Configuring the date and time
You set the date and time in the Administration > System Settings: Date/Time page.
You can either set the system date and time by entering it manually or by assigning an NTP server to the SteelHead Interceptor. By default, the appliance uses the Riverbed-provided NTP server:
• 0.riverbed.pool.ntp.org
• 1.riverbed.pool.ntp.org
• 2.riverbed.pool.ntp.org
• 3.riverbed.pool.ntp.org
For more details, the SteelHead User Guide.
To configure the date and time
1. Choose Administration > System Settings: Date/Time to display the Date/Time page.
2. Under Date and Time, complete the configuration as described in this table.
Control | Description |
Time Zone | Select the time zone from the drop-down list. The default is US/Pacific. If you change the time zone, log messages retain the old time zone until you reboot the system. |
Set Time Manually | Select this option to set the time manually. • Change Date—Specify the Change Date. Use this format: yyyy/mm/dd • Change Time—Specify the Change Time. Use this format: hh:mm:ss |
Use NTP Time Synchronization | Select this option to use NTP time synchronization. As a best practice, configure your own internal NTP servers; however, you can use the Riverbed-provided NTP server and public NTP servers. The hard coded IP address that is preconfigured into every SteelHead Interceptor is 208.70.196.25. This IP address and the public NTP servers are enabled by default and appear in the requested NTP server list. |
3. Click Apply to apply the settings to the current configuration.
4. Click Save to save your settings permanently.
Current NTP server status
NTP server state information appears in these server tables:
• Requested NTP server table—Displays all of the configured NTP server addresses.
• Connected NTP server table—Displays all of the servers to which the SteelHead is actually connected.
When you request a connection to an NTP server in a public NTP server pool, the server IP address does not map to the actual NTP server to which the SteelHead Interceptor connects. For example, if you request *.riverbed.pool.ntp.org, querying the pool address does not return the IP address of the pool hostname, but instead returns the IP address of an NTP server within its pool. For example, when resolving 0.riverbed.pool.ntp.org returns the first NTP server, the connected NTP server table displays the IP address of this first NTP server.
This information appears after an NTP server name:
• Authentication information; unauthenticated appears after the server name when it is not using authentication.
• When RiOS has no NTP information about the current server, nothing appears.
NTP authentication
NTP authentication verifies the identity of the NTP server sending timing information to the SteelHead Interceptor. MD5-based Message-Digest Algorithm symmetric keys and Secure Hash Algorithm (SHA1) for NTP authentication are supported.
MD5 is a widely used cryptographic hash function that produces a 128-bit (16-byte) hash value. SHA1 is a set of related cryptographic hash functions. SHA1 is considered to be the successor to MD5.
NTP authentication is optional.
• Configuring NTP authentication involves these steps that you can perform in any order:
• Configure a key ID and a secret pair.
• Configure the key type.
• Configure the NTP server with the key ID.
NTP servers
The default NTP configuration points to the Riverbed-provided NTP server IP address 208.70.196.25 and these public NTP servers:
• 0.riverbed.pool.ntp.org
• 1.riverbed.pool.ntp.org
• 2.riverbed.pool.ntp.org
• 3.riverbed.pool.ntp.org
We recommend synchronizing the SteelHead to an NTP server of your choice.
To add a new NTP server
1. Choose Administration > System Settings: Date/Time to display the Date/Time page.
2. Under Requested NTP Servers, complete the configuration as described in this table.
Control | Description |
Add a New NTP Server | Displays the controls to add a new NTP server. |
Hostname or IP Address | Specify the hostname or IP address for the NTP server. |
Version | Select the NTP server version from the drop-down list: 3 or 4. |
Enabled/Disabled | Select Enabled from the drop-down list to enable the connection to the NTP server. Select Disabled from the drop-down list to disable the connection to the NTP server. |
Key ID | Specify the MD5 key identifier to use to authenticate the NTP server. The valid range is from 1 to 65534. The key ID must be on the trusted keys list. |
Add | Adds the NTP server to the server list. |
Remove Selected | Select the check box next to the name and click Remove Selected. |
NTP authentication keys
NTP authentication uses a key and a shared secret to verify the identity of the NTP server sending timing information to the SteelHead Interceptor. RiOS encrypts the shared secret text using MD5 or SHA1, and uses the authentication key to access the secret.
To add a new NTP authentication key
1. Choose Administration > System Settings: Date/Time to display the Date/Time page.
2. Under NTP Authentication Keys, complete the configuration as described in this table.
Control | Description |
Add a New NTP Authentication Key | Displays the controls to add a new NTP authentication key. Both trusted and untrusted keys appear in the list. |
Key ID | Specify the secret MD5 key identifier for the NTP peer or server. The valid range is from 1 to 65534. |
Key Type | Select the authentication key type: MD5 or SHA1. |
Secret | Specify the shared secret. You must configure the same shared secret for both the NTP server and the NTP client. The MD5 shared secret has these characteristics: • Is limited to 16 alphanumeric characters or less, or exactly 40 hexadecimal characters. • Cannot include spaces or a pound (#) sign. • Cannot be empty. • Is case sensitive. The SHA1 shared secret has these characteristics: • Is limited to exactly 40 hexadecimal characters. • Cannot include spaces or a pound (#) sign • Cannot be empty. • Is case sensitive. The secret appears in the key list as its MD5 or SHA1 hash value. |
Add | Adds the authentication key to the list. |
Remove Selected | Select the check box next to the name and click Remove Selected. |
After you apply your settings, you can verify whether changes have had the desired effect by reviewing related reports. When you have verified appropriate changes, you can write the active configuration that is stored in memory to the active configuration file (or click Save As to save as any filename you choose).
NTP key information
NTP keys appear in a list that includes the key ID, type, secret (displays as the MD5 or SHA1 hash value), and whether RiOS trusts the key for authentication.
You can only remove a key from the trust list using the CLI command ntp authentication trustedkeys. For details, see the Riverbed Command-Line Interface Reference Manual.