Using Network Time Protocol (NTP) in Integrity VM Environments

Using NTP in Integrity VM environments is recommended to keep time-of-day clocks in sync and correct. Use xntpd on HP-UX and ntpd on Linux to synchronize time use NTP.

NTP Configuration on a VM Host

On each VM Host, NTP should be configured just as it would be on any typical (non-virtual) system. In /etc/ntp.conf, specify a drift file and one or more high quality time servers:

The local clock should also be configured as a fall back if necessary:

If you have a group of VM Hosts that you would like to synchronize, you can add "peer" references in the /etc/ntp.conf file for each of those associated VM Hosts, so they will do mutual synchronization:

After configuring the Host's /etc/ntp.conf file, assuming the NTP is already enabled, (that is, the XNTPD variable in /etc/rc.config.d/netdaemons is set to 1, as in export XNTPD-1), you can execute /sbin/init.d/xntpd start to restart xntpd on the HP-UX VM Host.

NTP Configuration on a VM Guest

Because NTP was not designed to run inside a virtual machine, using NTP on VM guests requires special configuration to be stable. Using a typical default NTP configuration on a VM guest might result in NTP instability and failure to synchronize, or in apparent lost time on the guest. To avoid these virtualization related NTP issues, each VM guest should get its time directly from the VM Host. Also, VM guests should not serve time to any other systems.

You can monitor NTP status by using the ntpq -p command and noting the offset and the disp values. Ideally both values will be well under 100. For information about how to check NTP stability, see the HP-UX Internet Services Administrators Guide.

You can improve time stability on VM guests by tuning NTP to poll more frequently for time corrections. The default NTP values for the minpoll and maxpoll intervals are 6 (64 seconds) and 10 (1024 seconds) respectively. NTP adjusts the current polling interval depending on network quality and delays. A VM guest uses a virtual lan that can cause NTP to set the polling value incorrectly. To help mitigate this issue use the minpoll and maxpoll directives in the ntp.conf file to change the polling intervals.

Start with minpoll at 4 (16 seconds) and maxpoll at 6 (64 seconds) and then reduce maxpoll towards 4 if necessary to force shorter polling intervals. HP recommends that a VM guest never be allowed to deliver time (allow guests only to be a time consumers). Because a VM guest never delivers time, you do not need to configure the local clock (server 127.127.1.0) or an ntp.drift file. So, the ntp.conf file on a VM guest should be as simple as the single line:

After configuring the guest's /etc/ntp.conf file, assuming NTP is already enabled (that is, the XNTPD variable in /etc/rc.config.d/netdaemons is set to 1, as in export XNTPD=1), you can run the following commands on an HP-UX guest to sync its time with the VM Host and restart xntpd:

	NOTE: For VM guests that are on a different subnet than the VM Host, the VM Host may not be the best source of time if there is another accurate time server available with less network latency. In the case of different subnets, measure latency from the guest to various time servers using the ping and traceroute commands to determine which potential time server has the least network latency. Using the VM Host may be the best solution, but this depends on your local network topology and the relative network distance to alternate time servers. If using an alternate (non-VM-Host) time server appears best, it may be helpful for the alternate time server and the VM Host to use each other for peer mutual time synchronization.