12.3 Time Services

The information in this section can help you understand your time services options and set up time synchronization on your OES 2 servers:

12.3.1 Overview of Time Synchronization

All servers in an eDirectory tree must have their times synchronized to ensure that updates and changes to eDirectory objects occur in the proper order.

eDirectory gets its time from the server operating system (NetWare or Linux) of the OES 2 server where it is installed. It is, therefore, critical that every server in the tree has the same time.

Understanding Time Synchronization Modules

Because your OES eDirectory tree might contain servers running OES 2 Linux, OES 2 NetWare, or previous versions of NetWare, you must understand the differences in the time synchronization modules that each operating system uses and how these modules can interact with each other.

OES 2 Linux vs. OES 2 NetWare

As illustrated in Figure 12-1, OES 2 NetWare (NetWare 6.5) can use either the Network Time Protocol (NTP) or Timesync modules for time synchronization. Both modules can communicate with OES 2 Linux by using NTP. However, when installing virtualized NetWare, Timesync should always be used (see Section 6.12.3, Always Use Timesync Rather Than NTP).

OES 2 Linux must use the NTP daemon (xntpd).

Figure 12-1 Time Synchronization for Linux and NetWare

OES Linux uses an NTP time module. OES NetWare can use either an NTP or a TIMESYNC module.
OES 2 Servers Use the Network Time Protocol (NTP) to Communicate

Because OES 2 Linux and NetWare servers must communicate with each other for time synchronization, and because Linux uses only NTP for time synchronization, it follows that both Linux and NetWare must communicate time synchronization information by using NTP time packets.

However, this doesn’t limit your options on NetWare.

Figure 12-2 illustrates that OES 2 Linux and NetWare servers can freely interchange time synchronization information because OES 2 NetWare includes the following:

  • A TIMESYNC NLM™ that both consumes and provides NTP time packets in addition to Timesync packets.

  • An XNTPD NLM that can provide Timesync packets in addition to offering standard NTP functionality.

NOTE:Although NetWare includes two time synchronization modules, only one can be loaded at a time.

Figure 12-2 NTP Packet Compatibilities with All OES Time Synchronization Modules

All OES time synchronization modules can interact.
Compatibility with Earlier Versions of NetWare

Earlier versions of NetWare (version 4.2 through version 6.0) do not include an NTP time module. Their time synchronization options are, therefore, more limited.

NetWare 5.1 and 6.0 Servers

Figure 12-3 illustrates that although NetWare 5.1 and 6.0 do not include an NTP time module, they can consume and deliver NTP time packets.

Figure 12-3 NTP Compatibility of NetWare 5.1 and 6.0

The TIMESYNC NLM in NetWare 5.1 and 6.0 can consume and provide NTP time packets.

NetWare 5.0 and 4.2 Servers

Figure 12-4 illustrates that NetWare 4.2 and 5.0 servers can only consume and provide Timesync packets.

Figure 12-4 Synchronizing Time on NetWare 5.0 and 4.2 Servers

NetWare 5.0 can be a Timesync consumer and provider. NetWare 4.2 should only consume time, not provide it.

Therefore, if you have NetWare 4.2 or 5.0 servers in your eDirectory tree, and you want to install an OES 2 Linux server, you must have at least one NetWare 5.1 or later server to provide a “bridge” between NTP and Timesync time packets. Figure 12-5 illustrates that these earlier server versions can synchronize through an OES 2 NetWare server.

IMPORTANT:As shown in Figure 12-4, we recommend that NetWare 4.2 servers not be used as a time source.

OES 2 Servers as Time Providers

Figure 12-5 shows how OES 2 servers can function as time providers to other OES 2 servers and to NetWare servers, including NetWare 4.2 and later.

Figure 12-5 OES 2 Servers as Time Providers

OES 2 Servers as Time Consumers

Figure 12-6 shows the time sources that OES 2 servers can use for synchronizing server time.

IMPORTANT:Notice that NetWare 4.2 is not shown as a valid time source.

Figure 12-6 OES 2 servers as Time Consumers

12.3.2 Planning for Time Synchronization

Use the information in this section to understand the basics of time synchronization planning.

For more detailed planning information, refer to the following resources:

NetWork Size Determines the Level of Planning Required

The level of time synchronization planning required for your network is largely dictated by how many servers you have and where they are located, as explained in the following sections.

Time Synchronization for Trees with Fewer Than Thirty Servers

If your tree will have fewer than thirty servers, the default installation settings for time synchronization should be sufficient for all of the servers except the first server installed in the tree.

You should configure the first server in the tree to obtain time from one or more time sources that are external to the tree. (See Step 1 in Planning a Time Synchronization Hierarchy before Installing OES.)

All other servers (both Linux and NetWare) automatically point to the first server in the tree for their time synchronization needs.

Time Synchronization for Trees with More Than Thirty Servers

If your tree will have more than thirty servers, you need to plan and configure your servers with time synchronization roles that match your network architecture and time synchronization strategy. Example roles might include the following:

  • Servers that receive time from external time sources and send packets to other servers further down in the hierarchy

  • Servers that communicate with other servers in peer-to-peer relationships to ensure that they are synchronized

Basic planning steps are summarized in Planning a Time Synchronization Hierarchy before Installing OES.

Refer to the following sources for additional help in planning time server roles:

Time Synchronization across Geographical Boundaries

If the servers in the tree will reside at multiple geographic sites, you need to plan how to synchronize time for the entire network while minimizing network traffic. For more information, see Wide Area Configuration in the NW 6.5 SP8: NTP Administration Guide.

Choosing between Timesync and NTP (NetWare Only)

When you install an OES 2 NetWare server, you can choose between Timesync and NTP for time synchronization.

If you select the Timesync option, you can fully configure each server as you install it to match your time synchronization plan.

If you choose the XNTPD option, you can designate up to three NTP time sources, but fine-tuning your NTP hierarchy requires some manual configuration after the installation is complete. For help, consult the NW 6.5 SP8: NTP Administration Guide.

About Timesync

Timesync is the Novell legacy time synchronization protocol first delivered with NetWare 4. Over the years it has evolved and is now capable of both consuming and delivering NTP packets and Timesync packets.

Timesync is installed and configured by default to ensure the smooth integration of earlier versions of NetWare.

IMPORTANT:For virtualized NetWare servers, you should always use Timesync and configure it to communicate using NTP as instructed in Creating a Response File and Setting the Server Time Zone and Time Synchronization Method in the NW65 SP8: Installation Guide.

About NTP

NTP is the emerging choice for many network administrators because:

  • They feel it is easier to manage a single time synchronization protocol.

    For example, the same basic configuration file (ntp.conf) can be used on both Linux and NetWare.

  • NTP is a cross-platform industry standard available on multiple platforms.

  • The XNTPD NLM that runs on OES 2 NetWare provides Timesync packets for NetWare servers that can’t consume NTP (NetWare 5.0 and 4.2), enabling them to coexist on an NTP time network.

Where to Specify Time Synchronization in the NetWare Install

The dialog box that lets you choose between Timesync and NTP is available as an advanced option in the Time Zone panel during the NetWare installation. Choosing between Timesync and NTP is documented in Setting the Server Time Zone and Time Synchronization Method in the NW65 SP8: Installation Guide.

Planning a Time Synchronization Hierarchy before Installing OES

The obvious goal for time synchronization is that all the network servers (and workstations, if desired) have the same time. This is best accomplished by planning a time synchronization hierarchy before installing the first OES 2 server, then configuring each server at install time so that you form a hierarchy similar to the one outlined in Figure 12-7.

Figure 12-7 A Basic Time Synchronization Hierarchy

Time synchronization is accomplished by configuring servers in a time synchronization hierarchy.

As you plan your hierarchy, do the following:

  1. Identify at least two authoritative external NTP time sources for the top positions in your hierarchy.

    • If your network already has an NTP server hierarchy in place, identify the IP address of an appropriate time server. This might be internal to your network, but it should be external to the eDirectory tree and it should ultimately obtain time from a public NTP server.

    • If your network doesn’t currently employ time synchronization, refer to the list of public NTP servers published on the ntp.org Web site and identify a time server you can use.

  2. Plan which servers will receive time from the external sources and plan to install these servers first.

  3. Map the position for each Linux server in your tree, including its time sources and the servers it will provide time for.

  4. Map the position for each NetWare server in your tree:

    1. Include the server’s time sources and the servers it will provide time for.

    2. Decide whether to use Timesync or NTP for your servers. (See Choosing between Timesync and NTP (NetWare Only).)

    3. If your network currently has only NetWare 4.2 or 5.0 servers, be sure to plan for their time synchronization needs by including at least one newer NetWare server in the tree and configuring the older servers to use the newer server as their time source. (See NetWare 5.0 and 4.2 Servers.)

  5. Be sure that each server in the hierarchy is configured to receive time from at least two sources.

  6. (Conditional) If your network spans geographic locations, plan the connections for time-related traffic on the network and especially across WANs.

    For more information, see Wide Area Configuration in the NW 6.5 SP8: NTP Administration Guide.

For more planning information, see the following documentation:

12.3.3 Coexistence and Migration of Time Synchronization Services

The time synchronization modules in OES have been designed to ensure that new OES 2 servers, running on either NetWare or Linux, can be introduced into an existing network environment without disrupting any of the products and services that are in place.

Both the Linux and NetWare installs automate the time synchronization process where possible, as explained in Section 12.3.4, Implementing Time Synchronization.

This section discusses the issues involved in the coexistence and migration of time synchronization in OES in the following sections:

Coexistence

This section provides information regarding the coexistence of the OES time synchronization modules with existing NetWare or Linux networks, and with previous versions of the TIMESYNC NLM. This information can help you confidently install new OES 2 servers into your current network.

Compatibility

The following table summarizes the compatibility of OES time synchronization modules with other time synchronization modules and eDirectory. These compatibilities are illustrated in Figure 12-5 and Figure 12-6.

Table 12-3 Time Synchronization Compatibility

Module

Compatibility

TIMESYNC NLM (NetWare)

Can consume time from

  • All previous versions of Timesync. However, the NetWare 4.2 TIMESYNC NLM should not be used as a time source.

  • Any TIMESYNC or NTP daemon.

Can provide time to

  • All previous versions of Timesync.

  • Any TIMESYNC or NTP daemon.

XNTPD NLM (NetWare)

Can consume time from

  • Any NTP daemon.

Can provide time to

  • All previous versions of Timesync.

  • Any NTP daemon.

xntpd daemon (SLES 10)

Can consume time from

  • Any NTP daemon.

Can provide time to

  • Any NTP daemon.

eDirectory

eDirectory gets its time synchronization information from the host OS (Linux or NetWare), not from the time synchronization modules.
Coexistence Issues

If you have NetWare servers earlier than version 5.1, you need to install at least one later version NetWare server to bridge between the TIMESYNC NLM on the earlier server and any OES 2 Linux servers you have on your network. This is because the earlier versions of Timesync can’t consume or provide NTP time packets and the xntpd daemon on Linux can’t provide or consume Timesync packets.

Fortunately, the TIMESYNC NLM in NetWare 5.1 and later can both consume and provide Timesync packets. And the XNTPD NLM can provide Timesync packets when required.

This is explained in Compatibility with Earlier Versions of NetWare.

Migration

Your migration path depends on the platform you are migrating data to.

12.3.4 Implementing Time Synchronization

As you plan to implement your time synchronization hierarchy, you should know how the OES 2 NetWare and OES 2 Linux product installations configure time synchronization on the network. Both installs look at whether you are creating a new tree or installing into an existing tree.

New Tree

By default, both the OES 2 Linux and the OES 2 NetWare installs configure the first server in the tree to use its internal (BIOS) clock as the authoritative time source for the tree.

Because BIOS clocks can fail over time, you should always specify an external, reliable NTP time source for the first server in a tree. For help finding a reliable NTP time source, see the NTP Server Lists on the Web.

OES 2 Linux

When you configure your eDirectory installation, the OES 2 Linux install prompts you for the IP address or DNS name of an NTP v3-compatible time server.

If you are installing the first server in a new eDirectory tree, you have two choices:

  • You can enter the IP address or DNS name of an authoritative NTP time source (recommended).

  • You can leave the field displaying Local Time, so the server is configured to use its BIOS clock as the authoritative time source.

    IMPORTANT:We do not recommend this second option because BIOS clocks can fail over time, causing serious problems for eDirectory.

OES 2 NetWare

By default, the NetWare install automatically configures the TIMESYNC NLM to use the server’s BIOS clock. As indicated earlier, this default behavior is not recommended for production networks. You should, therefore, manually configure time synchronization (either Timesync or NTP) while installing each NetWare server.

Manual time synchronization configuration is accessed at install time from the Time Zone dialog box by clicking the Advanced button as outlined in Choosing between Timesync and NTP (NetWare Only) and as fully explained in Setting the Server Time Zone and Time Synchronization Method in the NW65 SP8: Installation Guide.

Existing Tree

When a server joins an existing eDirectory tree, both OES installations do approximately the same thing.

OES 2 Linux

If you are installing into an existing tree, the OES 2 Linux install proposes to use the IP address of the eDirectory server (either NetWare or Linux) as the NTP time source. This default should be sufficient unless one of the following is true:

  • The server referenced is a NetWare 5.0 or earlier server, in which case you need to identify and specify the address of another server in the tree that is running either a later version of NetWare or OES 2 Linux.

  • You will have more than 30 servers in your tree, in which case you need to configure the server to fit in to your planned time synchronization hierarchy. For more information, see Planning a Time Synchronization Hierarchy before Installing OES.

The OES 2 Linux install activates the xntp daemon and configures it to synchronize server time with the specified NTP time source. After the install finishes, you can configure the daemon to work with additional time sources to ensure fault tolerance. For more information, see Changing Time Synchronization Settings on a SLES 10 Server.

OES 2 NetWare

If you are installing into an existing tree, the OES 2 NetWare install first checks to see whether you manually configured either NTP or Timesync time synchronization sources while setting the server Time Zone (see Setting the Server Time Zone and Time Synchronization Method in the NW65 SP8: Installation Guide).

If you will have more than 30 servers in your tree, you should have developed a time synchronization plan (see Planning a Time Synchronization Hierarchy before Installing OES) and used the Time Zone panel to configure your server according to the plan.

If you haven’t manually configured time synchronization sources for the server (for example, if your tree has fewer than 30 servers), the install automatically configures the Timesync NLM to point to the IP address of the server with a master replica of the tree’s [ROOT] partition.

12.3.5 Configuring and Administering Time Synchronization

As your network changes, you will probably need to adjust the time synchronization settings on your servers.

Changing Time Synchronization Settings on a SLES 10 Server

This method works both in the GUI and at the command prompt and is the most reliable method for ensuring a successful NTP implementation.

  1. Launch YaST on your SLES 10 server by either navigating to the application on the desktop or typing yast at the command prompt.

  2. Click Network Services > NTP Client.

  3. In the NTP Client Configuration dialog box, click Complex Configuration.

  4. Modify the NTP time settings as your needs require.

Changing Time Synchronization Settings on a NetWare Server

Time synchronization settings and their modification possibilities are documented in the following administration guides:

12.3.6 Daylight Saving Time

For information about daylight saving time (DST), see the DST Master TID on the Novell Support site