Menu

Virtual Geek

Tales from real IT system administrators world and non-production environment

vSphere ESXi security best practices: Time configuration - (NTP) Network Time Protocol

August 15, 2017 02:09PM

By default NTP - Network time protocol service is disabled on esxi server. ESXi servers always should be configured with NTP for below reasons.

Logs: Very first good reason is logs (events, /var/log). If your Esxi is not synchronized with Time server correctly, Details in logs will show incorrect dates and there will be hard time in finding or troubleshooting issues.
Snapshot creation: If your environment (mostly in test and development) is highly dependent on snapshots, Snapshot creation and resuming might have wrong time.
Virtual Machine startup and restart, Incorrect time will show in absence of NTP.
vMotion: In some environments virtual machine might take or sync timing from Esxi server directly using VMWare tools. While VM migration from esxi server to another esxi, if NTP is not configured, VM OS will pickup wrong time or may be out of sync.

VMWare Powercli: Time Configuration (NTP - Network Time Protocol) on multiple Esxi server

Timekeeping is a best practice in every environment. To enable and configure NTP services, on the esxi server, click Configure tab, from the left hand pane expand system select Time Configuration click Edit.

On the popup box select Use Network Time Protocol (Enable NTP client), Start service under NTP service status, and add NTP Servers. as inset screenshot you will see Time configuration is changed.vmware vsphere esxi, configure, time configuration, NTP Service settings start restart, startup policy, NTP servers, network time protocol

In case of NTP client is disabled, It can be enabled under security profile, firewall edit, check the NTP client status, This setting is not required as it is by default enabled in firewall.

vmware vsphere esxi, configure, time configuration, NTP Service settings start restart, startup policy, NTP servers, network time  protocol, Security Profile, NTP client, esxi Firewall

Go Back

Comment