Security Policy and Public NTP Servers on Enterprise Agents
ThousandEyes Enterprise Agents require a source of accurate time in order to provide the correct timestamps on collected data. Accurate time is provided by configuring an Enterprise Agent to use one or more Network Time Protocol (NTP) servers. By default, the ThousandEyes Appliance (Virtual Appliance and Physical Appliance) is configured to use publicly available NTP servers provided by the NTP Pool Project (e.g. "0.ubuntu.pool.ntp.org"). Linux distributions used to host the Enterprise Agent Linux package may also have default public NTP servers configured.
For customers with heightened security requirements, use of a public or 3rd-party service such as the NTP Pool Project's servers may not be acceptable. To meet those requirements, the Enterprise Agents should use the organization's own NTP servers. Organizations with such requirements typically provide internal NTP resources, given that other commonly used tools such as logging or security information and event management (SIEM) software also require highly accurate timestamps. Microsoft Active Directory servers usually provide NTP services, and internet service providers (ISPs) typically include NTP time synchronization in their service offering. Customers installing Enterprise Agents in highly secure environments should consult with their Information Security or Network teams to determine a source of time via NTP which meets the organization's security policies.
Note that use of the default configuration of NTP Pool Project servers does not produce a static set of servers. Rather, the servers used will typically change over time, within a given set of servers. See the How do I use pool.ntp.org? section of the NTP Pool Project website for more details. Customers may configure an Enterprise Agent using IP addresses rather than DNS domain names, but this approach does counteract the NTP Pool Project's policy to distribute load across the servers which have been donated to the project (the Project does not own the majority of NTP servers, but rather uses servers volunteered by other parties--servers which may provide other, unrelated services). ThousandEyes recommends using an organization's own resources or that of a trusted 3rd-party (such as the organization's ISP) if the guidelines of the NTP Pool Project are not acceptable.