For critical time sourcing, disable host time synchronization and use the Network Time Protocol (NTP) on the vRealize Automation appliance.

About this task

The NTP daemon on vRealize Automation appliance provides synchronized time services. NTP is disabled by default, so you need to configure it manually. If possible, use NTP in production environments to track user actions and to detect potential malicious attacks and intrusions through accurate audit and log keeping. For information about NTP security notices, see the NTP Web site.

The NTP configuration file is located in the /etc/ folder on each appliance. You can enable the NTP service for the vRealize Automation appliance and add time servers on the Admin tab of the Virtual Appliance Management Interface.

Procedure

  1. Navigate to the /etc/ntp.conf configuration file on your virtual appliance host machine.
  2. Set the file ownership to root:root.
  3. Set the permissions to 0640.
  4. To mitigate the risk of a denial-of-service amplification attack on the NTP service, open the /etc/ntp.conf file and ensure that the restrict lines appear in the file.
    restrict default kod nomodify notrap nopeer noquery
    restrict -6 default kod nomodify notrap nopeer noquery
    restrict 127.0.0.1
    restrict -6 ::1
  5. Save any changes and close the files.