...
Figure 8.1 Infoblox Appliances as NTP Servers Drawio |
---|
border | true1 |
---|
viewerToolbar | true |
---|
fitWindow | falsebaseUrl | https://infoblox-docs.atlassian.net/wiki |
---|
diagramName | 8.1 |
---|
zoom | 1 |
---|
simpleViewer | false |
---|
widthpageId | 22250610 |
---|
custContentId | 8656126 |
---|
lbox | 1 |
---|
contentVer | 1 |
---|
revision | 1 |
---|
|
Anchor |
---|
| Authenticating NTP |
---|
| Authenticating NTP |
---|
|
Authenticating NTP To prevent intruders from interfering with the time services on your network, you can authenticate communications between a NIOS appliance and a public NTP server, and between a NIOS appliance and external NTP clients. NTP communications within the Grid go through an encrypted VPN tunnel, so you do not have to enable authentication between members in a Grid.
NTP uses symmetric key cryptography, where the server and the client use the same algorithm and key to calculate and verify a MAC (message authentication code). The MAC is a digital thumbprint of the message that the receiver uses to verify the authenticity of a message.
As shown in
Figure 8.2, the NTP client administrator must first obtain the secret key information from the administrator of the NTP server. The server and the client must have the same key ID and data. Therefore, when you configure the NIOS appliance as an NTP client and want to use authentication, you must obtain the key information from the administrator of the external NTP server and enter the information on the NIOS appliance. When you configure a NIOS appliance as an NTP server, you must create a key and send the key information to clients in a secure manner. A key consists of the following:
...
Figure 8.2 NTP Client Administrator Obtaining Secret Key from NTP Server Administrator Drawio |
---|
border | true1 |
---|
viewerToolbar | true |
---|
fitWindow | falsebaseUrl | https://infoblox-docs.atlassian.net/wiki |
---|
diagramName | 8.2 |
---|
simpleViewer | false |
---|
width | zoom | 1 |
---|
pageId | 22250610 |
---|
custContentId | 7345632 |
---|
lbox | 1 |
---|
contentVer | 1 |
---|
revision | 1 |
---|
|
Anchor |
---|
| NIOS Appliances as NTP Clients |
---|
| NIOS Appliances as NTP Clients |
---|
|
NIOS Appliances as NTP Clients
...
When you enable a NIOS appliance to function as an NTP client, you must specify at least one NTP server with which the appliance can synchronize its clock. Infoblox recommends that you specify multiple NTP servers that synchronize their time with different reference clocks and that have different network paths. This increases stability and reduces risk in case a server fails. For a list of public NTP servers, you can access www.ntp.org.
When you specify multiple NTP servers, the NTP daemon on the appliance determines the best source of time by calculating round-trip time, network delay, and other factors that affect the accuracy of the time. NTP periodically polls the servers and adjusts the time on the appliance until it matches the best source of time. If the difference between the appliance and the server is less than five minutes, the appliance adjusts the time gradually until the clock time matches the NTP server. If the difference in time is more than five minutes, the appliance immediately synchronizes its time to match that of the NTP server.
To secure communications between a NIOS appliance and an NTP server, you can authenticate communications between the appliance and the NTP server. When you configure authentication, you must obtain the key information from the administrator of the NTP server and enter the key on the appliance. For information, see Authenticating NTP.
In a Grid, you can configure the Grid Master and Grid members to synchronize their clocks with external NTP servers. When you enable the NTP service on the Grid, the Grid Master automatically functions as an NTP server to the Grid members. A Grid member can synchronize its time with the Grid Master, an external NTP server, or another Grid member. When Grid members synchronize their times with the Grid Master, the Grid Master and its members send NTP messages through an encrypted VPN tunnel, as shown in Figure 8.3. When a Grid member synchronizes its time with another Grid member, the NTP messages are not sent through a VPN tunnel.
Figure 8.3 Grid Master as NTP Client Drawio |
---|
border | true1 |
---|
viewerToolbar | true |
---|
fitWindow | falsebaseUrl | https://infoblox-docs.atlassian.net/wiki |
---|
diagramName | 8.3 |
---|
simpleViewer | false |
---|
width | zoom | 1 |
---|
pageId | 22250610 |
---|
custContentId | 8656132 |
---|
lbox | 1 |
---|
contentVer | 1 |
---|
revision | 1 |
---|
|
Anchor |
---|
| Configuring the Grid to Use NTP |
---|
| Configuring the Grid to Use NTP |
---|
|
Configuring the Grid to Use
NTP
...
Figure 8.4 Grid Members as NTP Servers
Drawio |
---|
border | true1 |
---|
viewerToolbar | true |
---|
fitWindow | falsebaseUrl | https://infoblox-docs.atlassian.net/wiki |
---|
diagramName | 8.4 |
---|
simpleViewer | false |
---|
width | zoom | 1 |
---|
pageId | 22250610 |
---|
custContentId | 7083271 |
---|
lbox | 1 |
---|
contentVer | 1 |
---|
revision | 1 |
---|
|
To configure a NIOS appliance as an NTP server, perform the following tasks:
...