Recent Control & Safety Systems Discussions
Similar Posts
Configuring remote external NTP time synchronization on DeltaV System
GPS NTP Server for 14.3.1
NTP Server IP address
Remote Stratum-1 NTP Time Server Accuracy and SOE cards
MES DCS System setup with multiple DeltaV domain & Single External Domain Server
Share

External NTP Server

How do I get my App Station to see the external NTP Server?

- DeltaV System is V14.3.0

- We have an Emerson Smart Firewall between the DeltaV network and the Plant LAN

- The Smart Firewall is able to see the external NTP Server and synchronize its time

- There is an IDDC (Independent DeltaV Domain Controller); we had to do this because App Station Historian is Advanced Continuous Historian, so it couldn't be backup DC

- ProPlus is backup DC

- I have the Remote Network enabled on the App Station, and the external time server I want is entered as the Master Time Server

- The App Station is the Master Time Server for the DeltaV Physical Network

But it doesn't work. What have I missed?

- Bryce H. Elliott, P.E.

Bryce Elliott

4 Replies

  • Invalid String
    This sounds like it would certainly be in the setup of the smart firewall.
    You can define inbound and outbound rules between internal and external hosts.
    I would try setting up an outbound rule first which allows the AppStation to communicate with the external host (NTP IP) and set the application as NTP.


    The second part would be to make sure the AppStation knows to use the firewall as its gateway. This can be done by setting the firewall IP as the default gateway or by using a static route to only direct NTP destined queries to the firewall.
  • Bryce Elliott

    In reply to Invalid String:

    Thank you.
    I think it is using the firewall as the gateway. Every 8 seconds in the firewall log, I see something like:
    Aug 20 11:55:19 EmersonSmartFirewall kernel: [7553420.971164] Allowed: IN=eth1 OUT=eth0 MAC=b4:2e:99:af:73:de:20:04:0f:f4:d4:aa:08:00 SRC=192.168.1.13 DST=40.119.6.228 LEN=76 TOS=0x00 TTL=127 ID=1512 PROTO=UPD SPT=123 DPT=123 LEN=56

    So, it looks like it's trying, and it looks like the firewall is allowing the outbound request, but somehow it doesn't update the time.

    - Bryce H. Elliott, P.E.

  • knucklhead90

    In reply to Bryce Elliott:

    Sounds like the NTP server cannot reach the app station. You may need to put a persistent route in the ntp server so it knows how to get back to the app station via the firewall. We have a similar setup and this is what we had to do. The ntp server is an appliance, but it still allowed us to put in a route back to the app station.
  • Bryce Elliott

    In reply to knucklhead90:

    I gave this information to IT, and 4 actions were taken:
    1. Changed NTP server from one on the Internet to one internal to the Plant LAN.
    2. Enabled the NTP server function on that server.
    3. Made sure the persistent routes were enabled (they already were for that server, but that is apparently necessary).
    4. Changed the firewall rule for the modified NTP server destination.

    And now we're synchronized with the corporate network time, so when we look at history, we're all looking at the same thing.

    Thanks for the help!

    - Bryce H. Elliott, P.E.

This is the official online community site of the Emerson Global Users Exchange, a forum for the free exchange of non-proprietary information among the global user community of all Emerson Automation Solution's products and services. Our goal is to improve the efficiency and use of automation systems and solutions employed at members’ facilities by sharing our knowledge, experiences, and application information.

User Groups | World Areas | Community Guidelines | Legal Information | Privacy Policy | Contact Community Manager

Website translation provided by Website Translator

© 2015-2022 Emerson Global Users Exchange. All rights reserved.