10.3 Time Services

10.3.1 Overview of Time Synchronization

All servers in an eDirectory tree must have their times synchronized to ensure that updates and changes to eDirectory objects occur in the proper order.

eDirectory gets its time from the server operating system of the OES server where it is installed. It is, therefore, critical that every server in the tree has the same time.

Understanding Time Synchronization Modules

During the upgrade to OES 2023, your eDirectory tree might contain servers running different versions of OES, NetWare 6.5 SP8, and/or previous versions of NetWare. Therefore, you must understand the differences in the time synchronization modules that each operating system uses and how these modules can interact with each other.

OES vs. NetWare 6.5

As illustrated in Figure 10-1, NetWare 6.5 can use either the Network Time Protocol (NTP) or Timesync modules for time synchronization. Both modules can communicate with OES by using NTP on port 123. However, when installing virtualized NetWare, Timesync should always be used.

OES must use the NTP daemon (xntpd).

Figure 10-1 Time Synchronization for Linux and NetWare

OES uses an NTP time module. OES NetWare can use either an NTP or a TIMESYNC module.

OES Servers Use the Network Time Protocol (NTP) to Communicate

Because OES and NetWare servers must communicate with each other for time synchronization, and because OES uses only NTP for time synchronization, it follows that both OES and NetWare must communicate time synchronization information by using NTP time packets.

However, this does not limit your options on NetWare.

Figure 10-2 illustrates that OES and NetWare 6.5 servers can freely interchange time synchronization information because NetWare 6.5 includes the following:

  • A TIMESYNC NLM that both consumes and provides NTP time packets in addition to Timesync packets.

  • An XNTPD NLM that can provide Timesync packets in addition to offering standard NTP functionality.

NOTE:Although NetWare includes two time synchronization modules, only one can be loaded at a time.

Figure 10-2 NTP Packet Compatibilities with All OES Time Synchronization Modules

All OES time synchronization modules can interact.

Compatibility with Earlier Versions of NetWare

Earlier versions of NetWare (version 4.2 through version 6.0) do not include an NTP time module. Their time synchronization options are, therefore, more limited.

NetWare 5.1 and 6.0 Servers

Figure 10-3 illustrates that although NetWare 5.1 and 6.0 do not include an NTP time module, they can consume and deliver NTP time packets.

Figure 10-3 NTP Compatibility of NetWare 5.1 and 6.0

The TIMESYNC NLM in NetWare 5.1 and 6.0 can consume and provide NTP time packets.

NetWare 5.0 and 4.2 Servers

Figure 10-4 illustrates that NetWare 4.2 and 5.0 servers can only consume and provide Timesync packets.

Figure 10-4 Synchronizing Time on NetWare 5.0 and 4.2 Servers

NetWare 5.0 can be a Timesync consumer and provider. NetWare 4.2 should only consume time, not provide it.

Therefore, if you have NetWare 4.2 or 5.0 servers in your eDirectory tree, and you want to install an OES server, you must have at least one NetWare 5.1 or later server to provide a “bridge” between NTP and Timesync time packets. Figure 10-5 illustrates that these earlier server versions can synchronize through a NetWare 6.5 server.

IMPORTANT:As shown in Figure 10-4, we recommend that NetWare 4.2 servers not be used as a time source.

OES Servers as Time Providers

Figure 10-5 shows how OES servers can function as time providers to other OES servers and to NetWare servers, including NetWare 4.2 and later.

Figure 10-5 OES Servers as Time Providers

OES Servers as Time Consumers

Figure 10-6 shows the time sources that OES servers can use for synchronizing server time.

IMPORTANT:Notice that NetWare 4.2 is not shown as a valid time source.

Figure 10-6 OES servers as Time Consumers

10.3.2 Planning for Time Synchronization

Use the information in this section to understand the basics of time synchronization planning.

For more detailed planning information, refer to the following resources:

NetWork Size Determines the Level of Planning Required

The level of time synchronization planning required for your network is largely dictated by how many servers you have and where they are located, as explained in the following sections.

Time Synchronization for Trees with Fewer Than Thirty Servers

If your tree will have fewer than thirty servers, the default installation settings for time synchronization should be sufficient for all of the servers except the first server installed in the tree.

You should configure the first server in the tree to obtain time from one or more time sources that are external to the tree. (See Step 1 in Planning a Time Synchronization Hierarchy before Installing OES.)

All other servers should point to the first server in the tree for their time synchronization needs.

Time Synchronization for Trees with More Than Thirty Servers

If your tree will have more than thirty servers, you need to plan and configure your servers with time synchronization roles that match your network architecture and time synchronization strategy. Example roles might include the following:

  • Servers that receive time from external time sources and send packets to other servers further down in the hierarchy

  • Servers that communicate with other servers in peer-to-peer relationships to ensure that they are synchronized

Basic planning steps are summarized in Planning a Time Synchronization Hierarchy before Installing OES.

Refer to the following sources for additional help in planning time server roles:

Time Synchronization across Geographical Boundaries

If the servers in the tree will reside at multiple geographic sites, you need to plan how to synchronize time for the entire network while minimizing network traffic. For more information, see Wide Area Configuration in the NW 6.5 SP8: NTP Administration Guide.

Choose Timesync for Virtualized NetWare Only

When you install a virtualized NetWare 6.5 server, you should always use Timesync and configure it to communicate using NTP.

The dialog box that lets you choose between Timesync and NTP is available as an advanced option in the Time Zone panel during the NetWare installation. Choosing between Timesync and NTP is documented in Setting the Server Time Zone and Time Synchronization Method in the NW65 SP8: Installation Guide.

Planning a Time Synchronization Hierarchy before Installing OES

The obvious goal for time synchronization is that all the network servers (and workstations, if desired) have the same time. This is best accomplished by planning a time synchronization hierarchy before installing the first OES server, then configuring each server at install time so that you form a hierarchy similar to the one outlined in Figure 10-7.

Figure 10-7 A Basic Time Synchronization Hierarchy

Time synchronization is accomplished by configuring servers in a time synchronization hierarchy.

As you plan your hierarchy, do the following:

  1. Identify at least two authoritative external NTP time sources for the top positions in your hierarchy.

    • If your network already has an NTP server hierarchy in place, identify the IP address of an appropriate time server. This might be internal to your network, but it should be external to the eDirectory tree and it should ultimately obtain time from a public NTP server.

    • If your network doesn’t currently employ time synchronization, refer to the list of public NTP servers published on the ntp.org Web site and identify a time server you can use.

  2. Plan which servers will receive time from the external sources and plan to install these servers first.

  3. Map the position for each Linux server in your tree, including its time sources and the servers it will provide time for.

  4. Map the position for each NetWare server in your tree:

    1. Include the server’s time sources and the servers it will provide time for.

    2. If your network currently has only NetWare 4.2 or 5.0 servers, be sure to plan for their time synchronization needs by including at least one newer NetWare server in the tree and configuring the older servers to use the newer server as their time source. (See NetWare 5.0 and 4.2 Servers.)

  5. Be sure that each server in the hierarchy is configured to receive time from at least two sources.

  6. (Conditional) If your network spans geographic locations, plan the connections for time-related traffic on the network and especially across WANs.

    For more information, see Wide Area Configuration in the NW 6.5 SP8: NTP Administration Guide.

For more planning information, see the following documentation:

10.3.3 Coexistence and Migration of Time Synchronization Services

The time synchronization modules in OES have been designed to ensure that new OES servers can be introduced into an existing network environment without disrupting any of the products and services that are in place.

This section discusses the issues involved in the coexistence and migration of time synchronization in OES in the following sections:

Coexistence

This section provides information regarding the coexistence of the OES time synchronization modules with existing NetWare or Linux networks, and with previous versions of the TIMESYNC NLM. This information can help you confidently install new OES servers into your current network.

Compatibility

The following table summarizes the compatibility of OES time synchronization modules with other time synchronization modules and eDirectory. These compatibilities are illustrated in Figure 10-5 and Figure 10-6.

Table 10-3 Time Synchronization Compatibility

Module

Compatibility

TIMESYNC NLM (NetWare)

Can consume time from

  • All previous versions of Timesync. However, the NetWare 4.2 TIMESYNC NLM should not be used as a time source.

  • Any TIMESYNC or NTP daemon.

Can provide time to

  • All previous versions of Timesync.

  • Any TIMESYNC or NTP daemon.

XNTPD NLM (NetWare)

Can consume time from

  • Any NTP daemon.

Can provide time to

  • All previous versions of Timesync.

  • Any NTP daemon.

xntpd daemon (SLES 11)

Can consume time from

  • Any NTP daemon.

Can provide time to

  • Any NTP daemon.

eDirectory

eDirectory gets its time synchronization information from the host OS (Linux or NetWare), not from the time synchronization modules.

Coexistence Issues

If you have NetWare servers earlier than version 5.1, you need to install at least one later version NetWare server to bridge between the TIMESYNC NLM on the earlier server and the OES servers you have on your network. This is because the earlier versions of Timesync can’t consume or provide NTP time packets and the xntpd daemon on Linux can’t provide or consume Timesync packets.

Fortunately, the TIMESYNC NLM in NetWare 5.1 and later can both consume and provide Timesync packets. And the XNTPD NLM can provide Timesync packets when required.

This is explained in Compatibility with Earlier Versions of NetWare.

Upgrading from NetWare to OES 2023

The OES Migration Tool can migrate time synchronization services from NetWare to Linux. For more information, see Migrating NTP to OES 2023 in the OES 2023: Migration Tool Administration Guide.

10.3.4 Implementing Time Synchronization

As you plan to implement your time synchronization hierarchy, you should know how the NetWare and OES product installations configure time synchronization on the network. Both installs look at whether you are creating a new tree or installing into an existing tree.

New Tree

By default, both the OES and the NetWare 6.5 SP8 installs configure the first server in the tree to use its internal (BIOS) clock as the authoritative time source for the tree.

Because BIOS clocks can fail over time, you should always specify an external, reliable NTP time source for the first server in a tree. For help finding a reliable NTP time source, see the NTP Server Lists on the Web.

OES 2023

When you configure your eDirectory installation, the OES install prompts you for the IP address or DNS name of an NTP v3-compatible time server.

If you are installing the first server in a new eDirectory tree, you have two choices:

  • You can enter the IP address or DNS name of an authoritative NTP time source (recommended).

  • You can leave the field displaying Local Time, so the server is configured to use its BIOS clock as the authoritative time source.

    IMPORTANT:We do not recommend this second option because BIOS clocks can fail over time, causing serious problems for eDirectory.

NetWare 6.5 SP8

By default, the NetWare install automatically configures the TIMESYNC NLM to use the server’s BIOS clock. As indicated earlier, this default behavior is not recommended for production networks. You should, therefore, manually configure time synchronization (either Timesync or NTP) while installing each NetWare server.

Manual time synchronization configuration is accessed at install time from the Time Zone dialog box by clicking the Advanced button as outlined in Choose Timesync for Virtualized NetWare Only and as fully explained in Setting the Server Time Zone and Time Synchronization Method in the NW65 SP8: Installation Guide.

Existing Tree

When a server joins an existing eDirectory tree, both OES installations do approximately the same thing.

OES 2023

If you are installing into an existing tree, the OES install proposes to use the IP address of the eDirectory server (either NetWare or Linux) as the NTP time source. This default should be sufficient unless one of the following is true:

  • The server referenced is a NetWare 5.0 or earlier server, in which case you need to identify and specify the address of another server in the tree that is running either a later version of NetWare or any version of OES.

  • You will have more than 30 servers in your tree, in which case you need to configure the server to fit in to your planned time synchronization hierarchy. For more information, see Planning a Time Synchronization Hierarchy before Installing OES.

The OES install activates the xntp daemon and configures it to synchronize server time with the specified NTP time source. After the install finishes, you can configure the daemon to work with additional time sources to ensure fault tolerance. For more information, see Changing Time Synchronization Settings on a SLES 15 Server.

NetWare 6.5 SP8

If you are installing into an existing tree, the NetWare 6.5 SP8 install first checks to see whether you manually configured either NTP or Timesync time synchronization sources while setting the server Time Zone (see Setting the Server Time Zone and Time Synchronization Method in the NW65 SP8: Installation Guide).

If you will have more than 30 servers in your tree, you should have developed a time synchronization plan (see Planning a Time Synchronization Hierarchy before Installing OES) and used the Time Zone panel to configure your server according to the plan.

If you haven’t manually configured time synchronization sources for the server (for example, if your tree has fewer than 30 servers), the install automatically configures the Timesync NLM to point to the IP address of the server with a master replica of the tree’s [ROOT] partition.

10.3.5 Configuring and Administering Time Synchronization

As your network changes, you will probably need to adjust the time synchronization settings on your servers.

Changing Time Synchronization Settings on a SLES 15 Server

This method works both in the GUI and at the command prompt and is the most reliable method for ensuring a successful NTP implementation.

  1. Launch YaST on your SLES 15 server by either navigating to the application on the desktop or typing yast at the command prompt.

  2. Click Network Services > NTP Configuration.

  3. In the Advanced NTP Configuration dialog box, modify the NTP time settings as your needs require.

Changing Time Synchronization Settings on a NetWare Server

Time synchronization settings and their modification possibilities are documented in the following administration guides:

10.3.6 Daylight Saving Time

For information about daylight saving time (DST), go to the Micro Focus Support Knowledgebase and search for Daylight Saving Time.