The information in this section can help you understand your time services options as you move from NetWare to OES:
All servers in an eDirectory tree must have their times synchronized to ensure that updates and changes to eDirectory objects occur in the proper order.
eDirectory gets its time from the server operating system of the OES server where it is installed. It is, therefore, critical that every server in the tree has the same time.
During the upgrade to OES 11 SP3, your eDirectory tree might contain servers running different versions of OES, NetWare 6.5 SP8, and/or previous versions of NetWare. Therefore, you must understand the differences in the time synchronization modules that each operating system uses and how these modules can interact with each other.
As illustrated in Figure 12-1, NetWare 6.5 can use either the Network Time Protocol (NTP) or Timesync modules for time synchronization. Both modules can communicate with OES by using NTP on port 123. However, when installing virtualized NetWare, Timesync should always be used (see Section 6.21.2, Always Use Timesync Rather Than NTP).
OES must use the NTP daemon (xntpd).
Figure 12-1 Time Synchronization for Linux and NetWare
Because OES and NetWare servers must communicate with each other for time synchronization, and because OES uses only NTP for time synchronization, it follows that both OES and NetWare must communicate time synchronization information by using NTP time packets.
However, this doesn’t limit your options on NetWare.
Figure 12-2 illustrates that OES and NetWare 6.5 servers can freely interchange time synchronization information because NetWare 6.5 includes the following:
A TIMESYNC NLM that both consumes and provides NTP time packets in addition to Timesync packets.
An XNTPD NLM that can provide Timesync packets in addition to offering standard NTP functionality.
NOTE:Although NetWare includes two time synchronization modules, only one can be loaded at a time.
Figure 12-2 NTP Packet Compatibilities with All OES Time Synchronization Modules
Earlier versions of NetWare (version 4.2 through version 6.0) do not include an NTP time module. Their time synchronization options are, therefore, more limited.
Figure 12-3 illustrates that although NetWare 5.1 and 6.0 do not include an NTP time module, they can consume and deliver NTP time packets.
Figure 12-3 NTP Compatibility of NetWare 5.1 and 6.0
Figure 12-4 illustrates that NetWare 4.2 and 5.0 servers can only consume and provide Timesync packets.
Figure 12-4 Synchronizing Time on NetWare 5.0 and 4.2 Servers
Therefore, if you have NetWare 4.2 or 5.0 servers in your eDirectory tree, and you want to install an OES server, you must have at least one NetWare 5.1 or later server to provide a “bridge” between NTP and Timesync time packets. Figure 12-5 illustrates that these earlier server versions can synchronize through a NetWare 6.5 server.
IMPORTANT:As shown in Figure 12-4, we recommend that NetWare 4.2 servers not be used as a time source.
Figure 12-5 shows how OES servers can function as time providers to other OES servers and to NetWare servers, including NetWare 4.2 and later.
Figure 12-5 OES Servers as Time Providers
Figure 12-6 shows the time sources that OES servers can use for synchronizing server time.
IMPORTANT:Notice that NetWare 4.2 is not shown as a valid time source.
Figure 12-6 OES servers as Time Consumers
Use the information in this section to understand the basics of time synchronization planning.
For more detailed planning information, refer to the following resources:
How Timesync Works
in the NW 6.5 SP8: Network Time Synchronization Administration Guide
Network Time Protocol
in the NW 6.5 SP8: NTP Administration Guide
NTP information on the Web
The level of time synchronization planning required for your network is largely dictated by how many servers you have and where they are located, as explained in the following sections.
If your tree will have fewer than thirty servers, the default installation settings for time synchronization should be sufficient for all of the servers except the first server installed in the tree.
You should configure the first server in the tree to obtain time from one or more time sources that are external to the tree. (See Step 1 in Planning a Time Synchronization Hierarchy before Installing OES.)
All other servers should point to the first server in the tree for their time synchronization needs.
If your tree will have more than thirty servers, you need to plan and configure your servers with time synchronization roles that match your network architecture and time synchronization strategy. Example roles might include the following:
Servers that receive time from external time sources and send packets to other servers further down in the hierarchy
Servers that communicate with other servers in peer-to-peer relationships to ensure that they are synchronized
Basic planning steps are summarized in Planning a Time Synchronization Hierarchy before Installing OES.
Refer to the following sources for additional help in planning time server roles:
Configuring Timesync on Servers
in the NW 6.5 SP8: Network Time Synchronization Administration Guide
Modes of Time Synchronization
in the NW 6.5 SP8: NTP Administration Guide
NTP information on the Web
If the servers in the tree will reside at multiple geographic sites, you need to plan how to synchronize time for the entire network while minimizing network traffic. For more information, see Wide Area Configuration
in the NW 6.5 SP8: NTP Administration Guide.
When you install a virtualized NetWare 6.5 server, you should always use Timesync and configure it to communicate using NTP. For more information, see You Must Use Timesync for Time Synchronization
in the OES 11 SP3: Installation Guide.
The dialog box that lets you choose between Timesync and NTP is available as an advanced option in the Time Zone panel during the NetWare installation. Choosing between Timesync and NTP is documented in Setting the Server Time Zone and Time Synchronization Method
in the NW65 SP8: Installation Guide.
The obvious goal for time synchronization is that all the network servers (and workstations, if desired) have the same time. This is best accomplished by planning a time synchronization hierarchy before installing the first OES server, then configuring each server at install time so that you form a hierarchy similar to the one outlined in Figure 12-7.
Figure 12-7 A Basic Time Synchronization Hierarchy
As you plan your hierarchy, do the following:
Identify at least two authoritative external NTP time sources for the top positions in your hierarchy.
If your network already has an NTP server hierarchy in place, identify the IP address of an appropriate time server. This might be internal to your network, but it should be external to the eDirectory tree and it should ultimately obtain time from a public NTP server.
If your network doesn’t currently employ time synchronization, refer to the list of public NTP servers published on the ntp.org Web site and identify a time server you can use.
Plan which servers will receive time from the external sources and plan to install these servers first.
Map the position for each Linux server in your tree, including its time sources and the servers it will provide time for.
Map the position for each NetWare server in your tree:
Include the server’s time sources and the servers it will provide time for.
If your network currently has only NetWare 4.2 or 5.0 servers, be sure to plan for their time synchronization needs by including at least one newer NetWare server in the tree and configuring the older servers to use the newer server as their time source. (See NetWare 5.0 and 4.2 Servers.)
Be sure that each server in the hierarchy is configured to receive time from at least two sources.
(Conditional) If your network spans geographic locations, plan the connections for time-related traffic on the network and especially across WANs.
For more information, see Wide Area Configuration
in the NW 6.5 SP8: NTP Administration Guide.
For more planning information, see the following documentation:
NW 6.5 SP8: Network Time Synchronization Administration Guide
NTP information found on the OES 11 SP3 server in /usr/share/doc/packages/xntp and on the Web
The time synchronization modules in OES have been designed to ensure that new OES servers can be introduced into an existing network environment without disrupting any of the products and services that are in place.
This section discusses the issues involved in the coexistence and migration of time synchronization in OES in the following sections:
This section provides information regarding the coexistence of the OES time synchronization modules with existing NetWare or Linux networks, and with previous versions of the TIMESYNC NLM. This information can help you confidently install new OES servers into your current network.
The following table summarizes the compatibility of OES time synchronization modules with other time synchronization modules and eDirectory. These compatibilities are illustrated in Figure 12-5 and Figure 12-6.
Table 12-3 Time Synchronization Compatibility
Module |
Compatibility |
---|---|
TIMESYNC NLM (NetWare) |
Can consume time from
Can provide time to
|
XNTPD NLM (NetWare) |
Can consume time from
Can provide time to
|
xntpd daemon (SLES 11) |
Can consume time from
Can provide time to
|
eDirectory |
eDirectory gets its time synchronization information from the host OS (Linux or NetWare), not from the time synchronization modules. |
If you have NetWare servers earlier than version 5.1, you need to install at least one later version NetWare server to bridge between the TIMESYNC NLM on the earlier server and the OES servers you have on your network. This is because the earlier versions of Timesync can’t consume or provide NTP time packets and the xntpd daemon on Linux can’t provide or consume Timesync packets.
Fortunately, the TIMESYNC NLM in NetWare 5.1 and later can both consume and provide Timesync packets. And the XNTPD NLM can provide Timesync packets when required.
This is explained in Compatibility with Earlier Versions of NetWare.
The OES 11 SP3 Migration Tool can migrate time synchronization services from NetWare to Linux. For more information, see Migrating NTP to OES 11 SP3
in the OES 11 SP3: Migration Tool Administration Guide.
As you plan to implement your time synchronization hierarchy, you should know how the NetWare and OES 11 SP3 product installations configure time synchronization on the network. Both installs look at whether you are creating a new tree or installing into an existing tree.
By default, both the OES 11 SP3 and the NetWare 6.5 SP8 installs configure the first server in the tree to use its internal (BIOS) clock as the authoritative time source for the tree.
Because BIOS clocks can fail over time, you should always specify an external, reliable NTP time source for the first server in a tree. For help finding a reliable NTP time source, see the NTP Server Lists on the Web.
When you configure your eDirectory installation, the OES 11 SP3 install prompts you for the IP address or DNS name of an NTP v3-compatible time server.
If you are installing the first server in a new eDirectory tree, you have two choices:
You can enter the IP address or DNS name of an authoritative NTP time source (recommended).
You can leave the field displaying Local Time, so the server is configured to use its BIOS clock as the authoritative time source.
IMPORTANT:We do not recommend this second option because BIOS clocks can fail over time, causing serious problems for eDirectory.
By default, the NetWare install automatically configures the TIMESYNC NLM to use the server’s BIOS clock. As indicated earlier, this default behavior is not recommended for production networks. You should, therefore, manually configure time synchronization (either Timesync or NTP) while installing each NetWare server.
Manual time synchronization configuration is accessed at install time from the Time Zone dialog box by clicking the Advanced button as outlined in Choose Timesync for Virtualized NetWare Only and as fully explained in Setting the Server Time Zone and Time Synchronization Method
in the NW65 SP8: Installation Guide.
When a server joins an existing eDirectory tree, both OES installations do approximately the same thing.
If you are installing into an existing tree, the OES 11 SP3 install proposes to use the IP address of the eDirectory server (either NetWare or Linux) as the NTP time source. This default should be sufficient unless one of the following is true:
The server referenced is a NetWare 5.0 or earlier server, in which case you need to identify and specify the address of another server in the tree that is running either a later version of NetWare or any version of OES.
You will have more than 30 servers in your tree, in which case you need to configure the server to fit in to your planned time synchronization hierarchy. For more information, see Planning a Time Synchronization Hierarchy before Installing OES.
The OES 11 SP3 install activates the xntp daemon and configures it to synchronize server time with the specified NTP time source. After the install finishes, you can configure the daemon to work with additional time sources to ensure fault tolerance. For more information, see Changing Time Synchronization Settings on a SLES 11 Server.
If you are installing into an existing tree, the NetWare 6.5 SP8 install first checks to see whether you manually configured either NTP or Timesync time synchronization sources while setting the server Time Zone (see Setting the Server Time Zone and Time Synchronization Method
in the NW65 SP8: Installation Guide).
If you will have more than 30 servers in your tree, you should have developed a time synchronization plan (see Planning a Time Synchronization Hierarchy before Installing OES) and used the Time Zone panel to configure your server according to the plan.
If you haven’t manually configured time synchronization sources for the server (for example, if your tree has fewer than 30 servers), the install automatically configures the Timesync NLM to point to the IP address of the server with a master replica of the tree’s [ROOT] partition.
As your network changes, you will probably need to adjust the time synchronization settings on your servers.
This method works both in the GUI and at the command prompt and is the most reliable method for ensuring a successful NTP implementation.
Launch YaST on your SLES 11 server by either navigating to the application on the desktop or typing yast at the command prompt.
Click Network Services > NTP Configuration.
In the Advanced NTP Configuration dialog box, modify the NTP time settings as your needs require.
Time synchronization settings and their modification possibilities are documented in the following administration guides:
For information about daylight saving time (DST), go to the Novell Support Knowledgebase and search for Daylight Saving Time.