Sun Microsystems, Inc.  Sun System Handbook - ISO 4.1 October 2012 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-71-1022253.1
Update Date:2012-07-31
Keywords:

Solution Type  Technical Instruction Sure

Solution  1022253.1 :   KMS - System Time Synchronization  


Related Items
  • Sun StorageTek Crypto Key Management System
  •  
Related Categories
  • PLA-Support>Sun Systems>TAPE>Backup Software-Filesystems>SN-TP: Encryption
  •  
  • .Old GCS Categories>Sun Microsystems>Storage Software>Data Protection Software - Tape
  •  

PreviouslyPublishedAs
278450


Applies to:

Sun StorageTek Crypto Key Management System - Version Not Applicable and later
All Platforms
Checked for relevance on 2-Nov-2011.


Goal

KMS System Time Synchronization:
If customer has not configured an external NTP server for the KMS cluster, then the KMS will pick one node to act as the NTP master, all KMA's will sync their times to the master NTP node. If the the master NTP KMA stops responding in the cluster, then a re-election is held to select a new NTP master server. 

Fix

Steps to Follow
KMS will normally choose the ntp server that has the lowest IP address that is responding.
You can extract a system dump from one of the KMA's and check the ntp.conf file to see which KMA server IP address is listed.
Solaris NTP will then gradually sync all node times to be the same time as the master NTP node.
This can take a while if the times are off by minutes or hours, may take many hours to adjust time by many minutes.
The Solaris NTP protocol is designed to move/adjust the time slowly by a few seconds.

Also when looking at KMS Manager current system this is the time on that KMA node you are connected to.
Changing the time � minutes or seconds will change the time on just the KMA which is acting as the master NTP server, it does not change the time on the node you are connected to.
Once you change the time then the other nodes in the cluster will gradually sync to the master NTP KMA node.
The restriction of changing the time 5+/- minutes per day is a KMS restriction not an NTP restriction.

If times are hours days off, then best solution would be reset node to factory defaults and quickstart the node and set the time to be correct.
See <document: /> KMS - Adjusting time of KMA.

If customer does have an external NTP server, then the same applies time synchronization can take some time if time is off  minutes/hours from the NTP server time.


It is essential that KMA system clocks are in sync amongst each other.  The KMA's use their clocks to help with replication, in particular, in determining those records that need to be replicated to other KMAs in the Cluster.

For complete details on NTP refer to attached doc and link below:


http://www.akadia.com/services/ntp_synchronize.html



example ntp.conf


disable auth
driftfile /var/ntp/ntp.drift
statsdir /var/ntp/ntpstats
filegen peerstats file peerstats type day enable
filegen loopstats file loopstats type day enable
filegen clockstats file clockstats type day enable
peer 172.20.151.25
server 172.20.151.25 prefer



Attachments
This solution has no attachment
  Copyright © 2012 Sun Microsystems, Inc.  All rights reserved.
 Feedback