To Next Page

To Previous Page

NTP Autokey

The NTP version installed on VersaSync supports the Autokey Protocol. The Autokey Pro-

tocol uses the OpenSSL library which provides security capabilities including message

digests, digital signatures and encryption schemes. The Autokey Protocol provides a

means for NTP to authenticate and establish a chain of trusted NTP servers.

NTP Autokey: Support & Limitations

Currently, VersaSync supports only the IFF (Identify Friend or Foe) Autokey Identity

Scheme. The VersaSync product web interface automates the configuration of the IFF

using the MD5 digests and RSA keys and certificates. At this time the configuration of

other key types or other digests is not supported.

Note: When you configure NTP Autokey, you must disable the NTP service

first, and then re-enable it after Autokey configuration is completed.

NTP Autokey: IFF Autokey Support

The IFF Autokey Support is demonstrated in the figure below. The IFF identity scheme is

used with Multiple Stratum NTP Time Servers. The example below shows 3 Stratum lay-

ers. Stratum 1 NTP Servers are close to the physical time references. All Stratum 1 servers

can be Trusted Hosts. One of them is the trusted route used to generate the IFF Group/Cli-

ent Key. This defines the IFF Group.

All other group members generate Group Certificate and RSA public/private keys using

MD5 digest. Each group member must share the common IFF Group/Client Key. Stratum

2 NTP servers are also members of the Group. All NTP Stratum 1 servers are Trusted

Hosts. The NTP servers closest to the actual time reference (Stratum 1) should be des-

ignated trusted. A single Stratum 1 NTP server generates the IFF Group/Client Keys.

There is NO group name feature supported. The Group can use the same passphrase (pass-

word) or different passphrases for each client.

An NTP Server Group member is configured by enabling Autokey and creating certificate

and public/private key pair while not enabling the Client Only selection. A Client Only NTP

server is configured by enabling Autokey and creating certificate and public/private key

pair and enabling the Client Only selection.

Note: Passphrases can be identical for all group members and Client NTP

Servers. Or passphrases can be the same for group members and a dif-

ferent passphrase shared between the Client Only NTP Servers.

2.8 Configuring Network Settings

CHAPTER 2 • VersaSync User Manual Rev. 7.0

115

Orolia VersaSync User Manual

Other manuals for Orolia VersaSync