I would recommend using PTP on all clouds. The accuracy is more than 10x to NTP. It consumes less CPU. It does not use network traffic and thus can not be attacked, even if UDP is open to internet or if network stack is under DoS.
All clouds except AWS is easy: just `modprobe ptp_kvm` and point chrony at /dev/ptp0
On AWS it depends on instance type: some older do not support it at all, some support it via the network driver, some via the kvm PTP driver.
NTS requires both ends. More public NTS servers help, but the installed base of plain NTP clients, routers and embedded systems that will never get a firmware update, keeps unauthenticated NTP as the default regardless.. every government that funds an atomic clock could run an authenticated public time service. Almost none have.
Huston is one of the few people who makes leap second arithmetic readable.
I would recommend using PTP on all clouds. The accuracy is more than 10x to NTP. It consumes less CPU. It does not use network traffic and thus can not be attacked, even if UDP is open to internet or if network stack is under DoS.
All clouds except AWS is easy: just `modprobe ptp_kvm` and point chrony at /dev/ptp0
On AWS it depends on instance type: some older do not support it at all, some support it via the network driver, some via the kvm PTP driver.
NTS is basically stateless authenticated time, which is a much bigger deal than just "secure NTP".
NTS requires both ends. More public NTS servers help, but the installed base of plain NTP clients, routers and embedded systems that will never get a firmware update, keeps unauthenticated NTP as the default regardless.. every government that funds an atomic clock could run an authenticated public time service. Almost none have.
Huston is one of the few people who makes leap second arithmetic readable.