Download80
Contributor
Contributor

Use guest OS as an NTP server

Jump to solution

Hi all,

I would like to convert my DC's to VM's.

My PDC Emulator is also the NTP server and all ESX servers are configures to use it.

Do you see any problem with configuring ESX servers to use a guest VM that is an NTP server?

Thanks, Yair

MCSE, CCA, VCP & HP-AIS.
0 Kudos
1 Solution

Accepted Solutions
aremmes
Enthusiast
Enthusiast

Leaving aside the idea of converting a domain controller into a VM, putting an NTP server in a VM does not make a lot of sense. NTP requires close access to the processor and hardware clock, the former to measure time intervals between clock updates and network delay between itself and upstream servers and the latter to calibrate and slew the clock. Since the VM has access to neither by virtue of being in a virtualised environment, all of the measurements performed by the virtualised NTP server are therefore suspect and should not be trusted -- garbage in, garbage out.

View solution in original post

0 Kudos
6 Replies
RParker
Immortal
Immortal

Only one, where does the DC get it's time from? If you can get the source direct to the ESX host, it would better. The VM time will stil drift, so it won't be accurate time piece.

0 Kudos
Download80
Contributor
Contributor

Currently the DC reads time from it's own physical server clock, so if I convert it to a VM and install VMWare tools it will update from the ESX server.

I'm new to ESX and from what I understand there will be an endless loop of time updates, because the VM clock are not always synchronised with the ESX. Am I correct?

And if so, the DC will have a slight time gap and then the ESX servers would be updated with this gap (because the DC is their NTP) and later the DC could have another time gap and update the ESX servers with this gap also.

Is it true or am I going too far with this?

MCSE, CCA, VCP & HP-AIS.
0 Kudos
pomiwi
Enthusiast
Enthusiast

I have seen conflicting whitepapers on this issue, some say to use the VMware tools to time sync due to time drift, however some say to use Windows Time to your PDC then use a GPO to sync your PDC to a hardware source i.e. router. We use the latter option and seems to work well.

I would seriously review converting all your DC's into virtual machines though. A DC should not be resource intensive and can run on in-expensive hardware. I would try and keep them physical, or at least one of them. If you choose to virtualise some or all DCs then spent time planning the admin of them. VMware makes it all too easy to roll back using snapshots... bad idea for DC's Smiley Happy Maybe you should use independent disks that are not affected by snapshots? Just a thought.

Texiwill
Leadership
Leadership

Hello,

The DCs time source should be a physical system, i.e. router, etc. There is absolutely no reason a DC can not be virtualized. Just make sure its time source is not a VM. But some physical source inside your company which may sync to outside the company.


Best regards,

Edward L. Haletky

VMware Communities User Moderator

====

Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.

CIO Virtualization Blog: http://www.cio.com/blog/index/topic/168354

As well as the Virtualization Wiki at http://www.astroarch.com/wiki/index.php/Virtualization

--
Edward L. Haletky
vExpert XIV: 2009-2022,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill
0 Kudos
aremmes
Enthusiast
Enthusiast

Leaving aside the idea of converting a domain controller into a VM, putting an NTP server in a VM does not make a lot of sense. NTP requires close access to the processor and hardware clock, the former to measure time intervals between clock updates and network delay between itself and upstream servers and the latter to calibrate and slew the clock. Since the VM has access to neither by virtue of being in a virtualised environment, all of the measurements performed by the virtualised NTP server are therefore suspect and should not be trusted -- garbage in, garbage out.

0 Kudos
fireguy306
Contributor
Contributor

I have to agree with aremmes, i wouldn't use the NTP time from the VM.

I also have had a lot of issue with using the "Time Sync" with Tools, i would get clock drifts of minutes. I noticed this when trying to run my VMmark Testing.

I set up an NTP source on my Virtual Center server, which is also a DC, this works great.