Yes, the main reason behind the requirement is probably the traceability
to UTC of the stratum 0 used by the server : NIST servers are traceable
to UTC, which is (formally) not the case for a server with a GNSS
as stratum 0.
In case NIST servers are hard to reach, a metrologically defendable fallback
could be to use ntp servers from another national metrology institute
which would provide the same traceability to UTC.
From the US, servers operated by the NRC in Canada is the most
sensible (geographically speaking) option, and those servers
have the same traceability status as NIST servers.
https://www.nrc-cnrc.gc.ca/eng/services/time/network_time.html
Just log the reason why you pick a server outside the US, locate
and log the page on the NRC site stating the traceability to UTC
of their time servers and Bob's your uncle ; thats enough to prove
that you have taken the issue seriously and have taken the appropriate
steps to ensure both your requirements and the traceability concern.
In Europe, picking a server operated by for example PTB in Germany,
OP (Syrte) in France, NPL in the UK and so on would do the job.
On Fri, 1 Feb 2019, Jason Rabel wrote:
Yes, this is a common PITA. FINRA and/or SEC getting onto you?
They are still "defining" the regulation, but the current idea is rather silly.
Many of the NIST servers are run out of the University of Colorado and
are single home with CenturyLink. Congestion and/or other network
issues causes false alarms all the time.
I don't know anything about the financial regulations, but what about
having a local GNSS or cellular based S1 NTP (or PTP) server? You will
gain an order of magnitude in accuracy syncing to a LAN source vs
traversing the Internet. Or possibly using the USNO NTP servers? I
suppose if it *has* to be traceable to NIST (which operates
independently of USNO/GPS) you could get a WWVB based NTP server. NIST
& USNO are generally less than 10 ns difference from each other, which
for NTP over ethernet the best you are going to get is in the ms range
so it's technically a non-issue.
IMHO, if FINRA is going to require something like that, then NIST should
provide hardened NTP/PTP services at major peering/colocation facilities.
Or use existing facilities at other major universities around the
country that could also benefit from having extra local NIST-synced
atomic standards.
I've often wondered why they don't have multiple network providers at
their two existing facilities, having a single point of failure seems
awfully ironic seeing as how they have dozens of atomic clocks and
servers in the facility... lol.
Though one has to remember this is also a very tiny part of overall
NIST. IIRC last time I saw NIST's 2019 budget figures they were taking
a pretty sizable cut in funding across the board, so expanding
services is probably out of the question unless it's deemed critical
for national security or something (Which I would think would still
fall under USNO & GPS before NIST).
Jason
_______________________________________________
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
--
François Meyer
_______________________________________________
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
