What is NTP
NTP (Network Time Protocol) is a networking protocol that synchronises the clocks of computers and devices over a network to a reference time source (UTC). It runs over UDP port 123 and can achieve accuracy within a few milliseconds over the internet — and sub-millisecond on local networks.
Every server and device has an internal clock. Without NTP those clocks drift — running slightly fast or slow — and over days they can diverge by minutes. NTP silently corrects this drift in the background, continuously.
Think of NTP like a building full of clocks. Without someone setting them, each clock drifts at its own rate. NTP is the central clock-setter — it quietly walks around adjusting every clock so they all agree on the exact same time.
Why Time Accuracy Matters in Enterprise
You might think a clock being a few minutes off is harmless. In enterprise environments, it isn’t. Accurate, synchronised time is a foundational requirement for nearly every critical system.
🔐 Kerberos Authentication
Active Directory uses Kerberos as its default authentication protocol. Kerberos has a hard-coded 5-minute clock skew tolerance. If a client’s clock differs from the Domain Controller by more than 5 minutes, authentication fails completely — logins, mapped drives, Group Policy and application access all break simultaneously.
Real-World Impact
A clock drift of just 6 minutes can lock every user out of their Windows account across the entire organisation, at the same time. This is one of the most common causes of mass authentication failures in enterprise environments.
📋 Audit Logs & Compliance
When a security incident occurs, investigators correlate log entries from dozens of servers. If server clocks disagree, log entries appear out of order — making it impossible to reconstruct the sequence of events. Regulators (HIPAA, PCI-DSS, SOX) require accurate, tamper-proof timestamps on all audit records.
📁 Replication & Databases
Distributed systems — AD replication, database clusters, file sync tools — use timestamps to decide which version of data is the most recent. Incorrect clocks cause the wrong version to “win,” leading to data corruption or loss.
🔒 Certificates & Encryption
TLS/SSL certificates have a validity window. If a server’s clock is wrong, valid certificates appear expired — breaking HTTPS, internal APIs, and encrypted communications.
The Stratum Hierarchy
NTP is organized in a layered hierarchy called strata. Each stratum represents how many “hops” away a device is from a physical reference clock. The lower the stratum number, the more accurate — and authoritative — the time source.
In a well-designed enterprise, only your internal NTP servers (Stratum 2) should reach out to the internet. Everything else syncs internally. This keeps time accurate, reduces external dependencies, and passes security audits.
