Cloud

NTP configuration notes for ESXi hosts

Time management is one of the most critical strategies for virtualization. IT pro Rick Vanover discusses some strategies for configuring NTP on the hosts.

One of the best things that happened with VMware vSphere Hypervisor (ESXi) (and VMware ESX) a few years ago was when the vSphere Client allowed a direct entry of an NTP server for the host. This allowed the ESXi host to directly update its time from an NTP server via an IP address or DNS name.

For many organizations, the best way to approach this is to establish an authoritative time source for the organization in the form of a private NTP server. Others may choose to use public Internet servers or a pool from ntp.org. The NTP configuration is defined in the configuration tab of the host in the time configuration section (Figure A). Figure A

Click the image to enlarge.

In the example, two different NTP pools are used, which is sufficient for the servers in this environment (a private lab). For a production environment that is going to use the Internet NTP resources, a best practice would be to put in all servers of a pool for a region. In North America, these four entries compose the pool:

  • 0.north-america.pool.ntp.org
  • 1.north-america.pool.ntp.org
  • 2.north-america.pool.ntp.org
  • 3.north-america.pool.ntp.org

Keep in mind that using these entries requires that DNS is available, as well as port 123 outbound to the Internet for the hosts. I cannot stress how critical time configuration is for ESXi and vSphere as a whole; I'd go so far as to ensure that the vCenter Server uses the same time resources (possibly via Active Directory) as well. Time configuration in the ESXi host requires a few practice points, however. I recommend that the time changes be done while the host is in maintenance mode or at least with no production virtual machines on it. When this change is implemented into a host, it also must be noted that the change is not instant; this is still the case even if the NTP service on the ESXi host is restarted. Give it some time, and eventually the time will sync back up. In my lab environments, it was corrected and using the NTP resources within five minutes or so.

What NTP tricks do you use for your ESXi hosts? Let us know in the discussion.

About

Rick Vanover is a software strategy specialist for Veeam Software, based in Columbus, Ohio. Rick has years of IT experience and focuses on virtualization, Windows-based server administration, and system hardware.

2 comments
cfizz34
cfizz34

How can I update all my ESXi hosts NTP time sources in one step?

MickKerr
MickKerr

...if you're using an internal NTP server, by using a DNS A record like time.domain.com which points to your current NTP server. That way if you have to move the NTP service to another server you only have to update one entry in DNS to get your servers to update from the new server and you don't have to update every ESX host every time. Could be a huge time saver if you have a bigger infrastructure. I have only got six ESXi boxes and I know this has saved me about half an hours work.

Editor's Picks