Windows Server 2019 tweaked to stop it getting clock-blocked
Leap seconds issue solved, but without segmented smearing
Microsoft Windows Server 2019, coming later this year, will include UTC-compliant leap second support, both for added and subtracted time. But there will be no smearing.
Since 1972, leap seconds have been added to Coordinated Universal Time (UTC) to compensate for divergence with mean solar time (UT1) – which slows with the Earth's rotation – and International Atomic Time (TAI) – an average of atomic clocks that's presently 37 seconds ahead of UTC. Leap seconds serve to keep the gap between UTC and UT1 at less than 0.9 seconds.
To date, there have been 27 leap seconds added – when clocks show 23:59:60 rather than rolling over to 00:00:00 after 23:59:59. The other 10 seconds arrived as a bulk adjustment in 1972.
There's never been a leap second subtracted – when a clock would go from 23:59:58 to 00:00:00, dropping 23:59:59 entirely. But Microsoft has included support for negative leap seconds just in case. (This seems like the sort of obscure capability that could form the basis for an interesting financial market hack.)
In a blog post, Dan Cuomo, a member of the Windows Core Networking team, suggests the time handling refinements follow from regulations in the US (FINRA) and the EU (ESMA/MiFIDII) that demand accuracy within 100 microseconds.
Rules requiring greater accuracy means leap second smearing – by which leap seconds are sliced into pieces and added gradually throughout the day – isn't a suitable option in some contexts. For what it's worth, Google supports leap second smearing with its Network Time Protocol (NTP) servers.
According to Cuomo, leap second smearing has an error of about ±0.5 seconds with respect to UTC, which falls short of modern regulatory demands. So it's not supported in Windows Server 2019.
Regulations, regulations, regulations
Windows Server 2016 included one millisecond time accuracy, which met some regulatory requirements at the time. Windows Server 2019 promises further improvement with compliant leap second support, greater accuracy – through a new Precision Time Protocol (PTP), Software Timestamping and Clock Source Stability – and traceability in the form of logs and performance counters.
NTP, explains Cuomo, remains the default time synchronization mechanism in Windows, but it has a shortcoming, namely dealing round-trip delays (latency) in an asymmetric network.
'Leap year' bug drives TomTom satnav users up the wallREAD MORE
PTP (IEEE 1588v2) is intended for customers with stringent time accuracy requirements. "PTP enables network devices to add the latency introduced by each network device into the timing measurements thereby providing a far more accurate time sample to the endpoint (Windows Server 2019 or Windows 10, host or virtual machine)," Cuomo said.
In furtherance of timing accuracy in Windows Server 2019, Software Timestamping adds timestamps to timing packets before and after they're processed by Windows networking components, because these components can add delays of anywhere from 30 to 200 microseconds. Armed with this information, corrections can be made.
Then there's Clock Source Stability, a way of improving the accuracy of the system clock over time. For Windows Server 2019, that involves taking multiple time samples, deleting the outliers, and "disciplining the clock" to maintain closer sync with the time server.
According to Cuomo, Microsoft's partner Sync-N-Scale measured a pre-release version of Windows Server 2019 over 3.5 days and found its MIN Time Offset exhibited only 41 microseconds root mean square (RMS) divergence from UTC.
And to ensure traceability, Windows Server 2019 supports additional log events that allow admins to delve into whether system clocks were altered, whether the clock frequency was modified, and whether the Windows Time service configuration was changed.
"Previous time accuracy requirements were lax by today’s standards," said Cuomo. "Now regulated industries have much more stringent accuracy requirements but accuracy alone is not enough – Your systems must also be traceable."
And disciplined. ®
Sponsored: Becoming a Pragmatic Security Leader