On 8/2/2010 4:35 AM, konsu wrote: > Hello list, > > I work for an investment bank with 300 UNIX servers, around 3000 > workstation PCs and would like to ask some questions to more > experience users. > > a) Are there any banks relying on ntp pool project or should we > consider having our own GPS clock ? > b) What are the criteria to consider in deciding when ntp pool project > is enough for our needs ? > c) Should we decide to use ntp, for an organization of our size would > 2 servers syncing to ntp pool project in DMZ and 2 servers inside to > which all UNIX servers + Domain Controller will sync (PCs would sync > to the Domain controller) suffice ? >
No bank, irrespective of the kind of bank should depend on the pool for NTP servers. No only are they not tracable back to UTC, you may well find that they are not providing reliable time. Your internal (and external) systems need to reliably timestamp all transactions, whether they are deposits, withdrawals, trading investments or whatever else. In addition, even if you don't realise it you need to include all email messages and messaging systems, documents originating from anywhere and even IM sessions in the proper timestamping of information. Furthermore, all servers, workstations, laptops, routers, switches, etc. within the corporate environment should have NTP set up on them and sourced to a reliable timesource. I'd set up 3 GPS servers in each major location of the bank and point all of the systems to the stratum 1 systems hosting those GPS Servers plus at least one offsite at another location. You need to do this since any transaction can conceivably originate from any of those systems and need to be traceable back to that system if necessary. Additionally you should set up autokey and authenticate the servers so you can ensure reliable sources. In addition, since you didn't mention the country or countries that your bank is headquartered in and does business in there may be additional banking and financial regulations that the bank is required to follow and you need to look at those requirements too. Danny > I thank you in anticipation > Konrad _______________________________________________ questions mailing list [email protected] http://lists.ntp.org/listinfo/questions
