Network Synchronization: Public NTP Servers vs. GPS NTP Servers
Getting to Know NTP Servers: The Functional Basics
UTC, or Coordinated Universal Time, is overwhelming used as the standard measure of consistent time globally. UTC is supposed to be the same no matter where you are, so it's kept by a limited number of trusted atomic clocks at various locations worldwide. The NTP standard lets you sync your local system to these accurate timing sources as well as other time servers. As a user in need of correct clock data, it's your mission to find a reliable connection source.
Getting NTP Data via the Internet
There are numerous public NTP servers available online, such as those maintained by the U.S. National Institute of Standards and Technology, or NIST. You simply need a reliable internet connection.
Using GPS Time to Generate Your Own NTP
The Global Positioning System, or GPS, is a network of satellites that constantly broadcast gigahertz wireless signals. These modulated streams contain timing and geolocation information. To find out what time it is, you'll require a receiver that can translate the signals into useful timing data.
Which Option is Superior?
Many people use GPS and public NTP servers for similar reasons. For instance, you may want to establish uniform time among all of the computers in a corporate or organizational network. Or you might want to sync up with a third-party service that demands you maintain timing consistency, such as a credit card payment network.
Each use case differs. There are, however, a few universal concerns that might help you determine which time source is the most appropriate:
Most public NTP servers are rate-limited. For instance, you can only request time from NIST once every four seconds. When combined with problems like poor network connections and latency, rate limiting sets firm upper limits on the precision of internet-based time.
GPS broadcasts are direct and continuous. This makes it possible to keep sampling the data and maintain a more precise clock calibration.
Governance and Trust
GPS receivers include synchronization logging and intermediary-free connections to time sources. With web-based time servers, your signal has to work its way through the internet before it gets to you, so tracing and auditing can be extremely difficult.
Variability and Accuracy
Pulling clock data from the internet is usually fine for non-critical purposes, but even web NTP providers admit that it's not good enough for critical applications such as those that might involve human life or the success of a company. GPS time is orders of magnitude more accurate than internet alternatives. The timing data you receive also exhibits far less variation.
NTP requires bi-directional network port access to function properly, and it uses widely known port numbers. This raises the possibility that bad actors might perform reflection and amplification attacks using internet NTP servers to DDoS your network.
These kinds of attacks aren't possible with GPS. Since you control the server hardware, you can mitigate threats more effectively.
Internet-linked public NTP may seem like a logical choice for reducing operational overhead. After all, even though your internet connection costs money, you probably already have one. The problem is that the potential vulnerabilities and inaccuracies associated with network time might expose your organization to risks that it can't afford or recover from, such as downtime or data breaches.