Best in Class
Modern networks require accurate, secure, and reliable time services, as provided by the Microsemi SyncServer S600. The security-hardened S600 network time server is purpose-built to deliver exact hardware-based Network Time Protocol (NTP) timestamps. The unparalleled accuracy and security are rounded out with outstanding ease-of-use features for reliable network time services ready to meet user network and business operation needs today and in the future.
High Security and Capacity
The four standard GbE ports combined easily handle more than 10,000 NTP requests per second using hardware timestamping and compensation. All traffic to the S600 CPU is bandwidth-limited for protection against denial-of-service (DoS) attacks. For significantly more robust and secure NTP operations, enable the security-hardened NTP Reflector™ with 100% hardware-based NTP packet processing capable of 360,000 NTP requests per second. The Reflector also works with the CPU-protecting firewall, with bandwidth limiting all non-NTP traffic. Coupled with the Reflector
For significantly more robust and secure NTP operations, enable the security-hardened NTP Reflector™ with 100% hardware-based NTP packet processing capable of 360,000 NTP requests per second. The Reflector also works with the CPU-protecting firewall, with bandwidth limiting all non-NTP traffic. Coupled with the Reflector is DoS detection, notification, and protection against abnormally high network traffic. The NTP Reflector™ processes all packets at GbE line speed, thereby making it resistant to the level of network traffic that could be delivered in a DoS attack.
Security is an inherent part of the SyncServer S600 architecture. In addition to standard security features related to web interface hardening, NTP operations, and to server access, unsecured access protocols are deliberately omitted from the S600 while remaining services can be disabled. Advanced authentication services such as TACACS+, RADIUS, and LDAP are optionally available.
Timing and Design Reliability
The 72-channel GNSS receiver, coupled with Microsemi’s patented Active Thermal Compensation Technology, provides best-in-class timing accuracy of <15 ns RMS to UTC. Backstop this with a durable hardware design subjected to severe shock and vibration testing, and high-reliability components that extend the operating temperature range to –20 °C to 65 °C. Further, choose the dual power supply option with SNMP trap enabled monitoring to avoid time service interruptions. As with all Microsemi time servers, upgrading to a high-performance oscillator, such as a Rubidium atomic clock, keeps the S600 accurate for a long time in the event of a GNSS service disruption.
Leveraging Built-In Hardware
The SyncServer S600 includes additional built-in hardware features enabled through software license keys, such as the security-hardened NTP Reflector™, GLONASS/ BeiDou support, and IEEE1588 PTP operations. The SyncServer S600, the future of time server operations, today.
Four GbE Ports for Performance, Flexibility, and Security
The four GbE ports provide network configuration flexibility and enhanced security. Multiple isolated and synchronized time servers can also be configured.
The S600 has four dedicated and isolated GbE Ethernet ports, each equipped with NTP hardware timestamping. These are connected to a high-speed microprocessor with microsecond accurate timestamps to assure high-bandwidth NTP performance. This exceeds the need of servicing 10,000 NTP requests per second with no degradation in timestamp accuracy.
Multiple ports provide the flexibility to adapt to different network topologies as networks grow and change. An S600 can be the single time source to synchronize clients on different subnets and physical networks. There is only one-time reference, but it can appear as though there are four clocks available because each port is independent.
NTP can be served on all four ports. The highly secure web-based management interface is only available on port 1 so that administrators may choose to keep that IP address private and secure. Unique access control lists for each port can govern server response to client requests for time.
Intuitive, Secure, and Easy-to-Use Web Interface
The modern web interface is the primary control interface of the S600. Once the keypad and display bring the unit online, complete status and control functions are easily found via the well-organized left navigation menu.
At-a-glance dashboard presentation combined with the logical organization and intuitive controls that make configuring the S600 easy.
Standard Management Access Security
All of the expected network management protocols are standard in the S600. This includes mandatory password access, HTTPS/SSL only (using the high encryption cipher suite), SSH, access control lists, service termination, SNMPv2/v3, and NTP MD5 authentication. All traffic to the S600 CPU is bandwidth-limited for protection against DoS attacks. The local keypad on the server can be password protected to prevent tampering.
The SyncServer S600 can be seriously hardened from both an NTP perspective and an authentication perspective through the Security Protocol license option, which includes the security-hardened NTP Reflector.
- Operational Hardening— via the 360,000 NTP packet per second NTP Reflector™ with 100% hardware based NTP packet processing that also works with a CPU-protecting firewall by bandwidth limiting all non-NTP traffic. The Reflector also monitors packet flow for DoS detection and reporting, yet remains impervious to the level of network traffic as it operates at line speed.
- Authentication Hardening— is available for NTP client or server authentication through the NTP Autokey function or user access authentication via TACACS+, RADIUS, and LDAP. Third party CA-signed X.509 certificates are installable for further hardening of management access.
Unprecedented NTP Accuracy
The Stratum 1 level S600 derives nanosecond accurate time directly from the atomic clocks aboard the GNSS satellites. By using an integrated, 72-channel global navigation satellite system (GNSS) receiver, every visible satellite can be tracked and used to maintain accurate and reliable time. Even in urban canyon environments where direct satellite visibility can be limited, manually inputting the position can be sufficient to acquire accurate time even from a single intermittent satellite.
Ultra-High Performance NTP
The S600 can effortlessly support hundreds of thousands of network clients while maintaining microsecond-caliber NTP timestamp accuracy. NTP request throughput rates exceed 10,000 requests/second while maintaining NTP timestamp accuracy. If the Security License option is enabled, the NTP Reflector™ can process over 360,000 NTP requests per second with 15 ns caliber timestamp accuracy with the added benefit of security hardening the network port. This can easily translate into sub-millisecond typical NTP client synchronization accuracy on a LAN.
Peering and Holdover
If the GNSS reference signal is lost entirely, the S600 can automatically revert to retrieving time from other user designated internal or external network time servers. This technology, known as peering, prevents disruption of time service to the network, as the network administrator is notified immediately of the change in time reference status and stratum via SNMP. A popular adjunct to peering is letting the time server operate in holdover (also called free run or flywheel), where the clock in the time server is allowed to drift if the GNSS signal is lost. The user can specify how far to let the clock drift in terms of estimated time accuracy before reverting to peering. If the optional Rubidium atomic clock is installed, the S600 can flywheel for weeks and still be accurate to less than a millisecond.
Multi-GNSS Constellation Support for Enhanced Reliability
Timing integrity, continuity, and reliability can be improved with the multi-GNSS constellation license that adds support for GLONASS, BeiDou, and SBAS constellations in addition to the standard GPS constellation. With more satellites in view, timing performance can be improved in challenging environments, such as urban canyons. All SyncServer S600’s ship with GNSS hardware ready to be enabled with a software license.
Time Cross-Checking for Peace-of-Mind Reliability
The S600 can time cross-check GNSS against at least two other time servers. This protects against an improperly operating GNSS receiver that can subtly corrupt the time. It also serves as a form of spoofing protection.
IEEE1588 PTP Grandmaster
Applications demanding precise time accuracy can benefit from the IEEE1588 Precise Time Protocol (PTP). The S600 PTP Output license enables PTP grandmaster operations leveraging the built-in hardware timestamping on each LAN port of the S600. (See the SyncServer Options datasheet for more detail on the PTP Output option.)
Oscillator Upgrades Improve Holdover Accuracy and Save Valuable Time
The standard S600 is equipped with a crystal oscillator that keeps the S600 accurate to nanoseconds when tracking GNSS. However, if GNSS connectivity is lost, thereby placing the server in holdover, the oscillator will begin to drift and impact timing accuracy. Upgrading the oscillator improves the holdover accuracy significantly. For example, consider the following drift rates for the standard oscillator compared to the OCXO and Rubidium upgrades:
Oscillator Holdover Drift (1st 24 hours)
- Standard: 400 microseconds
- OCXO: 25 microseconds
- Rubidium: ≤1 microsecond
The value of the upgraded oscillator is that if the GNSS signal is lost, the S600 can continue to serve very accurate NTP time. This provides the IT staff plenty of time to correct the problem with no degradation or disruption in network time synchronization accuracy.
Serial Time Outputs
The dedicated data/timing port is provided to output NMEA-0183 or NENA PSAP strings. If NENA is selected, the serial console port also supports the two-way timing aspects of the standard. The F8 and F9 Microsemi legacy time strings are also available.