The Network Time Protocol (NTP) provides the mechanisms to synchronize time and coordinate time distribution in a large, diverse network. VMware recommends using NTP to synchronize the system clocks of Edges and other network devices.
As an Enterprise user, you can configure a time source for the SD-WAN Edge to set its own time accurately by configuring a set of upstream NTP Servers to get its time. The Edge attempts to set its time from a default set of public NTP Servers, but the time set is not reliable in most secure networks. In order to ensure that the time is set correctly on an Edge, you must activate the Private NTP Servers feature and then configure a set of NTP Servers. Once the Edge's own time source is properly configured, you can configure the SD-WAN Edge to act as an NTP Server to its own clients.
Prerequisites
NTP has the following prerequisites:
- To configure an SD-WAN Edge to act as an NTP Server for its clients, you must first configure the Edge's own NTP time sources by defining Private NTP Servers.
Procedure
- In the SD-WAN service of the Enterprise portal, go to Configure > Profiles.
The
Configuration Profiles page appears.
- Click the link to a Profile or click the View link in the Device column of the Profile for which you want to configure the NTP settings. The configuration options for the selected Profile are displayed in the Device tab.
- Configure the Edge's own time sources by defining Private NTP Servers. These servers could be either known time sources within your own network, or well-known time servers on the Public Internet, if they are reachable from the Edge. To define Private NTP Servers:
- Scroll down to the Edge Services category and go to the NTP area.
- Select the Private NTP Servers check box.
- In the Servers area, click +Add and enter the IP address of your Private NTP Server. If DNS is configured, you can use a domain name instead of an IP address. To configure another NTP Server, click the +Add button again.
It is strongly recommended to add two or three servers to increase availability and accuracy of time setting. If you do not set Private NTP Servers, the Edge attempts to set its time from a default set of public NTP Servers, but that is not guaranteed to work, especially if the Edge cannot communicate to servers on the public Internet.
Note:
SASE Orchestrator allows you to activate the Edge to act as an NTP Server to its clients, only if you have defined Private NTP Servers.
As Edge interfaces are not available at the Profile level, the
Source Interface field is set to
Auto. The Edge automatically selects an interface with 'Advertise' field set as the source interface.
- Once you have defined Private NTP Servers, Orchestrator allows you to configure the SD-WAN Edge to act as an NTP Server for its clients:
- Select the Edge as NTP Server check box. You can select the check box only if you have activated at least one Private NTP Server.
- Choose the type of NTP Authentication as either None or MD5.
- If you choose MD5, then you must configure the NTP authentication key value pair details by clicking the +Add button under the Keys area.
- Click Save Changes. The NTP configuration settings are applied to the selected profile.
What to do next
At the Edge-level, you can override the NTP settings for specific Edges. For more information, see Configure NTP Settings for Edges.