It was an interesting statement. Don't know if I'd even consider devoting a VM for such a role but had never really thought about the impact of time synchronization between a host and guest. Just out of curiosity......what makes it "instable" ?

The idea is since the server is virtual it does not have 100% access to the CPU at all times to use the cycles to keep time.

To go back to your question of should you do it or not, I'm not sure. I bet there are some saying do it and others saying don't.

many thanks for the information. We use the PDC emulator to obtain Time from the Atomic Clock and then sync our ESX Hosts with the PDC Emulator. Our VMs then obtain time from the host.....

To me, your ntp server will sync off the internet, so depending on that interval your VM would be resonable up to date. We are talking about seconds here.

All depends on how critical yor time sync is to you? Landing planes - no, time stamp on my email - ok.

Personally as long as all my systems are on the same time I would have no problem witha little drift here and there.

Joe

Remember to back EVERYTHING up before you change ANYTHING

A little drift is ok. A lot of drift then no authentication.

why complicate matters, just let windows manage it own time. and leave the hosts out of it. unless you are using AD authentication for access to your ESX service consoles

If you found this or any other answer useful please consider the use of the Helpful or correct buttons to award points

Tom Howarth VCP / vExpert

VMware Communities User Moderator

Blog: www.planetvm.net

Contributing author for the upcoming book "VMware Virtual Infrastructure Security: Securing ESX and the Virtual Environment”.

The PDC emulator is getting time from internal NTP server wehich is getting time from external NTP server. ESX hosts are also getting time from internal NTP server. so to answer your question you should not use a VM as an NTP server because of time drift issues. It should be a physical box.

Very nice, well worded, concise, excellent. I agree.

why complicate matters, just let windows manage it own time. and leave the hosts out of it. unless you are using AD authentication for access to your ESX service consoles

Windows IS managing it's own time, it's a check box in Group Policy. Set it, done. It's not a huge configuration, but it's better to pre-set it to something you KNOW is accurate, Windows has a hard enough time figuring out which updates to pull you want it to randomly use something like time.nist.gov? If it's configured in Group Policy, I know it's accurate, and I control which time servers, not Windows.

Besides some shops may not have NTP at the firewall, so configuring it this way ensures correct time and time that's not blocked, and one less thing to get throw into the network...

0.005 seconds from the physical box which is accurate enough for me!

That should be enough for anyone!

why complicate matters, just let windows manage it own time. and leave the hosts out of it. unless you are using AD authentication for access to your ESX service consoles

Windows IS managing it's own time, it's a check box in Group Policy. Set it, done. It's not a huge configuration, but it's better to pre-set it to something you KNOW is accurate, Windows has a hard enough time figuring out which updates to pull you want it to randomly use something like time.nist.gov? If it's configured in Group Policy, I know it's accurate, and I control which time servers, not Windows.

Besides some shops may not have NTP at the firewall, so configuring it this way ensures correct time and time that's not blocked, and one less thing to get throw into the network...

Richard by saying "let windows manage its own time" I meant as per my previous post PDC emulator pointst o NTP source. AD servers point to PDC server and member servers get time form AD. not Hosts. as you say it is a configurable setting in GPO and it is accurate.

If you found this or any other answer useful please consider the use of the Helpful or correct buttons to award points

Tom Howarth VCP / vExpert

VMware Communities User Moderator

Blog: www.planetvm.net

Contributing author for the upcoming book "VMware Virtual Infrastructure Security: Securing ESX and the Virtual Environment”.

Richard by saying "let windows manage its own time" I meant as per my previous post PDC emulator pointst o NTP source. AD servers point to PDC server and member servers get time form AD. not Hosts. as you say it is a configurable setting in GPO and it is accurate.

OH! So in other words we are saying the same thing

that is pretty accurate, lets time it opps missed it, darn missed it again LOL seriously 5ms should be enough for all bar the most time sensitive of applications (atomic explosion simulators CERN etc)

If you found this or any other answer useful please consider the use of the Helpful or correct buttons to award points

Tom Howarth VCP / vExpert

VMware Communities User Moderator

Blog: www.planetvm.net

Contributing author for the upcoming book "VMware Virtual Infrastructure Security: Securing ESX and the Virtual Environment”.

(atomic explosion simulators CERN etc)

That's the irony, atomic bombs, really don't need to be that accurate in timing or distance.. So it was off by a few thousand feet and an hour.. How far do you think you are actually going to get? Go ahead get that head start, we only need 1 to ruin the day of the ENTIRE planet..hehe

Yeah but you know those Scientists, they want to know the exact time that they ruined everybodies day. and also when they create the Black hole at CERN, who ever comes along after to find what ever is left would be able the tell the exact time we ceased to exist. it is important you know

If you found this or any other answer useful please consider the use of the Helpful or correct buttons to award points

Tom Howarth VCP / vExpert

VMware Communities User Moderator

Blog: www.planetvm.net

Contributing author for the upcoming book "VMware Virtual Infrastructure Security: Securing ESX and the Virtual Environment”.