On Fri, Sep 25, 2015 at 11:54 AM, Matt Butch <apple4e...@me.com> wrote:
> I want to put time servers in the two e-commerce datacenters as well as > the two corporate offices and peer all of them together, and point our > servers to all of them. He wants to only put them in the two corporate > offices. His argument is that they are then central there. Mine is that > they aren't central to the web stack, and that the web stack will not > maintain correct and consistent time. "Central" in this context generally means that you have distinguished servers that provide time to internal hosts, and only those servers get time from external sources. Physical location is very specifically NOT part of "central"; that constraint would be problematic for any installation spanning multiple continents --- where the usual topology would be each region having one or more "central" time servers (depending on how many clients in the region), those regional servers all peered to each other, and clients in the region using the regional server. Ask this security guy if a fiber cut affecting the central office is expected to produce PCI noncompliance. You *really* want to spread the "central" servers out for redundancy. (Also, I note you said two corporate offices; two master NTP servers is pretty much the worst possible configuration because they can easily diverge. One if you must, otherwise 3 or more.) -- brandon s allbery kf8nh sine nomine associates allber...@gmail.com ballb...@sinenomine.net unix, openafs, kerberos, infrastructure, xmonad http://sinenomine.net
_______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
