse. This greatly simplifies configuration file maintenance, since there is usually much greater configuration churn in the high stratum clients such as personal workstations.

•Don't synchronize more than one time server in a particular administrative domain to the same time server outside that domain. Such a practice invites common points of failure, as well as raises the possibility of massive abuse, should the configuration file be automatically distributed do a large number of clients.

The following diagrams depict typical NTP configurations from large to small networks. Use these as a guide when creating your own.

S100 User Guide – Rev. D – June 2005

99

Image 107

Symmetricom manual S100 User Guide Rev. D June

Contents

S100 User Guide S100 User Guide Rev. D June Table of Contents Chapter Web-Based Interface TCP/IP Chapter Operations & Time-Protocols Appendix a S100 Specifications 119 Appendix C Appendix E Antenna Replacement 141 Index 143 Chapter How to Go here for the answerIntroduction and Overview Term Definition Conventions Used Global Positioning System GPS Product DetailsTime Standards Stratum Level Significance Stratum LevelsTime Synchronization and Business Country Name of NMI Abbreviation How the S100 Solves the ProblemNational Measurement Institutes Special Safety Instructions Sources of Time S100 TechnologyOverview S100 Product Overview Web-based Access How the S100 Works Time Distribution Model S100 and Client Software S100 and NTP v4’s Security FeaturesS100 and Time Distribution S100 and the Global Positioning System SyncServer S100 For the S100-Dial-up/ACTS For the S100-GPS Installation and ConfigurationGetting Up and Running Unpacking Your S100 For the S100-Dial-up/ACTS For the S100-GPS N c S e rv e r Your CD-ROM PuTTY Folder Details Using the Software PSFTP.EXE PUTTYGEN.EXE Rack Mounting Installing Your S100Primary Power Connection Important Safety Instructions Making All Connections An Overview On the S100 Front Panel Setting Up the Hardware Appendix E on On the S100 Rear Panel Outdoors Installing the GPS AntennaChoosing an Antenna Location Establishing a Serial Connection Installing the GPS antennaConnecting the Rubidium Option 4Connecting the S100 5COM Port Properties Setting Up the IP Address 6Login and Command Line 9IPCONFIG and Ping Screen Testing Network Functionality Normal Turning Off Your S100 Logging On How to Acquire Time System Status Logged Administrator Log-In Next Step Configuration Wizard Choose Your Time Source Dial-up to NISTs Automated Computer Time Service Acts 17Configuring the S100 Time Source GPS Then click Next for the System Information dialog Test Results dialog System Tests Dialog Dialup Settings dialog Setup Complete dialog System Information dialog System Tests dialog Test Results dialog NTP 30System Information fields Click Test Now IRIG-B v.120,122,123 Configuring NTP Dialup Backup dialog 36System Testing options 37Test Results shown Installing SymmTime Using SymmTime SyncServer S100 To Synchronize SymmTime Next Use the Web-Based Interface SyncServer S100 Interface Screen Reference Web-Based Interface Logging Administrative Interface 2Administrative Interface Base Menu Admin Interface Base Menu 3Interface Admin Menu, expanded Administrative Menu Expanded System Status Timing Configuration NTP Relationships 5Configuring New Clients and Servers S100 User Guide Rev. D June NTP Dialup NTP Time Source Test NTP Status NTP Restart SyncServer S100 Advanced ntp.conf 10Viewing the NTP Configuration File 11Obtaining and Generating Keys Certificates Advanced Keys/Certificates Timing Engine Main Settings IRIG-A IRIG-B Timecode Settings Bit Position Meaning if bit value = GPS InformationGPS Health 15GPS Signal Strength GPS Signal Strength GPS Position GPS Time Engine Time Clock SettingsOther Information 20Control Settings Control Settings Model Information Networking S100 User Guide Rev. D June Ping Ifconfig Output Options Traceroute Shutdown/Reboot Administration Restart Web Interface Admin Users Time Zone System Log Configuration Snmp Edit Snmp Configuration 33Setting Alarm Parameters Alarms NTP Log Logs System Log Boot Log Http Log Config Log Search Ntpd Manual HelpSyncServer Help Ntpd Help 40Log Off screen Logging Off SyncServer S100 S100 Operations and Time Protocols Sysplex TimerHow the S100 Uses the Sysplex Timer Operations & Time-Protocols 41Time Information String Parameters Daytime Protocol RFC Time Protocol RFC NTP Data Format Simple Network Time Protocol RFCNetwork Time Protocol RFC Version Number VN Leap Indicator LIMode Stratum Poll Precision Synchronizing Distance Root Distance Version ModeStratum Poll Interval Authentication NTP NTP Authentication Public Domain NTP Package Typical NTP Configuration ConsiderationsAuthentication NTP v4 Autokey How NTP Defines the Authentication Process Clients Other NTP Considerations Basic NTP Configuration S100 User Guide Rev. D June SyncServer S100 S100 User Guide Rev. D June 43Large Net NTP Configuration 44Large Net NTP Configuration 45Small Net NTP Configuration Security Acts Interface Dial-upPeers Acts Operation Snmp Simple Network Management Protocol Version 106 S100 User Guide Rev. D June Parameter Command Line Flag Snmp.conf token An authenticated and encrypted request example 108 S100 User Guide Rev. D June What are the main differences between Sntp and NTP clients? Frequently Asked QuestionsQuestions How can we obtain NTP client software to use with the S100? How do I check versions of the software in the S100? How does the S100 handle Leap Second? Cable length and Type Antenna How do I know if the satellite signal strength is good? What security functions are provided with the S100? Does the S100 support NTP v4?Can the S100 utilize a certificate from an external CA? How is the interface to the S100 secured? How-to’s and Tips How to get time using GPS How to install NTP v4 on a Unix systemHow to install your S100 How to get time using dial-up How to change the root password How to install your GPS antennaHow to acquire and install SymmTime Use the quick How to guide S100 does not respond to NTP queries SolutionsHow to get information about NTP S100 does not respond to ping command My S100 won’t track satellites Possible cause of tracking problems How to fix 118 S100 User Guide Rev. D June Component Specifics Description S100 SpecificationsS100 Data Sheet Specifications Appendix a Pin Descriptions Appendix B Time Glossary Cdsa BCDCdma Certificate Request Content FilteringCertificate Authority CA Certificate Extension Dhcp DclsDES DTT DSASS/NTP DSS Http GMTGPS Html ITU IKEIrig MIB LANLdap MD5 NTP NistNOC Ntms PKI OSIPCI Pkcs Mime RSASHA-1 TCP/IP SnmpSSL SSL-LDAP TPC TftpTLS TMC UDP/IP TSATSP TSR WAN UTCVPN W3C 509 v3 Certificate Extension Emea Assistance Center Customer AssistanceAppendix D US Assistance Center Emeasupport@symmetricom.com Conforms to the Following European Union Directives Declaration of ConformityAppendix C Symmetricom, Inc Westwind Blvd Santa Rosa, Ca USA FCC Appendix E Antenna Replacement 142 S100 User Guide Rev. D June Numerics Index 144 S100 User Guide Rev. D June S100 User Guide Rev. D June 145 Denial of Service DES S100 User Guide Rev. D June 147 Https Irig a 150 S100 User Guide Rev. D June S100 User Guide Rev. D June 151 152 S100 User Guide Rev. D June S100 User Guide Rev. D June 153 154 S100 User Guide Rev. D June S100 User Guide Rev. D June 155 Vault Verification Version Virus VPN W3C Wait time WAN 509 v3 Certificate Extension Coordinate Year 158 S100 User Guide Rev. D June