Setting up NTP helps synchronize clocks across servers, containers, and edge devices so logs and transactions stay consistent. This guide walks through practical deployment choices, security considerations, and validation steps for production environments.
Use the table below to compare common NTP deployment attributes at a glance.
| Mode | Best For | Typical Delay (ms) | Security |
|---|---|---|---|
| Client | Workstations and VMs pulling time | 1–10 | Authenticated or unicast |
| Server | On-premises infrastructure | 0.5–5 | Authenticated, restrict access |
| Peer | Mutual sync across data centers | 0.5–10 | Mutual authentication |
| Broadcast | Local LAN without client config | Low, use keyed broadcast |
Installation and Package Selection
Choosing the right NTP implementation
Pick an implementation that matches your platform and compliance needs. Chrony is popular on dynamic and intermittent systems, while traditional ntpd remains common in stable environments.
Chrony Configuration on Linux
Core files and service commands
On most distributions, install chrony, adjust servers in /etc/chrony/chrony.conf, and restart the chronyd service. Enable chrony for boot to ensure time stays accurate after reboots.
NTPd Traditional Setup
ntp.conf essentials and drift file
For ntpd, configure /etc/ntp.conf with upstream servers, drift file path, and proper restrictions. Define access control rules, prefer options, and consider splitting local stratum sources from public pools.
Operational Monitoring and Maintenance
- Monitor offset and jitter metrics with chronyc or ntpq on a regular schedule.
- Enable logging and alert on large frequency corrections or sudden stratum changes.
- Use multiple upstream sources across networks and regions for redundancy.
- Apply security updates to the NTP daemon and restrict access with firewall rules and controls.
- Document the configuration, server selections, and recovery steps for audits.
FAQ
Reader questions
How do I verify that NTP is actually synchronizing on my system?
Use chronyc tracking or ntpq -p to confirm sources, offset, and jitter. Check logs for frequency corrections and ensure firewall rules allow NTP traffic to and from the chosen servers.
What should I do if the system clock jumps after switching to a new NTP server?
Adjust the step threshold and slew rate settings, prefer multiple overlapping sources, and enable time smoothing to avoid sudden jumps that can disrupt applications and logs.
Is it safe to use public NTP pools in production environments?
Public pools are convenient but can be less stable and less secure. For production, prefer a small set of vetted upstream servers with authentication, and use local stratum servers for scale.
Do I need to disable other time services when setting up NTP?
Turn off conflicting time services such as systemd-timesyncd or Hyper-V Time Synchronization to avoid conflicting adjustments. Verify that only one daemon is managing the clock on each host.