The Importance of Being On Time: How to Configure the NTP Client on IBM i
When managing your IBM i environment, is time on your side?
Do you still manually maintain the system clock on your IBM i system and occasionally adjust it to exactly the right time and/or still manually correct it in the Spring/Fall when we roll the clocks forward/backward? Well, read on, and we’ll tell you how to configure the system to automatically do that for you so you can put your system’s clock management on full autopilot.
Your IBM i operating system includes built-in support for the industry-standard NTP (Network Time Protocol) client. This functionality enables you to configure your system as an NTP “client” where the system will continually reach out to public time servers and/or local time servers already on your network to automatically adjust your system clock and keep it always at the precise time. Your system can not only serve as an NTP client to keep its clock accurate but it can also serve as an SNTP (Simple Network Time Protocol) server to serve-up the correct time to client servers on your network, or it can serve as an SNTP client, but this article will focus on setting-up the NTP client functionality on IBM i as this is typically what most shops need to enable. Many people think that SNTP and NTP are the same and they are not, both protocols have the same objective, to automatically keep the time on your system correct by referencing an external time server, but NTP client functionality is more complex & precise in how it verifies the correct time and adjusts the system clock, thus it is the time adjustment protocol of choice in most server environments because it provides a higher degree of accuracy and reliability than an SNTP client configuration.
Configuring the NTP client on your IBM i system can be accomplished easily by accessing your system’s IBM Navigator for i web based management GUI. Using your web browser, signon to IBM Navigator for i and click Network then Servers then TCP/IP Servers as shown below and a list of TCP/IP servers will appear. In the list of TCP/IP servers, right-click on SNTP and then click Properties on the pop-up menu that appears.
Click on the General tab and then check the Client box as shown.
Click on the Client tab and under Activity logging select the radio button “Only when adjusting the system clock”, under Client Type select the radio button “NTP Client”, and then click the Add button to define the public NTP server(s) that you want the system to poll to get the current time.
On this panel is where you define the public NTP server that you want to poll to automatically adjust your system’s clock. The NTP server that we recommend you use is maintained by the U.S. Federal Government’s National Institute of Standards and Technology (a.k.a. “NIST”) which is a division of the U.S. Department of Commerce. NIST strongly recommends that you reference the single global DNS name of time.nist.gov which automatically resolves to their large pool of multiple time servers in a round-robin sequence to equalize the load across all of the time servers. Enter the value time.nist.gov in the Address field as shown below and then click the OK button to save the NTP server entry, leave the default settings in all of the other fields and check boxes on this panel. It is important to note that the default value of 6 (64s) for Min Client Poll Interval should not be set to a lower value like 5 (32s) because the time server that you are referencing may misinterpret a poll from your system more than once every 64 seconds to be a Denial-of-Service attack and block any further access from your system.
The SNTP Properties panel will now reappear showing the public NTP time server time.nist.gov defined to your system, click the OK button at the bottom of the panel and your system’s new NTP client configuration will now be complete.
Now all that’s left for you to do is issue the command to start the NTP client background function on the system, so from a command line enter this command:
STRTCPSVR SERVER(*NTP) NTPSRV(*CLIENT)
There is no need to include the above command in your system’s startup program as the *NTP client TCP server will now automatically start when TCP/IP automatically starts (e.g. when you IPL your system).
You can verify that the NTP client function has started and is functioning by examining the daily NTP log file in the IFS. The log is kept at location /QIBM/UserData/OS400/TCPIP/NTP in the IFS directory structure and it has the naming convention QTOTYYYYMMDD where YYYYMMDD is the current date in YYYYMMDD format (e.g. QTOT20200722 is the log file for July 22nd 2020). A quick examination of the log file below shows that the system’s NTP client is using the time server at public IP address 220.127.116.11 (which is the IP address that the DNS name time.nist.gov resolves to) and that the system’s NTP client has been synchronized to that time server, it’s working!
If the log file above shows an error message indicating that the time server cannot be reached, the most likely cause will be a firewall setting on your network preventing the time server from being accessed from your IBM i system. Check with your network engineering resource to ensure that the passing of UDP packets on port 123 is allowed from your IBM i to the Internet.
As you can now see, configuring your IBM i to automatically keep its system clock accurate at all times is easy to do. If you’ve been manually adjusting your system clock then now is “the time” to configure the native NTP client functionality and make your system watch the clock for you!