EditWYSIWYGAttachPrintable
r3 - 2008-11-04 - 14:59:39 - RyanMalayterYou are here: NTP >  Support Web > OtherImplementations > VMWareNTP
NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in distributed denial-of-service (DDoS) attacks. Please also take this opportunity to defeat denial-of-service attacks by implementing Ingress and Egress filtering through BCP38.

ntp-4.2.8p12 was released on 14 August 2018. It addresses 1 low-/medium-severity security issue in ntpd, 1 low-severity security issue in ntpq and ntpdc, and provides 27 non-security bugfixes and 4 other improvements over 4.2.8p11.

Please see the NTP Security Notice for vulnerability and mitigation details.

Are you using Autokey in production? If so, please contact Harlan - he's got some questions for you.
REFACTOR See VMWareNTPDev for discussion of this topic.

13.6. VMwareNTP

VMWare ESX server includes a version of the reference implementation ntpd running as a service in the VMware service console. As of ESX version 3.5u1, the ntpd version included is fairly old: ntpd version 4.1.2. By default, it is configured to synchronize to the local clock, but can be configured with the graphical VI Client to use other NTP servers.

As it is a branched version of the reference implementation ntpd, it can also act as a server, although this configuration must be done through the service console. Documentation can be found here.

Note that it is generally not useful to run ntpd (or other NTP implementations such as Windows Time Service) inside of virtual machines. This is because the ESX server intercepts and maniplates timer interrupts to perform load-sharing amongst virtual machines. Instead, the recommended configuration is to run the included ntpd on the host ESX machine, disable any clock-steering software in the guest virtual machine, and finally configure guest virtual machines to obtain their time from the host using VMware Tools. VMware tools runs as a daemon or service inside the guest operating system (Windows, Linux, and Solaris are supported as of ESX 3.5).

Note that, in general, all timing inside of virtual machines may not reflect "real time". This leads to some interesting effects with performance counters and other timing-dependent applications. Even a simple CPU utilization monitoring utility will report data that appears incorrect inside of a VM if there are other VMs running. A VMware whitepaper on this topic explains these effects and their workarounds in greater detail.

-- RyanMalayter - 06 Aug 2008

Edit | WYSIWYG | Attach | Printable | Raw View | Backlinks: Web, All Webs | History: r6 < r5 < r4 < r3 < r2 | More topic actions...
 
SSL security by CAcert
Get the CAcert Root Certificate
This site is powered by the TWiki collaboration platform
IPv6 Ready
Copyright & 1999-2018 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding the site? Send feedback