For critical time sourcing, disable host time synchronization and use the Network Time Protocol (NTP) on VMware appliances. You must configure a trusted remote NTP server for time synchronization. The NTP server must be an authoritative time server or at least synchronized with an authoritative time server.

The NTP daemon on VMware virtual appliances provides synchronized time services. NTP is disabled by default, so you need to configure it manually. If possible, use NTP in production environments to track user actions and to detect potential malicious attacks and intrusions through accurate audit and log keeping. For information about NTP security notices, see the NTP Web site.

The NTP configuration file is located in the /etc/ntp.conf file on each appliance.

Procedure

  1. Navigate to the /etc/ntp.conf configuration file on your virtual appliance host machine.
  2. Set the file ownership to root:root.
  3. Set the permissions to 0640.
  4. To mitigate the risk of a denial-of-service amplification attack on the NTP service, open the /etc/ntp.conf file and ensure that the restrict lines appear in the file.
    restrict -4 default kod nomodify notrap nopeer noquery
    restrict -6 default kod nomodify notrap nopeer noquery 
    restrict 127.0.0.1 
    restrict -6 ::1 
  5. Save any changes and close the files.
    For information on NTP security notices, see http://support.ntp.org/bin/view/Main/SecurityNotice.