For critical time sourcing, disable host time synchronization and use the Network Time Protocol (NTP) on the vRealize Automation appliance.
About this task
The NTP daemon on vRealize Automation appliance provides synchronized time services. NTP is disabled by default, so you need to configure it manually. If possible, use NTP in production environments to track user actions and to detect potential malicious attacks and intrusions through accurate audit and log keeping. For information about NTP security notices, see the NTP Web site.
The NTP configuration file is located in the /etc/ folder on each appliance. You can enable the NTP service for the vRealize Automation appliance and add time servers on the Admin tab of the Virtual Appliance Management Interface.
- Navigate to the
/etc/ntp.confconfiguration file on your virtual appliance host machine.
- Set the file ownership to root:root.
- Set the permissions to 0640.
- To mitigate the risk of a denial-of-service amplification attack on the NTP service, open the /etc/ntp.conf file and ensure that the restrict lines appear in the file.
restrict default kod nomodify notrap nopeer noquery restrict -6 default kod nomodify notrap nopeer noquery restrict 127.0.0.1 restrict -6 ::1
- Save any changes and close the files.