Why Use an In-House NTP Server Over Public

Accurate time synchronization is a critical part of keeping modern networks running smoothly. Every log entry, security event, and data transaction depends on precise timing to function correctly. When systems drift out of sync, it can cause confusion in records, delays in communication, and errors that are difficult to trace. Network Time Protocol (NTP) servers are designed to solve this problem by providing a consistent time source across all connected devices.

Many organizations use public NTP servers because they are free and easy to access, but they are not always ideal for business environments. Public servers can experience latency, reliability issues, or security vulnerabilities that affect network performance. In contrast, using an in-house, GPS or GNSS backed NTP server gives you complete control over time synchronization, improving accuracy, security, and consistency across your network. It is a dependable solution that supports business continuity, regulatory compliance, and long-term efficiency.

Here is why an in-house NTP server is the better choice.

1. Greater Accuracy and Reliability

Public NTP servers can slow down or respond inconsistently when traffic is high or they are located far from your network. These delays can cause time drift, leading to mismatched data and inaccurate reporting. Even when all systems point to the same external NTP source, differences in the time signals received can create challenges when aligning data across devices. An in-house NTP server operates within your own infrastructure, reducing latency and keeping every system accurately synchronized.

Depending on the model, in-house servers can achieve accuracy within microseconds, far exceeding what is typically possible with public servers. They also provide resilience during internet outages or even GPS loss, ensuring continuous, internally generated time. This level of control helps maintain precise operations for critical systems, from financial transactions to industrial automation.

2. Stronger Security

Connecting to public NTP servers introduces unnecessary security risks. Public sources can be spoofed or compromised, which can lead to incorrect time data or even network disruption. With an in-house NTP server, you have full control over access and authentication, ensuring that every time update comes from a trusted source. This added security supports compliance with standards such as PCI DSS, ISO 27001, and NERC CIP.

3. Improved Network Performance

When devices across your organization depend on external NTP servers, it adds extra traffic and increases reliance on outside networks. Hosting your own NTP server keeps synchronization local, which reduces bandwidth use and improves overall efficiency. Even if your internet connection experiences downtime, your internal NTP server continues to provide accurate time for all systems within your network.

4. Consistent Time Across All Systems

Public NTP servers are managed by a variety of organizations, which means reliability and accuracy can vary from source to source. Using an in-house NTP server ensures that every device in your network aligns with the same trusted source. This consistency simplifies troubleshooting, improves log accuracy, and prevents problems caused by systems falling out of sync.

5. Long-Term Cost Savings

Although public NTP servers do not charge fees, they can lead to hidden costs such as downtime, troubleshooting, and compliance penalties if synchronization fails. The upfront investment in an in-house NTP server provides predictable performance and stability, reducing the likelihood of costly interruptions. Over time, the reliability and efficiency of an internal solution more than offset the initial investment.

Time synchronization may seem like a small detail, but it plays a vital role in your network’s reliability and security. Using an in-house NTP server from Sapling, Bodet, or Safran provides greater accuracy, control, and peace of mind. For organizations that depend on precise timing and smooth operations, managing time internally is a smart and dependable choice. Contact our sales team today to figure out what would be best for you.

Cybersecurity: Hardening security on your SecureSync

StableNet APM Pie Chart


Security Hardening

Customers frequently seek information and recommendations from Orolia about hardening security, including general guidelines about available network security features, jamming and spoofing deterrence, bug fixes, and networking-related issues.

Sometimes they’re in search of specific practices for time servers and clients. Sometimes, because SecureSync® is part of critical infrastructure, they may not fully understand all the issues related to timing, such as GNSS jamming/spoofing, NTP vulnerability or the various types of network attacks.

Generally speaking, the correct answers are specific to each networking infrastructure and each customer’s policies. However, there are some general guidelines to follow to harden security on your SecureSync®, and this document should help. It covers the following areas and explains how to use each to prevent cyberattacks:

  • Authentication and authorization
  • HTTPS and SSL
  • SSH
  • SCP
  • SFTP with public/private support

This document also consolidates the recommendations from various product manuals into one handy location. They identify each security feature, shows default settings and offers recommendations about whether you should choose to enable it.

To make it easier, we’ve also provided links to the online manuals for each protocol — so configuration help is just a click away.


Download the Security Hardening PDF

Don’t hesitate to call upon us for help with your timing applications, and be sure to ask us about other ways to harden your timing chain with Resilient PNT (positioning, navigation and timing) solutions that provide signal protection in the event of an outage, interference/detection/mitigation, and GNSS simulation to identify issues before they affect your critical infrastructure.

NTP vs. SNTP: What’s the Difference?

Network Instruments Accurate Monitoring


NTP vs SNTP - What's the difference?

By David Sohn, Solution Architect

(And Which One Do You Really Need?)

NTP (Network Time Protocol) and SNTP (Simple Network Time Protocol) are similar TCP/IP protocols in that they use the same time packet from a Time Server message to compute accurate time. The procedure used by the Time Server to assemble and send out a time stamp is exactly the same whether NTP (i.e., full implementation NTP) is used, or SNTP is used.

The difference between NTP and SNTP is important in the time synchronization program running on the client side on each system.

The time synchronization program, whether it is a Windows built-in program like W32Time (which uses the SNTP protocol) or a third-party add-on, determines which protocol is being used — not the time server. The time server does not care. The difference between NTP and SNTP is in the error checking and the algorithm for the actual correction to the time itself.

The NTP algorithm is much more complicated than the SNTP algorithm. NTP normally uses multiple time servers to verify the time and then controls the slew rate of the system. The algorithm determines if the values are accurate using several methods, including fudge factors and identifying time servers that don’t agree with the other time servers. It then speeds up or slows down the system clock’s drift rate so that (1) the system’s time is always correct and (2) there won’t be any subsequent time jumps after the initial correction.

Unlike NTP, SNTP usually uses just one time server to calculate the time, then “jumps” the system time to the calculated time. It can, however, have back-up time servers in case one is not available. During each interval, it determines whether the time is off enough to make a correction and if it is, applies the correction.

Clear as Mud?

If this is not completely clear, consider an analogy of comparing and adjusting a wristwatch to a clock on the wall. The wristwatch is analogous to the “client” device (like a PC) and the clock on the wall is the time server. With SNTP, you always look at the clock at pre-determined intervals. Let’s say one per hour. (As an aside, the act at comparing time for computer synchronization is known as a “poll.”)

When you think it is 12:00:00 you look at (poll) the clock to see that it is 11:59:57. You are three seconds fast, so you set your watch back three seconds. You do not do anything else until 1:00:00. You look again at the clock to see that it is 12:59:57 – again, three seconds fast — and again you set your watch back three seconds. Every hour, you reset your watch 3 seconds to be in sync with the clock on the wall.

From an error perspective, you are most accurate immediately after the poll and you progressively get worse. The maximum error happens immediately before the poll, when a sudden adjustment occurs, such as when time goes from 12:59:57 to 12:59:58 to 12:59.59 to 1:00:00 to 12:59:57.

If a maximum error of three seconds and the discontinuity of the time scale bothers you, consider the NTP case. Here, you want to react knowing that your watch is gaining three seconds every hour, so you don’t have to change it so often.

Simply compensate for the drift by using your error vs. time measurements. You do not need to use the same measurement period all the time. All you need to know is the rate and direction of the change.

After you have a pretty good feel for the drift, you can program your watch to adjust in real time. You want to make very small adjustments, so that at any given time you are in sync with the clock on the wall, without even looking at it.

Of course, the drift rate may change over time, so you do want to continually poll the clock, and apply the best correction you can come up with. And with that you get a wristwatch that is seemingly never out of synchronization!

Which One Do You Need?

It all depends on your application, but in general, SNTP clients should only be used where time synchronization is not critical for your systems. For all other clients, and for systems that will also serve time to other systems, you should utilize full NTP implementations to include reference selection and clock steering algorithms to maintain accuracy through the full timing path.

Looking at the time servers themselves, the selection of a time server that uses SNTP or NTP to serve time only should focus on whether that time server would ever synchronize to NTP as a primary or secondary reference — in which case, only full NTP should be used. To simplify things, SNTP should be used only at the start or end of the network timing path, and only at the end of the network timing path where time synchronization is not critical for your systems.

Mitigating an NTP Distributed Denial of Service (DDoS) Attack

By Pritam Kandel, Applications Engineer

Network time service is not something many businesses think about as a key component of their critical infrastructures. In fact, it is often overlooked entirely, and in error. As a result, the network architect or engineer often defaults to an easy alternative: using a server or network switch as the source of the network clock and synchronizing these sources to Internet time servers using Network Time Protocol (NTP). This white paper discusses the risks of, and alternative solutions to, “NTP Over the Internet.”


Download The White Paper

About Pritam Kandel

Pritam Kandel is an Applications Engineer with over a decade of experience working in design, assessment and implementation of TCP/IP routing and switching infrastructure for network cores/backbones, datacenters, Internet edge and WAN. He is experienced with maintaining IT infrastructure, including Internet peering and ISP services, MPLS and carrier networks, and VoIP global infrastructure. He holds certifications in CCNP, CCNA, JNCIA, MPLS Deployment, Alcatel Lucent and NIX platforms. Pritam is a graduate of the Rochester Institute of Technology with an MBA in Technology Management and holds a Bachelor of Engineering in IT from Pokhara University.

NTP Over Anycast. The Easy Way to Sync Clients and Servers

What Is NTP Over Anycast?

NTP (Network Time Protocol) over Anycast mode is a software technology that allows two (or more) NTP servers to sync clients via a single IP address.

NTP is a packet network-based synchronization protocol to sync a client clock to a network master clock.

Anycast is a networking methodology using standard routing protocols where messages are routed to one of a group of potential receivers via a single Anycast address, thus significantly simplifying the configuration management for the larger pool of clients.

NTP over Anycast, available in both SecureSync® and NetClock®, is a combination of the two concepts, allowing them to:

  • Associate one of their network ports to an Anycast IP address
  • Remove themselves as an available time source if the reference is lost or degraded, or vice versa

Though NTP clients typically need to be individually configured with the IP address(es) they are to sync with – even when using NTP over Anycast mode – this mode allows the clients to be configured with one address instead of multiple and lets the “nearest” available time server to respond to the request.

How It Works

  • Configure an Anycast IP address to any Orolia network interface.
  • NTP server responds to client requests as directed by the configured routing protocol so long as the time server is in sync.
  • NTP server becomes “unavailable” if the time server goes out of sync or a problem with its reference is detected. Client requests are directed to the “next-nearest” server, which is also configured with the NTP over Anycast address.
  • NTP server is automatically made available when synchronized.

When to Use NTP Over Anycast

Configuring NTP clients for mission-critical timing using NTP servers with static IP addresses can be problematic for large deployments across several network and geographic boundaries. Referencing an NTP server by hostname with existing DNS infrastructure can help, but still requires a lot of configuration.

For Anycast-enabled networks, the ability to route NTP requests to several potential servers via a single IP address, without any specific client configuration, offers the simplest, most reliable, most scalable approach.

Benefits to You

  • Reduce latency, increase availability, improve scalability of NTP deployments.
  • Simplify the management of a reliable wide-area NTP deployment with redundant stratum-1 servers.
  • Leverage the ability of a “smart” NTP server for a simple NTP client implementation.

How to Get NTP Over Anycast

 Contact Us for more information or, for currently fielded units, to receive the application software upgrade.

About the Author Sadie Nedo

Sadie Nedo is a global account manager at Orolia, where she supports the public safety market. For nearly a decade, she has specialized in helping PSAPs develop and deploy solutions that simplify the integration of precision timing and frequency into their critical infrastructures. She holds a bachelor’s degree in advertising and public relations from Rochester Institute of Technology.