On the whole, using a VM as an NTP server is not necessarily a bad thing as long as you understand what time sync services your virtual host imposes upon the guest. Most virtual host solutions offer a time sync service to match the guest time to the host. For a NTP server, you'll likely want to disable this so the NTP system can be an authoritative source for all other devices (including its host).
This sort of configuration is commonly seen in the Windows world, where domain controllers are NTP sources for the rest of the domain. If you have a Windows DC that syncs from an upstream time source, you'd have to perform the configuration I mentioned above. Thanks, Tony M Lambert On Mon, Apr 4, 2016 at 2:29 PM, <tech-requ...@lists.lopsa.org> wrote: > Send Tech mailing list submissions to > tech@lists.lopsa.org > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech > or, via email, send a message with subject or body 'help' to > tech-requ...@lists.lopsa.org > > You can reach the person managing the list at > tech-ow...@lists.lopsa.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Tech digest..." > > > Today's Topics: > > 1. Re: VM as an NTP server (Mike Robinson) > 2. Re: VM as an NTP server (Edward Ned Harvey (lopser)) > 3. Re: VM as an NTP server (Matthew Butch) > 4. Re: VM as an NTP server (Edward Ned Harvey (lopser)) > 5. Re: VM as an NTP server (Brian Mathis) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Mon, 4 Apr 2016 13:05:52 -0500 > From: Mike Robinson <sixt...@fastmail.fm> > To: Jeremy Charles <jchar...@epic.com> > Cc: "tech@lists.lopsa.org" <tech@lists.lopsa.org> > Subject: Re: [lopsa-tech] VM as an NTP server > Message-ID: <bd72e669-7c8d-43f4-a9bf-062a0a386...@fastmail.fm> > Content-Type: text/plain; charset="utf-8" > > Are your NTP servers just pulling from upstream time servers and serving to > your fleet? If so, and given that you're only running 2 physical servers > (should be 3, 5 or 7 depending on the writeup you read...), that will be fine > as long as you do follow your hypervisor's best practices for NTP serving. > > m. > > >> On Apr 4, 2016, at 11:18 AM, Jeremy Charles <jchar...@epic.com> wrote: >> >> I?m seeing all sort of documentation about how it?s not a great idea to use >> a VM as an NTP server due to how sketchy time tracking is within a VM. >> >> My supervisor directed me to try it anyway. He feels that our existing NTP >> servers are too old and need to be replaced, and he wants to replace them >> with VMs rather than physical servers. >> >> I?m not seeing any difference in behavior between the two existing physical >> NTP servers and the VM that I set up to test as an NTP server. >> >> Thoughts? >> >> == >> Jeremy Charles >> Epic?s Computer and Technology Services Division >> jchar...@epic.com <mailto:jchar...@epic.com> >> 608-271-9000 >> >> _______________________________________________ >> Tech mailing list >> Tech@lists.lopsa.org <mailto:Tech@lists.lopsa.org> >> https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech >> <https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech> >> This list provided by the League of Professional System Administrators >> http://lopsa.org/ <http://lopsa.org/> > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > <http://lists.lopsa.org/pipermail/tech/attachments/20160404/f5c4768d/attachment-0001.html> > > ------------------------------ > > Message: 2 > Date: Mon, 4 Apr 2016 18:51:01 +0000 > From: "Edward Ned Harvey (lopser)" <lop...@nedharvey.com> > To: Chris Snell <k...@employees.org>, "Derek J. Balling" > <dr...@megacity.org> > Cc: "tech@lists.lopsa.org" <tech@lists.lopsa.org> > Subject: Re: [lopsa-tech] VM as an NTP server > Message-ID: > > <sn2pr04mb2256dfaff2ec3a52c05a08aadc...@sn2pr04mb2256.namprd04.prod.outlook.com> > > Content-Type: text/plain; charset="us-ascii" > >> From: tech-boun...@lists.lopsa.org [mailto:tech-boun...@lists.lopsa.org] >> On Behalf Of Chris Snell >> >> Certain protocols/software fail badly as soon as time is >> out >> of sync even a few milliseconds (*cough* AD clients *cough*). > > AD's tolerance is +/- 5 minutes by default. > > > ------------------------------ > > Message: 3 > Date: Mon, 04 Apr 2016 14:23:16 -0400 > From: Matthew Butch <apple4e...@me.com> > To: "tech@lists.lopsa.org" <tech@lists.lopsa.org> > Subject: Re: [lopsa-tech] VM as an NTP server > Message-ID: <1961b622-38f4-4cbb-94ad-c025198b9...@me.com> > Content-Type: text/plain; charset=utf-8 > > >> On Apr 4, 2016, at 13:57, Dan Ritter <d...@randomstring.org> wrote: >> >> On Mon, Apr 04, 2016 at 04:18:35PM +0000, Jeremy Charles wrote: >>> I'm seeing all sort of documentation about how it's not a great idea to use >>> a VM as an NTP server due to how sketchy time tracking is within a VM. >>> >>> My supervisor directed me to try it anyway. He feels that our existing NTP >>> servers are too old and need to be replaced, and he wants to replace them >>> with VMs rather than physical servers. >>> >>> I'm not seeing any difference in behavior between the two existing physical >>> NTP servers and the VM that I set up to test as an NTP server. >>> >>> Thoughts? >> >> You will likely run into problems. >> >> Note that NTP is an extremely easy task in most situations, and >> dedicating two 1U boxes for general infrastructure (DNS, DHCP, >> NTP, possibly TFTP for PXE) should be an easy sell in most >> companies. > > I?ve found most companies don?t understand NTP. Case in point, I worked for a > company who not only was okay with VMs as NTP servers, but insisted that they > not be hosted in our e-comm datacenters, but only all the way back at > corporate. > > ------------------------------ > > Message: 4 > Date: Mon, 4 Apr 2016 18:52:33 +0000 > From: "Edward Ned Harvey (lopser)" <lop...@nedharvey.com> > To: Dan Ritter <d...@randomstring.org>, Jeremy Charles > <jchar...@epic.com> > Cc: "tech@lists.lopsa.org" <tech@lists.lopsa.org> > Subject: Re: [lopsa-tech] VM as an NTP server > Message-ID: > > <sn2pr04mb2256ff2b35bc35eae4a9065edc...@sn2pr04mb2256.namprd04.prod.outlook.com> > > Content-Type: text/plain; charset="us-ascii" > >> From: tech-boun...@lists.lopsa.org [mailto:tech-boun...@lists.lopsa.org] >> On Behalf Of Dan Ritter >> >> Note that NTP is an extremely easy task in most situations, and >> dedicating two 1U boxes for general infrastructure (DNS, DHCP, >> NTP, possibly TFTP for PXE) should be an easy sell in most >> companies. > > These are the cheapest I'm aware of. Around $300 to $500 > http://baudlabs.com/low-cost-ntp-hardware-appliance/ > > > ------------------------------ > > Message: 5 > Date: Mon, 4 Apr 2016 15:29:08 -0400 > From: Brian Mathis <brian.mathis+lo...@betteradmin.com> > To: Jeremy Charles <jchar...@epic.com> > Cc: "tech@lists.lopsa.org" <tech@lists.lopsa.org> > Subject: Re: [lopsa-tech] VM as an NTP server > Message-ID: > <CALKwpExmafHCJ_2zjiqCFLqE_+VfOm9ef9M=p90-5db_u32...@mail.gmail.com> > Content-Type: text/plain; charset="utf-8" > > Time syncing is one of the biggest problems VMs have. Unless you're able > to fully understand the NTP source code and and all of the intricacies of > clock syncing, you really aren't qualified to evaluate it. "I don't see > any issues", especially in the face of pretty much every Internet resource > telling you no to do it, doesn't cut it. > > As others have said, many other hardware devices in your environment might > be able to provide the service, such as routers, switches, firewalls, > etc... You're much better off looking into something like that than just > crossing your fingers and ignoring the generally well-accepted advice of > others. > > ~ Brian Mathis > @orev > > > On Mon, Apr 4, 2016 at 12:18 PM, Jeremy Charles <jchar...@epic.com> wrote: > >> I?m seeing all sort of documentation about how it?s not a great idea to >> use a VM as an NTP server due to how sketchy time tracking is within a VM. >> >> >> >> My supervisor directed me to try it anyway. He feels that our existing >> NTP servers are too old and need to be replaced, and he wants to replace >> them with VMs rather than physical servers. >> >> >> >> I?m not seeing any difference in behavior between the two existing >> physical NTP servers and the VM that I set up to test as an NTP server. >> >> >> >> Thoughts? >> >> >> >> == >> >> Jeremy Charles >> >> Epic?s Computer and Technology Services Division >> >> jchar...@epic.com >> >> 608-271-9000 >> >> >> >> _______________________________________________ >> Tech mailing list >> Tech@lists.lopsa.org >> https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech >> This list provided by the League of Professional System Administrators >> http://lopsa.org/ >> >> > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > <http://lists.lopsa.org/pipermail/tech/attachments/20160404/821d3d3d/attachment.html> > > ------------------------------ > > _______________________________________________ > Tech mailing list > Tech@lists.lopsa.org > https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech > This list provided by the League of Professional System Administrators > http://lopsa.org/ > > > End of Tech Digest, Vol 125, Issue 5 > ************************************ _______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
