Currently, VersaSync supports only the IFF (Identify Friend or Foe) Autokey Iden-
tity Scheme. The VersaSync product web interface automates the configuration
of the IFF using the MD5 digests and RSA keys and certificates. At this time the
configuration of other key types or other digests is not supported.
Note: When you configure NTP Autokey, you must disable the NTP
service first, and then re-enable it after Autokey configuration is
completed.
NTP Autokey: IFF Autokey Support
The IFF Autokey Support is demonstrated in the figure below. The IFF identity
scheme is used with Multiple Stratum NTP Time Servers. The example below
shows 3 Stratum layers. Stratum 1 NTP Servers are close to the physical time ref-
erences. All Stratum 1 servers can be Trusted Hosts. One of them is the trusted
route used to generate the IFF Group/Client Key. This defines the IFF Group.
All other group members generate Group Certificate and RSA public/private
keys using MD5 digest. Each group member must share the common IFF
Group/Client Key. Stratum 2 NTP servers are also members of the Group. All NTP
Stratum 1 servers are Trusted Hosts. The NTP servers closest to the actual time
reference (Stratum 1) should be designated trusted. A single Stratum 1 NTP
server generates the IFF Group/Client Keys. There is NO group name feature sup-
ported. The Group can use the same passphrase (password) or different pass-
phrases for each client.
An NTP Server Group member is configured by enabling Autokey and creating
certificate and public/private key pair while not enabling the Client Only selec-
tion. A Client Only NTP server is configured by enabling Autokey and creating cer-
tificate and public/private key pair and enabling the Client Only selection.
Note: Passphrases can be identical for all group members and Client
NTP Servers. Or passphrases can be the same for group members
and a different passphrase shared between the Client Only NTP Serv-
ers.
126
CHAPTER 2 • VersaSync User Manual Rev. 12
2.8 Configuring Network Settings
To Next Page
Loading...
