/ #vsphere 

Why NTP should ALWAYS be configured and running on your ESXi hosts?

NTP is really easy to configure on vSphere, but is not always considered as important by people who are not synchronizing the time of their guests using VMware Tools. In fact, VMware even recommends to configure time synchronization within guests using w32time or _NTP_ instead of VMware Tools periodic time synchronization.

However, the VMware Tools time synchronization controls only whether time is periodically resynchronized while the virtual machine is running. Even if this synchronization is disabled, by default VMware Tools synchronizes the virtual machine’s time after a few specific events that are likely to leave the time incorrect.

This one-time synchronization is done by VMware Tools for specific events such as:

  • VMware Tools startup (including startup / reboot of the VM)

  • Snapshot operations (creation, resuming)

  • Resuming of suspend

  • vMotion

  • Shrink a virtual disk

These events synchronize time in the guest operating system with time in the host operating system even if VMware Tools periodic time sync is disabled, so it is important to make sure that the host operating system's time is correct.

So YES, NTP configuration is VERY important on vSphere hosts: snapshots and live migrations (vMotion) are likely to happen several times per day in a standard infrastructure.

Note: there is a way to totally disable Time Synchronization in KB 1189, but wait…why would you do that? 

NTP Configuration in vSphere Web Client

NTP Configuration in vSphere Web Client

VMware vSphere NTP Configuration

VMware vSphere NTP Configuration

Imagine the following scenario:

  1. NTP is not configured on a vSphere host / NTP service did not start
  2. The time is completely shifted (several minutes, or even several hours)
  3. A virtual machine is migrated to that host
  4. Time of the guest is synchronized with the host after the migration

I had a customer once that experienced that scenario with a Domain Controller and a 2 hours drift: I let you guess the mess that resulted with the time in the domain, login problems, etc.

If you are not sure how to configure timekeeping in your guests or NTP on vSphere hosts, check these KBs:

Another excellent reading is Fabio’s article, SDDC Fundamentals: NTP Infrastructure Design.

Author

Romain

Staff Architect & Member of the CTO Ambassador Program at VMware, focusing on NSX and Cloud-Native Applications. He is a double VCDX (DCV and NV, #120), VCDX panelist, frequent VMUG and VMworld speaker and contributor to the community via this blog or social media (follow him on Twitter @woueb).