How sovereign can one be?
How far can one actually go, in terms of independence and sovereignty? Quite far!
As most readers know, at Tuxis we like doing things ourselves and being independent. So we can, for example, count the number of vendor devices that hold our customers’ data without any hands. And we select software where we are not dependent on the whims of the vendor. But we could do better.
Time is an important thing for a cloud environment. Ceph, which we frequently use, for instance, starts complaining at a difference of 0.05 seconds between servers. And if you have multiple servers talking to a database, it’s helpful if they all agree on what time it actually is.
Until last week, we at Tuxis used NTP servers in the ntppool.org pool. That is a collection of servers spread around the world from companies and hobbyists who make their own NTP server available to the internet. For a lot of applications, that’s fine, and pretty reliable. But well…. You can go further.
Thus we did!
We mounted our own NTP server in our data centre, with a GPS receiver on the roof. 18 satellites in space (ok, that’s a dependency), tell that NTP server exactly what time it is. Because the NTP server gets the time from so many sources, it can calculate the exact time for itself. And so, in our own network, we have a ‘Stratum-1’ NTP server. That is, a server that gets information about the time from a ‘Stratum-0’ source (GPS, and/or an atomic clock).
This Stratum-1 server ‘ntp.tuxis.nl’, then serves as the (primary, not the single) source for our NTP servers to which we talk to the rest of the servers; ntp1.tuxis.nl, ntp2.tuxis.nl and ntp3.tuxis.nl.
NTS
NTP is based on UDP, and is (thus) prone to Man-In-The-Middle-attacks. We don’t really like that, so we also chose to offer NTS. With NTS, NTP gets an encryption layer, and the connection is no longer over UDP, but over TCP. So if you use NTS to talk to ntp{1,2,3}.tuxis.nl, you can be sure that it is us that tells you what time it is.