When it comes
to keeping time be accurate at it. This is much more relevant today with a
myriad of applications that we have deployed and will continue to deploy
like VoIP, Digital IDs, digital certificate authentication systems, SAN,
card readers, encryptors, etc.
The need for
synchronized time is critical for today's network environment. Irrespective
of whether you are a service provider for voice, wireless, Internet services
, and the like, or a customer who uses these services you do not want your
PBX, VPN servers, routers, voice/data networks (with alternate routing
enabled) or any other telecommunication or network elements and systems you
depend on, to lose synchronization even for a moment, as is some cases it
could mean dropped calls, lost connections and or data errors or loss of
productivity.
This can be
best illustrated with real life scenarios and examples which show us that
keeping accurate time is crucial and essential. We check various application
servers, system log files/reports, system metrics, and performance metrics
and use that data to assess activities, and then the timing has to be
accurate for co-relation. This includes for example, building access
control, time and attendance system, video surveillance systems, event
logging servers, voice recorders, IDS or IPS security-related activity,
bandwidth usage, as well as various logging, and AAA (authentication,
authorization, and accounting) functions. These logs are a compilation of
information from different network nodes (video surveillance systems, event
logging servers, etc.), it is essential that the time stamps be correct. It
would be chaotic if it is not, causing difficulty in ordering events and
troubleshooting the problems. Statistical data and various system metrics
with respect to time would be difficult to interpret and meaningless.
To understand
this better let us consider your ubiquitous LAN network switch or your
central network router. This device is a repository for centrally logged
configuration changes/events, system error messages, switch configuration
changes, switch interface up/down status, security alerts, environmental
conditions, and network overloads rely on network time synchronization for
accurate time stamps for the data to have meaning.
If you move to
the voice network domain, monitoring processes, such as the CDR (Call Detail
Records) and billing for a service provider, time also plays an important
and critical role. Costs are calculated using three parameters, rate per
minute (calculated per second), minimum cost and connection cost. CDR is a
database record unit used to create billing records. The cost statistics
i.e., Costing information (costs are based on time of call, destination
etc.) is very vital for billing. A CDR contains details such as the called
and calling parties, originating switch, terminating switch, call length,
and time of day. These records are passed to the billing platform.
CDR contains
the time stamp when the call was initiated, the call duration and time the
call was terminated. It is not just about plain billing but billing
integrity which relies on time accuracy of the CDR records. If time
synchronization of the network elements like the IP-PBX, VoIP gateway, IAD
(Integrated Access Device), multiplexer, multi-media gateway etc. is not
proper then the CDR accuracy will suffer and in turn the billing system will
suffer which of course will have serious consequences as many service
providers and carriers share network resources and facilities and subsequent
CDR information. All this would lead to wasted time, resources and
mediation. Imagine a consumer or customer getting inaccurate bills!
Looking forward
we see that service providers are providing new services like video
conferencing, unified messaging, multi-media service networks etc. and with
globalization the networks are merging. With Competitive pressures service
providers have to provide innovative and unique billings schemes and the
underlying cog for all this in the wheel is synchronization/accurate timing.
The fact is
�synchronization� is not tops in the �shopping check list� for IT when
establishing their network. But when problems strike the proper value of the
synchronization/accurate timing system come to the fore. Every network and
infrastructure operation right from managing, securing, planning, and
debugging a network etc revolves around determining the timing of events
that have occurred. So just keeping time becomes irrelevant, if you keep
time it better be accurate time.
For example our
IDS (Intrusion Detection Systems), IPS (Intrusion Prevention Systems) and
other network elements like routers, file servers, application servers, SAN
(Storage Area Networks) all rely on log file accuracy and integrity for
their metrics. Precise and accurate time synchronization is an integral part
of network forensics because it aids in the ability to investigate security
breaches, system exploits, tracing network intruder activity, and all that
forms a part of the evidence as much as log files and application time
stamps do. Even the humble access card reader doing duty at your office gate
if out of sync may fail to recognize your legitimate card. All because your
card and the reader use the current time to generate an entry code. In
accurate time means that the codes will no be accurate and the cards will
not work.
QoS deployment,
network diagnostic and monitoring systems deployment require all the
concerned network elements to be synchronized. If the various systems time
stamps are not accurate then how can we co-relate the logs and system events
sequentially and batch processes that have to proceed in a time based
sequence (if the network nodes do not keep time) how can they be completed?
A stitch in time saves nine others; simply put it is prudent to incorporate
time synchronization up front in system design � not when trouble occurs.
To provide this
synchronization we require a useful time reference that can supply the
Stratum 1 level frequency reference for the network elements and the
accurate time stamps for the Network time servers should always be
referenced to a reliable source of time. NTP uses Coordinated Universal Time
(UTC) which is the same worldwide. The GPS satellite system is the most
readily available source for UTC time in the world.
With
globalization our traffic would be traversing many networks and when
troubleshooting or investigating problems we need to refer to log files of
various systems and networks. By synchronizing our network to UTC we remove
one more source of interoperability problems between our network and others.
E-mail or Web access could perhaps endure downtime for some time but when
you add business related voice traffic to your network you cannot afford
downtime. A VoIP service problem has to be avoided, or prevented so that
business mission critical voice systems continue to function. In this case
VoIP traffic which may transit many networks consequently it would require
the correlation of log files from various networks to solve a problem.
NTP (Network
Time protocol) a time tested and proven time protocol is very useful in the
determination of accurate time, all we need to do is to complement NTP with
a simple and reliable UTC time source.
As we discuss
NTP we should also make a mention of the many public timeservers available
for you to connect to on the internet, and they provide NTP services free.
But let us also be aware of some of the limitations around its usage i.e.,
problems due to the reliability of the Internet connection, traffic and load
on the NTP server. But the most worrying aspect is the security issue when
the time source is located beyond your firewall. Now you would have to open
a port in the firewall so that NTP packets containing the time information
can come in i.e., someone could exploit this by sending a spurious NTP
packet affecting the timing services or even bring down your network or even
send a packet that uses the NTP program itself to take over the host. Thus a
dedicated time server like the Symmetricom NTS-200 will protect you from the
security risks inherent in obtaining Internet time. Also installing a time
server behind your firewall, risks from the outside are minimized and on the
plus side the timing accuracy on your network is maximized.
If we analyze
the world of finance revolving around Digital certificate authentication
systems here too we find that accurate timing is very important. Digital
certificate authentication systems are used by us to check certificates used
to authorize payments, to identity transactions. The certificates all have a
time bound validity period and need to be renewed. Inaccurate time keeping
introduces the risk of an expired certificate being accepted.
We need an
appliance that is rack mountable, easy to install, provide us with atomic
clock accuracy using its embedded GPS receiver, and synchronize our entire
network clients providing time that is accurate, reliable, and secure to the
network nodes. To keep accurate time in our network we need a network time
server preferably an appliance that will provide a highly convenient,
reliable and relatively inexpensive mode of synchronizing time on our
network. Also it should be doing it in a fast, accurate, reliable, and
secure manner.
We have
selected Symmetricom�s NTS-200 network time server to fulfill our earlier
mentioned aspirations (to keep all our network nodes timing accurate and in
sync). NTS-200 offers various management and user interface options namely
alphanumeric backlit LCD front panel display/keypad, the Web interface for
time, GPS, satellite, network status, control pages etc can be accessed,
Telnet access also allows full status and control of the
NTS-200.Additionally NTS-200 also supports FTP,SNMP, RS-232 access.
OPERATIONAL
TESTING
First we
identify the location so that we can mount the GPS antenna the objective is
to can get a clear view of the sky (that will enable the NTS200 to track a
number of satellites at any given time). Next, we mounted the antenna and
connect the antenna cable to the NTS-200. The NTS-200 can be rack mounted in
your 19� Data communication cabinet. An important caveat to be noted at this
stage is that if your system is to be deployed at more than 45 meters away
from the antenna you have to include a GPS antenna in-line amplifier in the
shopping list.
If you need to
go further say up to 457m then you would need a GPS antenna down/up
converter. Long runs also necessitate that you use good quality low-loss
cables. Let us now connect the NTS-200 via the 10/100 UTP Ethernet port to
the LAN. Using the front panel we programmed the network parameters like
DHCP status, IP address, subnet mask, default gateway, and remote control.
After a few minutes we find the NTS-200 is up and ready for use. It is
noteworthy that the for maximum security HTTP access, keypad control, Telnet
access, FTP access can be disabled to enhance the security of the unit.
We then pointed
all the NTP clients to the NTS-200.The NTS-200 now starts serving as an NTP
server reporting time on our network using the GPS as a synchronization
source. The NTS-200 now fulfills the role of an accurate network time
server, providing IP network time synchronization over the Ethernet via NTP.
The front panel display is very handy just like your car dashboard it shows
us the status e.g., booting, software loading, satellite searching,
satellite acquisition etc., all that is happening with your NTS-200.
We found that
the Web-based access option is a very useful feature for remote operation
and control. All in all we were impressed by the simplicity and ease of
installation/programming.
ROOM FOR
IMPROVEMENT
The NTS-200
does keep accurate time nevertheless we reckon that the unit should provide
standard support for SSH access; SSH secure copy, SFTP and HTTPS in addition
to the other network and security protocols already supported.
CONCLUSION
For those of us
who need to keep accurate time and keep the network elements synchronized
the NT-200 Network Time Server would serve our requirement very well. The
NTS-200 can be categorized as an appliance i.e., �program it once and forget
it� that is what we did. You just have to program it with a few parameters
plug it in to your network and the unit does the rest.
by
Biju Oommen
[
Return To The September 2004
Table Of Contents ]
|