The Timing is Virtually Everything

Operating systems in general keep time by counting the “ticks” from the processor (I’m sure that is a vast oversimplification of process). Virtual machines unfortunately don’t have unfettered and unlimited access to the processor which results in their “tick count” and internal clocks to quickly drift. If a virtual machine needs to interact with other systems – like Active Directory – a wildly incorrect time stamp can cause unwanted results. In the Active Directory example, logging onto a virtual machine that is a member of the domain becomes impossible if the time skew is too much.

Fortunately with VMware ESX servers, there are two simple steps to correct this issue. First, install VMware tools on the virtual machines and select the option for virtual clock to continuously synch with the ESX host. This by-passes the tick-count process and feeds the correct time to the virtual operating system continously.

The second part is to configure NTP on the ESX service console. This is slightly more complicated, but can be accomplished without too much difficulty. On the ESX server, there is a service console that looks and acts suspiciously like a Linux OS. And part of that service console is just itching to activate NTP. Unfortunately, you can just say “NTP powers, activate,” but rather you have to go through a few simple steps:

Configuring NTP on the ESX Service Console
1. Edit the /etc/ntp.conf file
Personally, I just rename the file to ntp.old, and create a new blank ntp.conf file. In the configuration file, I basically tell it that a) only accept commands from itself, b) give the time to people that ask, but not much else, and c) lists the IP addresses of the NTP clocks to synchronize with.

For example:
restrict default kod nomodify notrap
driftfile /var/lib/ntp/drift

2. Edit the /etc/ntp/step-tickers file and type the names of the NTP devices (one server per line)

3. Allow NTP packets through the service console firewall
esxcfg-firewall –enableService ntpClient

4. Configure ntpd to start on boot
chkconfig –level 345 ntpd on

5. Start the ntp serviceservice ntpd start

6. Finally, you should synchronize the hardware clock with NTPhwclock –systohc

For fun, you can watch the how well your ESX server is keeping time by typing:watch “ntpq -p”

I don’t pretend to be an expert on NTP, all I know is that the above configuration settings have worked well for me. If you want to learn more about the secrets of NTP, is a good place to start.

I’m assuming that you have a few functioning NTP services on your network (Linux boxes and various network routers are often configured to run NTP), or that your servers can access the public NTP clocks scattered across the net. One word of caution: don’t point the NTP service at a Windows 2003 server since Windows uses SNTP (and SNTP is just different enough to mess up the synchronization process).

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

IT World Canada in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Latest Blogs

Senior Contributor Spotlight