[cvsnt] Virtual Machines

Tony Hoyle tony.hoyle at march-hare.com
Thu Dec 6 16:52:49 GMT 2007

Peter Crowther wrote:
> Sync is variable, depending on how much the clock drifts (see
> http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws03mngd/26_s3wts.mspx
> for some of the gory details).  That said, I've seen VMs where the
> clocks are 5% adrift - drifting by 3 seconds per minute.  Even the
> lowest automated options for the Windows time service have issues
> dealing with that, as they simply can't move the clock by enough to

VMs should never drift - the two technologies that I have experience of 
(VMWare and Xen) the clock is held in lockstep with the host, so as long 
as the host is correct all the VMs will be too.

In VMware it can drift slightly because the clock is only re-locked 
about once a minute (which is really confusing if you forget and set the 
VM time rather than the host time and wonder why it's changed back again 
a few seconds later).

Kerberos authentication can handle clocks being about 5 minutes out 
before it stops authenticating, which is generally fine for a standard 
LAN even without a common timeserver (although it's still a good idea).


More information about the cvsnt mailing list