Synchronizing the Cluster Date and Time with the NTP Server

Policy Manager supports both authenticated NTP Network Time Protocol. NTP is a protocol for synchronizing the clocks of computers over a network. (Network Time Protocol) and NTP Network Time Protocol. NTP is a protocol for synchronizing the clocks of computers over a network. without authentication.

To synchronize the date and time on the nodes in a cluster with an NTP Network Time Protocol. NTP is a protocol for synchronizing the clocks of computers over a network. (Network Time Protocol) server.

The option to change the date and time for the Policy Manager cluster is available only on the publisher. subscriber nodes in a cluster will synchronize the date and time from the publisher. Users should be aware that ClearPass can time sync with any of the configured NTP Network Time Protocol. NTP is a protocol for synchronizing the clocks of computers over a network. servers in any order. It does not need to prefer the primary NTP Network Time Protocol. NTP is a protocol for synchronizing the clocks of computers over a network. server first and then the secondary as per configuration.

1. Log in to the publisher.

2. Navigate to the Administration > Server Manager > Server Configuration page.

3. Select the Set Date & Time link.

The Change Date and Time dialog opens.

Figure 1  Change Date and Time > Date & Time Tab

The Key ID, Key Value, and Algorithm parameters apply only when using authenticated NTP Network Time Protocol. NTP is a protocol for synchronizing the clocks of computers over a network.. If you are employing unauthenticated NTP Network Time Protocol. NTP is a protocol for synchronizing the clocks of computers over a network., you do not need to specify the NTP Network Time Protocol. NTP is a protocol for synchronizing the clocks of computers over a network. primary and secondary server parameters.

4. To add additional Secondary NTP Network Time Protocol. NTP is a protocol for synchronizing the clocks of computers over a network. servers, scroll down to see the Add More NTP Servers link:

Figure 2  Adding Additional NTP Servers

See Table 1 for configuration details on adding more NTP Network Time Protocol. NTP is a protocol for synchronizing the clocks of computers over a network. servers.

5. Specify the Date & Time parameters as described Table 1:

Table 1: Changing Date and Time Parameters

Parameter	Action/Description
Synchronize time with NTP Network Time Protocol. NTP is a protocol for synchronizing the clocks of computers over a network. server	To synchronize with a Network Time Protocol (NTP Network Time Protocol. NTP is a protocol for synchronizing the clocks of computers over a network.) server, enable this check box (enabled by default). Manually Setting the Date and Time NOTE: You can also specify the date and time for the cluster manually by disabling the Synchronize time with NTP server check box and entering the current date and time in the dialog provided:
Primary Server and Secondary Server
NTP Network Time Protocol. NTP is a protocol for synchronizing the clocks of computers over a network. Server	Specify the IP address or host name for the Primary NTP Network Time Protocol. NTP is a protocol for synchronizing the clocks of computers over a network. server and the Secondary NTP Network Time Protocol. NTP is a protocol for synchronizing the clocks of computers over a network. server. The IP address can be an IPv4 or IPv6 address.
Key ID	The Key ID must be in the range from 1 to 65535. NOTE: The Key ID should match Key ID configured for the NTP Network Time Protocol. NTP is a protocol for synchronizing the clocks of computers over a network. server. NOTE: Key ID applies only to authenticated NTP Network Time Protocol. NTP is a protocol for synchronizing the clocks of computers over a network..
Key Value	Key Value is a form of shared secret, which both the client and the Policy Manager server use for authenticating NTP Network Time Protocol. NTP is a protocol for synchronizing the clocks of computers over a network. messages. The Key Value ASCII American Standard Code for Information Interchange. An ASCII code is a numerical representation of a character or an action. string must start and end with one of the following characters: - (hyphen) ' (apostrophe) " (quotation mark) The Key Value can be: Up to a 20-character printable ASCII American Standard Code for Information Interchange. An ASCII code is a numerical representation of a character or an action. string Up to a 40-character hex value When entering an ASCII American Standard Code for Information Interchange. An ASCII code is a numerical representation of a character or an action. string for the Key Value, note that it cannot contain the following characters: & (ampersand) ; (semicolon) ` (grave accent) | (pipe) < (left angle bracket) > (right angle bracket) ( (left parenthesis) ) (right parenthesis) NOTE: Key Value applies only to authenticated NTP Network Time Protocol. NTP is a protocol for synchronizing the clocks of computers over a network..
Algorithm	ClearPass supports the SHA Secure Hash Algorithm. SHA is a family of cryptographic hash functions. The SHA algorithm includes the SHA, SHA-1, SHA-2 and SHA-3 variants. and SHA1 encryption types. If upgrading to ClearPass 6.11, keep in mind if there are any NTP Network Time Protocol. NTP is a protocol for synchronizing the clocks of computers over a network. servers configured with the SHA Secure Hash Algorithm. SHA is a family of cryptographic hash functions. The SHA algorithm includes the SHA, SHA-1, SHA-2 and SHA-3 variants. algorithm, the algorithm corresponding to those servers will be automatically changed to SHA1 as part of upgrade procedure. Only SHA1 is supported as a cluster NTP Network Time Protocol. NTP is a protocol for synchronizing the clocks of computers over a network. authentication algorithm going forward from ClearPass 6.11. NOTE: Algorithm applies only to authenticated NTP Network Time Protocol. NTP is a protocol for synchronizing the clocks of computers over a network..
Add More NTP Network Time Protocol. NTP is a protocol for synchronizing the clocks of computers over a network. Servers	You can configure up to five NTP Network Time Protocol. NTP is a protocol for synchronizing the clocks of computers over a network. servers. To add additional NTP Network Time Protocol. NTP is a protocol for synchronizing the clocks of computers over a network. servers: 1. Scroll to the bottom of the Change Date and Time configuration dialog. 2. Click the Add More NTP Servers link. 3. Specify the newly added Secondary NTP Server fields as needed. NOTE: Common Criteria Mode cannot be enabled if there are less than three NTP Network Time Protocol. NTP is a protocol for synchronizing the clocks of computers over a network. servers configured.

4. Click Save.

Restarting Policy Manager Services

Once you have saved the Date & Time configuration, you must restart Policy Manager services.

The Audit Viewer (Monitoring > Audit Viewer) tracks NTP Network Time Protocol. NTP is a protocol for synchronizing the clocks of computers over a network. configuration changes.

To restart Policy Manager services:

1. Navigate to Administration > Server Manager > Server Configuration.

2. Select the Policy Manager publisher.

3. From the Server Configuration page, select the Services Control tab.

Figure 3  Restarting Stopped Services

4. From the Action column, click Start for each service that needs to be restarted.

For each restarted service, the Start button is changed to Stop.

Specifying the Time Zone on the Publisher Node

To specify the time zone on the publisher:

1. From the publisher, click the Time Zone on Publisher tab.

The time zones are listed in alphabetical order.

Figure 4  Time Zone on Publisher Dialog

2. Select the time zone where the publisher resides, then click Save.

This option is available only on the publisher. To set the time zone on a subscriber node, select the specific server and set the time zone from the server-specific page.