NTP configuration notes for ESXi hosts

Time management is one of the most critical strategies for virtualization. IT pro Rick Vanover discusses some strategies for configuring NTP on the hosts.

One of the best things that happened with VMware vSphere Hypervisor (ESXi) (and VMware ESX) a few years ago was when the vSphere Client allowed a direct entry of an NTP server for the host. This allowed the ESXi host to directly update its time from an NTP server via an IP address or DNS name.

For many organizations, the best way to approach this is to establish an authoritative time source for the organization in the form of a private NTP server. Others may choose to use public Internet servers or a pool from ntp.org. The NTP configuration is defined in the configuration tab of the host in the time configuration section (Figure A). Figure A

Click the image to enlarge.

In the example, two different NTP pools are used, which is sufficient for the servers in this environment (a private lab). For a production environment that is going to use the Internet NTP resources, a best practice would be to put in all servers of a pool for a region. In North America, these four entries compose the pool:

  • 0.north-america.pool.ntp.org
  • 1.north-america.pool.ntp.org
  • 2.north-america.pool.ntp.org
  • 3.north-america.pool.ntp.org

Keep in mind that using these entries requires that DNS is available, as well as port 123 outbound to the Internet for the hosts. I cannot stress how critical time configuration is for ESXi and vSphere as a whole; I'd go so far as to ensure that the vCenter Server uses the same time resources (possibly via Active Directory) as well. Time configuration in the ESXi host requires a few practice points, however. I recommend that the time changes be done while the host is in maintenance mode or at least with no production virtual machines on it. When this change is implemented into a host, it also must be noted that the change is not instant; this is still the case even if the NTP service on the ESXi host is restarted. Give it some time, and eventually the time will sync back up. In my lab environments, it was corrected and using the NTP resources within five minutes or so.

What NTP tricks do you use for your ESXi hosts? Let us know in the discussion.