Reset the ComplianceClock for an NTP-configured system

Contributors

When the SnapLock secure clock daemon detects a skew beyond the threshold, the system time is used to reset both the system and volume ComplianceClocks.

What you’ll need
  • This feature is available only at the advanced privilege level.

  • You must be a cluster administrator to perform this task.

  • The SnapLock license must be installed on the node.

  • This feature is available only for Cloud Volumes ONTAP, ONTAP Select, and VSIM platforms.

About this task

When the SnapLock secure clock daemon detects a skew beyond the threshold, the system time is used to reset both the system and volume ComplianceClocks. A period of 24 hours is set as the skew threshold. This means that the system ComplianceClock is synchronized to the system clock only if the skew is more than a day old.

The SnapLock secure clock daemon detects a skew and changes the ComplianceClock to the system time. Any attempt at modifying the system time to force the ComplianceClock to synchronize to the system time fails, since the ComplianceClock synchronizes to the system time only if the system time is synchronized with the NTP time.

Steps
  1. Enable the SnapLock ComplianceClock time synchronization feature when an NTP server is configured:

    snaplock compliance-clock ntp

    The following command enables the system ComplianceClock time synchronization feature:

    cluster1::*> snaplock compliance-clock ntp modify -is-sync-enabled true
  2. When prompted, confirm that the configured NTP servers are trusted and that the communications channel is secure to enable the feature:

  3. Check that the feature is enabled:

    snaplock compliance-clock ntp show

    The following command checks that the system ComplianceClock time synchronization feature is enabled:

    cluster1::*> snaplock compliance-clock ntp show
    
    Enable clock sync to NTP system time: true