Sun Microsystems, Inc.  Sun System Handbook - ISO 4.1 October 2012 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-71-1022253.1
Update Date:2012-07-31
Keywords:
Solution Type  Technical Instruction Sure

Solution  1022253.1 :   KMS - System Time Synchronization  

Related Items 
    

  • Sun StorageTek Crypto Key Management System
    •  
Related Categories 
    

  • PLA-Support>Sun Systems>TAPE>Backup Software-Filesystems>SN-TP: Encryption
    •  
  • .Old GCS Categories>Sun Microsystems>Storage Software>Data Protection Software - Tape
    •  

PreviouslyPublishedAs
278450 


Applies to: 

Sun StorageTek Crypto Key Management System - Version Not Applicable and later
All Platforms

Checked for relevance on 2-Nov-2011.







Goal


KMS System Time Synchronization:

If customer has not configured an external NTP server for the KMS cluster, then the KMS will pick one node to act as the NTP master, all KMA's will sync their times to the master NTP node. If the the master NTP KMA stops responding in the cluster, then a re-election is held to select a new NTP master server. 


Fix


Steps to Follow

KMS will normally choose the ntp server that has the lowest IP address that is responding.

You can extract a system dump from one of the KMA's and check the ntp.conf file to see which KMA server IP address is listed.

Solaris NTP will then gradually sync all node times to be the same time as the master NTP node.

This can take a while if the times are off by minutes or hours, may take many hours to adjust time by many minutes.

The Solaris NTP protocol is designed to move/adjust the time slowly by a few seconds.



Also when looking at KMS Manager current system this is the time on that KMA node you are connected to.

Changing the time � minutes or seconds will change the time on just the KMA which is acting as the master NTP server, it does not change the time on the node you are connected to.

Once you change the time then the other nodes in the cluster will gradually sync to the master NTP KMA node.

The restriction of changing the time 5+/- minutes per day is a KMS restriction not an NTP restriction.



If times are hours days off, then best solution would be reset node to factory defaults and quickstart the node and set the time to be correct.

See <document: /> KMS - Adjusting time of KMA.



If customer does have an external NTP server, then the same applies time synchronization can take some time if time is off  minutes/hours from the NTP server time.





It is essential that KMA system clocks are in sync amongst each other.  The KMA's use their clocks to help with replication, in particular, in determining those records that need to be replicated to other KMAs in the Cluster.



For complete details on NTP refer to attached doc and link below:



http://www.akadia.com/services/ntp_synchronize.html







example ntp.conf



disable auth

driftfile /var/ntp/ntp.drift

statsdir /var/ntp/ntpstats

filegen peerstats file peerstats type day enable

filegen loopstats file loopstats type day enable

filegen clockstats file clockstats type day enable

peer 172.20.151.25

server 172.20.151.25 prefer 









Attachments

This solution has no attachment


















       

Copyright © 2012 Sun Microsystems, Inc.  All rights reserved.

 Feedback