Orolia SecureSync 1200 Time and Frequency Synchronization System Product Manual

Add to my manuals
621 Pages

advertisement

Orolia SecureSync 1200 Time and Frequency Synchronization System Product Manual | Manualzz

SecureSync

1200

MODEL

User Manual

Document Part No.: 1200-5000-0050

Revision: 31

Date: 5-March-2021

orolia.com

© 2021 Orolia. All rights reserved.

The information in this document has been carefully reviewed and is believed to be accurate and up-todate. Orolia assumes no responsibility for any errors or omissions that may be contained in this document, and makes no commitment to keep current the information in this manual, or to notify any person or organization of updates. This User Reference Guide is subject to change without notice. For the most current version of this documentation, please see our web site at orolia.com

.

Orolia reserves the right to make changes to the product described in this document at any time and without notice. Any software that may be provided with the product described in this document is furnished under a license agreement or nondisclosure agreement. The software may be used or copied only in accordance with the terms of those agreements.

End-user customers of Orolia products may, without the need for a written license from Orolia, reproduce and modify any Orolia product documentation accompanying such products, for distribution within their organization in order to use the products.

Orolia authorized partners, systems integrators, government contractors, and other similarly- situated third-party installers may, without the need for a written license from Orolia, reproduce Orolia product documentation (including media type changes) and create derivative works thereof in the form of compilations, for distribution to their end-users.

Except as described above, no part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or any means electronic or mechanical, including photocopying and recording for any purpose without the written permission of Orolia.

Other products and companies referred to herein are trademarks or registered trademarks of their respective companies or mark holders.

Orolia USA, Inc.

• 45 Becker Road, Suite A, West Henrietta, NY 14586 USA

• 3, Avenue du Canada, 91974 Les Ulis, France

The industry-leading Spectracom products you depend on are now brought to you by Orolia, the global leader in Resilient Positioning, Navigation and Timing Solutions.

Do you have questions or comments regarding this User Reference Guide?

è E-mail: [email protected]

Warranty Information

See the website: http://www.orolia.com/support/spectracom/warranty-information for a copy of

Orolia's Limited Warranty policy.

SecureSync 1200 User Reference Guide I

Blank page.

II SecureSync 1200 User Reference Guide

CHAPTER 1

Product Description

1.1 Getting Started

1.2 SecureSync Introduction

1.2.1 SecureSync's Inputs and Outputs

1.3 SecureSync Front Panel

1.3.1 Front Panel Keypad, and Display

1.3.1.1 Using the Keypad

1.3.1.2 Navigating the Front Panel Display

1.3.2 Status LEDs

1.4 Unit Rear Panel

1.5 Option Cards

1.5.1 Option Cards Overview

1.5.2 Option Card Identification

1.5.2.1 Option Card Identification by ID/Part Number

1.5.3 Option Card Connectors

1.6 The SecureSync Web UI

1.6.1 The Web UI HOME Screen

1.6.2 The INTERFACES Menu

1.6.3 The Configuration MANAGEMENT Menu

1.6.4 The TOOLS Menu

1.7 Specifications

1.7.1 Input Power

1.7.1.1 Fuses

1.7.2 GNSS Receiver

1.7.3 RS-232 Serial Port (Front Panel)

1.7.4 10/100 Ethernet Port

1.7.5 Protocols Supported

1.7.6 1PPS Output

1.7.7 10 MHz Output

1.7.7.1 10 MHz Output — Oscillator Phase Noise (dBc/Hz)

7

9

10

14

14

17

3

4

4

5

6

22

22

24

25

25

27

23

23

24

24

18

18

19

20

21

1

2

2

3

SecureSync 1200 User Reference Guide • TABLE OF CONTENTS III

IV

1.7.8 Mechanical and Environmental Specifications

1.8 Regulatory Compliance

CHAPTER 2

SETUP

2.1 Overview

2.1.1 Main Installation Steps

2.2 Unpacking and Inventory

2.3 Required Tools and Parts

2.3.1 Required GNSS Antenna Components

2.4 SAFETY

2.5 Mounting the Unit

2.5.1 Rack Mounting

2.6 Connecting Supply Power

2.6.1 Power Source Selection

2.6.2 Using AC Input Power

2.6.3 Using DC Input Power

2.7 Connecting the GNSS Input

2.8 Connecting Network Cables

2.9 Connecting Inputs and Outputs

2.10 Powering Up the Unit

2.11 Setting up an IP Address

2.11.1 Dynamic vs. Static IP Address

2.11.2 Assigning a Static IP Address

2.11.2.1 Setting Up an IP Address via the Front Panel

2.11.2.2 Setting Up a Static IP Address via a DHCP Network

2.11.2.3 Setting Up an IP Address via the Serial Port

2.11.2.4 Setting up a Static IP Address via Ethernet Cable

2.11.3 Subnet Mask Values

2.12 Accessing the Web UI

2.13 Configure Network Settings

2.13.1 General Network Settings

2.13.2 Network Ports

2.13.3 Network Services

27

28

31

34

38

38

40

40

40

41

44

44

45

46

32

32

33

34

34

54

56

58

59

63

47

48

48

49

51

52

53

54

SecureSync 1200 User Reference Guide • TABLE OF CONTENTS

2.13.4 Static Routes

2.13.5 Access Rules

2.13.6 HTTPS

2.13.6.1 Accessing the HTTPS Setup Window

2.13.6.2 About HTTPS

2.13.6.3 Supported Certificate Formats

2.13.6.4 Creating an HTTPS Certificate Request

2.13.6.5 Adding HTTPS Subject Alternative Names

2.13.6.6 Requesting an HTTPS Certificate

2.13.6.7 Uploading an X.509 PEM Certificate Text

2.13.6.8 Uploading an HTTPS Certificate File

2.13.7 SSH

2.13.8 SNMP

2.13.8.1 SNMP V1/V2c

2.13.8.2 SNMP V3

2.13.8.3 SNMP Traps

2.13.9 System Time Message

2.13.9.1 System Time Message Format

2.14 Configure NTP

2.14.1 Checklist NTP Configuration

2.14.2 The NTP Setup Screen

2.14.3 Dis-/Enabling NTP

2.14.4 Viewing NTP Clients

2.14.5 Restoring the Default NTP Configuration

2.14.6 NTP Output Timescale

2.14.7 NTP Reference Configuration

2.14.7.1 The NTP Stratum Model

2.14.7.2 Configuring "NTP Stratum 1" Operation

2.14.7.3 Configuring "NTP Stratum Synchronization"

2.14.8 NTP Servers and Peers

2.14.8.1 The NTP Servers and NTP Peers Panels

2.14.8.2 NTP Servers: Adding, Configuring, Removing

2.14.8.3 NTP Peers: Adding, Configuring, Removing

2.14.9 NTP Authentication

2.14.9.1 NTP Autokey

2.14.9.2 NTP: Symmetric Keys (MD5)

2.14.10 NTP Access Restrictions

SecureSync 1200 User Reference Guide • TABLE OF CONTENTS

105

106

107

107

109

111

113

115

115

121

124

98

98

99

101

102

103

103

105

90

92

94

96

97

64

66

67

67

69

69

70

73

74

76

77

78

86

V

VI

2.14.11 Enabling/Disabling NTP Broadcasting

2.14.12 NTP over Anycast

2.14.12.1 Configuring NTP over Anycast (General Settings)

2.14.12.2 Configuring NTP over Anycast (OSPF IPv4)

2.14.12.3 Configuring NTP over Anycast (OSPF IPv6)

2.14.12.4 Configuring NTP over Anycast (BGP)

2.14.12.5 Configuring Anycast via NTP Expert Mode

2.14.12.6 Testing NTP over Anycast

2.14.13 NTP Orphan Mode

2.14.14 Host Disciplining

2.14.14.1 Enabling Host Disciplining

2.14.15 NTP Expert Mode

2.14.16 Orolia Technical Support for NTP

2.15 Configuring Input References

2.16 Configuring Outputs

2.16.1 The Outputs Screen

2.16.2 The 1PPS and 10 MHz Outputs

2.16.2.1 Configuring a 1PPS Output

2.16.2.2 Configuring the 10 MHz Output

2.16.3 Configuring Optional Outputs

2.16.4 Network Ports

2.16.5 Signature Control

CHAPTER 3

Managing Time

3.1 The Time Management Screen

3.2 System Time

3.2.1 System Time

3.2.1.1 Configuring the System Time

3.2.1.2 Timescales

3.2.1.3 Manually Setting the Time

3.2.1.4 Using Battery Backed Time on Startup

3.2.2 Timescale Offset(s)

3.2.2.1 Configuring a Timescale Offset

3.2.3 Leap Seconds

3.2.3.1 Reasons for a Leap Second Correction

3.2.3.2 Leap Second Alert Notification

141

142

142

144

145

146

146

147

147

126

127

128

129

130

131

132

135

135

136

137

138

140

149

150

151

152

152

153

155

157

159

159

160

160

161

SecureSync 1200 User Reference Guide • TABLE OF CONTENTS

3.2.3.3 Leap Second Correction Sequence

3.2.3.4 Configuring a Leap Second

3.2.4 Local Clock(s), DST

3.2.4.1 Adding a Local Clock

3.2.4.2 DST Examples

3.2.4.3 DST and UTC, GMT

3.3 Managing References

3.3.1 Input Reference Priorities

3.3.1.1 Configuring Input Reference Priorities

3.3.1.2 The "Local System" Reference

3.3.1.3 The "User/User" Reference

3.3.1.4 Reference Priorities: EXAMPLES

3.3.2 Reference Qualification and Validation

3.3.2.1 Reference Monitoring: Phase

3.3.2.2 Interference Detection and Mitigation (IDM Suite)

3.3.3 BroadShield Alarm

3.3.4 BroadShield Web UI Monitoring

3.3.5 The GNSS Reference

3.3.5.1 Reviewing the GNSS Reference Status

3.3.5.2 Determining Your GNSS Receiver Model

3.3.5.3 Selecting a GNSS Receiver Mode

3.3.5.4 Setting GNSS Receiver Dynamics

3.3.5.5 Performing a GNSS Receiver Survey

3.3.5.6 GNSS Receiver Offset

3.3.5.7 Resetting the GNSS Receiver

3.3.5.8 Deleting the GNSS Receiver Position

3.3.5.9 Manually Setting the GNSS Position

3.3.5.10 GNSS Constellations

3.3.5.11 A-GPS

3.4 Holdover Mode

3.5 Managing the Oscillator

3.5.1 Oscillator Types

3.5.2 Configuring the Oscillator

3.5.2.1 Time Figure of Merit (TFOM)

3.5.3 Monitoring the Oscillator

3.5.4 Oscillator Logs

SecureSync 1200 User Reference Guide • TABLE OF CONTENTS

167

167

168

172

173

175

178

178

180

185

186

190

191

195

198

200

202

204

205

206

208

211

214

161

162

163

163

165

166

219

223

224

226

227

228

231

VII

VIII

CHAPTER 4

System Administration

4.1 Powering Up/Shutting Down

4.1.1 Powering Up the Unit

4.1.2 Shutting Down the Unit

4.1.3 Issuing the HALT Command Before Removing Power

4.1.4 Rebooting the System

4.2 Notifications

4.2.1 Configuring Notifications

4.2.2 Notification Event Types

4.2.2.1 Timing Tab: Events

4.2.2.2 GPS Tab: Events

4.2.2.3 System Tab: Events

4.2.3 Configuring GPS Notification Alarm Thresholds

4.2.4 Setting Up SNMP Notifications

4.2.5 Setting Up Email Notifications

4.3 Managing Users and Security

4.3.1 Managing User Accounts

4.3.1.1 Types of Accounts

4.3.1.2 About "user" Account Permissions

4.3.1.3 Rules for Usernames

4.3.1.4 Adding/Deleting/Changing User Accounts

4.3.2 Managing Passwords

4.3.2.1 Configuring Password Policies

4.3.2.2 The Administrator Password

4.3.2.3 Lost Password

4.3.3 LDAP Authentication

4.3.4 RADIUS Authentication

4.3.4.1 Enabling/Disabling RADIUS

4.3.4.2 Adding/Removing a RADIUS Server

4.3.5 TACACS+ Authentication

4.3.5.1 Enabling/Disabling TACACS+

4.3.5.2 Adding/Removing a TACACS+ Server

4.3.6 HTTPS Security Levels

4.3.7 Unlocking the Keypad via Keypad

4.3.8 If a Secure Unit Becomes Inaccessible

233

237

238

240

240

241

241

241

243

243

234

234

235

235

236

265

266

267

268

268

251

252

253

256

262

262

263

265

246

246

246

246

248

248

251

SecureSync 1200 User Reference Guide • TABLE OF CONTENTS

4.4 Miscellanous Typical Configuration Tasks

4.4.1 REST API Configuration

4.4.2 Web UI Timeout

4.4.3 Configuring the Front Panel

4.4.4 Displaying Local Time

4.4.5 Creating a Login Banner

4.4.6 Show Clock

4.4.7 Product Registration

4.4.8 Synchronizing Network PCs

4.4.9 Selecting the UI Language

4.5 Quality Management

4.5.1 System Monitoring

4.5.1.1 Status Monitoring via Front Panel

4.5.1.2 Status Monitoring via the Web UI

4.5.1.3 Status Monitoring of Input References

4.5.1.4 Reference Monitoring: Phase

4.5.1.5 Ethernet Monitoring

4.5.1.6 Outputs Status Monitoring

4.5.1.7 Monitoring the Oscillator

4.5.1.8 Monitoring the Status of Option Cards

4.5.1.9 NTP Status Monitoring

4.5.1.10 Temperature Management

4.5.2 Logs

4.5.2.1 Types of Logs

4.5.2.2 Local and Remote Logs

4.5.2.3 The Logs Screen

4.5.2.4 Displaying Individual Logs

4.5.2.5 Saving and Downloading Logs

4.5.2.6 Configuring Logs

4.5.2.7 Setting up a Remote Log Server

4.5.2.8 Restoring Log Configurations

4.5.2.9 Clearing All Logs

4.5.2.10 Clearing Selected Logs

4.6 Updates and Licenses

4.6.1 Software Updates

4.6.2 Applying a License File

4.7 Resetting the Unit to Factory Configuration

SecureSync 1200 User Reference Guide • TABLE OF CONTENTS

269

269

269

270

274

274

276

277

277

277

278

278

278

278

282

284

286

287

290

293

295

300

306

307

311

312

313

315

316

319

321

321

322

322

322

325

326

IX

X

4.7.1 Resetting All Configurations to their Factory Defaults

4.7.2 Backing-up and Restoring Configuration Files

4.7.2.1 Accessing the System Configuration Screen

4.7.2.2 Saving the System Configuration Files

4.7.2.3 Uploading Configuration Files

4.7.2.4 Restoring the System Configuration

4.7.2.5 Restoring the Factory Defaults

4.7.3 Cleaning the Configuration Files and Halting the System

4.7.4 Default and Recommended Configurations

4.7.5 Sanitizing the Unit

4.7.5.1 Physically Removing the CF Card

4.7.5.2 Cleaning/Restoring

4.7.5.3 Removing Other Files From the CF Card

4.7.5.4 Further Reading

APPENDIX

Appendix

5.1 Troubleshooting

5.1.1 Troubleshooting Using the Status LEDs

5.1.2 Minor and Major Alarms

5.1.3 Troubleshooting: System Configuration

5.1.3.1 System Troubleshooting: Browser Support

5.1.4 Troubleshooting – Unable to Open Web UI

5.1.5 Troubleshooting via Web UI Status Page

5.1.6 Troubleshooting GNSS Reception

5.1.7 Troubleshooting – Keypad Is Locked

5.1.8 Troubleshooting – 1PPS, 10 MHz Outputs

5.1.9 Troubleshooting – Blank Information Display

5.1.10 Troubleshooting the Front Panel Serial Port

5.1.11 Troubleshooting the Front Panel Cooling Fan

5.1.12 Troubleshooting the Internal Battery

5.1.13 Troubleshooting – Network PCs Cannot Sync

5.1.14 Troubleshooting Software Update

5.2 Option Cards

5.2.1 Accessing Option Cards Settings via the Web UI

5.2.1.1 Web UI Navigation: Option Cards

5.2.1.2 Viewing Input/Output Configuration Settings

337

338

338

339

346

346

347

348

348

350

350

340

341

341

342

344

345

351

352

352

353

326

327

327

330

330

331

332

332

332

333

334

334

335

335

SecureSync 1200 User Reference Guide • TABLE OF CONTENTS

5.2.1.3 Configuring Option Card Inputs/Outputs

5.2.1.4 Viewing an Input/Output Signal State

5.2.1.5 Verifying the Validity of an Input Signal

5.2.2 Option Card Field Installation Instructions

5.2.2.1 Field Installation: Introduction

5.2.2.2 Outline of the Installation Procedure

5.2.2.3 Safety

5.2.2.4 [1]: Unpacking

5.2.2.5 [2]: Saving Refererence Priority Configuration

5.2.2.6 [3]: Determining the Installation Procedure

5.2.2.7 [4]: Bottom Slot Installation

5.2.2.8 [5]: Top Slot Installation, Bottom Slot Empty

5.2.2.9 [6]: Top Slot Installation, Bottom Slot Occupied

5.2.2.10 [7]: Frequency Output Cards: Wiring

5.2.2.11 [8]: Gb ETH Card Installation, Slot1 Empty

5.2.2.12 [9]: Gb ETH Card Installation, Slot1 Occupied

5.2.2.13 [10]: Alarm Relay Card, Cable Installation

5.2.2.14 [11]: Verifying HW Detection and SW Update

5.2.2.15 [12]: Restoring Reference Priority Configuration

5.2.3 Time and Frequency Option Cards

5.2.3.1 1PPS Out [1204-18, -19, -21, -2B]

5.2.3.2 1PPS In/Out [1204-28, -2A]

5.2.3.3 1PPS In/Out, 10 MHz In [1204-01, -03]

5.2.3.4 Frequency Out [1204-08, -1C, -26, -38]

5.2.3.5 Programmable Frequency Out [1204-13, -2F, -30]

5.2.3.6 Programmable Square Wave Out [1204-17]

5.2.3.7 Simulcast (CTCSS/Data Clock) [1204-14]

5.2.4 Telecom Option Cards

5.2.4.1 T1/E1 Out [1204-09, -0A, -4C, -53]

5.2.5 Time Code Option Cards

5.2.5.1 IRIG Out [1204-15, -1E, -22]

5.2.5.2 IRIG In/Out [1204-05, -27]

5.2.5.3 STANAG Out [1204-11, -25]

5.2.5.4 STANAG In [1204-1D, -24]

5.2.5.5 HAVE QUICK Out [1204-10, -1B]

5.2.5.6 HAVE QUICK In/Out [1204-29]

5.2.5.7 ASCII Time Code In/Out [1204-02, -04]

5.2.6 Network Interface Option Cards

5.2.6.1 Gigabit Ethernet [1204-06]

SecureSync 1200 User Reference Guide • TABLE OF CONTENTS

420

427

443

450

459

465

472

484

484

374

380

385

392

396

401

405

413

413

420

354

356

357

357

357

358

359

359

359

360

361

363

365

367

368

370

371

372

374

374

XI

XII

5.2.6.2 PTP Grandmaster [1204-32]

5.2.7 Miscellaneous Option Cards

5.2.7.1 STL Option Module [1204-3E]

5.2.7.2 Alarm Relay Out [1204-0F]

5.2.7.3 Revertive Selector Card [1204-2E]

5.2.7.4 Event Broadcast [1204-23]

5.2.7.5 Bi-Directional Communication, RS-485 [1204-0B]

5.3 Command-Line Interface

5.3.1 Setting up a Terminal Emulator

5.3.2 CLI Commands

5.4 Time Code Data Formats

5.4.1 NMEA GGA Message

5.4.2 NMEA RMC Message

5.4.3 NMEA ZDA Message

5.4.4 Spectracom Format 0

5.4.5 Spectracom Format 1

5.4.6 Spectracom Format 1S

5.4.7 Spectracom Format 2

5.4.8 Spectracom Format 3

5.4.9 Spectracom Format 4

5.4.10 Spectracom Format 7

5.4.11 Spectracom Format 8

5.4.12 Spectracom Format 9

5.4.12.1 Format 9S

5.4.13 Spectracom Epsilon Formats

5.4.13.1 Spectracom Epsilon TOD 1

5.4.13.2 Spectracom Epsilon TOD 3

5.4.14 BBC Message Formats

5.4.14.1 Format BBC-01

5.4.14.2 Format BBC-02

5.4.14.3 Format BBC-03 PSTN

5.4.14.4 Format BBC-04

5.4.14.5 Format BBC-05 (NMEA RMC Message)

5.4.15 GSSIP Message Format

5.4.16 EndRun Formats

5.4.16.1 EndRun Time Format

5.4.16.2 EndRunX (Extended) Time Format

486

503

503

512

517

519

527

529

530

531

552

553

553

554

554

554

555

557

558

559

560

561

561

562

536

536

537

538

539

540

542

543

546

547

549

550

552

SecureSync 1200 User Reference Guide • TABLE OF CONTENTS

5.5 IRIG Standards and Specifications

5.5.1 About the IRIG Output Resolution

5.5.2 IRIG Carrier Frequencies

5.5.3 IRIG B Output

5.5.3.1 FAA IRIG B Code Description

5.5.4 IRIG E Output

5.5.5 IRIG Output Accuracy Specifications

5.6 Technical Support

5.6.1 Regional Contact

5.7 Return Shipments

5.8 License Notices

5.8.1 NTPv4.2.8p12

5.8.2 OpenSSH

5.8.3 OpenSSL

5.9 List of Tables

5.10 List of Images

5.11 Document Revision History

INDEX

581

581

581

585

588

593

594

596

563

563

563

568

571

575

579

580

580

SecureSync 1200 User Reference Guide • TABLE OF CONTENTS XIII

BLANK PAGE.

XIV SecureSync 1200 User Reference Guide • TABLE OF CONTENTS

Product Description

The Chapter presents an overview of the SecureSync Time and

Frequency Synchronization System, its capabilities, main technical features and specifications.

The following topics are included in this Chapter:

1.1 Getting Started

1.2 SecureSync Introduction

1.3 SecureSync Front Panel

1.4 Unit Rear Panel

1.5 Option Cards

1.6 The SecureSync Web UI

1.7 Specifications

1.8 Regulatory Compliance

7

9

18

22

28

2

2

3

CHAPTER 1 • SecureSync 1200 User Reference Guide 1

1.1  Getting Started

1.1

Getting Started

2

Welcome to the SecureSync User Reference Guide.

Where to start:

First-time users :

"SecureSync Introduction" below

.

Users with some knowledge of Time and Frequency Servers:

"Overview" on page 32 .

If your unit is up and running and you want to change a setting :

"Managing Time" on page 149 , or

"System Administration" on page 233 .

1.2

SecureSync Introduction

SecureSync ® is a security-hardened 1-rack unit network appliance designed to meet rigorous network security standards and best practices. It ensures accurate timing through multiple references, tamper-proof management, and extensive logging. Robust network protocols are used to allow for easy but secure configuration. Features can be enabled or disabled based on your network policies. Installation is aided by DHCP (IPv4), AUTOCONF

(IPv6), and a front-panel keypad and LCD display.

The unit supports multi- constellation GNSS input (SAASM GPS receivers, supporting

L1/L2, available for authorized users and required for the US DoD are available), IRIG input and other input references. The unit is powered by AC on an IEC60320 connector. DC power as back-up to AC power, or as the primary input power source, is also available.

SecureSync combines Orolia’s precision master clock technology and secure network-centric approach with a compact modular hardware design to bring you a powerful time and frequency reference system at the lowest cost of ownership. Military and commercial applications alike will benefit from its extreme reliability, security, and flexibility for synchronizing critical operations.

An important advantage of SecureSync is its unique rugged and flexible modular chassis that can be configured for your specific needs. Built-in time and frequency functions are extended with up to six input/output modules.

CHAPTER 1 • SecureSync 1200 User Reference Guide Rev. 31

1.3  SecureSync Front Panel

You can choose from a variety of configurable option cards, each with an assortment of input/output timing signal types and quantity, including additional 1PPS, 10 MHz, timecode

(IRIG, ASCII, HAVE QUICK), other frequencies (5MHz, 2.048 MHz, 1.544 MHz, 1MHz), Precision Timing Protocol (PTP) input/output, multi-Gigabit Ethernet (10/100/1000Base-T), telecom T1/E1 data rates and multi-network NTP, allowing SecureSync to be customized for your exact requirements.

Various internal oscillators are available, depending on your requirements for holdover capability and phase noise.

Note: Some of the features described are not available on all SecureSync variants.

1.2.1

SecureSync's Inputs and Outputs

SecureSync provides multiple outputs for use in networked devices and other synchronized devices. A 1-Pulse-Per-Second (1PPS) output acts as a precise metronome, counting off seconds of System Time in the selected timescale (such as UTC, TAI or GPS).

A 10 MHz frequency reference provides a precise, disciplined signal for control systems and transmitters.

SecureSync's outputs are driven by its inputs – most notably, Global Navigation Satellite

System (GNSS), or IRIG signal generators and other available input references. GNSSequipped SecureSyncs can track up to 72 GNSS satellites simultaneously and synchronize to the satellite’s atomic clocks. This enables SecureSync-equipped computer networks to synchronize anywhere on the planet.

1.3

SecureSync Front Panel

The front panel of a SecureSync unit consists of: three separate illuminated status LEDs a front panel control keypad an LED time display an LCD information display an RS-232 serial interface and a temperature controlled cooling fan.

The LCD information display is configurable using the SecureSync web user interface (also referred to as the “Web UI”) or the front panel controls. Display options include status or position information, time, date, DOY (Day of Year), GNSS information, as well as network settings and SAASM key status (available with the SAASM GPS receiver option only). The

CHAPTER 1 • SecureSync 1200 User Reference Guide Rev. 31 3

1.3  SecureSync Front Panel

RS-232 serial interface and the front panel controls provide a means of configuring the unit’s network settings and perform other functions without requiring access to the Web

UI.

SecureSync units with the SAASM GPS receiver option module installed also have an encryption key fill connector and key zeroize switch on the left-hand side of the front panel.

1.3.1

Figure 1-1: SecureSync front panel layout (SAASM version)

Front Panel Keypad, and Display

To simplify operation and to allow local access to SecureSync, a keypad and a 4-line LCD information display are provided on the front panel of the unit.

The front panel keypad and display can be used to configure basic network settings e.g., en-/disabling DHCP, or setting an IP address and subnet mask.

Note: If the keypad becomes locked, see

"Troubleshooting – Keypad Is

Locked" on page 345 .

1.3.1.1

Using the Keypad

4

The functions of the six keys are: tu arrow keys : Navigate to a menu option (will be highlighted) pq arrow keys : Scroll through parameter values in edit displays

CHAPTER 1 • SecureSync 1200 User Reference Guide Rev. 31

1.3  SecureSync Front Panel

ü ENTER key: Select a menu option, or load a parameter when editing

Ò BACK key : Return to previous display or abort an edit process

1.3.1.2

Navigating the Front Panel Display

After power initialization, press any key to go to the “Home” display. As shown in the illustration

"Front panel menu tree" below

, several status and setup displays are accessible from the main “Home” menu. To navigate through the menus, use the arrow keys to highlight a selection and then press the ENTER button.

The main menu options and their primary functions are as follows:

Display : Used to configure the information display

Clock : Displaying and setting of the current date and time

System : Displaying version info, system halt and reboot, reset spadmin password

Netv4 : Network interface configuration

Lock : Locks the front panel keypad to prevent inadvertent operation.

Front Panel Display: Menu Tree

The illustration below shows how the menu is organized, and which functions can be accessed via the front panel (i.e. without using the Web UI):

Figure 1-2: Front panel menu tree

CHAPTER 1 • SecureSync 1200 User Reference Guide Rev. 31 5

6

1.3  SecureSync Front Panel

To modify a parameter:

Highlight the menu option and press the ENTER button.

“O” stands for current old setting, and “N” is the new setting.

You can only change the “N” setting.

Use the UP and DOWN arrow keys to scroll through all possible parameter values.

To edit a sequence of numbers:

Use the LEFT and RIGHT arrow keys to select other digits. Once the desired parameter is displayed, press ENTER to make the new value the current ("O") value. You will be asked to confirm the setting change. Press ENTER to accept or BACK to cancel the parameter change.

All entered values are stored in the unit's non-volatile memory and will be restored after a power cycle.

1.3.2

Status LEDs

Three Status LEDs (see

"SecureSync front panel layout (SAASM version)" on page 4

), located on the unit's front panel, indicate SecureSync's current operating status:

POWER : Green, always on while power is supplied to the unit

SYNC : Tri-color LED indicates the time data accuracy

FAULT : Two-color, three-state LED, indicating if any alarms are present.

At power up, the unit automatically performs a brief LED test run during which all three

LEDs are temporarily lit.

Table 1-1: Front panel status indications

LED Label Activity/Color Description

Off

POWER

On/solid green

Red

Green & blinking orange

1/sec.

Both AC, and DC input power are disconnected.

OR: The unit's AC input switch is turned OFF, and DC input is not present.

AC and/or DC Power are supplied; the unit detects all power inputs.

The unit is configured for two power inputs, but detects only one power input. OR: Detects a power configuration error.

Power Error — general power configuration fault.

CHAPTER 1 • SecureSync 1200 User Reference Guide Rev. 31

1.4  Unit Rear Panel

LED Label

SYNC

Activity/Color

Red

Solid green

Orange

FAULT

Off

Blinking orange

Solid orange

Red

Description

Time Sync Alarm:

1) The unit has powered up, but has not yet achieved synchronization with its inputs.

2) The unit was synchronized to its selected input references, but has since lost all available inputs (or the inputs were declared invalid) and the Holdover period has since expired.

The unit has valid time and 1PPS reference inputs present and is synchronized to its reference.

The unit is in Holdover Mode: It was synchronized to its selected input references, but has since lost all available inputs (or the inputs are not declared valid).The time and frequency outputs will remain useable until the Holdover period expires.

No alarm conditions are currently active.

A GNSS antenna alarm has been asserted and is currently active. A short or open circuit has been detected in the GNSS antenna cable. The light will automatically turn off once the alarm condition clears.

To troubleshoot this condition, see

"Troubleshooting via

Web UI Status Page" on page 342

.

A Minor Alarm condition (other than an antenna problem alarm) has been asserted and is currently active.

To troubleshoot this condition, see

Alarms" on page 339 .

"Minor and Major

A Major Alarm condition has been asserted and is currently active.

To troubleshoot this condition, see

Alarms" on page 339

.

"Minor and Major

1.4

Unit Rear Panel

The SecureSync rear panel accommodates the connectors for all input and output references.

Optional AC connection for the power input

Optional DC power connector

Ethernet and USB connections

1PPS output

10 MHz output

Six bays for option cards

One optional antenna connector.

CHAPTER 1 • SecureSync 1200 User Reference Guide Rev. 31 7

1.4  Unit Rear Panel

8

Figure 1-3: Standard rear panel

Typically, option cards will be installed at the factory. Should you purchase an extra option card at a later point, you will need to populate the next vacant slot, observing the numerical order shown above. However, not all cards can be installed in all slots. Your local Orolia

Sales Office will gladly assist you with the optimal option cards selection for your application.

The DC Power port connector is only installed if your unit was ordered with a DC input power option. Other optional input/output connectors depend on the installed option cards.

Note: DC input power does not have an ON/OFF switch.

The AC Power connector is the input for the AC power and provides an AC power

ON/OFF switch. This connector assembly is only installed if SecureSync was ordered with AC input power option.

The Ethernet connector provides an interface to the network for NTP synchronization and to obtain access to the SecureSync product Web UI for system management. It has two small indicator lamps, “Good Link” (green LED), and “Activity” (orange LED). The “Good Link” light indicates a connection to the network is present. The “Activity” light will illuminate when network traffic is detected.

Table 1-2: Ethernet status indicator lights

LED State Meaning

Orange

On

Off

Green On

Off

LAN Activity detected

No LAN traffic detected

LAN Link established, 10 or 100 Mbps

No link established

CHAPTER 1 • SecureSync 1200 User Reference Guide Rev. 31

1.5  Option Cards

The USB connector is reserved for future expansion.

The 1PPS BNC connector offers a once-per-second square-wave output signal. The

1PPS signal can be configured to have either its rising or falling edge to coincide with the system’s on-time point.

The 10 MHz BNC connector provides a 10 MHz sine-wave output signal.

The optional ANTENNA connector is a type “N” connector for the GNSS input from your GNSS antenna via a coax cable. This connector will only be present if the standard GNSS receiver, or the optional SAASM GPS receiver module are installed.

1.5

Option Cards

Option Cards are circuit boards that can be installed into a SecureSync unit in order to add input and output functionality . Installation is normally done in the factory when the unit is built. Many cards, however, can be retrofitted in the field by qualified customer personnel

(see

"Option Card Field Installation Instructions" on page 357 ).

Caution: NEVER install an option card from the back of the unit, ALWAYS from the top. It is therefore necessary to remove the top cover of the main chassis (housing).

Input and outputs can be categorized by:

Communication direction :

Input

Output

Signal type :

Frequency: 1/5/10/[programmable] MHz

Wave form (square, sinus)

1PPS

TTS

CTCSS

Signal protocol :

ASCII time code

IRIG

STANAG

CHAPTER 1 • SecureSync 1200 User Reference Guide Rev. 31 9

1.5  Option Cards

1.5.1

Have Quick

E1/T1 data

Telecom timing, etc.

Ethernet (NTP, PTP)

Time code I/O

Alarm out, etc.

Functionality :

Networking card (incl. NTP, PTP)

Time code I/O

Alarm output

Special functionality e.g., revertive selector, bidirectional communication

Connector type :

BNC

DB-9/25

Terminal block

RJ-12/45

SFP

ST fiber optic

To visually identify an option card installed in your unit, or to obtain an overview which option cards are available for SecureSync, see

"Option Cards Overview" below

.

To obtain detailed information on a specific option card, using its ID number, see

"Option

Card Identification" on page 14

.

To locate option card topics in this manual by their heading or functionality, see

"Option

Cards" on page 351

. This Chapter also includes information on field installation and Web

UI functionality.

To visually identify a connector type, see

"Option Card Connectors" on page 17 .

Option Cards Overview

The table below lists all SecureSync option cards available at the time of publication of this document, sorted by their function .

The table column (see table below) Web UI Name refers to the names under which the cards installed in a SecureSync unit are listed in the INTERFACES > OPTION CARDS drop-down menu.

10 CHAPTER 1 • SecureSync 1200 User Reference Guide Rev. 31

1.5  Option Cards

Detailed specifications and configuration assistance for every card can be found in the

APPENDIX. To quickly access the APPENDIX topic for your option card(s), you may use the hyperlinks in table

"Option cards listed by their ID number" on page 15 .

Note: * Every option card has a unique 2-digit ID number located on its cover plate, and in the center column of the table below. The complete Orolia Part Number for option cards is 1204-xx (e.g., 120418 ).

Table 1-3: Option cards identification

Function Web UI Name Illustration

Time and Frequency Cards

Quad 1PPS out

(TTL)

1PPS Out BNC

Quad 1PPS out

(10 V)

1PPS Out 10V

Quad 1PPS out

(RS-485)

1PPS Out, RS-

485

ID*

18

0

19

0

21

0

Inputs

Quad 1PPS out

(fiber optic)

1PPS Out, Fiber

1in/3out 1PPS

(TTL [BNC])

1PPS/Frequency RS-485

1in/2out 1PPS/freq (fiber optic)

1PPS In/Out,

Fiber

5MHz out 5MHz Out

10 MHz out

10 MHz out

10 MHz Out

10 MHz Out

1MHz out 1MHz Out

Progr. frequ.

out (Sine

Wave)

Prog Freq Out,

Sine

2B

28

2A

08

1C

38

26

13

0

1PPS (1x)

1PPS (1x)

0

0

0

0

0

Outputs Conn.'s

1PPS, TTL

(4x)

1PPS, 10 V

(4x)

BNC

(4x)

BNC

(4x)

1PPS, RS-

485 (4x)

1PPS, F/O

(4x)

1PPS (3x)

Terminal block,

10-pin

ST Fiber optic

(4x)

BNC

(4x)

1PPS (2)

5MHz (3x)

ST Fiber optic

(3x)

BNC

(3x)

10 MHz (3x) BNC

(3x)

10 MHz (3x) TNC

(3x)

1MHz (3x) BNC

(3x) progr. clock, sine (4x)

BNC

(4x)

CHAPTER 1 • SecureSync 1200 User Reference Guide Rev. 31 11

1.5  Option Cards

Function

Progr. frequ out (TTL)

Web UI Name

Prog Freq Out,

TTL

Prog frequ out

(RS-485)

Prog Freq Out,

RS-485

Square Wave out

Square Wave

Out, BNC

1PPS in/out + frequ. in

1PPS in/out + frequ. in

1PPS/Frequency BNC

1PPS/Frequency RS-485

CTCSS, Data

Sync/Clock

Simulcast

Telecom Timing Cards

E1/T1 data,

75 Ω

E1/T1 data,

100/120 Ω

E1/T1 data,

75 Ω

E1/T1 data,

100/120 Ω

E1/T1 Out BNC

E1/T1 Out Terminal

E1/T1 Out BNC

E1/T1 Out Terminal

Time Code Cards

ASCII Time

Code RS-232

ASCII Timecode

RS-232

ASCII Time

Code RS-485

ASCII Timecode

RS-485

Illustration ID*

2F

0

30

17

Inputs

01

Var. frequ. +

1PPS

03

10 MHz +

1PPS

14

0

0

0

Outputs Conn.'s progr. clock,

TTL/sq.

(4x)

BNC

(4x) progr. clock,

RS-485 (4x)

Terminal block,

10-pin square wave, TTL

(4x)

BNC

(4x)

1PPS (TTL) BNC

(3x)

1PPS Terminal block,

10-pin data clock,

CTCSS frequ., 1PPS,

1 alarm (3x)

RJ-12 &

DB-9

09

0

0A

53

4C

0

0

0

1.544/2.04-

8 MHz (1x) unbal. E1/T1

(2x)

BNC

(3x)

1.544/2.04-

8 MHz (1x) unbal. E1/T1

(2x)

Terminal block,

10-pin unbal. E1/T1

(4x)

BNC

(4x) unbal. E1/T1

(4x)

Terminal block,

10-pin

02

1

04

1

RS-232 (1x) DB-9

(2x)

1 Terminal block,

10-pin

12 CHAPTER 1 • SecureSync 1200 User Reference Guide Rev. 31

1.5  Option Cards

Function

IRIG BNC

IRIG Fiber

Optic

Web UI Name

IRIG In/Out

BNC

IRIG In/Out,

Fiber

IRIG out, BNC IRIG Out BNC

IRIG out, fiber optic

IRIG Out, Fiber

IRIG out, RS-

485

IRIG Out, RS-

485

STANAG input STANAG In

STANAG in, isol.

STANAG out

STANAG In, Isolated

STANAG Out

STANAG out, isol.

HAVE QUICK out BNC

HAVE QUICK out RS-485

STANAG Out,

Isolated

HAVE QUICK

Out, BNC

HAVE QUICK

Out, RS-485

HAVE QUICK HAVE QUICK

Networking Cards

Gigabit Ethernet

Gb Ethernet

1Gb PTP:

Master only

Gb PTP

Communication and Specialty Cards

STL (Satellite

Time and Location)

STL

Illustration ID*

05

1

Inputs

27

1

15

1E

22

1D

29

0

0

0

2x

24 2x

11

0

25

0

10

0

1B

0

1

2

2

4

Outputs Conn.'s

BNC

(3x)

ST Fiber optic

(3x)

BNC

(4x)

4

4

1x

1x

3

ST Fiber optic

(4x)

Terminal block,

10-pin

DB-25

(1x)

DB-25

(1x)

2x STANAG,

1x 1PPS

DB-25

(1x)

2x STANAG,

1x 1PPS

DB-25

(1x)

4 (TTL) BNC

(4x)

4 Terminal block,

10-pin

BNC

(4x)

06

(3, OR output) (3, OR input)

32

0

3E

Satellite, Eth.

(Maintenance)

1PPS (1x

BNC), SFP

(1x)

0

RJ-45

(3x)

BNC

(1x), SFP

(1x)

SMA,

RJ45

CHAPTER 1 • SecureSync 1200 User Reference Guide Rev. 31 13

1.5  Option Cards

Function Web UI Name

Event in, Broadcast out

Event Broadcast

Revertive

Selector ("Failover")

Alarm Relay

Out n/a

Relay Output

Bidir. Communication

RS-485 Comm

Illustration ID* Inputs

23

BNC: Event trigger

2E

Frequ. or 1

PPS: (2x)

0F

0

0B

Yes

Outputs Conn.'s

DB-9: Event broadcast

DB-9 +

BNC (1x each)

Frequ. or

1PPS(1x)

BNC

(3x)

Relay Out

(3x)

Yes

Terminal block,

10-pin

Terminal block,

10-pin

1.5.2

Option Card Identification

There are several ways to identify which option card(s) are installed in your SecureSync unit: a.

Using the Web UI, navigate to the INTERFACES > OPTION CARDS drop-down menu, and compare the list displayed in your UI with the table

"Option cards identification" on page 11

.

b.

If you have physical access to your SecureSync unit, inspect its rear panel, and compare the 2-digit ID number printed in the lower left-hand corner on each option card with the table below.

1.5.2.1

Option Card Identification by ID/Part Number

If you are looking for information specific to a particular option card, the table below can help you find this information in this User Reference Guide.

Note: * Every option card has a 2-digit identification ( ID ) number that can be found in the corner of its cover plate, and in the table below. The ID number is comprised of the two center digits of your option card's Orolia Part Number: 1204-0 18 0-0600.

14

Figure 1-4: Option Card ID number

CHAPTER 1 • SecureSync 1200 User Reference Guide Rev. 31

1.5  Option Cards

The table lists all option cards available at the publication date of this documentation, sorted by their ID number . Locate the option card ID number on its cover plate, and follow the corresponding hyperlink in the right-hand column.

Table 1-4: Option cards listed by their ID number

Card

ID*

Card Name Name in UI

01

02

03

04

05

06

08

09

0A

0B

0F

10

11

13

14

15

17

See ...

1PPS/freq input (TTL levels) module

ASCII Time Code module (RS-

232)

1PPS/freq input (RS-485 levels) module

ASCII Time Code module (RS-

485)

IRIG module, BNC (1 input, 2 outputs)

Gigabit Ethernet module (3 ports)

5 MHz output module (3 outputs)

T1-1.544 (75 Ω) or E1-2.048

(75 Ω) module

T1-1.544 (100 Ω) or E1-2.048

(120 Ω) module

Bidirectional Communication module

Alarm module

HaveQuick output module

(TTL)

STANAG output module

Programmable Frequency

Output module (Sine Wave)

CTCSS, Data Sync/Clock module ("Simulcast")

Square Wave (TTL) output module

1PPS/Frequency

BNC

ASCII Timecode

RS-232

1PPS/Frequency

RS-485

ASCII Timecode

RS-485

IRIG In/Out BNC

Gb Ethernet

5 MHz Out

E1/T1 Out BNC

E1/T1 Out Terminal

RS-485 Comm

Relay Output

HAVE QUICK

Out, BNC

STANAG Out

Prog Freq Out,

Sine

Simulcast

IRIG module, BNC (4 outputs) IRIG Out BNC

Sq Wv Out, BNC

"1PPS In/Out, 10 MHz In [1204-01, -

03]" on page 385

"ASCII Time Code In/Out [1204-

02, -04]" on page 472

"1PPS In/Out, 10 MHz In [1204-01, -

03]" on page 385

"ASCII Time Code In/Out [1204-

02, -04]" on page 472

"IRIG In/Out [1204-05, -27]" on page 427

"Gigabit Ethernet [1204-06]" on page 484

"Frequency Out [1204-08, -1C, -26,

-38]" on page 392

"T1/E1 Out [1204-09, -0A, -4C, -

53]" on page 413

"T1/E1 Out [1204-09, -0A, -4C, -

53]" on page 413

"Bi-Directional Communication, RS-

485 [1204-0B]" on page 527

"Alarm Relay Out [1204-0F]" on page 512

"HAVE QUICK Out [1204-10, -1B]" on page 459

"STANAG Out [1204-11, -25]" on page 443

"Programmable Frequency Out

[1204-13, -2F, -30]" on page 396

"Simulcast (CTCSS/Data Clock)

[1204-14]" on page 405

"IRIG Out [1204-15, -1E, -22]" on page 420

"Programmable Square Wave Out

[1204-17]" on page 401

CHAPTER 1 • SecureSync 1200 User Reference Guide Rev. 31 15

1.5  Option Cards

Card

ID*

18

19

1B

1C

1D

1E

21

22

23

24

25

26

27

28

29

2A

2B

2E

2F

Card Name Name in UI See ...

Quad 1 PPS output module

(TTL)

Quad 1 PPS output module (10

V)

10 MHz output module (3 outputs)

STANAG input module

IRIG module, Fiber Optic (4 outputs)

Quad 1 PPS output module

(RS-485 [terminal block])

IRIG module, RS-485 (4 outputs)

Event Broadcast module

STANAG isolated input module

STANAG isolated output module

1 MHz output module (3 outputs)

IRIG module, Fiber Optic (1 input, 1 outputs)

1-in/3-out 1 PPS module (TTL

[BNC])

1-in/3-out HaveQuick module

(TTL [BNC])

1-in/3-out 1 PPS module (Fiber

Optic)

1PPS In/Out,

Fiber

Quad 1 PPS output module

(Fiber Optic)

Revertive Selector module

("Failover")

Programmable Frequency

Output module (TTL)

1PPS Out BNC

1PPS Out 10V

HaveQuick output module (RS-

485)

HAVE QUICK

Out, RS-485

10 MHz Out

STANAG In

IRIG Out, Fiber

1PPS Out, RS-

485

IRIG Out, RS-

485

Event Broadcast

STANAG In, Isolated

STANAG Out,

Isolated

1MHz Out

IRIG In/Out,

Fiber

1PPS/Frequency

RS-485

HAVE QUICK

1PPS Out, Fiber n/a

Prog Freq Out,

TTL

"1PPS Out [1204-18, -19, -21, -2B]" on page 374

"1PPS Out [1204-18, -19, -21, -2B]" on page 374

"HAVE QUICK Out [1204-10, -1B]" on page 459

"Frequency Out [1204-08, -1C, -26,

-38]" on page 392

"STANAG In [1204-1D, -24]" on page 450

"IRIG Out [1204-15, -1E, -22]" on page 420

"1PPS Out [1204-18, -19, -21, -2B]" on page 374

"IRIG Out [1204-15, -1E, -22]" on page 420

"Event Broadcast [1204-23]" on page 519

"STANAG In [1204-1D, -24]" on page 450

"STANAG Out [1204-11, -25]" on page 443

"Frequency Out [1204-08, -1C, -26,

-38]" on page 392

"IRIG In/Out [1204-05, -27]" on page 427

"1PPS In/Out [1204-28, -2A]" on page 380

"HAVE QUICK In/Out [1204-29]" on page 465

"1PPS In/Out [1204-28, -2A]" on page 380

"1PPS Out [1204-18, -19, -21, -2B]" on page 374

"Revertive Selector Card [1204-

2E]" on page 517

"Programmable Frequency Out

[1204-13, -2F, -30]" on page 396

16 CHAPTER 1 • SecureSync 1200 User Reference Guide Rev. 31

1.5  Option Cards

Card

ID*

30

32

Card Name

Programmable Frequency

Output module (RS-485)

1Gb PTP module

38

3E

10 MHz output module (3 x

TNC outputs)

STL input module

4C Differential Terminal Block 4

Port E1/T1 module

53 Single-ended BNC 4 port

E1/T1 module

Name in UI See ...

Prog Freq Out,

RS-485

Gb PTP

10 MHz Out

STL

E1/T1 Out Quad

Terminal

E1/T1 Out Quad

BNC

"Programmable Frequency Out

[1204-13, -2F, -30]" on page 396

"PTP Grandmaster [1204-32]" on page 486

"Frequency Out [1204-08, -1C, -26,

-38]" on page 392

"STL Option Module [1204-3E]" on page 503

"T1/E1 Out [1204-09, -0A, -4C, -

53]" on page 413

"T1/E1 Out [1204-09, -0A, -4C, -

53]" on page 413

1.5.3

Option Card Connectors

The table below lists the connector types used in SecureSync option cards.

Table 1-5: Option card connectors

BNC

Connector Illustration Electr. Signals

Differential TTL xV, sine wave, programm.

square wave, AM sine wave, DCLS

ST Fiber Optic AM sine wave, DCLS

Timing signals

1PPS, frequency,

IRIG, HAVE QUICK,

PTP

IRIG, 1PPS

Terminal Block

[Recommended mating connector:

Phoenix Contact, part no. 182 7787]

DB-9

DB-25

RJ-12

RJ-45

RS-485

RS-232, RS-485

Differential TTL xV, RS-485

RS-485

Gb-Ethernet

1PPS, frequency,

ASCII time code,

IRIG, HAVEQUICK,

Alarm, T1/E1

ASCII time code,

GPS NMEA, data clocks,

CTCSS frequency,

1PPS, Alarm signal

STANAG data clock, CTCSS frequency,

1PPS, Alarm

PTP timing signal

CHAPTER 1 • SecureSync 1200 User Reference Guide Rev. 31 17

1.6  The SecureSync Web UI

SFP

Connector

SMA

Illustration

Ethernet

Electr. Signals

RF, differential TTL xV, sine wave, programm. square wave, AM sine wave, DCLS

Timing signals

NTP timing signal,

PTP timing signal

1PPS, frequency

1.6

The SecureSync Web UI

SecureSync has an integrated web user interface (referred to as "Web UI" throughout this documentation) that can be accessed from a computer over a network connection, using a standard web browser. The Web UI is the most complete way to configure the unit, and for status monitoring during everyday operation.

Note: If you prefer, an integrated Command- Line Interpreter interface

(CLI) allows the use of a subset of commands. See

"Command-Line Interface" on page 529

.

Note: Should it ever be necessary, you can restore SecureSync's configuration to the factory settings at any time. See

"Resetting the Unit to

Factory Configuration" on page 326

.

1.6.1

The Web UI HOME Screen

Note: Screens displayed in this manual are for illustrative purposes. Actual screens may vary depending upon the configuration of your product.

The HOME screen of the SecureSync web user interface ("Web UI") provides comprehensive status information at a glance, including: vital system information current status of the references key performance /accuracy data major log events .

18 CHAPTER 1 • SecureSync 1200 User Reference Guide Rev. 31

1.6  The SecureSync Web UI

The HOME  screen can be accessed from anywhere in the Web UI, using the HOME button in the Primary Navigation Bar :

The Primary Navigation Bar provides access to all menus:

HOME : Return to the HOME screen (see above)

INTERFACES : Access the configuration pages for …

… references (e.g., GNSS, NTP)

… outputs (e.g. 10 MHz, PPS, NTP) and

… installed input/output option cards.

MANAGEMENT : Access the NETWORK setup screens, and OTHER setup screens e.g., to configure Reference Priorities, System Time, and the Oscillator.

TOOLS : Opens a drop-down menu for access to the system maintenance screens and system logs.

HELP : Provides Orolia Service Contact Information and high-level system configurations you may be required to furnish when contacting Orolia Service.

1.6.2

The INTERFACES Menu

The INTERFACES menu on the Main screen provides access to SecureSync's:

External REFERENCES e.g., the GNSS reference input

Detected OUTPUTS, such as 10 MHz and 1PPS

Installed OPTION CARDS.

CHAPTER 1 • SecureSync 1200 User Reference Guide Rev. 31 19

1.6  The SecureSync Web UI

Clicking on any of the line items will open a status screen, providing real-time information on the selected interface e.g., availability, performance data and events history.

To configure settings for the selected interface, click the GEAR icons or buttons provided on most of the status screens. Icons like the INFO symbol provide access to more detailed status information and history data.

Note: Many of the interfaces can be accessed through different menu items e.g., an optional output will be available under the OPTION CARDS menu and the OUTPUTS menu.

The headings of each of the INTERFACES drop-down menus ( white on orange ) open overview status screens for the respective menu items.

1.6.3

The Configuration MANAGEMENT Menu

The MANAGEMENT menu on the Web UI's Main screen provides access to SecureSync's configuration screens and settings.

20

On the left side, under NETWORK , the following standard setup screens can be found:

CHAPTER 1 • SecureSync 1200 User Reference Guide Rev. 31

1.6  The SecureSync Web UI

Network Setup

General Setup

HTTPS Setup

SSH Setup

SNMP Setup

NTP Setup

PTP Setup

PeerD Setup.

Under OTHER , you can access non-network related screens:

Authentication : Manage user accounts, Security Policy, LDAP Setup, RADIUS setup, Login Preference and Remote Servers. Change My Password is also available.

Reference Priority : Define the order of priority for timing inputs.

Notifications : Configure the notifications triggered by SecureSync’s events. A notification can be a combination of a mask alarm and/or SNMP Trap and/or email.

Time Management : Manage the Local Clock, UTC Offset, DST Definition and Leap

Second information.

Front Panel : Configure the appearance of the SecureSync front panel display and keypad.

Log Configuration : Manage the system logs.

Disciplining : Manage oscillator disciplining.

Change My Password : Configure the admin password.

1.6.4

The TOOLS Menu

The TOOLS menu on the Web UI's Main screen provides access to:

The System Upgrade screen

System and network monitoring screens

Miscellaneous system administration screens

Log screens

CHAPTER 1 • SecureSync 1200 User Reference Guide Rev. 31 21

1.7 Specifications

22

1.7

1.7.1

Specifications

The specifications listed below apply to the SecureSync standard model, i.e. not including any option cards, and are based on “normal” operation, with SecureSync synchronized to valid Time and 1PPS input references (in the case of GNSS input, this is with the GNSS receiver operating in Stationary mode). 

Specifications for the available option cards are provided in their corresponding topics; see

"Option Cards Overview" on page 10

.

Input Power

AC power source :

100 to 240 V

AC

, 50/60 Hz, ±10 %, or

100 to 120 V

AC

, 400 Hz, ±10% via an IEC 60320 connector (power cord included)

DC input (option):

12-17 V

DC

-15%, +20%, or

21-60 V

DC

-15%, +20%, secure locking device

Maximum power draw :

TCXO/OCXO oscillator installed: 40 W normal (50 W start-up)

Rubidium (Rb) oscillator installed: 50 W normal (80 W start-up)

Low-Phase Noise (LPN) Rubidium oscillator installed: 52 W normal (85 W start-up)

Battery :

BR3032 lithium coin-cell (3V DC- 500mAh)

See

"Troubleshooting the Internal Battery" on page 348

for more information.

CHAPTER 1 • SecureSync 1200 User Reference Guide Rev. 31

CHAPTER 1 • SecureSync 1200 User Reference Guide Rev. 31

1.7 Specifications

1.7.1.1

Fuses

Type : T 2A L 250 V

Model :

Orolia recommends: LITTELFUSE 0213002.MXP

[Orolia part number: F010R-0002-000 E FUSE,2A,SB,IEC SURGE,GLASS]

Number : 2 (two) per unit

SecureSync label on rear panel of unit:

" AC POWER/F 2A T 250V (2) "

LEGEND:

F = Fuse

2A = Current Rating: 2 Ampères

T = Speed: Time Delay (Slow-Blow)

L = Breaking Capacity: Low (Glass)

250V = Voltage Rating

(2) = Fuses used: 2 (two)

Caution: Before testing fuses, remove AC power by disconnecting the AC power cord.

Note: In the event that the unit does not power up with AC power, these fuses should be tested.

1.7.2

GNSS Receiver

Model : u-blox M8T

Compatible signals :

GPS L1 C/A Code transmissions at 1575.42 MHz

GLONASS L1 0F transmissions centered at 1602.0 MHz

Galileo E1 B/C transmissions at 1575.42 MHz

BeiDou B1 transmissions centered at 1561.098 MHz

QZSS L1-SAIF transmissions at 1575.42 MHz

Satellites tracked : Up to 72 simultaneously

23

1.7 Specifications

Update rate : up to 2Hz (concurrent)

Acquisition time : Typically < 27 seconds from cold start

Antenna requirements : Active antenna module, +5V, powered by SecureSync, 16 dB gain minimum

Antenna connector : Type N, female

1.7.3

RS-232 Serial Port (Front Panel)

Function : Accepts commands to locally configure the IP network parameters via CLI for initial unit configuration.

Connector : DB9 F, pin assignments conform to EIA/TIA-574, data communication equipment

Character structure : ASCII, 9600 baud, 1 start, 8 data, 1 stop, no parity

1.7.4

10/100 Ethernet Port

Function : 10/100 Base-T, auto-sensing LAN connection for NTP/SNTP and remote management and configuration, monitoring, diagnostics and upgrade

Connector : RJ45, Network IEEE 802.3

1.7.5

Protocols Supported

NTP : NTP Version 4 (Installed: Version 4.2.8p8). Provides MD5, Stratum 1 through 15 (RFC

5905). Note that NTP Autokey is currently not supported, for more information, see

http://bugs.ntp.org/show_bug.cgi?id=3005

.

NTP throughput : ETH0: 7000-7200 NTP requests per second; ETH1-ETH3 (1204-006-

0600 Gigabit Ethernet option card 1-3): 8800-9000 NTP requests per second. For additional information, please contact Orolia.

Clients supported : The number of users supported depends on the class of network and the subnet mask for the network. A gateway greatly increases the number of users.

TCP/IP application protocols for browser-based configuration and monitoring: HTTP,

HTTPS

FTP/SFTP : For remote upload of system logs and (RFC 959)

Syslog : Provides remote log storage (RFCs 3164 and 5424)

SNMP : Supports v1, v2c, and v3

Telnet/SSH : For limited remote configuration

Security features : Up to 32-character password, Telnet Disable, FTP Disable, Secure

SNMP, SNMP Disable, HTTPS/HTTP Disable, SCP, SSH, SFTP.

Authentication : LDAP v2 and v3, RADIUS, MD5 Passwords, NTP Autokey protocol.

24 CHAPTER 1 • SecureSync 1200 User Reference Guide Rev. 31

1.7 Specifications

1.7.6

1PPS Output

Signal : One pulse-per-second square wave (ext. reference connected to GNSS receiver)

Signal level : TTL compatible, 4.3 V minimum, base-to-peak into 50 Ω

Pulse width : Configurable pulse width (200 ms by default)

Pulse width range : 20 ns to 900 ms

Rise time : <10 ns

Accuracy : Positive edge within ±50 ns of UTC when locked to a valid 1PPS input reference

Connector : BNC female

Table 1-6: 1PPS output accuracies

Oscillator Type

Accuracy to UTC

(1 sigma locked to

GPS)

Holdover (constant temp. after 2 weeks of GPS lock)

After 4 hours After 24 hours

0.2

μ s 1 μ s Low-phase noise Rubidium

±25 ns

Rubidium ±25 ns

Low-phase noise OCXO ±25 ns

OCXO

TCXO

±50 ns

±50 ns

0.2

μ s

0.5

μ s

1 μ s

12 μ s

1 μ s

10 μ s

25 μ s

450 μ s

1.7.7

10 MHz Output

Signal : 10 MHz sine wave

Signal Level : +13 dBm ±2dB into 50 Ω

Harmonics : ˗ 40 dBc minimum

Spurious : ˗ 70 dBc minimum TCXO

Connector : BNC female

Signature Control : This configurable feature removes the output signal whenever a major alarm condition or loss of time synchronization condition is present. The output will be restored once the fault condition is corrected.

CHAPTER 1 • SecureSync 1200 User Reference Guide Rev. 31 25

1.7 Specifications

Table 1-7: 10 MHz output — oscillator types and accuracies

Oscillator Type Accuracy

Low-phase noise Rubidium

Rubidium

Low-phase noise OCXO

OCXO

TCXO

1x10

-12 typical 24-hour average locked to GPS

1x10

-11 per day (5x10

-11 per month) typical aging unlocked

1x10

-12 typical 24-hour average locked to GPS

1x10

-11 per day (5x10

-11 per month) typical aging unlocked

1x10

-12 typical 24-hour average locked to GPS

2x10

-10 per day typical aging unlocked

2x10

-12 typical 24-hour average locked to GPS

1x10

-9 per day typical aging unlocked

1x10

-11 typical 24-hour average locked to GPS

1x10

-8 per day typical aging unlocked

Note: Oscillator accuracies are stated as fractional frequency (i.e. the relative frequency departure of a frequency source), and as such are dimensionless.

See also

"Configuring the Oscillator" on page 226

.

Table 1-8: 10 MHz output — oscillator stability

Oscillator Type

Low-phase noise

Rubidium

Rubidium

Medium-Term Stability

(without GPS after 2 weeks of

GPS lock)

Short-Term Stability (Allan

1 sec.

5x10 -11 variance)

10 sec.

100 sec.

2x10 -11 5x10 -12

Temperature

Stability (p ˗ p)

1x10 -10 5x10 -11 /month (3x10 -11 /month typical)

5x10

-11

/month (3x10

-11

/month typical)

2x10

-10

/day

2x10

5x10

-11

-11

2x10

2x10

-12

-11

2x10

1x10

-12

-11

1x10

1x10

-10

-9

Low-phase noise

OCXO

OCXO

TCXO

5x10

-10

/day

1x10

-8

/day

5x10

-10

2x10

-9

5x10

-11

1x10

-9

1x10

-11

3x10

-10

5x10

-9

1x10

-6

26 CHAPTER 1 • SecureSync 1200 User Reference Guide Rev. 31

1.7 Specifications

1.7.7.1

10 MHz Output — Oscillator Phase Noise (dBc/Hz)

Oscillator Type

Low-phase noise Rubidium

Rubidium

Low-phase noise OCXO

OCXO

TCXO

@ 1Hz

˗ 100

˗ 80

˗ 100

˗ 95

./.

@ 10 Hz

˗ 128

˗ 98

˗ 128

˗ 123

./.

@ 100 Hz

˗ 148

˗ 120

˗ 148

˗ 140

˗ 110

@ 1KHz

˗ 153

˗ 140

˗ 153

˗ 145

˗ 135

@ 10 KHz

˗ 155

˗ 140

˗ 155

˗ 150

˗ 140

1.7.8

Mechanical and Environmental Specifications

Dimensions :

Designed for EIA 19” rack mount:

Housing w/o connectors and brackets:

16.75” W x 1.72” H [1U] x 14.33” D actual

(425 mm W x 44 mm H x 364 mm D)

Weight :

6.0 lbs (2.72 kg)

Temperature :

Operating:

–20°C to +65°C (+55°C for Rubidium option)

Storage:

–40°C to +85°C

Humidity :

10% - 95% relative humidity, non-condensing @ 40°C

Altitude :

Operating:

100-240 V

AC

: up to 6560 ft (2000 m)

100-120 V

AC

: up to 13123 ft (4000 m)

12-17 V

DC and 21-60 V

DC

: up to 13125 ft (4000 m)

Storage range: up to 45000 ft (13700 m)

CHAPTER 1 • SecureSync 1200 User Reference Guide Rev. 31 27

1.8  Regulatory Compliance

Shock :

Individual positive and negative shock loads in X, Y, and Z axes directions

Operating : 15 g, 11 msec

SAASM GPS storage shock specs: MRU 35 g, GB-GRAM 40 g

Storage : 75 g, 11 msec

Vibration :

Sine sweep 1.0 octave/min

Operating : 10-55 Hz 0.07 gpeak; 55-500 Hz 1.0 gpeak

Storage : 10-55 Hz 0.15 gpeak; 55-500 Hz 2.0 gpeak

MIL-STD-810F : 514.5, 516.5

1.8

Regulatory Compliance

This product has been found to be in conformance with the following regulatory publications.

FCC

This equipment has been tested and found to comply with the limits for a Class A digital device , pursuant to Part 15 of the FCC Rules .

These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment . This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the user documentation, may cause harmful interference to radio communications.

Operation of this equipment in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his/her own expense.

Note: This is a Class A product. In a domestic environment this product may cause radio interference in which case the user may be required to take adequate measures.

Safety

This product has been tested and meets the requirements specified in:

EN 60950-1:2006/A11:2009 +A1: 2010 +A12: 2011 +A2:2014, UL 62368:2014

UL 60950-1:2007 R10.14 CAN/CSA C22.2 No. 62368-1-14

28 CHAPTER 1 • SecureSync 1200 User Reference Guide Rev. 31

1.8  Regulatory Compliance

CAN/CSA-C22.2 No.60950-1-07+A1:2011+A2:2014

IEC 62368-1:2014

IEC 60950-1:2006 +A1+A2 EN62368-1:2014

UL Listing no. E311040

EMC Compliance

This product has been tested and meets the following standards:

EN 55032:2012/AC:2013/CISPR 32:2012: Class A

CAN/CSA-CISPR 22-10/ ICES-003 Issue 6: Class A

FCC CFR 47 PART 15 SubPart B:2016: Class A

EN55024:2010: Class A

European Directives

This product has been tested and complies with the following:

2014/30/EU Electromagnetic Compatibility (EMC)

2014/35 EU Low Voltage (LVD)

2011/65/EU on the Restriction of Hazardous Substance (RoHS3)

2014/53/EU Radio Equipment Directive (RED)

Radio Spectrum Efficiency:EN 303 413 V1.1.0

CHAPTER 1 • SecureSync 1200 User Reference Guide Rev. 31 29

1.8  Regulatory Compliance

BLANK PAGE.

30 CHAPTER 1 • SecureSync 1200 User Reference Guide Rev. 31

SETUP

The following topics are included in this Chapter:

2.1 Overview

2.2 Unpacking and Inventory

2.3 Required Tools and Parts

2.4 SAFETY

2.5 Mounting the Unit

2.6 Connecting Supply Power

2.7 Connecting the GNSS Input

2.8 Connecting Network Cables

2.9 Connecting Inputs and Outputs

2.10 Powering Up the Unit

2.11 Setting up an IP Address

2.12 Accessing the Web UI

2.13 Configure Network Settings

2.14 Configure NTP

2.15 Configuring Input References

2.16 Configuring Outputs

44

44

45

46

47

54

56

98

141

142

32

33

34

34

38

40

CHAPTER 2 • SecureSync 1200 User Reference Guide 31

2.1  Overview

2.1

2.1.1

Overview

This section provides an outline of the steps that need to be performed prior to putting

SecureSync into service. This includes:

Installation : Hardware setup, mechanical installation, physical connections.

Setup : Establish basic access to the unit, so as to allow the use of the web user interface ("Web UI").

Configuration : Access the Web UI, configure the network, input and output references, protocols (e.g., NTP), other settings.

The following factors determine which steps need to be taken: a.

The power source(s) your SecureSync is configured for.

b.

Your existing infrastructure and how you plan on integrating SecureSync into it (for example, integrating it into an existing Ethernet network, or setting-up a standalone installation.) c.

How you would like to setup basic network configuration parameters:

Using the unit's front panel keypad and information display

Using a PC connected to SecureSync via serial cable

Using a PC connected to SecureSync via network cable.

You can connect your PC to SecureSync either…

…directly by means of a dedicated Ethernet cable, or

…indirectly, using your existing Ethernet network (using a network hub).

d.

The option cards configuration of your unit: Is your SecureSync equipped with any option cards, such as additional input references, or additional signal distribution cards? If so, they need to be configured separately via the SecureSync Web UI, once the network configuration is complete.

Main Installation Steps

The following list is a recommendation. Deviations are possible, depending on the actual application and system configuration.

1.

Unpack the unit, and take inventory:

"Unpacking and Inventory" on the facing page

.

2.

Obtain required tools and parts:

"Required Tools and Parts" on page 34 .

3.

Mount the unit: .

"Mounting the Unit" on page 38 .

4.

Read the Safety instructions:

"SAFETY" on page 34

.

5.

Connect your power supply/-ies:

"Connecting Supply Power" on page 40

.

32 CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31

2.2  Unpacking and Inventory

6.

Connect Input References such as your GNSS antenna, and network cable(s):

"Connecting the GNSS Input" on page 44 , and "Connecting Network Cables" on page 44 .

7.

Power up the unit:

"Powering Up the Unit" on page 234 .

8.

Setup basic network connectivity… i.

…via front panel keypad and information display:

"Setting Up an IP Address via the Front Panel" on page 49

ii.

…or via serial port, using a PC with a CLI:

"Setting Up an IP Address via the

Serial Port" on page 52

iii.

…or via Ethernet, using a PC with a web browser, and the SecureSync Web UI:

"Accessing the Web UI" on page 54

.

9.

Register your product:

"Product Registration" on page 277

.

2.2

Unpacking and Inventory

Caution: Electronic equipment is sensitive to Electrostatic Discharge

(ESD). Observe all ESD precautions and safeguards when handling the unit.

Unpack the equipment and inspect it for damage. If any equipment has been damaged in transit, or you experience any problems during installation and configuration of your Orolia product, please contact Orolia (see

"Technical Support" on page 580 .)

Note: Retain all original packaging for use in return shipments if necessary.

The following items are included with your shipment:

SecureSync unit

QuickStart Guide (printed version)

Ancillary items (except for rack mounting items, the contents of this kit may vary based on equipment configuration and/or regional requirements)

Purchased optional equipment; note that option cards listed on the purchase order will be pre-installed in the unit. See

"Option Card Identification" on page 14

and

"Option Cards Overview" on page 10

.

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31 33

2.3  Required Tools and Parts

2.3

Required Tools and Parts

Depending on your application and system configuration, the following tools and parts may be required:

Phillips screwdrivers to install the rack-mount ears, and to mount the unit in a 19"rack

If you plan on using DC power Orolia recommends an external ON/OFF switch.

Ethernet cables (see

"Connecting Network Cables" on page 44 ).

2.3.1

Required GNSS Antenna Components

Should you plan on using a GNSS reference with your SecureSync, you will also need:

Antenna cable with SMA connector, or conversion cable

GNSS antenna with mounting bracket

GNSS antenna surge suppressor (recommended)

GNSS antenna inline amplifier (optional for short cable lengths)

For antenna installation guidelines, see the separate documentation shipped with the antenna components.

2.4

SAFETY

Safety: Symbols Used

Table 2-1: Safety symbols used in this document, or on the product

Symbol Signal word Definition

DANGER!

Potentially dangerous situation which may lead to personal injury or death! Follow the instructions closely.

Caution, risk of electric shock.

CAUTION!

CAUTION!

NOTE

Potential equipment damage or destruction!

Follow the instructions closely.

Tips and other useful or important information.

34 CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31

2.4  SAFETY

Symbol Signal word

MULTIPLE

POWER SOURCES

Definition

This equipment may contain more than one power source: Disconnect AC and DC power supply cords before removing the cover to avoid electric shock.

ESD

CHASSIS GROUND

Analog Ground

Recycle

Risk of Electrostatic Discharge! Avoid potential equipment damage by following ESD Best Practices.

This symbol is used for identifying the functional ground of an I/O signal. It is always connected to the instrument chassis.

Shows where the protective ground terminal is connected inside the instrument. Never remove or loosen this screw!

Recycle the mentioned components at their end of life.

Follow local laws.

SAFETY: Before You Begin Installation

This product has been designed and built in accordance with state-of-the-art standards and the recognized safety rules. Nevertheless, its use may constitute a risk to the operator or installation/maintenance personnel, if the product is used under conditions that must be deemed unsafe, or for purposes other than the product's designated use, which is described in the introductory technical chapters of this guide.

DANGER!

If the equipment is used in a manner not specified by the manufacturer, the protection provided by the equipment may be impaired.

Before you begin installing and configuring the product, carefully read the following important safety statements. Always ensure that you adhere to any and all applicable safety warnings, guidelines, or precautions during the installation, operation, and maintenance of your product.

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31 35

2.4  SAFETY

DANGER!

— INSTALLATION OF EQUIPMENT:

Installation of this product is to be done by authorized service personnel only. This product is not to be installed by users/operators without legal authorization.

Installation of the equipment must comply with local and national electrical codes.

DANGER!

— DO NOT OPEN EQUIPMENT, UNLESS AUTHORIZED:

The interior of this equipment does not have any user serviceable parts.

Contact Orolia Technical Support if this equipment needs to be serviced.

Do not open the equipment, unless instructed to do so by Service personnel. Follow Orolia Safety Instructions, and observe all local electrical regulatory requirements.

DANGER!

– IF THE EQUIPMENT MUST BE OPENED:

Never remove the cover or blank option card plates with power applied to this unit. The unit may contain more than one power source. Disconnect AC and DC power supply cords before removing the cover to avoid electric shock.

DANGER!

— FUSING:

The equipment has Double Pole/Neutral Line Fusing on AC power.

For continued protection against risk of fire, replace fuses only with same type and rating of fuse.

36 CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31

2.4  SAFETY

DANGER!

— GROUNDING: This equipment must be EARTH GROUNDED.

Never defeat the ground connector or operate the equipment in the absence of a suitably installed earth ground connection. Contact the appropriate electrical inspection authority or an electrician if you are uncertain that suitable grounding is available.

The AC and DC power connectors of this equipment have a connection to the earthed conductor of the AC and DC supply earthing conductor through the AC and DC power cords. The AC source outlet must contain a protective earthing connection. This equipment shall be connected directly to the AC power outlet earthing pin or DC supply system earthing electrode conductor. 

The DC supply source is to be located within the same premises as this equipment: The equipment shall be located in the same immediate area

(such as, adjacent cabinets) as any other equipment that has a connection to the earthing conductor of the same AC or DC supply circuit earthing conductor, and also the point of earthing of the AC or DC system. The AC or

DC system shall not be earthed elsewhere.

Switches or other disconnection devices shall not be in the earthed circuit conductor between the AC and DC source and the point of the connection of the earthing electrode conductor to SecureSync’s AC and DC input power connectors earthing pin.

DANGER!

— BATTERY: Replace the battery only with the same or equivalent type recommended by the manufacturer. Follow Orolia Instructions

— there is a danger of a new battery exploding if it is incorrectly installed.

Discard used batteries according to the manufacturer's instructions.

Caution: Electronic equipment is sensitive to Electrostatic Discharge

(ESD). Observe all ESD precautions and safeguards when handling Orolia equipment.

SAFETY: User Responsibilities

The equipment must only be used in technically perfect condition. Check components for damage prior to installation. Also check for loose or scorched cables on

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31 37

2.5  Mounting the Unit other nearby equipment.

Make sure you possess the professional skills, and have received the training necessary for the type of work you are about to perform.

Do not modify the equipment.

Use only spare parts authorized by Orolia.

Always follow the instructions set out in this User Reference Guide, or in other Orolia documentation for this product.

Observe generally applicable legal and other local mandatory regulations.

SAFETY: Other Tips

Keep these instructions at hand, near the place of use.

Keep your workplace tidy.

Apply technical common sense: If you suspect that it is unsafe to use the product, do the following:

Disconnect the supply voltage from the unit.

Clearly mark the equipment to prevent its further operation.

2.5

Mounting the Unit

SecureSync units can be operated on a desktop or in a rack in a horizontal , right-side-up position. The location needs to be well-ventilated, clean and accessible.

2.5.1

Rack Mounting

If installing the unit in a rack, install the rack-mount ears on the two sides of the front panel and mount the unit in a standard 19-inch rack cabinet. The unit is intended to be installed in one orientation only. The unit should be mounted so the front panel interface keys are to the left of the display area.

The SecureSync unit will install into any EIA standard 19-inch rack. SecureSync occupies one rack unit of space for installation, however, it is recommended to leave empty space of at least one rack unit above and below the SecureSync unit to allow for best ventilation.

Rack mounting requirements:

The maximum ambient operating temperature must be observed. See

"Mechanical and Environmental Specifications" on page 27

for the operating temperature range specified for the type of oscillator installed in your SecureSync unit.

38 CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31

2.5  Mounting the Unit

If the SecureSync unit is to be installed in a closed rack, or a rack with large amounts of other equipment, a rack cooling fan or fans should be part of the rack mount installation.

Installation of the unit in a rack should be such that the amount of air flow required for safe operation of the equipment is not compromised.

Follow the mounting directions described below to prevent uneven mechanical loading , possibly resulting in a hazardous condition.

Do not overload power supply circuits . Use only supply circuits with adequate overload protection. For power requirements, see

"Input Power" on page 22 .

Reliable grounding of rack-mounted equipment must be maintained. Particular attention must be given to supply connections other than direct connections to the branch circuit (e.g., use of power strips).

The SecureSync ancillary kit contains the following parts needed for rack mounting:

2 each 1165-1000-0714 rack mounting brackets

2 each MP09-0003-0030 equipment rack handles

4 each H020-0832-0406 #8-32 flat head Phillips screws

6 each HM20R-04R7-0010 M4 flat head Phillips screws

The following customer supplied items are also needed:

4 each #10-32 pan head rack mount screws

1 each #2 Phillips head screwdriver

1 each 3/32" straight screwdriver

To rack mount the SecureSync unit:

1.

Attach an MP09-0003-0030 equipment rack handle to the front of each 1165-

1000-0714 rack mounting bracket, using the holes nearest the right angle bend of the 1165-1000-0714 rack mounting bracket, with the #2 size Phillips screwdriver, using 2 each of the H020-0832-0406 #8-32 flat head Phillips screws.

2.

Attach the 1165-1000-0714 rack mount brackets to the sides of the SecureSync with the rack mounts ears facing outward, aligned with the front edge of the

SecureSync front panel. Use the #2 Phillips screwdrivers, using 3 each of the

HM20R-04R7-0010 M4 flat head Phillips screws.

3.

Secure the rack mount brackets to the rack using the #10-32 rack mount screws and #2 Phillips head screwdriver, 2 each per side of the rack. 

Caution: For safety reasons the SecureSync unit is intended to be operated in a HORIZONTAL POSITION, RIGHT-SIDE-UP, that is with the keypad to

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31 39

2.6  Connecting Supply Power the left side and the 4-line information display and the time display on the right side.

2.6

Connecting Supply Power

Depending on the equipment configuration at time of purchase, SecureSync can be powered from: an AC input a DC input with both AC, and DC input.

Supplying both AC and DC input power provides redundant and automatic power switchover in case one or the other input power sources is lost.

Before connecting power to the unit, be sure that you have read all safety information detailed in section

"SAFETY" on page 34

.

2.6.1

Power Source Selection

If both an AC, and a DC power source are connected to the unit, the following rules apply:

If AC and DC power are both applied, AC power is used.

If DC power is applied, but AC power is not, then DC power will be used.

If AC and DC power are both present, but AC power is subsequently lost,

SecureSync will automatically switch to using the DC power input.

DANGER!

— This unit will contain more than one power source if both the

AC and DC power options are present. Turning off the rear panel power switch will NOT remove all power sources.

The following sections discuss AC and DC power input. Connect AC and/or DC power, as required.

2.6.2

Using AC Input Power

Connect the AC power cord supplied in the SecureSync ancillary kit to the AC input on the rear panel and the AC power source outlet. The AC input is fuse-protected with two fuses located in the AC power entry module (line and neutral inputs are fused). The AC power

40 CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31

2.6  Connecting Supply Power entry module also contains the main power switch for the AC power applied to the equipment.

Caution: This equipment has Double Pole/Neutral Line Fusing on AC power.

Note: Important! SecureSync is earth grounded through the AC power connector. Ensure SecureSync is connected to an AC outlet that is connected to earth ground via the grounding prong (do not use a two prong to three prong adapter to apply AC power to SecureSync).

2.6.3

Using DC Input Power

If the rear panel DC port is present, connect DC power, per the voltage and current as called out on the label that resides above the DC power connector.

Note: DC power is an option chosen at time of purchase. The rear panel DC input port connector is only installed if the DC input option is available. Different DC power input options are available (12 V

DC with a voltage range of

12 to 17 V at 7 A maximum or 24/48 V

DC input with a voltage range of 21 to

60 V at 3 A maximum). Review the DC power requirement chosen, prior to connecting DC power (when the DC port is installed, a label will be placed over the connector indicating the allowable DC input voltage range and the required current).

DANGER!

GROUNDING: SecureSync is earth grounded through the DC power connector. Ensure that the unit is connected to a DC power source that is connected to earth ground via the grounding pin C of the

SecureSync DC power plug supplied in the ancillary kit.

Caution: The DC input port is both fuse and reverse polarity protected.

Reversing polarity with the 24/48 V

DC option will not blow the fuse, but the equipment will not power-up. Reversing polarity with the 12 V

DC option will likely blow the internal fuse.

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31 41

2.6  Connecting Supply Power

A DC power connector to attach DC power to SecureSync is included in the ancillary kit provided with the equipment. A cable of 6 feet or less, using 16AWG wire, with adequate insulation for the DC voltage source should be used with this connector. The cable clamp provided with the DC power plug for strain relief of the DC power input cable should be used when DC power is connected to SecureSync.

Note: Orolia recommends to use a dedicated DC power supply switch to energize/de-energize SecureSync externally.

DC power connector pin-out

SecureSync units can be ordered in a DC version that includes the following DC plug on the back panel: DC Plug, 3-pin, chassis mount: Amphenol P/N DL3102A10SL-3P

The DC ancillary kit includes, among other things, the following connector parts:

Mating DC Connector , circular, 3-pin, solder socket, 16AWG,13A,300V: Amphenol

P/N DL3106A10SL-3S; (Orolia part no. P240R-0032-002F)

Cable Clamp , circular: Amphenol part no. 97-3057-1004(621); (Orolia part no.

MP06R-0004-0001)

42 CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31

2.6  Connecting Supply Power

Pinout description, DC connector

Pin B goes to the most positive DC voltage of the DC source. For +12 V or +24/48 V this would be the positive output from the DC source. For a -12 V or -24/48 V

DC source this would be the ground or return of the DC source.

Pin A goes to the most negative voltage of the DC source. For +12 V or +24/48 V this would be the ground or return output from the DC source. For a -12 V or -24/48 V

DC source this would be the negative output from the DC source.

Pin C goes to the Earth ground of the DC source.

AC/DC Converter

The DC input can be used as a second AC input: As an option, Orolia offers a kit containing an AC/DC converter with a pre- assempled DC connector: The part number for this adaptor kit is PS06R-2Z1M-DT01 .

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31 43

2.7  Connecting the GNSS Input

2.7

Connecting the GNSS Input

Typical installations include GNSS as an external reference input. If the GNSS receiver is not installed or if the GNSS will not be used as a SecureSync reference, disregard the steps to install the GNSS antenna and associated cabling.

1.

Install the GNSS antenna, surge suppressor, antenna cabling, and GNSS preamplifier

(if required). Refer to the documentation included with your GNSS antenna for information regarding GNSS antenna installation.

For additional information on GNSS antenna installation considerations, including cabling, an Orolia tech note is available

here

.

2.

Connect the GNSS cable to the rear panel antenna input jack (see illustration under

"Unit Rear Panel" on page 7 ).

In the event that NO antenna is connected to the rear panel jack, SecureSync will— once it gets powered up (see

"Powering Up the Unit" on page 234

)—activate the

Antenna Problem alarm, causing the front panel “ Fault ” light to be blinking orange

(the Antenna Problem alarm indicates an open or short exists in the antenna cable.)

Unless there is an open or short in the antenna cable, the " Fault " light should stop flashing orange once the GNSS antenna and coax cable are connected to the rear panel. If the " Fault " light does not stop flashing after connecting the antenna, refer to

"Troubleshooting GNSS Reception" on page 344 .

Initial synchronization with GNSS input may take up to 5 minutes (approximately) when used in the default stationary GNSS operating mode. If using GNSS, verify that GNSS is the synchronization source by navigating to MANAGEMENT > OTHER: Reference Priority :

Confirm that GNSS is Enabled , and its Status for TIME and 1PPS is valid (green).

2.8

Connecting Network Cables

SecureSync provides a base 10/100 Ethernet port for full NTP functionality, as well as a comprehensive web-based user interface ("Web UI") for configuration, monitoring and diagnostic support. Additional network ports are available with the Gigabit Ethernet option card (1204-06).

44 CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31

2.9  Connecting Inputs and Outputs

Before connecting the network cable(s), you need to decide which port(s) you want to use for which purpose (e.g., ETH0 for configuration only, etc.), and how you want to configure basic network connectivity e.g., the IP address: a.

Configure SecureSync via the unit's front panel: See

"Setting Up an IP Address via the Front Panel" on page 49 .

b.

Configure SecureSync by means of a PC connected to an existing network.

When connecting to a hub, router, or network computer, use a straightthrough wired, shielded CAT 5, Cat 5E or CAT 6 cable with RJ-45 connectors. Connect one end to the Ethernet port on the SecureSync rear panel, and the opposite end of the cable to a network hub or switch.

c.

Configure SecureSync by connecting a stand-alone computer directly via a dedicated network cable (standard-wired, or crossover cable):

When connecting directly to a stand-alone PC, use a network cable. Connect the cable to the NIC card of the computer.

Since no DHCP server is available in this configuration both SecureSync, and the PC must be configured with static IP addresses that are on the same subnet (10.1.100.1 and 10.1.100.2 with a subnet value of 255.255.255.0 on both devices, for example). For more information on configuring static IP addresses, see

"Assigning a Static IP Address" on page 48 .

Once the unit is up and running, verify that the green link light on the Ethernet port is illuminated. The amber “Activity” link light may periodically illuminate when network traffic is present.

2.9

Connecting Inputs and Outputs

SecureSync can synchronize not only to an external GNSS reference signal, but also to other optional external references such as IRIG, HAVE QUICK and ASCII inputs (in addition to network based references such as NTP and/or PTP).

At the same time, SecureSync can output timing and frequency signals for the consumption by other devices via the same formats as listed above.

E X A M P L E :

With the available IRIG Input/Output option card module (Model 1204-05) installed in an option bay, IRIG time code from an IRIG generator can also be applied as an external reference input

(either in addition to, or in lieu of GNSS, NTP, user set time and other available reference inputs).

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31 45

2.10  Powering Up the Unit

To use e.g., an external IRIG reference, connect the IRIG time source to the BNC connector “J1” on the optional IRIG Input/Output module. For additional information on optional connectivity, such as pinout tables, signal levels and other specifications, see

"Option Cards" on page 351

.

Note that some option cards offer both input and output functionality, while others offer only one or the other.

2.10

Powering Up the Unit

1.

After installing your SecureSync unit, and connecting all references and network(s), verify that power is connected, then turn ON the unit using the switch on the rear panel (only if equipped with AC power input), and wait for the device to boot up.

Note: DC input power is not switched, so SecureSync will be powered up with DC input connected, unless you installed an external power switch.

2.

Observe that all of the front panel LEDs momentarily illuminate (the Power LED will then stay lit) and that the Information display LCD back light illuminates. The fan may or may not run, depending on the model year of your SecureSync unit. For more information, see

"Temperature Management" on page 300 .

The time display will reset and then start incrementing the time. About 10 seconds after power-up, “Starting up SecureSync” will be displayed in the information display. After approximately 2 minutes, the information display will then show the current network settings.

By default, the 4-line information display shows the unit’s hostname, IPv4 address, mask, and gateway.

The time display shows the current time: UTC (default), TAI, GPS or local timescale, as configured.

46

Figure 2-1: SecureSync front panel

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31

2.11  Setting up an IP Address

3.

Check the front panel status LED indicators:

The Power lamp should be solid green.

The Sync lamp will probably be red, since synchronization has not yet been achieved.

The Fault lamp will be OFF, or solid orange, indicating a minor alarm, or solid red, asserting a power-up frequency error alarm (until the disciplining state is reached.)

For additional information, see

"Status LEDs" on page 6

and

"Status Monitoring via Front

Panel" on page 278

.

2.11

Setting up an IP Address

In order for SecureSync to be accessible via your network, you need to assign an IP address to SecureSync, as well as a subnet mask and gateway, unless you are using an address assigned by a DHCP server.

There are several ways to setup an IP address , described below: via the front panel keypad and information display remotely …

… via serial cable

… via dedicated network cable

… via a DHCP network.

Before you continue …

… please obtain the following information from your network administrator:

Available static IP address

This is the unique address assigned to the SecureSync unit by the network administrator. Make sure the chosen address is outside of the DHCP range of your DHCP server.

Note: The default static IP address of the SecureSync unit is

10.10.201.x

(x= dependent on ETH port).

Subnet mask (for the network)

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31 47

2.11  Setting up an IP Address

The subnet mask defines the number of bits taken from the IP address that are used in the network portion. The number of network bits used in the net mask can range from 8 to 30 bits.

Gateway address

The gateway (default router) address is needed if communication to the

SecureSync is made outside of the local network. By default, the gateway is disabled.

Note: Make sure you are assigning a static IP address to your SecureSync unit that is outside of the DHCP range defined for the DHCP server. Your system administrator will be able to tell you what this range is.

2.11.1

Dynamic vs. Static IP Address

On a DHCP network (Dynamic Host Configuration Protocol), SecureSync's IP address will be assigned automatically once it is connected to the DHCP server. This negotiated address and other network information are displayed on the unit front panel when the unit boots up.

If you plan on allowing your SecureSync to use this negotiated DHCP Address on a permanent basis, you can skip the following topics about setting up an IP address, and instead proceed to

"Accessing the Web UI" on page 54

, in order to complete the SecureSync configuration process.

Please note:

Unless you are using DNS in conjunction with DHCP (with the client configured using

SecureSync's hostname instead of IP address), Orolia recommends to disable DHCP for

SecureSync, and instead use a static IP address. Failure to do this can result in a loss of time synchronization, should the DHCP server assign a new IP address to SecureSync.

2.11.2

Assigning a Static IP Address

Orolia recommends assigning a static IP address to SecureSync, even if the unit is connected to a DHCP server.

This can be accomplished in several ways: a.

Via the keypad and information display on the front panel of the unit, see

"Setting Up an IP Address via the Front Panel" on the facing page

.

b.

By connecting the SecureSync to an existing DHCP network , temporarily using the assigned DHCP address, see

"Setting Up a Static IP Address via a DHCP Network" on page 51

.

48 CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31

2.11  Setting up an IP Address c.

By connecting a Personal Computer to SecureSync via a serial cable , see

"Setting

Up an IP Address via the Serial Port" on page 52

.

d.

By connecting a Personal Computer directly to SecureSync via a dedicated Ethernet cable , see

"Setting up a Static IP Address via Ethernet Cable" on page 53

.

Note: For information on configuring routing tables, see

"Static Routes" on page 64

.

2.11.2.1

Setting Up an IP Address via the Front Panel

Assigning an IP address to SecureSync, using the front panel keypad and information display is a preferred way to provide network access to the unit, thus enabling you thereafter to complete the setup process via the Web UI.

Keypad Operation

The functions of the six keys are:

< > arrow keys : Navigate to a menu option (will be highlighted)

˄ ˅ arrow keys : Scroll through parameter values in edit displays

ENTER key: Select a menu option, or load a parameter when editing

BACK key : Return to previous display or abort an edit process

An illustration showing how to navigate the front panel menu tree can be found here:

"Front Panel Keypad, and Display" on page 4

IP configuration, step-by-step instructions:

A.

Disable DHCP:

1.

Press the key.

2.

Using the arrow key, select Netv4 from the menu.

(To select a menu item, highlight it using the arrow keys, then press the key.)

3.

Select the Ethernet interface for which DHCP is to be disabled, such as eth0

.

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31 49

2.11  Setting up an IP Address

4.

Select

DHCP from the next menu. The display will show

State=Enabled and

Action=Disabled

.

(The State is the current DHCP setting and the Action is the action to take.

You can only change the Action setting.)

5.

Press the key once to select the action, then again to apply it.

B.

Enter IP Address and Subnet Mask :

1.

Still on the

Home > Netv4 > eth[0-3] menu, select

IP Address

, and change " N=010.010.201.001/16 ” to the value of the static IP address and subnet mask/network bits to be assigned (for a list of subnet mask values refer to the table

"Subnet mask values" on page 54

).

2.

Press the key once to enter the setting, then again to apply the new setting.

C.

Enter the Gateway Address (if required)

1.

Still on the Home > Netv4 menu, select the Gateway option ( Home > Netv4

> eth0 > Gateway ).

2.

Press the key once to enter the setting, then again to apply the new setting.

3.

The display will change, allowing you to input an address at

N=000.000.000.001. Enter the gateway address here. The address entered must correspond to the same network IP address assigned to SecureSync.

D.

Enable/disable the Port (if required)

1.

Still on the Home > Netv4 menu, select the eth[X] port that you want to enable or disable.

Note: By default, eth0 is enabled, while all other ports are disabled.

2.

Navigate to the

Port option (

Home > Netv4 > eth0 > Port

).

3.

Press the ˄ ˅ arrow keys once to change between Enable and Disable.

After all applicable settings have been updated, press the key three times to return to the main display. It should now resemble the following example:

50 CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31

2.11  Setting up an IP Address

Note: Despite having entered an IP address, the information display will show 0.0.0.0 if SecureSync could not detect an active link on the corresponding network interface.

Note: About DNS : The Primary and Secondary DNS servers are set automatically if using DHCP. If DHCP is not available, they can be configured manually in the SecureSync Web UI via the Network/General Setup screen.

The remainder of the configuration settings will be performed via the Web UI (accessed via an external workstation with a web browser such as Firefox ® or Chrome ® ). For more information, see

"The Web UI HOME Screen" on page 18 .

2.11.2.2

Setting Up a Static IP Address via a DHCP Network

To setup a permanent static IP address, after connecting SecureSync to a DHCP network:

1.

Enter the IP address shown on the front panel information display of your

SecureSync unit into the address field of your browser (on a computer connected to the SecureSync network). If the network supports DNS, the hostname may also be entered instead (the default hostname is "Spectracom"). The start screen of the

SecureSync Web UI will be displayed.

2.

Log into the Web UI as an administrator. The factory-default user name and password are:

Username : spadmin

Password : admin123

3.

Disable DHCP by navigating to MANAGEMENT > Network Setup . In the Ports panel on the right, click the GEAR icon next to the Ethernet Port you are using. In the Edit Ethernet Port Settings window, uncheck the Enable DHCPv4 field. Do

NOT click Submit or Apply yet.

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31 51

2.11  Setting up an IP Address

4.

In the fields below the Enable DHCPv4 checkbox, enter the desired Static IP address, Netmask, and Gateway address (if required). Click Submit.

For more information on network configuration, see:

"Network Ports" on page 59 .

For subnet mask values, see

"Subnet Mask Values" on page 54 .

5.

Verify on the front panel information display that the settings have been accepted by SecureSync.

6.

Enter the static IP address into the address field of the browser, and again log into the Web UI in order to continue with the configuration; see:

"The Web UI HOME

Screen" on page 18

.

2.11.2.3

Setting Up an IP Address via the Serial Port

SecureSync's front panel serial port connector is a standard DB9 female connector. Communication with the serial port can be performed using a PC with a terminal emulator program (such as PuTTY or TeraTerm) using a pinned straight-thru standard DB9M to DB9F serial cable.

The serial port can be used to make configuration changes (such as the network settings), retrieve operational data (e.g., GNSS receiver information) and log files, or to perform operations such as resetting the admin password.

The serial port is account and password protected. You can login via the serial port using the same user names and passwords as would be used to log into the SecureSync Web UI.

Users with “administrative rights” can perform all available commands. Users with “user” permissions only can perform “get” commands that retrieve data, but cannot perform any

“set” commands or change/reset any passwords.

To configure an IP address via the serial port:

1.

Connect a serial cable to a PC running PuTTY, Tera Term, or HyperTerminal, and to your SecureSync. For detailed information on the serial port connection, see

"Setting up a Terminal Emulator" on page 530

2.

Login to SecureSync with a user account that has “admin” group rights, such as the default spadmin account (the default password is admin123 ).

3.

Disable DHCP, type: dhcp4set 0 off

<Enter>.

Note: If your SecureSync is configured with an Ethernet option card, use 0, 1, 2, 3 for eth0 – eth3.

52 CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31

2.11  Setting up an IP Address

Note: For a list of CLI commands, type helpcli , or see

"CLI Commands" on page 531 .

4.

Configure the IP address and subnet mask, type: ip4set 0 x.x.x.x y.y.y.y

<Enter>

(where 0 is the desired interface, “ x.x.x.x

” is the desired IP address for

SecureSync, and “ y.y.y.y

” is the full subnet mask for the network (For a list of subnet mask values, see

"Subnet Mask Values" on the next page

.)

5.

Configure the gateway by typing gw4set 0 z.z.z.z

<Enter>

(where 0 indicates which interface routing table to add the default gateway for, and

“ z.z.z.z

” is the default gateway address).

Note: If your SecureSync is configured with an Ethernet option card, use 0, 1, 2, 3 for eth0 – eth3.

6.

Remove the serial cable, connect SecureSync to the network, and access the Web

UI, using the newly configured IP address. (For assistance, see

"Accessing the

Web UI" on the next page )

The remainder of the configuration settings will be performed via the Web UI (accessed via an external workstation with a web browser such as Firefox ® or Chrome ® ).

2.11.2.4

Setting up a Static IP Address via Ethernet Cable

This procedure will allow you to configure SecureSync using the Web UI directly via the

Ethernet port, if you cannot or do not wish to use a DHCP network.

1.

First, disable DHCP using the front panel keypad and information display: a.

Press the ü ENTER key.

b.

Using the arrow key, select

Netv4 from the menu.

(To select a menu item, highlight it using the arrow keys, then press the ü key.) c.

Select the Ethernet interface for which DHCP is to be disabled, such as eth0 .

d.

Select

DHCP from the next menu. The display will show

State=Enabled and

Action=Disabled

.

(The State is the current DHCP setting and the Action is the action to take.

You can only change the Action setting.) e.

Press the ü key once to select the action, then again to apply it.

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31 53

2.12  Accessing the Web UI

2.

The front panel will now display the default static IP address

10.10.201.1/16

.

3.

Change the workstation IP address to be on the same network as SecureSync.

4.

Connect workstation and SecureSync with an Ethernet cable.

Note: You may use an Ethernet crossover cable, but you do not have to.

The remainder of the configuration settings will be performed via the Web UI (accessed via an external workstation with a web browser such as Firefox ® or Chrome ® ). For more information, see

"The Web UI HOME Screen" on page 18 .

2.11.3

Subnet Mask Values

Table 2-2: Subnet mask values

Network Bits Equivalent Netmask Network Bits Equivalent Netmask

26

25

24

23

30

29

28

27

22

21

20

19

255.255.255.252

255.255.255.248

255.255.255.240

255.255.255.224

255.255.255.192

255.255.255.128

255.255.255.0

255.255.254.0

255.255.252.0

255.255.248.0

255.255.240.0

255.255.224.0

14

13

12

11

18

17

16

15

10

9

8

255.255.192.0

255.255.128.0

255.255.0.0

255.254.0.0

255.252.0.0

255.248.0.0

255.240.0.0

255.224.0.0

255.192.0.0

255.128.0.0

255.0.0.0

2.12

Accessing the Web UI

SecureSync's web user interface ("Web UI") is the recommended means to interact with the unit, since it provides access to nearly all configurable settings, and to obtain comprehensive status information without having to use the Command Line Interpreter (CLI).

You can access the Web UI either by using the automatically assigned DHCP IP address, or by using a manually set static IP address (see

"Assigning a Static IP Address" on page 48 ):

54 CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31

2.12  Accessing the Web UI

1.

On a computer connected to the SecureSync network, start a web browser, and enter the IP address shown on the SecureSync front panel.

2.

When first connecting to the Web UI, a warning about security certificates may be displayed:

Select Continue...

.

Note: "Cookies" must be enabled. You will be notified if Cookies are disabled in your browser.

Note: HTTPS only: Depending on your browser, the certificate/security pop-up window may continue to be displayed each time you open the Web UI until you saved the certificate in your browser.

Note: Static IP address only: To prevent the security pop-up window from opening each time, a new SSL Certificate needs to be created using the assigned IP address of SecureSync during the certificate generation. See

"HTTPS" on page 67

for more information on creating a new SSL certificate.

3.

Log into the Web UI as an administrator. The factory-default administrator user name and password are:

Username : spadmin

Password : admin123

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31 55

2.13  Configure Network Settings

Caution: For security reasons, it is advisable to change the default credentials, see:

"Managing Passwords" on page 251 .

4.

Upon initial login, you will be asked to register your product. Orolia recommends to register SecureSync, so as to receive software updates and services notices. See also

"Product Registration" on page 277 .

Number of login attempts

The number of failed login attempts for ssh is hard-set to (4) four. This value is not configurable.

The number of failed login attempts for the Web UI (HTTP/HTTPS) is hard-set to (5) five failed login attempts, with a 60 second lock. These two values are not configurable.

To continue with the configuration, see e.g.,

"The Web UI HOME Screen" on page 18 .

To learn more about setting up different types of user accounts, see

"Managing User

Accounts" on page 246 .

2.13

Configure Network Settings

Before configuring the network settings, you need to setup access to SecureSync web user interface ("Web UI"). This can be done by assigning a static IP address, or using a

DHCP address. For more information, see

"Setting up an IP Address" on page 47 .

Once you have assigned the IP address, login to the Web UI. For more information, see

"Accessing the Web UI" on page 54

.

To configure network settings, or monitor your network, navigate to SecureSync's Network Setup screen.

To access the Network Setup screen:

Navigate to MANAGEMENT > Network Setup . The Network Setup screen is divided into three panels :

56 CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31

2.13  Configure Network Settings

The Actions panel provides:

General Settings : Allows quick access to the primary network settings necessary to connect SecureSync to a network. See

"General Network Settings" on the next page

.

Web Interface Settings :

Web interface timeout : Determines how long a user can stay logged on. For more information, see

"Web UI Timeout" on page 269

.

Web Security Level : High security will not allow browsers to use TLS below v1.3 (to prevent known security vulnerabilities).

Access Control : Allows the configuration of access restrictions from assigned networks/nodes.

Login Banner : Allows the administrator to configure a custom banner message to be displayed on the SecureSync Web UI login page and the CLI (Note:

There is a 2000 character size limit).

SSH : This button takes you to the SSH Setup window. For details on setting up SSH, see

"SSH" on page 78 .

System Time Message : Setup a once-per-second time message to be sent to receivers via multicast. For details, see

"System Time Message" on page 96 .

HTTPS : This button takes you to the HTTPS Setup window. For details on setting up HTTPS, see

"HTTPS" on page 67

.

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31 57

2.13  Configure Network Settings

The Network Services panel is used to enable (ON) and disable (OFF) network services, as well as the Web UI display mode, details see:

"Network Services" on page 63 .

The Ports panel not only displays STATUS information, but is used also to set up and manage SecureSync’s network ports via three buttons:

INFO button: Displays the Ethernet port Status window for review purposes.

GEAR button: Displays the Ethernet port settings window for editing purposes.

TABLE button: Displays a window that allows adding, editing, and reviewing

Static Routes.

58

2.13.1

General Network Settings

To expedite network setup, SecureSync provides the General Settings window, allowing quick access to the primary network settings.

To access the General Settings window:

1.

Navigate to MANAGEMENT > Network Setup . In the Actions Panel on the left, click General Settings .

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31

2.13  Configure Network Settings

2.

Populate the fields:

Hostname : This is the server’s identity on the network or IP address. The default is Spectracom .

Default Gateway IPv6 : The gateway (default router) address is needed if communication to the SecureSync is made outside of the local network. By default, the gateway is disabled in the format “ ####:#### ” where each ‘ # ’ is a hexadecimal value. When a DHCP server is not requested or is requested but not available and DHCP IPv6 is enabled, the server will use this Default Gateway.

Default Port : Unless you specify a specific Port to be used as Default Port, the factory default port eth0 will be used as the gateway (default gateway).

The General Settings window also displays the IPv4 Address and default IPv4 Gateway.

2.13.2

Network Ports

Ports act as communication endpoints in a network. The hardware configuration of your unit will determine which ports (e.g., Eth0, Eth1, ...) are available for use. Before using a port, it needs to be enabled and configured.

To enable & configure, or view a network port:

1.

Navigate to MANAGEMENT > NETWORK: Network Setup .

2.

The Ports panel on the right side of the screen lists the available Ethernet ports, and their connection status:

Green : CONNECTED (showing the connection speed)

Yellow : CABLE UNPLUGGED (the port is enabled but there is no cable attached)

Red : DISABLED .

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31 59

2.13  Configure Network Settings

Locate the port you want to configure and click the GEAR button to enable & configure the port, or the INFO button to view the port status.

60

Note: The eth0 port is the built-in SecureSync Ethernet port

(i.e., standard, not optional).

3.

If the port is not already enabled, in the Edit Ethernet Ports Settings window, click the Enable check box. The Edit Ethernet Ports Settings window will expand to show the options needed to complete the port setup.

Fill in the fields as required:

Autonegotiation : This box should be checked to allow the system to determine the speed and duplex of the connection. If it becomes necessary to manually set the connection, uncheck Autonegotiation and complete the following fields:

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31

2.13  Configure Network Settings

Speed : Choose the correct speed between 10, 100, and 1000

Mb/s

Duplex : Choose between Full and Half duplex.

Domain : This is the domain name to be associated with this port.

Enable DHCPv4 : Check this box to enable the delivery of IP addresses from a DHCP Server using the DHCPv4 protocol. This box is checked by default. Should you disable (uncheck) DHCPv4, the following fields will display and must be completed:

Static IPv4 Address : This is the unique address assigned by the network administrator. The default static IP address of the

SecureSync unit is 10.10.201.1. In the format “ #.#.#.# ” with no leading zeroes or spaces, where each ‘

#

’ is a decimal integer from the range [0,255].

Table 2-3: Default IP addresses

ETH port

Default "static lease"

IP address

ETH0

ETH1

ETH2

10.10.201.1

10.10.201.2

10.10.201.3

ETH3 10.10.201.4

The default subnet is: 255.255.0.0

Netmask : This is the network subnet mask assigned by the network administrator. In the form “ xxx.xxx.xxx.xxx

.” See

"Subnet Mask Values" on page 54

for a list of subnet mask values.

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31 61

2.13  Configure Network Settings

IPv4 Gateway : The gateway (default router) address is needed if communication to the SecureSync is made outside of the local network. By default, the gateway is disabled.

DNS Primary : This is the primary DNS address to be used for this port.

Depending on how your DHCP server is configured, this is set automatically once DHCP is enabled. Alternatively, you may configure your DHCP server to NOT use a DNS address. When

DHCP is disabled, DNS Primary is set manually, using the format

"

#.#.#.#

" with no leading zeroes or spaces, where each ‘

#

’ is a decimal integer from the range [0,255].

DNS Secondary : This is the secondary DNS address to be used for this port. Depending on how your DHCP server is configured, this is set automatically once DHCP is enabled, or your DHCP server may be configured NOT to set a DNS address.

When DHCP is disabled, DNS Secondary is set manually, using the format “ #.#.#.# ” with no leading zeroes or spaces, where each ‘

#

’ is a decimal integer from the range [0,255].

Enable DHCPv6 : Check this box to enable the delivery of IPv6 addresses from a DHCP Server using the DHCPv6 protocol.

IPv6 addresses can be added and deleted by clicking the Edit

IPv6 Address button at the bottom of the screen:

62

Note: If the button is not displayed, you need to

Enable this port first, and click Submit .

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31

2.13  Configure Network Settings

Enable SLAAC : Check this box to enable stateless address auto configuration.

MTU : Maximum Transmission Unit. Range (for Ethernet v2): Default:

1500 bytes. Smaller packages are recommended, if encapsulation is required e.g., to meet encryption needs, which would cause the maximum package size to be exceeded.

4.

To apply your changes, click Submit (the window will close), or Apply .

2.13.3

Network Services

Several standard network services can be enabled or disabled via the easily accessible Network Services Panel under MANAGEMENT > Network Setup :

The Network Services panel has ON/OFF toggle switches for the following daemons and features:

System Time Message : A once-per second Time Message sent out via Multicast; for details, see

"System Time Message" on page 96 .

Daytime Protocol, RFC-867 : A standard Internet service, featuring an ASCII daytime representation, often used for diagnostic purposes.

Time Protocol, RFC-868 : This protocol is used to provide a machine-readable, site-independent date and time.

Telnet : Remote configuration

FTP server: Access to logs

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31 63

2.13  Configure Network Settings

SSH : Secure Shell cryptographic network protocol for secure data communication

HTTP : Hypertext Transfer Protocol

HTTPS : Hypertext Transfer Protocol Secure tcpdump : A LINUX program that can be used to monitor network traffic by inspecting tcp packets. Default = ON.

If not needed, or wanted (out of concern for potential security risks), tcpdump can be disabled permanently: Once toggled to OFF, and after executing a page reload, tcpdump will be deleted from the system: The toggle switch will be removed, and the function cannot be enabled again (even after a software upgrade).

iptables

While not accessible via the Web UI, iptables (an application allowing for customizable access restrictions) are supported.

Note that iptables is always ON, and its policies can only be accessed via the Command

Line Interface (see

"CLI Commands" on page 531

) in combination with the Sudo command. Please also note that you need to have admin user rights to run this command.

Note: A listing of recommended and default network settings can be found under

"Default and Recommended Configurations" on page 332 .

2.13.4

Static Routes

Static routes are manually configured routes used by network data traffic, rather than solely relying on routes chosen automatically by DHCP (Dynamic Host Configuration Protocol). With statically configured networks, static routes are in fact the only possible way to route network traffic.

To view , add , edit , or delete a static route:

1.

Navigate to the MANAGEMENT > Network Setup screen.

2.

The Ports panel displays the available Ethernet ports, and their connection status:

64 CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31

2.13  Configure Network Settings

3.

To view all configured Static Routes for all Ethernet Ports, or delete one or more

Static Routes, click the TABLE icon in the top-right corner.

4.

To add a new Route, view or delete an existing Route for a specific Ethernet Port, locate the Port listing you want to configure, and click the TABLE button next to it.

The Static Routes window for the chosen Port will open, displaying its Routing

Table, and an Add Route panel.

In the Add Route panel, populate these fields in order to assign a Static Route to a Port:

Net Address : This is the address/subnet to route to.

Prefix : This is the subnet mask in prefix form e.g., "24". See also

"Subnet Mask Values" on page 54

.

Router Address : This is where you will go through to get there.

Click the Add Route button at the bottom of the screen.

Note: To set up a static route, the Ethernet connector must be physically connected to the network.

Note: Do not use the same route for different Ethernet ports; a route that has been used elsewhere will be rejected.

Note: The eth0 port is the default port for static routing. If a port is not given its own static route, all packets from that port will be sent through the default.

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31 65

2.13  Configure Network Settings

2.13.5

Access Rules

Network access rules restrict access to only those assigned networks or nodes defined. If no access rules are defined, access will be granted to all networks and nodes.

Note: In order to configure Access Rules, you need

ADMINISTRATOR rights.

To configure a new, or delete an existing access rule:

1.

Navigate to the MANAGEMENT > Network Setup screen.

2.

In the Actions panel on the left, click on Access Control.

3.

The Network Access Rules window displays:

66

4.

In the Allow From field, enter a valid IP address. It is not possible, however, to add direct IP addresses, but instead they must be input as blocks, i.e. you need to add

/32 at the end of an IP address to ensure that only that address is allowed.

Example:

10.2.100.29/32 will allow only

10.2.100.29

access.

I P a d d r e s s n o m e n c l a t u r e :

IPv4— 10.10.0.0/16 , where 10.10.0.0

is the IP address and 16 is the subnet mask in prefix form. See the table

"Subnet Mask Values" on page 54

for a list of subnet mask values.

IPv6— 2001:db8::/48 , representing 2001:db8:0:0:0:0:0:0 to 2001:db8:0:ffff:ffff:ffff:ffff:ffff.

5.

Click the Add button in the Action column to add the new rule.

6.

The established rule appears in the Network Access Rules window.

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31

2.13  Configure Network Settings

Click the Delete button next to an existing rule, if you want to delete it.

2.13.6

HTTPS

HTTPS stands for HyperText Transfer Protocol over SSL (Secure Socket Layer). This

TCP/IP protocol is used to transfer and display data securely by adding an encryption layer to protect the integrity and privacy of data traffic. Certificates issued by trusted authorities are used for sender/recipient authentication.

Note: In order to configure HTTPS, you need ADMINISTRATOR rights.

Note that SecureSync supports two different modes of HTTPS operation: The Standard

HTTPS Level (default), and a High-Security Level . For more information, see

"HTTPS

Security Levels" on page 267

.

2.13.6.1

Accessing the HTTPS Setup Window

1.

Navigate to MANAGEMENT > NETWORK: HTTPS Setup (or, navigate to

MANAGEMENT > Network Setup , and click HTTPS in the Actions panel on the left):

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31 67

2.13  Configure Network Settings

68

The HTTPS Setup window has five tabs:

Create Certificate Request : This menu utilizes the OpenSSL library to generate certificate Requests and self-signed certificates.

Subject Alternative Name Extension : This menu is used to add alternative names to an X.509 extension of a Certificate Request.

Certificate Request : A holder for the certificate request generated under the

Create Certificate Request tab. Copy and paste this Certificate text in order to send it to your Certificate Authority.

Upload X.509 PEM Certificate : Use the window under this tab to paste your

X.509 certificate text and upload it to SecureSync.

Upload Certificate File : Use this tab to upload your certificate file returned by the Certificate Authority. For more information on format types, see

"Supported Certificate Formats" on the facing page .

Exit the HTTPS Setup window by clicking the X icon in the top right window corner, or by clicking anywhere outside the window.

Should you exit the HTTPS Setup window while filling out the certificate request parameters form before clicking the Submit button, any information you entered will be lost.

Exiting the HTTPS Setup window will not lose and Subject Alternative Names that have been entered. When switching between tabs within the HTTPS Setup window, the information you have entered will be retained.

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31

2.13  Configure Network Settings

2.13.6.2 About HTTPS

HTTPS provides secure/encrypted, web- based management and configuration of

SecureSync from a PC. In order to establish a secure HTTPS connection, an SSL certificate must be stored inside the SecureSync unit.

SecureSync uses the OpenSSL library to create certificate requests and self-signed certificates. The OpenSSL library provides the encryption algorithms used for secure HTTP

(HTTPS). The OpenSSL package also provides tools and software for creating X.509 Certificate Requests, Self Signed Certificates and Private/Public Keys. For more information on OpenSSL, please see

www.openssl.org

.

Once you created a certificate request, submit the request to an external Certificate

Authority (CA) for the creation of a third party verifiable certificate. (It is also possible to use an internal corporate Certificate Authority.)

If a Certificate Authority is not available, or while you are waiting for the certificate to be issued, you can use the default Spectracom self-signed SSL certificate that comes with the unit until it expires, or use your own self-signed certificate. The typical life span of a certificate (i.e., during which HTTPS is available for use) is about 10 years.

Note: If deleted, the HTTPS certificate cannot be restored. A new certificate will need to be generated.

Note: In a Chrome web browser, if a valid certificate is deleted or changed such that it becomes invalid, it is necessary to navigate to Chrome's Settings> More Tools> Clear browsing data> Advanced and clear the Cached images and files in the history. Otherwise Chrome's security warnings may make some data unavailable in the Web UI.

Note: If the IP Address or Common Name (Host Name) is changed, you need to regenerate the certificate, or you will receive security warnings from your web browser each time you log in.

2.13.6.3 Supported Certificate Formats

SecureSync supports X.509 PEM and DER Certificates, as well as PKCS#7 PEM and DER formatted Certificates.

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31 69

2.13  Configure Network Settings

You can create a unique X.509 self-signed Certificate, an RSA private key and X.509 certificate request using the Web UI. RSA private keys are supported because they are the most widely accepted. At this time, DSA keys are not supported.

SecureSync supports two different modes of HTTPS operation: The Standard HTTPS

Level (default), and a High-Security Level . For more information, see

"HTTPS Security

Levels" on page 267

.

2.13.6.4 Creating an HTTPS Certificate Request

Caution: If you plan on entering multiple Subject Alternative Names to your

HTTPS Certificate Request, you must do so before filling out the Create

Certificate Request tab to avoid losing any information. See

"Adding

HTTPS Subject Alternative Names" on page 73

.

To create an HTTPS Certificate Request:

1.

Navigate to MANAGEMENT > NETWORK: HTTPS Setup , or in the MANAGEMENT

> NETWORK Setup , Actions panel, select HTTPS :

70

2.

Click the Create Certificate Request tab (this is the default tab).

3.

Check the box Create Self Signed Certificate, in order to open up all menu items.

This checkbox serves as a security feature : Check the box only if you are certain about generating a new self-signed Certificate.

Caution: Once you click Submit , a previously generated Certificate

(or the Spectracom default Certificate) will be

overwritten

.

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31

2.13  Configure Network Settings

Note that an invalid Certificate may result in denial of access to SecureSync via the

Web UI! (If this occurs, see

"If a Secure Unit Becomes Inaccessible" on page 268 .)

4.

Fill in the available fields:

Signature Algorithm : Choose the algorithm to be used from:

MD4

SHA1

SHA256

SHA512

Private Key Pass Phrase : This is the RSA decryption key. This must be at least 4 characters long.

RSA Private Key Bit Length : 2048 bits is the default. Using a lower number may compromise security and is not recommended.

Two-Letter Country Code : This code should match the ISO-3166-1 value for the country in question.

State Or Province Name : From the address of the organization creating up the Certificate.

Locality Name : Locale of the organization creating the Certificate.

Organization Name : The name of the organization creating the Certificate.

Organization Unit Name : The applicable subdivision of the organization creating the Certificate.

Common Name (e.g. Hostname or IP) : This is the name of the host being authenticated. The Common Name field in the X.509 Certificate must match the hostname, IP address, or URL used to reach the host via HTTPS.

Email Address : This is the email address of the organization creating the Certificate.

Challenge Password : Valid response password to server challenge.

Optional Organization Name : An optional name for the organization creating the Certificate.

Self-Signed Certificate Expiration (Days) : How many days before the Certificate expires. The default is 7200.

You are required to select a signature algorithm, a private key passphrase of at least

4 characters, a private key bit length, and the Certificate expiration in days. The remaining fields are optional.

It is recommended that you consult your Certificate Authority for the required fields in an X 509-Certificate request. Orolia recommends all fields be filled out and match the information given to your Certificate Authority. For example, use all

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31 71

2.13  Configure Network Settings abbreviations, spellings, URLs, and company departments recognized by the Certificate Authority. This helps to avoid problems the Certificate Authority might otherwise have reconciling Certificate request and company record information.

If necessary, consult your web browser vendor’s documentation and Certificate

Authority to see which key bit lengths and signature algorithms your web browser supports.

Orolia recommends that when completing the Common Name field, the user provide a static IP address, because DHCP-generated IP addresses can change. If the hostname or IP address changes, the X.509 Certificate must be regenerated.

It is recommended that the RSA Private Key Bit Length be a power of 2 or multiple of 2. The key bit length chosen is typically 1024, but can range from 512 to 4096.

Long key bit lengths of up to 4096 are not recommended because they can take several hours to generate. The most common key bit length is the value 1024.

Note: The default key bit length value is 2048.

When using a self-signed Certificate, choose values based on your company’s security policy.

5.

When the form is complete, confirm that you checked the box Create Self Signed

Certificate at the top of the window, then click Submit . Clicking the Submit button automatically generates the Certificate Request in the proper format for subsequent submission to the Certificate Authority.

Note: It may take several minutes for SecureSync to create the Certificate request and the private key (larger keys will require more time than small keys). If the unit is rebooted during this time, the Certificate will not be created.

To view the newly generated request, in the HTTPS Setup window, click the Certificate Request tab.

72 CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31

2.13  Configure Network Settings

When switching between tabs within the HTTPS Setup window, the information you have entered will be retained. If you exit the HTTPS Setup window before clicking Submit, the information will be lost.

2.13.6.5 Adding HTTPS Subject Alternative Names

Caution: Subject Alternative Names must be added before a new Certificate Request is generated, otherwise the Certificate Request will have to be created again to include the Subject Alternative Names. Any information entered into the Create Certificate Request tab that has not been submitted will be lost by adding, deleting, or editing Subject Alternative

Names.

It is recommended that you consult your Certificate Authority regarding questions of Subject Alternative Name usage.

To add Subject Alternative Names to an HTTPS Certificate Request:

1.

Navigate to MANAGEMENT > NETWORK: HTTPS Setup (or, navigate to

MANAGEMENT > NETWORK Setup , and click HTTPS in the Actions panel.

2.

In the Subject Alternative Name Extension tab, select the plus icon to access the

Add Subject Alternative Name popup.

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31 73

2.13  Configure Network Settings

74

3.

Fill in the available fields:

Type [DNS, IP, email, URI, RID, dirName]

Name for Directory Subject Alternative Names ( dirName ), check the Directory

Name box, and additional optional fields will be available:

Two Letter Country Code: must match ISO-3166-1 value.

Organization name: name of orgainzation creating certificate.

Organizational Unit Name: The applicable subdivision of the organization creating the certificate.

Common name: The name of the host being authenticated. The Common Name field in the X.509 Certificate must match the host name, IP address, or URL used to reach the host via HTTPS.

4.

After completing and submitting the form, view the Subject Alternative Name tab to see existing entries. Existing Subject Alternative Names can be edited or deleted from this window.

5.

After adding all the desired Subject Alternative Names, follow instructions for

"Creating an HTTPS Certificate Request" on page 70

.

2.13.6.6 Requesting an HTTPS Certificate

Before requesting an HTTPS Certificate from a third-party Certificate Authority, you need to create a Certificate Request :

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31

2.13  Configure Network Settings

1.

Navigate to MANAGEMENT > HTTPS Setup , or to MANAGEMENT > Network

Setup > Actions panel: HTTPS .

2.

In the HTTPS Setup window, under the Certificate Request Parameters tab, complete the form as described under

"Creating an HTTPS Certificate Request" on page 70

.

3.

Click Submit to generate your Certificate Request.

4.

You have now created a Certificate Request . Navigate to the Certificate Request tab to view it:

5.

Copy the generated Certificate Request from the Certificate Request window, and paste and submit it per the guidelines of your Certificate Authority. The Certificate Authority will issue a verifiable, authenticable third-party certificate.

6.

OPTIONAL: While waiting for the certificate to be issued by the Certificate Authority, you may use the certificate from the Certificate Request window as a self-signed certificate (see below).

NOTE: Preventing accidental overwriting of an existing certificate:

If you plan on using a new Certificate Request, fill out a new form under the Certificate

Request Parameters tab. Be aware, though, that the newly generated Certificate

Request will replace the Certificate Request previously generated once you submit it.

Therefore, if you wish to retain your previously generated Certificate Request for any reason, copy its text, and paste it into a separate text file. Save the file before generating a new request.

Using a Self-Signed Certificate

In the process of generating a Certificate Request, a self- signed certificate will automatically be generated simultaneously. It will be displayed under the Certificate Request

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31 75

2.13  Configure Network Settings tab.

You may use your self-signed certificate (or the default Spectracom self-signed certificate that comes with the unit) while waiting for the HTTPS certificate from the Certificate

Authority, or – if a Certificate Authority is not available – until it expires. The typical life span of a certificate is about 10 years.

NOTE: When accessing the SecureSync Web UI while using the self-signed certificate, your Windows ® web browser will ask you to confirm that you want to access this site via https with only a self-signed certificate in place. Other operating systems may vary in how they install and accept certificates. External Internet access may be required by your Certificate Authority to verify your certificate.

2.13.6.7 Uploading an X.509 PEM Certificate Text

Many Certificate Authorities simply issue a Certificate in the form of a plain text file. If your

Certificate was provided in this manner, and the Certificate is in the X.509 PEM format, follow the procedure below to upload the Certificate text by copying and pasting it into the

Web UI.

Note: Only X.509 PEM Certificates can be loaded in this manner. Certificates issued in other formats must be uploaded via the Upload Certificate tab.

Certificate Chain

It is also possible to upload a X.509 PEM Certificate Chain by pasting the text of the second certificate behind the regular CA Certificate.

Uploading X.509 PEM certificate text

To upload an X.509 PEM Certificate text to SecureSync:

1.

Navigate to MANAGEMENT > NETWORK: HTTPS Setup .

2.

Select the Upload X.509 PEM Certificate tab.

76 CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31

2.13  Configure Network Settings

3.

Copy the text of the Certificate that was issued to you by your Certificate Authority, and paste it into the text field.

4.

Click Submit to upload the Certificate to SecureSync.

NOTE: The text inside the text field under the Edit X.509 PEM Certificate tab is editable.

However, changes should not be made to a Certificate once it is imported; instead, a new

Certificate should be requested. An invalid Certificate may result in denial of access to the

SecureSync through the Web UI. If this occurs, see

"If a Secure Unit Becomes Inaccessible" on page 268 .

2.13.6.8 Uploading an HTTPS Certificate File

Once the HTTPS Certificate has been issued by your Certificate Authority, you have to upload the Certificate file to SecureSync, unless it is a X.509 PEM-format Certificate: In this case you may also upload the pasted Certificate text directly, see

"Uploading an X.509

PEM Certificate Text" on the previous page .

Note: For more information about Certificate formats, see

"Supported Certificate Formats" on page 69 .

To upload an HTTPS certificate file to SecureSync:

1.

Store the Public Keys File provided to you by the Certificate Authority in a location accessible from the computer on which you are running the Web UI.

2.

In the Web UI, navigate to MANAGEMENT > NETWORK: HTTPS Setup .

3.

Select the tab Upload Certificate File .

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31 77

2.13  Configure Network Settings

78

4.

Choose the Certificate Type for the HTTPS Certificate supplied by the Certificate

Authority from the Certification Type drop-down menu:

PEM

DER

PKCS #7 PEM

PKCS #7 DER

5.

Click the Browse… button and locate the Public Keys File provided by the Certificate Authority in its location where you stored it in step 1.

6.

Click Submit .

Note: SecureSync will automatically format the Certificate into the

X.509 PEM format.

Certificate Chain

It is possible to upload a X.509PEM Certificate Chain file. Note that there should be no character between the Certificate texts.

2.13.7

SSH

The SSH, or Secure Shell, protocol is a cryptographic network protocol, allowing secure remote login by establishing a secure channel between an SSH client and an SSH server.

SSH can also be used to run CLI commands.

SSH uses host keys to uniquely identify each SSH server. Host keys are used for server authentication and identification. A secure unit permits users to create or delete RSA or

DSA keys for the SSH2 protocol.

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31

2.13  Configure Network Settings

Note: Only SSH2 is supported due to vulnerabilities in the SSH1 protocol.

The SSH tools supported by SecureSync are:

SSH : Secure Shell

SCP : Secure Copy

SFTP : Secure File Transfer Protocol

SecureSync implements the server components of SSH, SCP, and SFTP.

For more information on OpenSSH, please refer to

www.openssh.org

.

To configure SSH:

1.

Navigate to MANAGEMENT > NETWORK: SSH Setup . The SSH Setup window will display.

The window contains two tabs:

Host Keys : SSH uses Host Keys to uniquely identify each SSH server. Host keys are used for server authentication and identification.

Public Key : This is a text field interface that allows the user to edit the public key files authorized_keys file.

Note: Should you exit the SSH Setup window (by clicking X in the top right corner of the window, or by clicking anywhere outside of the window), while filling out the Certificate Request Parameters form before clicking Submit , any information you entered will be lost.

When switching between tabs within the SSH Setup window, however, the information you have entered will be retained.

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31 79

2.13  Configure Network Settings

Host Keys

You may choose to delete individual RSA or DSA host keys. Should you decide to delete the RSA or DSA key, the SSH will function, but that form of server authentication will not be available. Should you delete both the RSA and DSA keys, SSH will not function. In addition, if SSH host keys are being generated at the time of deletion, the key generation processes are stopped, any keys created will be deleted, and all key bit sizes are set to 0.

You may choose to delete existing keys and request the creation of new keys, but it is often simpler to make these requests separately.

You can create individual RSA and DSA Host Public/Private Key pairs. Host keys must first be deleted before new Host Keys can be created.

SecureSync units have their initial host keys created at the factory. RSA host key sizes can vary between 768 and 4096 bits. The recommended key size is 1024. Though many key sizes are supported, it is recommended that users select key sizes that are powers of 2 or divisible by 2. The most popular sizes are 768, 1024, and 2048. Large key sizes of up to

4096 are supported, but may take 10 minutes or more to generate. DSA keys size support is limited to 1024 bits.

Host keys are generated in the background. Creating RSA and DSA keys, each with 1024 bits length, typically takes about 30 seconds. Keys are created in the order of RSA, DSA,

RSA. When the keys are created, you can successfully make SSH client connections. If the unit is rebooted with host key creation in progress, or the unit is booted and no host keys exist, the key generation process is restarted. The key generation process uses either the previously specified key sizes or, if a key size is undefined, the default key bit length size used is 2048. A key with a zero length or blank key size field is not created.

The SSH client utilities SSH, SCP, and SFTP allow for several modes of user authentication. SSH allows you to remotely login or transfer files by identifying your account and the target machine's IP address. As a user you can authenticate yourself by using your account password, or by using a Public Private Key Pair.

It is advisable to keep your private key secret within your workstation or network user account, and provide the SecureSync a copy of your public key. The modes of authentication supported include:

Either Public Key with Passphrase or Login Account Password

Login Account Password only

Public Key with Passphrase only

SSH using public/private key authentication is the most secure authenticating method for

SSH, SCP or SFTP sessions.

You are required to create private and public key pairs on your workstation or within a private area in your network account. These keys may be RSA or DSA and may be any key bit length as supported by the SSH client tool. These public keys are stored in a file in the

80 CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31

2.13  Configure Network Settings

.ssh

directory named authorized_keys

. The file is to be formatted such that the key is followed by the optional comment with only one key per line.

Note: The file format, line terminations, and other EOL or EOF characters should correspond to UNIX conventions, not Windows.

Changing Key Length Values

You may change the key length of the RSA, DSA, ECDSA, and ED25519 type host keys.

To change the key length of a host key:

1.

Navigate to MANAGEMENT > NETWORK: SSH Setup . The SSH Setup window will open to the Host Keys tab by default.

2.

Select the Key Length value for the key type you want to change.

Key sizes that are powers of 2 or divisible by 2 are recommended. The most popular sizes are 768, 1024, and 2048. Large key sizes of up to 4096 are supported, but may take 10 minutes or more to generate. DSA keys size support is limited to 1024 bits. The key type ED25519 supports 256 bits.

3.

Check the Regenerate All Keys box.

4.

Click Submit . The new values will be saved.

Note: Changing the values and submitting them in this manner DOES NOT generate new host public/private key pairs. See

"Creating Host Public/Private Key Pairs" on the next page

for information on how to create new host public/private key pairs.

Deleting Host Keys

You can delete individual host keys. To delete a key:

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31 81

2.13  Configure Network Settings

1.

Navigate to MANAGEMENT > NETWORK: SSH Setup . The window will open to the Host Keys tab by default.

2.

Select Delete in the field for the key you wish to delete, and click Submit .

Creating Host Public/Private Key Pairs

You may create individual Host Public/Private Key pairs. Host keys must first be deleted before new Host Keys can be created. To create a new set of host keys:

1.

To access the SSH setup screen, navigate to MANAGEMENT > NETWORK: SSH

Setup . The window will open to the Host Keys tab by default.

2.

Should you want to change the key length of any host key, enter the desired length in the text field corresponding to the length you wish to change.

82

3.

Check the Regenerate All Keys box.

4.

Click Submit .

The Key Type/Status/Action table will temporarily disappear while the SecureSync regenerates the keys. The Host keys are generated in the background. Creating

RSA and DSA keys, each with 1024 bits length, typically takes about 30 seconds.

Keys are created in the order of RSA, DSA, ECDSA, ED25519. SecureSync will generate all 4 host keys, RSA, DSA, ECDSA, and ED25519.

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31

2.13  Configure Network Settings

5.

Delete any of the keys you do not want. See

"Deleting Host Keys" on page 81

.

Note: If the unit is rebooted with host key creation in progress, or the unit is booted and no host keys exist, the key generation process is restarted. The key generation process uses the previously specified key sizes.

Note: If a key size is undefined, the default key bit length size used is

2048. A key with a zero length or blank key size field will not be created.

When you delete a host key and recreate a new one, SSH client sessions will warn you that the host key has changed for this particular IP address. You must then take one of the following actions:

1.

Override the warning and accept the new Public Host Key and start a new connection. This is the default. This option allows users to login using either method.

Whichever mode works is allowed for logging in. If the Public Key is not correct or the Passphrase is not valid the user is then prompted for the login account password.

2.

Remove the old Host Public Key from their client system and accept the new Host

Public Key. This option simply skips public/private key authentication and immediately prompts the user for password over a secure encrypted session avoiding sending passwords in the clear.

3.

Load a public key into SecureSync. This public key must match the private key found in the users account and be accessible to the SSH, SCP, or SFTP client program. The user must then enter the Passphrase after authentication of the keys to provide the second factor for 2-factor authentication.

Please consult your specific SSH client’s software’s documentation.

Public Keys: Viewing, Editing, Loading

The authorized_keys file can be viewed and edited, so as to enable adding and deleting

Public Keys. The user may also retrieve the authorized_keys file from the .ssh directory

Using FTP, SCP, or SFTP.

If you want to completely control the public keys used for authentication, a correctly formatted authorized_keys file formatted as indicated in the OpenSSH web site can be loaded onto SecureSync. You can transfer a new public key file using the Web UI.

To view and edit the authorized_keys file:

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31 83

2.13  Configure Network Settings

1.

Navigate to MANAGEMENT > NETWORK: SSH Setup . The SSH Setup window will open to the Host Keys tab by default.

2.

Select the Public Key tab. The authorized_keys file appears in the Public Keys

File window:

84

3.

Edit the authorized_keys file as desired.

4.

Click the Submit button or Apply button.

The file is to be formatted such that the key is followed by an optional comment, with only one key per line. The file format, line terminations, and other EOL or EOF characters should correspond to UNIX conventions, not Windows.

Note: If you delete ALL Public Keys, Public/Private Key authentication is disabled. If you have selected SSH authentication using the Public Key with

Passphrase option, login and file transfers will be forbidden. You must select a method allowing the use of account password authentication to enable login or file transfers using SCP or SFTP.

Editing the "authorized_key" File via CLI

Secure shell sessions using an SSH client can be performed using the admin or a userdefined account. The user may use Account Password or Public Key with Passphrase authentication. The OpenSSH tool SSH-KEYGEN may be used to create RSA and DSA keys used to identify and authenticate user login or file transfers.

The following command lines for OpenSSH SSH client tool are given as examples of how to create an SSH session.

Creating an SSH session with Password Authentication for the admin account

ssh [email protected]

[email protected]'s password: admin123

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31

2.13  Configure Network Settings

You are now presented with boot up text and/or a “>” prompt which allows the use of the

Orolia command line interface.

Creating an SSH session using Public Key with Passphrase Authentication for the admin account

You must first provide the secure Orolia product a RSA public key found typically in the

OpenSSH id_rsa.pub file. Then you may attempt to create an SSH session.

ssh -i ./id_rsa [email protected]

Enter passphrase for key './id_rsa': mysecretpassphrase

Please consult the SSH client tool’s documentation for specifics on how to use the tool, select SSH protocols, and provide user private keys.

Secure File Transfer Using SCP and SFTP

SecureSync provides secure file transfer capabilities using the SSH client tools SCP and

SFTP. Authentication is performed using either Account Passwords or Public Key with

Passphrase.

Example output from OpenSSH, SCP, and SFTP client commands are shown below.

Perform an SCP file transfer to the device using Account Password authentication

scp authorized_keys [email protected]:.ssh

[email protected]'s password: admin123 publickeys 100% |***************************************************|

5 00:00

Perform an SCP file transfer to the device using Public Key with Passphrase authentication.

scp -i ./id_rsa [email protected]:.ssh

Enter passphrase for key './id_rsa': mysecretpassphrase publickeys 100% |***************************************************|

5 00:00

Perform an SFTP file transfer to the device using Account Password authentication.

sftp [email protected]

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31 85

2.13  Configure Network Settings [email protected]'s password: admin123

You will be presented with the SFTP prompt allowing interactive file transfer and directory navigation.

Perform an SFTP file transfer to the device using Public Key with Passphrase authentication

sftp -i ./id_rsa [email protected]

Enter passphrase for key './id_rsa': mysecretpassphrase

You will be presented with the SFTP prompt allowing interactive file transfer and directory navigation.

Recommended SSH Client Tools

Orolia does not make any recommendations for specific SSH clients, SCP clients, or SFTP client tools. However, there are many SSH based tools available to the user at low cost or free.

Two good, free examples of SSH tool suites are the command line based tool OpenSSH running on a Linux or OpenBSD x86 platform and the SSH tool suite PuTTY.

The OpenSSH tool suite in source code form is freely available at

www.openssh.org

though you must also provide an OpenSSL library, which can be found at

www.openssl.org

.

PuTTY can be found at:

http://www.chiark.greenend.org.uk/~sgtatham/putty/

.

SSH Timeout

The keep-SSH alive timeout is hard-set to 60 minutes (3600 seconds). This value is not configurable.

2.13.8

SNMP

SNMP (Simple Network Management Protocol) is a widely used application-layer protocol for managing and monitoring network elements. It has been defined by the Internet Architecture Board under RFC-1157 for exchanging management information between network devices, and is part of the TCP/IP protocol.

SNMP agents must be enabled and configured so that they can communicate with the network management system (NMS). The agent is also responsible for controlling the database of control variables defined in the Management Information Base (MIB).

SecureSync’s SNMP functionality supports SNMP versions V1, V2c and V3 (with SNMP

Version 3 being a secure SNMP protocol).

86 CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31

2.13  Configure Network Settings

Once SNMP is configured it will persist through reboot, and only needs to be reconfigured after performing a "clean" update process (thus restoring the factory default condition).

Note: In order to configure SNMP, you need ADMINISTRATOR rights.

To access the SNMP Setup screen:

Navigate to MANAGEMENT > NETWORK: SNMP Setup . The SNMP screen will display:

The SNMP screen is divided into 3 panels:

1.

The Main panel , which is subdivided into 3 displays:

SNMP V1/V2 : This panel allows configuration of SNMP v1 and v2c communities (used to restrict or allow access to SNMP). This tab allows the configurations for SNMP v1 and v2c, including the protocols allowed, permissions and Community names as well as the ability to permit or deny access to portions of the network. Clicking on the “+” symbol in the top- right corner opens the SNMP V1/V2c Settings for Access

Screen. See

"SNMP V1/V2c" on page 90

.

SNMP V3 : This panel allows configuration of SNMP v3 functionality, including the user name, read/write permissions, authorization passwords as well as privilege Types and Passphrases. Clicking on the “+” symbol in the top- right corner opens the SNMP V3 Screen. See

"SNMP V3" on page 92 .

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31 87

2.13  Configure Network Settings

SNMP Traps : This panel allows you to define different SNMP Managers that SNMP traps can be sent to over the network. This allows for

SNMP Managers in different geographical areas to receive the same

SNMP traps that Managers in other areas also receive. Clicking the

PLUS icon in the top-right corner opens the SNMP Traps Settings

Screen. See also

"SNMP Traps" on page 94

and

"Setting Up SNMP

Notifications" on page 243

.

2.

The Actions panel , which contains the Restore Default SNMP Configuration button.

3.

The SNMP Status panel , which offers:

An SNMP ON/OFF switch.

An Authentication Error Trap ON/OFF switch.

SysObjID — The System Object ID number. This is editable in the

SNMP Status panel (see

"Configuring the SNMP Status" below ).

Contact Information —The email to contact for service. This is editable in the SNMP Status panel (see

"Configuring the SNMP Status" below ).

Location —The system location. This is editable in the SNMP Status panel (see

"Configuring the SNMP Status" below ).

Description —A simple product description. This is not editable in the

SNMP Status.

Restoring the Default SNMP Configuration

To restore the SecureSync to its default SNMP configuration:

1.

Navigate to the MANAGEMENT > NETWORK: SNMP Setup screen.

2.

In the Actions panel, click the Restore Default SNMP Configuration button.

3.

Confirm that you want to restore the default settings in the pop-up message.

Configuring the SNMP Status

The SNMP Status Settings are sysObjectID , sysContact , and sysLocation . To configure

SNMP Status Settings:

88 CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31

2.13  Configure Network Settings

1.

Navigate to MANAGEMENT > NETWORK: SNMP Setup .

2.

In the SNMP Status panel on the left, click the GEAR icon in the top-right corner of the panel.

3.

The SNMP Status pop-up window will display:

The following settings can be configured in this window:

In the sysObjectID field, enter the SNMP system object ID.

In the sysContact field, enter the e-mail information for the system contact you wish to use.

In the sysLocation field, enter the system location of your SecureSync unit.

4.

Click Submit , or cancel by clicking the X -icon in the top-right corner.

Accessing the SNMP Support MIB Files

Spectracom’s private enterprise MIB files can be extracted via File Transfer Protocol (FTP) from SecureSync, using an FTP client such as FileZilla or any other shareware/freeware

FTP program.

To obtain the MIB files from SecureSync via FTP/SFTP:

1.

Using an FTP program, log in as an administrator.

2.

Through the FTP program, locate the Spectracom MIB files in the /home/spectracom/mibs directory.

3.

FTP the files to the desired location on your PC for later transfer to the SNMP Manager.

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31 89

2.13  Configure Network Settings

4.

Compile the MIB files onto the SNMP Manager.

Note: When compiling the MIB files, some SNMP Manager programs may require the MIB files to be named something other than the current names for the files. The MIB file names may be changed or edited as necessary to meet the requirements of the SNMP Manager. Refer to the SNMP Manager documentation for more information on these requirements.

Note: In addition to the Spectracom MIB files, there are also some net- snmp MIB files provided. Net- snmp is the embedded SNMP agent that is used in the SecureSync and it provides traps to notify the user when it starts, restarts, or shuts down. These MIB files may also be compiled into your SNMP manager, if they are not already present.

Spectracom’s private enterprise MIB files can be requested and obtained from the

Spectracom Customer Service

[email protected]

.

department via email at

Note: By default,

[email protected]

is the address in the sysContact field of the SNMP Status panel of the SNMP Setup page.

2.13.8.1

SNMP V1/V2c

SNMP V1 is the first version of the SNMP protocol, as defined in the IETF (Internet Engineering Task Force) RFCs (Request for Comments) number 1155 and 1157. SNMP V2c is the revised protocol, but it also uses the V1 community based administration model.

Creating Communities

1.

Navigate to MANAGEMENT > NETWORK: SNMP Setup .

2.

In the SNMP V1/V2 panel click the PLUS icon in the top-right corner.

90 CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31

2.13  Configure Network Settings

3.

The SNMP V1/V2c Settings for Access window will display:

4.

Enter the required information in the fields provided:

The IP Version field provides a choice of IPv4, IPV6 or both IPv4 and IPv6 (= default).

The choices offered below will change in context with the choice made in the

IP Version field.

If no value is entered in the IPv4 and/or IPv6 field, SecureSync uses the system default address.

SNMP Community names should be between 4 and 32 characters in length.

Permissions may be Read Only or Read/Write.

The Version field provides a choice of V1 or V2c.

5.

Click Submit . The created communities will appear in the SNMP V1/V2 panel:

Editing and Deleting Communities

To edit or delete a community you have created:

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31 91

2.13  Configure Network Settings

1.

Navigate to MANAGEMENT > NETWORK: SNMP Setup .

2.

Click the row of the SNMP V1/V2 panel that displays the community you wish to edit or delete. The cursor will change from an arrow icon to a pointing finger to indicate that the entry is clickable.

3.

The SNMP V1/V2c Settings for Access window will display.

Note: The options available for editing in the SNMP V1/V2c Settings for Access window will vary contextually according to the information in the entry chosen.

92

4.

To edit the settings, enter the new details you want to edit and click Submit . OR: To delete the entry, click Delete .

2.13.8.2 SNMP V3

SNMP V3 utilizes a user-based security model which, among other things, offer enhanced security over SNMP V1 and V2.

Creating Users

1.

Navigate to MANAGEMENT > NETWORK: SNMP Setup .

2.

In the SNMP V3 panel, click the PLUS icon in the top-right corner.

3.

The SNMP V3 Settings window will display.

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31

2.13  Configure Network Settings

4.

Enter the required information in the fields provided.

SNMP User Names and passwords are independent of users that are configured on the Tools/Users page.

User names are arbitrary. SNMP User Names should be between 1 and

31 characters in length.

The User Name must be the same on SecureSync and on the management station.

The Auth Type field provides a choice between MD5 and SHA.

The Auth Password must be between 8 and 32 characters in length.

The Priv Type field provides a choice between AES, DES, and No Privacy.

The Priv Passphrase must be between 8 and 32 characters in length.

The Permissions field provides a choice between Read/Write and Read

Only.

5.

Click Submit . The created user will appear in the SNMP V3 panel:

Editing and Deleting Users

To edit or delete a user you have created:

1.

Navigate to MANAGEMENT > NETWORK: SNMP Setup .

2.

Click the row of the SNMP V3 panel that displays the community you wish to edit or delete. The cursor will change from an arrow icon to a pointing finger to indicate that the entry is clickable.

3.

The SNMP V3 Settings window will display:

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31 93

2.13  Configure Network Settings

94

4.

Apply your changes and click Submit . OR: Click Delete to remove the User.

2.13.8.3 SNMP Traps

SNMP traps allow for automatic event notification, and as such are one way to remotely monitor SecureSync's status.

SNMP traps indicate the status change that caused the trap to be sent and may also include one or more objects, referred to as variable- bindings, or varbinds . A varbind provides a current SecureSync data object that is related to the specific trap that was sent.

For example, when a Holdover trap is sent because SecureSync either entered or exited the Holdover mode, the trap varbind will indicate that SecureSync is either currently in Holdover mode or not currently in Holdover mode.

For testing purposes, a command line interface command is provided. This command, testevent , allows one, several, or all of the traps defined in the SecureSync MIB to be generated. Refer to

"CLI Commands" on page 531

for command details.

To define SNMP Traps (Notifications):

1.

Navigate to MANAGEMENT > NETWORK: SNMP Setup .

2.

In the SNMP Traps panel, click the PLUS icon in the top-right corner.

3.

The SNMP Traps Settings window will display:

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31

2.13  Configure Network Settings

4.

Enter the required information in the fields provided. (Note that the options will vary contextually according to your Version .)

5.

The Version field provides a choice between v1 , v2c , and v3 [= default]

The Community field for the SNMP Community string.

[v1, v2c]

SNMP User names should be between 4 and 32 characters in length.

[v3]

Destination IP Version is a choice between IPv4 and IPv6.

[v1, v2c, v3]

Destination IP is destination address for the notification and password key to be sent. The default port is 162.

[v1, v2c, v3]

The UDP Port number used by SNMP Traps [default = 162].

[v1, v2c]

Engine Id must be a hexadecimal number at least 10 digits long (such as

0x123456789A). The Id originates from the MIB Browser/SNMP Manager.

[v3] 1

Auth Type provides a choice between MD5 (the default) and SHA.

[v3]

The Auth Password must be between 8 and 32 characters in length.

[v3]

The Priv Type field provides a choice between AES and DES.

[v3]

The Priv Passphrase must be between 8 and 32 characters in length.

[v3]

6.

Click the Submit button at the bottom of the window. Cancel any changes by clicking the X -icon in the top-right corner (any information entered will be lost).

1 If your SNMP manager is not providing an Engine ID, you can generate one yourself according to protocols within RFC

3411 and apply it to your network manager and trap configuration.

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31 95

2.13  Configure Network Settings

7.

The SNMP trap you created will appear in the SNMP Traps panel:

Each row of the SNMP Traps panel includes the version of the SNMP functionality, the User/Community name for the trap, the IP address/Hostname of the SNMP

Manager and values applicable only to SNMP v3, which include the Engine ID, the

Authorization Type, the Privilege Type.

You may define different SNMP Managers to whom SNMP traps can be sent over the network. This allows for SNMP Managers in different geographical areas to receive the same SNMP traps.

Note: Spectracom has been assigned the enterprise identifier 18837 by the IANA (Internet Assigned Numbers Authority). Spectracom’s product MIBs reside under the enterprise identifier @18837.3.

For detailed descriptions of the objects and traps supported by the SecureSync, please refer to the Spectracom SecureSync MIB files. See

"Accessing the SNMP

Support MIB Files" on page 89

.

2.13.9

System Time Message

The System Time Message is a feature used for special applications that require a onceper-second time message to be sent out by SecureSync via multicast. This time message will be transmitted before every 1PPS signal, and can be used to evaluate accuracy and jitter.

To set up and enable a System Time Message :

1.

Navigate to MANAGEMENT > Network Setup > Actions panel, and select System Time Message . The Settings window will open.

2.

Populate the fields Multicast Address , Port Number and Message ID , and click

Submit .

96 CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31

2.13  Configure Network Settings

3.

In the Network Services panel, enable System Time Message .

2.13.9.1

System Time Message Format

This message contains the time when the next 1PPS discrete will occur. It is sent once per second prior to the 1PPS discrete.

3

4

1

2

5

Table 2-4: System Time Message format

Word Byte 3 Byte 2 Byte 1 Byte 0

Msg ID

Msg Size

Seconds nSec

EOM

Table 2-5: System Time Message field descriptions

Data

Name

Data Description Range

Message

ID

Message

Size

UID of the message; programmable

Total message size in bytes

Seconds Seconds since epoch (00:00:00 Jan

1, 1970 UTC)

Unsigned 32 bit integer

Unsigned 32 bit integer

Unsigned 32 bit integer

1

1

Resolution Units

1 n/a

Bytes

Seconds

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31 97

2.14  Configure NTP

Data

Name

NSec

Data Description

NSec within the current second

EOM End-of-message

Range

Unsigned 32 bit integer

-1 1

Resolution Units

1 nsec n/a

2.14

Configure NTP

Network Time Protocol (NTP) and Simple Network Time Protocol (SNTP) are clientserver protocols that are used to synchronize time on IP networks. NTP provides greater accuracy and better error checking capabilities than SNTP does, but requires more resources.

For many applications, it is not necessary to modify the NTP factory default configuration settings. It is possible, however, to change most of the settings in order to support specific

NTP applications which may require a non-standard configuration:

These features include the ability to use either MD5 authentication or NTP Autokey, to block NTP access to parts of the network and to broadcast NTP data to the network’s broadcast address. NTP and SNTP are used to synchronize time on any computer equipment compatible with the Network Time Protocol. This includes Cisco routers and switches, UNIX machines, and Windows machines with suitable clients. To synchronize a single workstation, several freeware or shareware NTP clients are available on the Internet.

The software running on the PC determines whether NTP or SNTP is used.

When the NTP service is enabled, SecureSync will “listen” for NTP request messages from

NTP clients on the network. When an NTP request packet is received, SecureSync will send an NTP response time packet to the requesting client. Under typical conditions,

SecureSync can service several thousand NTP requests per second without MD5 authentication enabled, and at a somewhat lower rate with MD5 authentication enabled.

You can either enable or completely disable the NTP Service. When NTP is disabled, no

NTP time packets will be sent out to the network. When enabled, by default, the NTP Service operates in Unicast mode, i.e. the NTP Service responds to NTP requests only.

Note: In order to configure NTP, you need to access the NTP Setup screen which requires ADMINISTRATOR rights.

2.14.1

Checklist NTP Configuration

The following is a list of configuration settings you may want to consider as you setup your

NTP Service. (Not all items may apply to your application, or there may be other considerations not included in this list.)

98 CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31

2.14  Configure NTP

1.

Did you setup your NTP Service and have it use the right Reference(s) ?

See

"NTP Reference Configuration" on page 105 .

2.

Does your NTP Service use the right Timescale ?

See

"NTP Output Timescale" on page 103

.

3.

If required, have you setup other NTP Servers and Peers for fallback purposes?

See

"NTP Peers: Adding, Configuring, Removing" on page 113 .

2.14.2

The NTP Setup Screen

The NTP Setup screen provides access to all NTP configuration settings.

To open the NTP Setup screen, navigate to MANAGEMENT > NTP Setup . The NTP

Setup screen is divided into 5 panels:

The NTP Servers and Peers panels

… are located on the right-hand side of the NTP screen:

NTP Servers : In this display you can view the NTP Servers that SecureSync detects in your network. It is through this display that you configure external NTP references. See

"NTP Servers: Adding, Configuring, Removing" on page 111 .

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31 99

2.14  Configure NTP

NTP Peers : In this display you can view the NTP Peers that SecureSync detects in your network. It is through this display that you configure NTP Peer reference inputs. See

"NTP Peers: Adding, Configuring, Removing" on page 113

.

For more information on NTP servers, clients, and Stratums see

"NTP Servers and Peers" on page 107 .

The NTP Throughput panel

… shows two graphs depicting the rate of NTP traffic from Clients and Server/Peers.

The INFO icon opens a window showing the maximum per second traffic rate from each.

The graphs maybe saved and downloaded (> ARROW icon), or deleted (>

TRASH CAN icon).

The Actions panel

… is in the top left-hand corner of the NTP screen comprises the following buttons:

Symmetric Keys : Click here to set up your symmetric keys for MD5 authentication.

For more information on Symmetric Keys, see

"Configuring NTP Symmetric Keys" on page 121

.

Access Restrictions : Click here to view, change or delete access restrictions to the

NTP network. (See also

"NTP Access Restrictions" on page 124

.)

Fields in the NTP Access Restrictions table include:

Type

IP Version

IP

IP Mask

Auth only

Enable Query

View NTP Clients : Click here to reveal a table of all the clients your SecureSync is servicing. (See also

"Viewing NTP Clients" on page 102

.)

Information for each client includes:

Client IP

Received Packets

Mode

Version

Restriction Flags

100 CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31

2.14  Configure NTP

Avg Interval

Last Interval

Restore Default NTP Configuration : Click here to restore SecureSync’s NTP settings to the factory default. Any settings you have created previously will be lost.

See

"Restoring the Default NTP Configuration" on page 103 .

The NTP Services panel

… is the second panel on the left-hand side of the NTP screen. It has two switches:

NTP ON/OFF : This switch enables and disables NTP. See

"Dis-/Enabling NTP" below .

Note: When applying any changes NTP will usually restart automatically. Use this switch only to force a restart.

Expert Mode : Turning this switch ON enables direct access to the NTP.conf

file, thus bypassing the SecureSync Web UI. [Default =OFF] See

"NTP Expert Mode" on page 138 .

Note: Spectracom Tech Support does not support the editing of the

NTP configuration files in Expert Mode. For additional information on editing the NTP.conf file, please refer to

http://www.ntp.org

.

Other NTP Services that can be configured via the NTP Services panel by clicking the

GEAR icon are:

Autokey (see

"Configuring NTP Autokey" on page 117

)

Stratum 1 (see

"NTP Reference Configuration" on page 105 )

The NTP Status Summary panel

… provides a real-time overview of your key NTP network parameters. For more information, see

"NTP Status Monitoring" on page 295 .

2.14.3

Dis-/Enabling NTP

If you applied NTP configuration changes e.g., added a new NTP Server, SecureSync usually will stop and re-start the NTP Service automatically once you clicked Submit. Changes made to NTP configurations will also take effect after SecureSync is either rebooted or power-cycled.

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31 101

2.14  Configure NTP

You can, however, also disable or enable the SecureSync NTP Service manually, e.g. with

NTP Autokey.

To disable and enable your NTP Service:

1.

Navigate to MANAGEMENT > NETWORK: NTP Setup .

2.

In the NTP Services panel, set the ON/OFF toggle switch to OFF.

3.

A notification window will confirm the status change.

4.

In the NTP Services panel, set the ON/OFF toggle switch to ON again.

Changes made will now take effect and NTP operation will be restored shortly after this operation is performed.

2.14.4

Viewing NTP Clients

To view the NTP clients being served by SecureSync:

1.

Navigate to MANAGEMENT> NETWORK: NTP Setup .

2.

In the NTP Actions panel, click View NTP Clients :

102

3.

The NTP Clients window will display, showing a table of the clients that are synchronizing to SecureSync via NTP:

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31

2.14  Configure NTP

You can search any of the fields for specific information in the Search field at the top of the window.

A limit of 10 entries will appear on the screen at any one time. If you have more than 10 clients, you can move through the table using the First , Previous , Next and Last navigation buttons at the bottom of the screen.

2.14.5

Restoring the Default NTP Configuration

The SecureSync default NTP configuration can be restored at any time. It comprises basic settings such as Stratum 1 operation with no other servers or peers, no broadcasting and no access restrictions. External queries or modifications are not permitted, while generally all IPv4 and IPv6 client connections are allowed.

To restore SecureSync to its default NTP configuration:

1.

Navigate to MANAGEMENT > NETWORK: NTP Setup .

2.

In the NTP Actions panel, click Restore Default NTP Configuration .

3.

In the dialog window that displays, click OK .

2.14.6

NTP Output Timescale

You can choose the timescale SecureSync will use for the time stamps it sends out to its

NTP clients and network nodes. This is done by setting SecureSync System Time times-

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31 103

2.14  Configure NTP cale. The options are UTC, TAI and GPS. Typically, UTC is used for network synchronization.

Note that the System Time affects not only NTP output, but also all other aspects of time management e.g., time distributed via channels other than NTP, logging, and time displayed on the unit front panel and in the Web UI.

If SecureSync is operated as a Stratum 2 server, i.e. as a client to a Stratum 1 server (see

"Configuring "NTP Stratum Synchronization"" on page 107

), the other server will override SecureSync's System Timescale, should it be different.

Note: IMPORTANT: Make sure you select your desired timescale! Using the wrong timescale will inevitably result in an undesired time error in your

NTP clients.

To change the system timescale SecureSync will use for its NTP output (and other outputs):

1.

Navigate to MANAGEMENT > OTHER: Time Management :

104

2.

In the System Time panel, click the GEAR icon.

3.

In the Edit System Time window, select the System Timescale SecureSync will be in:

UTC : The network PCs will receive UTC time via NTP.

TAI : The network PCs will receive TAI time via NTP.

GPS : The network PCs will receive GPS time via NTP.

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31

2.14  Configure NTP

Note: When the Timescale is set to “GPS”, the GPS to UTC Offset must be set correctly. As of 5-March-2021, the offset between UTC and GPS is 18 seconds.

2.14.7

NTP Reference Configuration

SecureSync's NTP Service needs to be setup such that it utilizes the time source ("input reference") you want it to use. There are two options for an NTP Server to derive its time from: a.

The NTP Service uses SecureSync's System Time, i.e. typically the GNSS reference

(or IRIG, ASCII data input, etc.), and distributes that time over the NTP network. This is called Stratum 1 Operation , because SecureSync will be the Stratum 1 (or primary) server. This is the most common configuration.

b.

It is, however, also possible for NTP to utilize the time provided by another NTP

Server as a reference. In this case the other server would be Stratum 1, and

SecureSync would be Stratum 2 (or higher). This operating mode can be referred to as Stratum 2 operation , secondary server operation , or NTP Stratum Synchronization .

With a GNSS-capable time server it is possible to combine these two configurations e.g., by assigning a higher reference priority to (a.), and a lower "fallback" priority to (b.). For more information on reference priority configuration, see

"Configuring Input Reference Priorities" on page 168 .

2.14.7.1

The NTP Stratum Model

The NTP Stratum model is a representation of the hierarchy of time servers in an NTP network, where the Stratum level (0-15) indicates the device's distance to the reference clock.

Stratum 0 means a device is directly connected to e.g., a GPS antenna.

Stratum 0 devices cannot distribute time over a network directly, though, hence they must be linked to a Stratum 1 time server that will distribute time to Stratum 2 servers or clients, and so on. The higher the Stratum number, the more the timing accuracy and stability degrades.

The NTP protocol does not allow clients to accept time from a Stratum 15 device, hence

Stratum 15 is the lowest NTP Stratum.

A group of NTP servers at the same Stratum level ( Stratum 2 , for example) are considered NTP Peers to each other. NTP Servers at a higher Stratum level, on the other hand, are referred to as NTP Servers .

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31 105

2.14  Configure NTP

Note: Internet Time Servers should be configured as NTP Servers and not as NTP Peers.

If SecureSync has no valid Timing System Reference, NTP Server or NTP Peers, the NTP

Stratum value is automatically downgraded to Stratum 15 . This ensures that its NTP clients will no longer use this SecureSync unit as a time reference.

2.14.7.2 Configuring "NTP Stratum 1" Operation

When the Timing System references of your SecureSync are normally available (rather than being unavailable most of the time e.g., in areas with poor GNSS reception), it is advisable to use the System Time as a reference to NTP, since this provides NTP with the most accurate references. This mode is called Stratum 1 operation, since SecureSync operates as a Stratum 1 NTP server.

To configure Stratum 1 operation for SecureSync:

1.

Navigate to MANAGEMENT > NETWORK: NTP Setup :

2.

Click the GEAR icon in the NTP Services panel.

3.

The Edit NTP Services window will display. Click the Stratum 1 tab.

4.

Check all of the three options :

Enable Stratum 1 Operation

Checking this option will cause the NTP Service to use the System Time provided by the Timing System input.

Prefer Stratum 1

This option configures NTP to “weigh” the Timing System input heavier than input from other NTP servers for its selection (The Timing System inputs are normally more accurate than other NTP servers).

However, if the Timing System inputs are not normally available (such as with intermittent GNSS reception or no other inputs are available), it may be desirable NOT to prefer the Timing System over an NTP reference, in which case this box should not be checked.

Enable Stratum 1 1PPS

This option determines whether or not NTP uses the 1PPS input from the Timing System. The 1PPS input to NTP needs to correlate with its “Time” input. If the Time and PPS inputs are originating from the same source, they will be correlated. However, if the time is originating from another NTP server, but the 1PPS is being derived by the Timing System, the two inputs may not always correlate. Without this correlation, NTP performance will be degraded.

106 CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31

2.14  Configure NTP

In such a scenario, it is best NOT to use the System Time’s 1PPS as a reference.

5.

Click the Submit button.

2.14.7.3 Configuring "NTP Stratum Synchronization"

NTP Stratum Synchronization refers to the concept of using a different NTP Server or

Peer as your primary reference (instead of e.g., GNSS). This will make the SecureSync you are configuring a Stratum 2 server, since the other server is Stratum 1.

To configure Stratum 2 (or greater) operation for SecureSync:

1.

Navigate to MANAGEMENT > NETWORK: NTP Setup :

2.

Click the GEAR icon in the NTP Services panel.

3.

The Edit NTP Services window will display. Click the Stratum 1 tab.

4.

Uncheck all three options:

Enable Stratum 1 Operation

Uncheck this option. When the checkbox Enable Stratum 1 is unchecked, the system will always synchronize its .time to an NTP server.

Prefer Stratum 1

Uncheck this option to prevent SecureSync's NTP service from “weighing” the Timing System input heavier than input from other NTP servers. Thus, during normal operation, the time provided by the external Stratum 1 NTP server will be used (unless its quality is determined to be low).

Note: If enabled, this function would give GPS additional

“weight” for NTP to select the GNSS input over other NTP

Servers.

Enable Stratum 1 1PPS

Uncheck this option to prevent NTP from using the 1PPS input from the Timing System, but instead use the 1PPS signal from another NTP server. This will ensure the time signal and the 1PPS signal to correlate, which tends to result in better NTP performance.

5.

Click the Submit button.

2.14.8

NTP Servers and Peers

SecureSync can be configured to receive time from one or more available NTP Servers

(SecureSyncs or different models). This allows for NTP Servers on a timing network to be

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31 107

2.14  Configure NTP configured as potential (fallback) input time references for SecureSync System Time synchronization. In the event that a current reference becomes unavailable, SecureSync can fallback to the other NTP Servers available on the network.

A group of NTP servers at the same Stratum level (Stratum 1 time servers, for example) are considered as NTP Peers to each other.

NTP Servers at a higher Stratum level, on the other hand, are called NTP Servers (Note that Internet Time Servers should be configured as NTP Servers and not as NTP Peers).

Note: IMPORTANT: In order for other NTP servers to be a valid reference, you must enable “NTP” in the Reference Priority table (see

"Configuring

Input Reference Priorities" on page 168

).

For mutual fallback purposes, it is recommended to use one or more NTP Peers. Each peer is normally configured to operate from one or more time sources including reference clocks or other higher stratum servers. If a peer loses all reference clocks or fails, the other peers continue to provide time to other clients on the network.

NTP Servers at the same Stratum level

If SecureSync is configured to obtain time from other NTP Servers at the same Stratum level (i.e., NTP Peers) but is currently using a different input reference as its selected reference, SecureSync will report to the network (via the NTP time stamps) that it is a

Stratum 1 time server. Should, however, all input references except the other NTP server

(s) become unavailable, SecureSync will then drop to a Stratum 2 time server (with System Time being derived from the NTP time packets being received from the other NTP

Peers.

NTP Servers at a higher Stratum level

If SecureSync is configured to obtain time from another NTP Server at a higher Stratum level (i.e., NTP Servers), and it is using that NTP Server as its selected reference,

SecureSync will report to the network (via the NTP time stamps) that it is one less Stratum than its selected reference NTP Server.

E X A M P L E :

If SecureSync is configured to receive time from one or more Stratum 1 NTP Servers, with no other higher priority input references available, SecureSync will report to the network that it is a Stratum 2 Server.

In order for SecureSync to use other NTP servers as a valid time reference to synchronize the System Time, the input Reference Priority Setup table must be configured to allow

108 CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31

2.14  Configure NTP

NTP as an available reference. For more information on the input Reference Priority table, refer to

"Configuring Input Reference Priorities" on page 168

.

Holdover

If SecureSync is synchronized to another NTP Server or reference, and that server or reference subsequently loses sync or becomes unavailable (with no other higher priority input references being present and valid), SecureSync will then go into the Holdover mode. It will remain in Holdover mode until any enabled and valid input reference becomes available again, or until the Holdover period expires, whichever occurs first.

During Holdover mode, NTP will remain at the same Stratum level it was before entering the Holdover mode and can continue to be the reference to the network. However, if no input reference becomes available before the Holdover period expires, Time Sync will be lost and shortly thereafter, NTP will report to the network that it is now at Stratum 15. A status of Stratum 15 will cause the network to ignore SecureSync as an NTP time reference.

For more information about Holdover, see

"Holdover Mode" on page 219 .

2.14.8.1

The NTP Servers and NTP Peers Panels

The NTP Servers and NTP Peers panels display which servers in the network are set up at higher or equal Stratums (Servers or Peers, respectively), and their configurations. These panels are also used to add, configure, or remove NTP Servers and Peers.

Note: For information on how to view NTP Clients, see "Viewing NTP Clients" on page 102

.

The NTP Servers and NTP Peers panels are part of the NTP Setup screen (see

"The NTP

Setup Screen" on page 99

), which can be accessed via MANAGEMENT > NETWORK:

NTP Setup .

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31 109

2.14  Configure NTP

Information provided in the NTP Servers and NTP Peers panels

The following columns are used to break down the status information for recognized NTP

Servers and NTP Peers .

Note: Servers will be displayed in the Status view only if they can be resolved. They will, however, always be displayed in the Setup view in order to reconfigure them, if necessary.

IP/HOST : Name and real-time status (color-coded)

REF ID : Identifies the type of Input REFerence e.g., GPS indicates the reference can use GPS for its synchronization. Below is a list of potential REF IDs reported by the SecureSync Timing System (other NTP Servers and Peers may report different references):

GPS : GNSS reference

IRIG : IRIG reference

HVQ : HAVE QUICK reference

FREQ : Frequency reference

PPS : External 1PPS reference

PTP : PTP reference

ATC : ASCII time code reference

USER : User provided time

LOCL : Local reference (synced to itself)

INIT : NTP on server/peer is initializing

STEP : NTP on server/peer is performing initial synchronization step and restarting

AUTH STATUS : Indicates if the selected reference is using MD5 authentication.

“None” indicates authentication not being used.

LAST : The number of seconds that have expired since this reference was last polled for its time.

POLL : The polling interval, i.e. how often SecureSync is polling this NTP reference for its time.

DELAY (ms) : The measured one-way delay between SecureSync and its selected reference.

110 CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31

2.14.8.2 NTP Servers: Adding, Configuring, Removing

To add, configure, or remove an NTP Server:

1.

Navigate to MANAGEMENT > NETWORK: NTP Setup .

2.14  Configure NTP

2.

The NTP Setup screen appears. The NTP Servers panel displays a list of recognized NTP servers. Click the GEAR icon in the upper right-hand corner of the NTP

Servers panel.

3.

The NTP Servers window opens. Should the list be empty, no servers have been added yet. In the event that added servers are not displayed in the NTP Setup screen/NTP Servers panel, they could not be resolved. Verify the IP address. Note that System servers cannot be edited or deleted.

To ADD a new server, click the PLUS icon in the upper right-hand corner, and proceed to the next step.

Note: In order for other NTP Servers to be a valid reference,

“NTP” must be enabled as both the Time and 1PPS references in the Reference Priority table. See

"Configuring Input Reference Priorities" on page 168

.

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31 111

2.14  Configure NTP

To EDIT an existing server, click the corresponding ACTION GEAR button, and proceed to the next step.

To REMOVE a server (and its associated configurations), click the X-button next to it, then confirm by clicking OK.

4.

The NTP Server Edit window displays. Enter the required information:

Host : The IP address for the server to be used as host.

Min Poll Interval : Select a value from the drop down (the default is 3 (8s)).

Max Poll Interval : Select a value from the drop down (the default is 3 (8s)).

For both NTP Peers, and NTP Servers the Minimum and Maximum Poll rate for NTP packets can be configured.

Both NTP Peers and NTP Servers support either manually configured Symmetric Key- ID/Key string pairs or the use of Auto- Key. However, these choices are mutually exclusive and must be identically configured on both the

SecureSync and the NTP Peer or NTP Server. If the Symmetric Key-ID/Key string pair method is selected the Key-ID must be first defined on the Symmetric Key page.

Enable Symmetric Key : Click to enable Symmetric Key, and then select an option from the drop down menu that displays.

Note: Before you can choose an option in the Key field, you must first set up symmetric keys through the Actions panel.

See

"Configuring NTP Symmetric Keys" on page 121

. Conversely, you may check the Autokey box below the Key field.

Enable Autokey : Click here if you want to use Autokey with this server. See

"NTP Autokey" on page 115 .

Note: When you configure NTP Autokey, you must first disable the NTP service in the NTP Services panel, and then re-enable it after the Autokey configuration is completed.

Enable Burst : This tells NTP to send a burst to the remote server when the server is reachable.

Enable Iburst : The iburst function tells NTP to send a burst of queries instead of one when the remote server is not reachable for faster clock synchronization. This will occur if the connection was interrupted, or upon restart of the NTP daemon. For additional information, please refer to public NTP configuration documentation.

112 CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31

2.14  Configure NTP

Mark as Preferred : Click here to make this server the preferred server. For more information, see

"Configuring "NTP Stratum 1" Operation" on page 106

.

Note: It is not normally recommended to select more than one

NTP Server in the NTP Servers table as being Preferred . Typically, only one NTP server should be selected as Preferred .

5.

Click Submit, or press Enter.

2.14.8.3 NTP Peers: Adding, Configuring, Removing

To add, configure, or remove an NTP Peer:

1.

Navigate to MANAGEMENT > NETWORK: NTP Setup .

2.

The NTP Setup screen appears. The NTP Peers panel displays a list of recognized

NTP peers.

Note: Should the list be empty, no servers have been added yet. In the event that added peers are not displayed, they could not be resolved. Verify the IP address

To EDIT the settings of an NTP Peer, click the GEAR button next to it, and proceed to Step 3 below.

To ADD a new NTP Peer, click the PLUS icon in the top right corner of the

NTP Peers panel.

To REMOVE an NTP Peer (and its associated configurations), click the X-button next to it.

3.

The NTP Peers edit window opens:

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31 113

2.14  Configure NTP

114

4.

Enter the required information into the fields:

Host : The IP address for the server to be used as host.

Min Poll Interval : Select a value from the drop down (the default is 3 (8s).

Max Poll Interval : Select a value from the drop down (the default is 3 (8s).

For both NTP Peers, and NTP Servers the Minimum and Maximum Poll rate for NTP packets can be configured. Both NTP Peers and NTP Servers support either manually configured Symmetric Key-ID/Key string pairs or the use of

Auto-Key. However, these choices are mutually exclusive and must be identically configured on both the SecureSync and the NTP Peer or NTP Server. If the Symmetric Key-ID/Key string pair method is selected the Key-ID must be first defined on the Symmetric Key page.

Enable Symmetric Key : Click the checkbox to enable/disable Symmetric

Key. See also:

"Configuring NTP Symmetric Keys" on page 121

.

Note: Before you can edit the Key field, you must set up Symmetric Keys through the Actions Panel. See

"NTP: Symmetric

Keys (MD5) " on page 121

. Conversely, you may check the

Autokey box below the Key field.

Enable Autokey : Click the check box to enable/disable Autokey. See

"NTP

Autokey" on the facing page

for more information on Autokey.

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31

2.14  Configure NTP

Note: When you configure NTP Autokey, you must first disable the NTP service in the NTP Services panel, then re-enable it after Autokey configuration is completed.

Mark as Preferred : Check this box to prefer this NTP Peer over other NTP

Peers ("NTP Peer Preference"). This will result in SecureSync synchronizing more frequently with this Peer. For additional information on NTP Preferences, see

"Configuring "NTP Stratum 1" Operation" on page 106 .

Note: Please note that it is not advisable to mark more than one NTP Peer as Preferred , even though SecureSync will not prevent you from doing so.

5.

Click Submit, or press Enter.

2.14.9

NTP Authentication

Since NTP information is distributed across entire networks, NTP poses a security risk: Falsified NTP time stamps or other NTP-related information can be exploited by an attacker. NTP authentication keys are used to authenticate time synchronization, thus detecting a fake time source before it can do harm.

2.14.9.1

NTP Autokey

The NTP version installed on SecureSync supports the Autokey Protocol. The Autokey

Protocol uses the OpenSSL library which provides security capabilities including message digests, digital signatures and encryption schemes. The Autokey Protocol provides a means for NTP to authenticate and establish a chain of trusted NTP servers.

NTP Autokey: Support & Limitations

Currently, SecureSync supports only the IFF (Identify Friend or Foe) Autokey Identity

Scheme. The SecureSync product web interface automates the configuration of the IFF using the MD5 digests and RSA keys and certificates. At this time the configuration of other key types or other digests is not supported.

Note: When you configure NTP Autokey, you must disable the NTP service first, and then re-enable it after Autokey configuration is completed.

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31 115

2.14  Configure NTP

NTP Autokey: IFF Autokey Support

The IFF Autokey Support is demonstrated in the figure below. The IFF identity scheme is used with Multiple Stratum NTP Time Servers. The example below shows 3 Stratum layers. Stratum 1 NTP Servers are close to the physical time references. All Stratum 1 servers can be Trusted Hosts. One of them is the trusted route used to generate the IFF Group/Client Key. This defines the IFF Group.

All other group members generate Group Certificate and RSA public/private keys using

MD5 digest. Each group member must share the common IFF Group/Client Key. Stratum

2 NTP servers are also members of the Group. All NTP Stratum 1 servers are Trusted

Hosts. The NTP servers closest to the actual time reference (Stratum 1) should be designated trusted. A single Stratum 1 NTP server generates the IFF Group/Client Keys.

There is NO group name feature supported. The Group can use the same passphrase (password) or different passphrases for each client.

An NTP Server Group member is configured by enabling Autokey and creating certificate and public/private key pair while not enabling the Client Only selection. A Client Only NTP server is configured by enabling Autokey and creating certificate and public/private key pair and enabling the Client Only selection.

Note: Passphrases can be identical for all group members and Client NTP

Servers. Or passphrases can be the same for group members and a different passphrase shared between the Client Only NTP Servers.

116 CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31

2.14  Configure NTP

Figure 2-2: IFF Autokey configuration example

Configuring NTP Autokey

Note: When you configure NTP Autokey, you must disable the NTP Service first, and then re-enable it after Autokey configuration is completed. See

"Dis-/Enabling NTP" on page 101

.

To configure NTP Autokey:

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31 117

2.14  Configure NTP

1.

Navigate to MANAGEMENT > NETWORK: NTP Setup .

2.

In the NTP Services panel, click the GEAR icon in the top-right corner.

3.

The Edit NTP Services window will display.

4.

Click the Autokey tab.

5.

Check the Autokey box.

6.

Fill in the Passphrase field by creating a passphrase (for a Trusted server—see Certificate Type below), or by using the existing passphrase of your trusted server (for

Server and Client certificates).

7.

Select the Certificate Type for your server, by clicking the appropriate radio button for Server , Client , or Trusted .

T R U S T E D S e r v e r :

Before a server can be designated Client or Server status, one server must be designated as Trusted. When designating a server as Trusted:

1. Choose the Trusted radio button.

2. Click the Submit button.

A Groupkey is then generated for the network. This Groupkey will be pasted into the

Groupkey box to designate another server on the network as Client or Server.

118 CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31

2.14  Configure NTP

8.

To designate a SecureSync as Trusted , click the Submit button. This will generate a new Groupkey .

9.

To designate a SecureSync as a Client or a Server , paste the generated Groupkey into the Groupkey box, and click the Submit button.

Configuring a Stratum-1 Server as Trusted Host

To configure an NTP Stratum-1 Server as Trusted Host with IFF Group/Client key:

1.

Define the Hostname of all NTP servers before proceeding. See

"NTP Servers:

Adding, Configuring, Removing" on page 111 .

2.

Disable NTP.

Ensure the time is accurate to a few seconds. Use NTP or manually set the clocks to set the system time.

3.

Verify this SecureSync is, in fact, NTP Stratum 1, and its Time, and 1PPS synchronization to GNSS are valid.

4.

Under the Autokey tab of the Edit NTP Services window:

Enable Autokey —Check the box.

Autokey Passphrase —Enter your Group members NTP Autokey password.

Select Certificate Type to Generate —Do NOT enable Client .

Select Trusted .

Click Submit .

5.

Observe the IFF Group/Client Key appearing.

This is the common IFF Group/Client Key . This key is shared between all

Group members using this NTP Servers passphrase for ALL group members.

6.

Configure NTP as requiring authentication.

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31 119

2.14  Configure NTP

7.

Enable NTP in the NTP Services panel.

8.

Verify that NTP reaches occur, and that NTP eventually reaches Stratum 1.

Creating a Stratum-1 Group Member Server

To configure an NTP Stratum-1 Server, which is a Group Member, using a Client key:

1.

Define the Hostname , making sure it is unique, i.e. not the same as the trusted root server. See also

"General Network Settings" on page 58

.

2.

Disable NTP if enabled.

3.

Manually set the time or use NTP to set the system time.

4.

Under the Autokey tab of the Edit NTP Services window, enable:

Enable Autokey —Check the box.

Autokey Passphrase —Enter your Group members NTP Autokey password.

Select Certificate Type to Generate —Do NOT enable Server

5.

Using the NTP Server containing the IFF Group/Common Key generate a Client

Key using this NTP Server’s passphrase.

6.

Cut and paste the Client Key into the Autokey Groupkey text box.

7.

For all NTP Stratum-2 servers and higher stratum numbers, disable the following items under the Stratum-1 tab in the Edit NTP Services window:

Prefer Stratum 1.

Enable Stratum-1 1PPS.

8.

In the NTP Servers panel of the main window, add an NTP server and enable the

Autokey option box. See

"NTP Servers: Adding, Configuring, Removing" on page 111 .

9.

Enable NTP in the NTP Services panel.

10.

Wait for NTP to synchronize to the NTP References provided.

Creating a Stratum-1 Client Only Server

To create an NTP Stratum-1 'Client Only' Server with a Client key:

1.

Define the Hostname, making sure that it is different from its trusted group server.

See

"NTP Servers: Adding, Configuring, Removing" on page 111 .

2.

Disable NTP if enabled.

3.

Manually set the time or use NTP to set the system time.

120 CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31

2.14  Configure NTP

4.

Under the Autokey tab of the Edit NTP Services window, enable:

Enable Autokey —Check the box.

Autokey Passphrase —Enter your Group members NTP Autokey password.

Select Certificate Type to Generate —Select Client to enable Client only.

5.

Using the NTP Server containing the IFF Group/Client Key, copy the Group/Client key.

6.

Paste this Group/Client key into the Autokey Groupkey text box.

7.

For all NTP Stratum-2 servers and higher stratum numbers, under the Stratum-1 tab in the Edit NTP Services window configure the NTP Stratum-1 references:

Disable Enable Stratum 1 Operation.

Disable Enable Stratum 1 1PPS.

8.

In the NTP Servers panel of the main window, add an NTP server and enable the

Autokey option box. See

"NTP Servers: Adding, Configuring, Removing" on page 111 .

9.

Wait for NTP to synchronize to the NTP References provided.

2.14.9.2 NTP: Symmetric Keys (MD5)

Symmetric Keys are an encryption means that can be used with NTP for authentication purposes.

SecureSync supports authenticated NTP packets using an MD5 authenticator. This feature does not encrypt the time packets, but attaches an authenticator, which consists of a key identifier and an MD5 message digest, to the end of each packet. This can be used to guarantee that NTP packets came from a valid NTP client or server, and that they were not tampered with during transmission. The Symmetric Keys tab allows NTP to be configured to use MD5 authentication.

Configuring NTP Symmetric Keys

To create, edit, or delete Symmetric Keys (MD5 Authentication):

1.

Navigate to MANAGEMENT > NETWORK: NTP Setup .

2.

In the Actions panel, click the Symmetric Keys button:

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31 121

2.14  Configure NTP

3.

The NTP Symmetric Keys window will display:

To CREATE a Symmetric Key , click the PLUS icon in the top-right corner, and proceed to Step 4.

To EDIT an existing key pair, click the corresponding Change button, and proceed to Step 4.

To DELETE a key pair, click the corresponding Delete button, and click OK in the dialog box to confirm and complete the procedure.

4.

The NTP Symmetric Key window will display:

122

Fill in, or edit the fields:

Trusted (checkbox)—Check this box to use MD5 authentication with trusted key ID.

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31

2.14  Configure NTP

Note: To use the MD5 authentication with trusted key ID, both the NTP client and the SecureSync must contain the same key

ID/key string pair, the client must be set to use one of these

MD5 pairs, and the key must be trusted.

Key ID —The key ID must be a number between 1 and 65532.

Digest Scheme —Choose one of the options from the drop-down list. The available options are:

MD5 (the default)

SHA1

SHA

MDC2

MDC2

RIPEMD160

MD4

Key Str —The key string must be readable ASCII and between 1 and 16 characters long.

5.

Click the Submit button: The changes will be reflected in the table of the NTP Symmetric Keys window, which is displayed after clicking the Submit button.

6.

The key(s) you have set up will now appear as options in the Symmetric Key field in both the NTP Server screen, and the NTP Peer screen.

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31 123

2.14  Configure NTP

124

NOTES:

Duplicate key IDs are not permitted. NTP requests received by that do not contain an authenticator containing a valid Key ID and MD5 message digest pair will be responded to, but no authentication will be performed. An NTP request with valid authenticators results in a valid NTP response with its own valid authenticator using the same Key ID provided in the NTP request.

You may define the trusted Symmetric Keys that must be entered on both SecureSync, and any network client with which SecureSync is to communicate. Only those keys for which the “Trusted” box has been checked will appear in the dropdown menus on the NTP

References screen.

2.14.10 NTP Access Restrictions

Next to encrypted authentication by means of Symmetric Keys, NTP supports a list-based means of access restriction, the use of which is also recommended to prevent fraudulent or inadvertent manipulation of a time server.

To configure NTP Access Restrictions:

1.

Navigate to MANAGEMENT > NETWORK: NTP Setup .

2.

In the Actions panel, click Access Restrictions :

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31

3.

The NTP Access Restrictions Status window will display:

2.14  Configure NTP

To ADD or EDIT an access restriction, click the PLUS icon or the Change button, respectively, and proceed to Step 4. below.

To DELETE an access restriction, click the corresponding Delete button, and confirm by clicking OK.

4.

The NTP Access Restrictions window will display:

Fill in the fields:

Restriction Type —Choose either Allow or Deny.

If you select “Deny”, the configured portion of the network will not have NTP access to SecureSync, but the rest of the network will have access to SecureSync. If you select “allow”, the configured portion of the network will have NTP access to SecureSync, but the rest of the network will not have access to SecureSync. By default, SecureSync allows all IPv4 and IPv6 connections.

IP Version —Choose IPv4 or IPv6

IP Address —Enter the appropriate hostname.

Subnet Mask —Enter the appropriate IP mask.

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31 125

2.14  Configure NTP

Require Authentication (checkbox)—Check this box if you want the additional security of authorized access. SecureSync to accept only authenticated requests (MD5 or Autokey) from this user or network segment.

Allow NTP Queries (checkbox)—Check this box if you want to allow external NTP queries into SecureSync services.

5.

Click the Submit button.

2.14.11

Enabling/Disabling NTP Broadcasting

The NTP Broadcast mode is intended for one or a few servers and many clients.

SecureSync allows the NTP service to be configured to broadcast the NTP time only to the network’s broadcast address at scheduled intervals.

NTP Broadcasting is used to limit the NTP service to only certain clients on the network.

NTP Broadcasting also reduces the amount of network traffic, but is therefore less accurate since there is no compensation for cable delays, or other delays between NTP Server and Client.

Note that NTP Broadcasting is rarely used and typically limited to special applications.

To enable NTP Broadcasting:

1.

Navigate to MANAGEMENT > NETWORK: NTP Setup .

126

2.

On the NTP Services panel, click the GEAR icon.

3.

The Edit NTP Services window will display. Check the Broadcast box.

4.

Select a Broadcast Interval . When NTP Broadcasting is selected, in addition to still responding to NTP time requests sent from network appliances, SecureSync will also send unsolicited NTP time packets to the local broadcast address at the Broadcast Interval specified by you.

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31

2.14  Configure NTP

5.

To utilize MD5 Authentication , select a Symmetric Key (see

"Configuring NTP

Symmetric Keys" on page 121 .)

6.

Click Submit, or press Enter.

To disable NTP broadcasting, simply uncheck the Broadcast box and click Submit .

2.14.12 NTP over Anycast

NTP (Network Time Protocol) is a packet network based synchronization protocol for synchronizing a client clock to a network master clock (see also

"Configure NTP" on page 98 .)

Anycast is a network routing protocol in which messages are routed to one of a group of potential receivers via a single Anycast address, thus avoiding the need to configure every client individually.

NTP over Anycast , as implemented in SecureSync, is a combination of the two concepts, allowing SecureSync to:

I.

Associate one of its network ports to an Anycast IP address, and

II.

Remove itself as an available time source if its reference is lost or degraded, and vice versa.

To learn more about NTP over Anycast, see also the respective

Spectracom Technology

Brief (PDF)

.

Please note that SecureSync utilizes the OSPF (Open Shortest Path First) and BGP

(Border Gateway Protocol).

O S P F P r o t o c o l E X A M P L E :

If an active SecureSync NTP server has removed itself as an available time source from the

Anycast-capable network, the OSPF router will send a request for replacement to the next nearest NTP server, serving under the same NTP over Anycast address.

As soon as the first SecureSync server obtains a valid reference again, it will make itself available to the OSPF router, which will then use it as a time source again, based on the principle of shortest path available.

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31 127

2.14  Configure NTP

Figure 2-3: All NTP Servers are synchronized

128

Figure 2-4: NTP Server 1 is out of sync

2.14.12.1 Configuring NTP over Anycast (General Settings)

To setup the NTP over Anycast functionality:

1.

Confirm that your existing network infrastructure is Anycast capable. Determine network specifics, such as the Anycast address and port.

2.

In the SecureSync Web UI, navigate to MANAGEMENT > Network > NTP Setup .

3.

In the Actions Panel , click NTP over Anycast .

4.

In the NTP Anycast window, select the General tab.

5.

On the General tab, select the IP Version you will be running Anycast service for.

The options are IPv4, IPv6, or both.

6.

Configure the Anycast Address to be used.

7.

Select the port to associate the Anycast service with (depending on the option card configuration of your unit, there may be only ETH0 available). If you desire IPv6 functionality, you must also select the IPv6 port address since there may be multiple IPv6 addresses on a single port.

8.

Click Submit .

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31

2.14  Configure NTP

Note: NTP over Anycast is not compatible with DHCP, as it is designed to be used with static addresses only.

Note: IMPORTANT: For Anycast to function, SecureSync must be in sync to a valid reference, or to itself.

2.14.12.2 Configuring NTP over Anycast (OSPF IPv4)

To setup the NTP over Anycast functionality, using OSPF IPv4:

1.

Confirm that your existing network infrastructure is Anycast capable, and uses

OSPF Version 2 (IPv4). Determine the OSPF area.

2.

In the SecureSync Web UI, navigate to MANAGEMENT > Network > NTP Setup .

3.

In the Actions Panel , click NTP over Anycast .

4.

In the NTP Anycast window, select the General tab.

5.

On the General tab, select IPv4 as the IP Version.

6.

Configure the Anycast Address to be used.

7.

Select the port to associate the Anycast service with (depending on the option card configuration of your unit, there may be only ETH0 available).

8.

In the NTP Anycast window, navigate to the OSPF tab.

9.

On the OSPF tab, check Enable .

10.

Setup the OSPF area.

11.

Click Submit .

12.

Select the port address to associate the Anycast service with (because there may be multiple addresses on a single port), and click Submit . If no addresses appear, an

IP address must be added to the port (see

"Network Ports" on page 59

).

13.

Next, specify the maximum TFOM Setting (Time Figure of Merit), and the Holdover

Timeout value. These two parameters determine SecureSync's accuracy "tolerance window": A small window will cause SecureSync to deliver a more accurate time window, but also will cause it to quickly withdraw from the Anycast server pool, i.e.

declare itself an invalid reference. (For more information about TFOM, see

"Configuring the Oscillator" on page 226

.)

Navigate to Management > Disciplining , and click the GEAR icon in the top-right corner of the Status panel.

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31 129

2.14  Configure NTP

14.

Set the value Maximum TFOM for Sync to 4 (this will make SecureSync to go out of sync if the phase error is greater than 1 μ s).

15.

Set the value for Holdover Timeout to 10 s, to allow SecureSync to exit holdover quickly.

16.

Leave the Phase Error Limit at 0, and do not check any of the checkboxes (or, for more information, see

"Configuring the Oscillator" on page 226 ).

2.14.12.3 Configuring NTP over Anycast (OSPF IPv6)

To setup the NTP over Anycast functionality, using OSPF IPv6:

1.

Confirm that your existing network infrastructure is Anycast capable, and uses

OSPF Version 3 (IPv6). Determine the OSPF area.

2.

In the SecureSync Web UI, navigate to MANAGEMENT > Network > NTP Setup .

3.

In the Actions Panel , click NTP over Anycast .

4.

In the NTP Anycast window, select the General tab.

5.

On the General tab, select IPv6 as the IP Version.

6.

Select the port to associate the Anycast service with (depending on the option card configuration of your unit, there may be only ETH0 available).

7.

Select the port address to associate the Anycast service with (because there may be multiple IPv6 addresses on a single port), and click Submit . If no addresses appear, an IPv6 address must be added to the port.

8.

In the NTP Anycast window, navigate to the OSPF tab.

9.

On the OSPF6 tab, check Enable .

10.

Setup the OSPF6 area.

11.

Click Submit.

12.

Select the port address to associate the Anycast service with (because there may be multiple addresses on a single port), and click Submit. If no addresses appear, an IP address must be added to the port (see

"Network Ports" on page 59

).

13.

Next, specify the maximum TFOM Setting (Time Figure of Merit), and the Holdover

Timeout value. These two parameters determine SecureSync's accuracy "tolerance window": A small window will cause SecureSync to deliver a more accurate time window, but also will cause it to quickly withdraw from the Anycast server pool, i.e.

declare itself an invalid reference. (For more information about TFOM, see

"Configuring the Oscillator" on page 226

.)

Navigate to Management > Disciplining , and click the GEAR icon in the top-right corner of the Status panel.

130 CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31

2.14  Configure NTP

14.

Set the value Maximum TFOM for Sync to 4 (this will make SecureSync to go out of sync if the phase error is greater than 1 μ s).

15.

Set the value for Holdover Timeout to 10 s, to allow SecureSync to exit holdover quickly.

16.

Leave the Phase Error Limit at 0, and do not check any of the checkboxes (or, for more information, see

"Configuring the Oscillator" on page 226 ).

2.14.12.4 Configuring NTP over Anycast (BGP)

To configure NTP over Anycast , using BGP (Border Gateway Protocol):

1.

Confirm that your existing network infrastructure is Anycast capable, and uses BGP.

Determine the network specifics, such as your Autonomous System (AS) number,

Neighbor’s address and Neighbor’s AS number.

2.

In the SecureSync Web UI, navigate to MANAGEMENT > Network > NTP Setup.

3.

In the Actions Panel , click NTP over Anycast .

4.

In the NTP Anycast window, select the General tab.

5.

On the General tab, select your desired IP Version. This selection automatically communicates with the BGP tab and displays the neighbor address field based on your needs.

6.

Select the port to associate the Anycast service with (depending on the option card configuration of your unit, there may be only ETH0 available). If you desire IPv6 functionality, you must also select the IPv6 port address since there may be multiple IPv6 addresses on a single port.

7.

In the NTP Anycast window, navigate to the BGP tab.

8.

On the BGP tab, check Enable .

9.

Input your AS number .

10.

Input the neighbor's address.

11.

Input the neighbor's AS number.

12.

Click Submit .

13.

Select the port address to associate the Anycast service with (because there may be multiple addresses on a single port), and click Submit. If no addresses appear, an IP address must be added to the port (see

"Network Ports" on page 59

).

14.

Next, specify the maximum TFOM Setting (Time Figure of Merit), and the Holdover

Timeout value. These two parameters determine SecureSync's accuracy "tolerance window": A small window will cause SecureSync to deliver a more accurate time window, but also will cause it to quickly withdraw from the Anycast server pool, i.e.

declare itself an invalid reference. (For more information about TFOM, see

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31 131

2.14  Configure NTP

"Configuring the Oscillator" on page 226

.)

Navigate to Management > Disciplining , and click the GEAR icon in the top-right corner of the Status panel.

15.

Set the value Maximum TFOM for Sync to 4 (this will make SecureSync to go out of sync if the phase error is greater than 1 μ s).

16.

Set the value for Holdover Timeout to 10 s, to allow SecureSync to exit holdover quickly.

17.

Leave the Phase Error Limit at 0, and do not check any of the checkboxes (or, for more information, see

"Configuring the Oscillator" on page 226 ).

2.14.12.5 Configuring Anycast via NTP Expert Mode

Advanced Anycast configuration is possible via the NTP Expert Mode (see also

"NTP

Expert Mode" on page 138

), which allows you to write directly into the Anycast configuration files ( zebra.conf

; ospfd.conf

; ospf6d.conf

and bgpd.conf

).

The zebra.conf

file is required for both IPv4, and IPv6 Anycast. The ospfd.conf

file is required for IPv4 OSPF only, the ospf6d.conf

file is required for IPv6 OSPF only, and the bgpd.conf

file has multiprotocol functionality, hence it can be used for both IPv4, and

IPv6 Anycast.

Caution: Expert Mode should only be utilized by advanced users, as incorrectly altering the Anycast files can cause Anycast to stop working.

Caution: Any configurations made in Expert Mode will be lost as soon as

Expert Mode is disabled.

1.

To access Expert Mode, navigate to MANAGEMENT > NTP Setup .

2.

Enable the switch for Expert Mode in the panel NTP Services .

3.

Once it is enabled, click NTP Anycast in the Actions Panel . The Expert mode window will appear, with a separate tab for each of the three configuration files.

4.

To enable OSPF IPv4 Anycast, check Enable under the OSPF tab. To enable OSPF

IPv6 Anycast, check Enable under the OSPF6 tab. To enable BGP Anycast, check

Enable under the BGP tab. Then click Submit.

When the NTP Anycast Expert Mode window is opened, the files displayed are the configuration files in their current states. If no configuration was done outside of Expert Mode, these will be the factory default files. If Anycast configuration was already done from the

Web UI, you will be able to edit the existing Anycast setup.

132 CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31

2.14  Configure NTP

When editing zebra.conf

in expert mode, you should ensure that the first line under an interface line is an ip address line declaring an IPv4 address (if there is one for the interface), and that the next line is an ipv6 address line declaring an IPv6 address (if there is one for the interface). No other lines or variations in spacing should be inserted before or between these lines. No editing restrictions exist on ospfd.conf

or ospf6d.conf

files.

Example

zebra.conf

file with both IPv4, and IPv6 configured on the same port:

(Interface eth0 line, followed by IPv4 line and then IPv6 line)

*****************************************************

!

interface eth0 ip address 10.2.100.157/16 ipv6 address 2000:10:2::157/64

!

interface lo ip address 10.10.14.1/32 ipv6 address 2000:10:10::1/64

*****************************************************

Example

zebra.conf

file with IPv4, and IPv6 configured on different ports:

(Interface eth0 line, followed by only IPv4 line, because no IPv6 address is configured on that port. Interface eth1 line, followed by only IPv6 line, because no IPv4 address is configured on that port)

*****************************************************

!

interface eth0 ip address 10.2.100.157/16 interface eth1

!

ipv6 address 2000:10:2::157/64 interface lo ip address 10.10.14.1/32 ipv6 address 2000:10:10::1/64

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31 133

2.14  Configure NTP

*****************************************************

Example

zebra.conf

file showing the default file with no addresses configured:

(Interface eth0 line, with no lines following it because no addresses are configured on the port)

!

***************************************************** interface eth0

!

interface lo

*****************************************************

Example

ospfd.conf

file:

*****************************************************!

router ospf ospf router-id 10.2.100.157

network 10.2.0.0/16 area 0.0.0.0

redistribute connected distribute-list default out connected

!

access-list default permit 10.10.14.1/32 access-list default deny any

*****************************************************

Example

ospf6d.conf

file:

!

*****************************************************

!

interface eth0 router ospf6 router-id 10.2.100.157

interface eth0 area 0.0.0.0

134 CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31

2.14  Configure NTP

!

redistribute connected

*****************************************************

Example

bgpd.conf

file:

*****************************************************!

router bgp 12 bgp router-id 172.17.1.12

network 172.17.0.0/16

!

neighbor 172.17.1.1 remote-as 3 redistribute connected

*****************************************************

2.14.12.6 Testing NTP over Anycast

Note: A detailed Anycast test procedure is available from Spectracom upon request. Please contact

[email protected]

.

2.14.13 NTP Orphan Mode

The NTP Orphan Mode allows SecureSync to remain a valid time server to its NTP clients even if all its input references have become invalid and the Holdover period has expired.

Per default, SecureSync will automatically downgrade itself to NTP Stratum 15 , should its input references become invalid and after expiration of the Holdover period. By setting the

NTP Orphan Mode to an NTP Stratum level other than 15, SecureSync will continue to be considered a valid time server by its NTP clients.

Note, however, that the time served by SecureSync after expiration of the Holdover period can be of a low quality and therefore normally ought to be considered invalid. NTP

Orphan Mode exists as an option for timing networks that must stay intact even if the time distributed is invalid. The other use case for Orphan Mode is to allow for NTP to be utilized in an isolated timing network that is designed to normally operate without any external references.

To configure NTP Orphan Mode:

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31 135

2.14  Configure NTP

1.

Navigate to MANAGEMENT > NTP Setup .

2.

In the NTP Services panel, click the GEAR icon in the top right corner. The Edit

NTP Services window will open:

136

3.

Click the Orphan Mode tab, and select an NTP Stratum other than 15 . This will be the Stratum level SecureSync will transition to in the event its input references become invalid.

4.

Click Submit. SecureSync will automatically stop and re-start the NTP Service.

Note: Per NTP protocol definition, for an NTP Orphan Mode Timing Network to operate properly, ALL servers and clients must be set to the same

Stratum level (e.g., "5").

2.14.14 Host Disciplining

Host Disciplining allows an NTP input reference to discipline SecureSync's oscillator. This may be utilized e.g., with SecureSync units that do not have a GPS receiver because they are operated as Stratum 2 servers.

In general, it is advisable to enable Host Disciplining only if needed, and to use it only in robust networks/NTP environments.

Note that Host Disciplining is NOT supported by SecureSync units equipped with a Rubidium oscillator.

ON : When Host Disciplining is ON, the NTP reference is used to discipline

SecureSync's oscillator, thus providing more stable oscillator performance.

About system software updates:

When updating to System Software Version 5.4.5, Host Disciplining will fall to its default setting. When updating to future System Software versions, the last setting

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31

2.14  Configure NTP will be carried over to the new software.

In any case, after a system software update it is advisable to verify that Host Disciplining is still enabled.

OFF [ default setting]: When OFF, NTP synchronization is not disciplining the oscillator, only a time transfer is made in regular intervals to manually correct the system time.

While disabled Host Disciplining does not offer the benefit of a disciplined oscillator when transitioning into or out of holdover, SecureSync on the other hand will not be susceptible to disciplining errors caused by network traffic or NTP-related issues.

2.14.14.1 Enabling Host Disciplining

In order for Host Disciplining to work, you must have enabled NTP, and you must have configured an NTP Peer or Server, i.e. SecureSync is running as an NTP Stratum 2 server.

To enable Host Disciplining :

1.

Navigate to MANAGEMENT > NETWORK: NTP Setup .

2.

In the NTP Services panel, click the GEAR icon. The Edit NTP Services window will display:

3.

Under the Stratum 1 tab: enable Stratum 1 Operation (this allows System holdover if GPS and the

NTP servers happen to become unavailable for a period of time) disable Prefer Stratum 1 disable Stratum 1 1PPS , and click Submit.

(The NTP Status Summary panel in the NTP Setup screen should now display

Stratum 2 . For additional information, see

"Configuring "NTP Stratum Synchronization"" on page 107

.)

4.

Under the Host Ref tab, enable Host Disciplining , and click Submit. You do NOT have to stop and re-start the NTP Service; SecureSync will do this for you.

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31 137

2.14  Configure NTP

2.14.15 NTP Expert Mode

Advanced NTP configuration is possible via the NTP Expert Mode , which allows you to write directly into the

NTP.conf

file (the syntax is similar to the one used with CISCO routers).

Caution: NTP Expert Mode should only be utilized by advanced users, as incorrectly altering the

NTP.conf

file can cause NTP to stop working (if

NTP is configured as an input reference, SecureSync could lose synchronization).

To access the NTP Expert Mode, navigate to MANAGEMENT > NTP Setup . The switch for the NTP Expert Mode is in the panel NTP Services .

Caution: Any configurations made in NTP Expert Mode will be lost as soon as NTP Expert Mode is disabled.

NTP utilizes the NTP.conf

file for its configuration. Normally, configuration of this file is indirectly performed by a user via the integrated configuration pages of the SecureSync

Web UI. However, it may be desired in certain circumstances to edit this file directly, instead of using the web-based setup screens. When Expert Mode is enabled, the user has direct access to the NTP.conf

file.

Caution: Orolia Tech Support does not support the editing of the NTP configuration files while in the Expert Mode. For additional information on editing the NTP.conf

file, please refer to

http://www.ntp.org/

.

Note: IMPORTANT: If an undesirable change is made to the NTP.conf

file that affects the NTP operation, the NTP.conf

file can be manually changed back as long as the previous configuration was known.

The NTP.conf

file can be reset back to the factory default values by either using the procedure to restore all of the SecureSync factory default settings (see

"Restoring the Default NTP Configuration" on page 103

) or editing the file back to the original configuration as shown in the factory default configuration below.

138 CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31

2.14  Configure NTP

Caution: If changes are made to the NTP.conf

file while in the Expert mode, Expert mode should remain enabled from that point forward. Disabling Expert mode after changes being made to this file may result in loss of this configuration information.

Factory default

NTP.conf

file:

restrict 127.0.0.1

restrict ::1 restrict default noquery nomodify restrict -6 default noquery nomodify keys /etc/ntp/keys/ntp.keys

controlkey 65533 requestkey 65534 trustedkey 65533 65534 server 127.127.45.0 prefer minpoll 4 server 127.127.22.0 minpoll 4 fudge 127.127.22.0 stratum 0 peer 10.10.128.35 minpoll 3 maxpoll 3 autokey keysdir /etc/ntp/keys/ crypto pw admin123 randfile /dev/urandom driftfile /etc/ntp/ntp.drift

logfile /home/spectracom/log/ntp.log

statsdir /home/spectracom/log/ntpstats/ statistics loopstats peerstats clockstats filegen loopstats file loopstats type day enable filegen peerstats file peerstats type day enable filegen clockstats file clockstats type day enable

Prior to Expert mode being enabled, the Network: NTP Setup page will contain various tabs for configuring different options of the NTP Service. To prevent inadvertent changes from being made to a user-edited

NTP.conf

file via the web pages, these NTP configuration tabs are removed from the web browser view as long as the Expert mode remains enabled (only the Expert Mode tab is visible in Expert Mode; all other tabs will no

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31 139

2.14  Configure NTP longer be present). Disabling the Expert mode restores these tabs to the Edit NTP Services window.

To enable the Expert Mode, and edit the NTP.conf

file:

1.

Navigate to MANAGEMENT > NETWORK: NTP Setup .

2.

In the NTP Services panel locate the Expert Mode switch:

140

When enabled, the NTP Service operates in Unicast mode. In Unicast mode, the

NTP Service responds to NTP requests only. The NTP Service supports a broadcast mode in which it sends a NTP time packet to the network broadcast address.

3.

Click the Expert Mode switch.

4.

Confirm by clicking OK in the dialog box.

5.

Click the GEAR icon.

6.

In the Edit NTP Services window, edit the file as desired in the text box under the

Expert Mode tab.

7.

Click the Submit button to save any changes that were made.

8.

Disable and then re-enable the NTP service using the NTP ON/OFF switch in the

NTP Services panel. SecureSync will now use the new NTP configuration per the manually edited file.

Caution: Any configurations made in NTP Expert Mode will be lost as soon as NTP Expert Mode is disabled.

2.14.16 Orolia Technical Support for NTP

Orolia does not provide technical assistance for configuring and installing NTP on Unixbased applications. Please refer to

www.ntp.org

for NTP information and FAQs. Another helpful source is the Internet newsgroup at

news://comp.protocols.time.ntp

.

Orolia can provide support for Microsoft ® Windows- based time synchronization:

https://www.orolia.com/documents/synchronizing- windows- computers

.

See

orolia.com

for additional information, or contact Orolia Technical Support.

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31

2.15  Configuring Input References

Orolia also offers an alternate Windows NTP client software package called PresenTense .

PresenTense software provides many features and capabilities not included with the limited functionality of the Windows W32Time program, including alert notification and audit trails for the PC’s time.

For more information on PresenTense , please visit

orolia.com

or contact your local Orolia

Sales Representative.

2.15

Configuring Input References

Depending on the type of input reference, some of its settings may be user-editable. To access these settings for a given input reference, choose one of the two methods described below.

Note: The illustrations shown below are examples. The windows displayed in your Web UI may look differently.

There are two ways to access the settings Status window for an input reference:

Configuring input reference settings, method 1:

1.

Under INTERFACES > REFERENCES , click the desired reference.

2.

The Status window for the specific reference you selected will be displayed. Click the Edit button in the bottom-left corner.

3.

The settings window for the chosen reference will be displayed. Edit the field(s) as desired.

Configuring input reference settings, method 2:

1.

In the INTERFACES > REFERENCES drop-down menu, click REFERENCES (white on orange), or an input reference category ("GNSS reference", for example).

2.

In the Status window, click the GEAR button next to the desired input reference.

3.

The settings window for the chosen reference will be displayed. Edit the field(s) as desired.

Note: A particular option card might have more than one setting that can be adjusted. See

"Option Cards Overview" on page 10

for the settings of any particular output or card.

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31 141

2.16  Configuring Outputs

2.16

Configuring Outputs

Depending on the type of output interface, some of its settings may be user-editable. To access these settings for a given output, choose one of the two methods described below.

Note: The illustrations shown below are examples. The windows displayed in your Web UI may look differently.

Editing output settings, method 1:

1.

Under INTERFACES: OUTPUTS , click the desired output.

2.

The Status window for the specific reference you selected will be displayed. Click the Edit button in the bottom-left corner.

3.

The settings window for the chosen output will be displayed. Edit the field(s) as desired.

Editing output settings, method 2:

1.

In the INTERFACES: OUTPUTS drop-down menu, click OUTPUTS , or one of the output categories ( not indented to the right)

2.

In the Status window, click the GEAR button next to the desired output.

3.

The settings window for the chosen output will be displayed. Edit the field(s) as desired.

Note: A particular option card might have more than one setting that can be adjusted. See

"Option Cards Overview" on page 10

for the settings of any particular output or card.

2.16.1

The Outputs Screen

SecureSync outputs deliver a time or frequency signal to a device that consumes this signal.

To access the Outputs screen in the Web UI:

142 CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31

2.16  Configuring Outputs

1.

Navigate to INTERFACES and click on OUTPUTS (white on orange).

2.

The Outputs screen will display.

While System Status and logged Events are displayed on the left, the Outputs panel on the right lists all the outputs detected.

If you hover with your mouse pointer over any of the connectors shown in the rear panel illustration, a tooltip will be displayed, indicating the type of output..

If you have only one output of any type, SecureSync will number that output

0. Additional outputs will be numbered 1 or above.

If you click the INFO button next to an output, a Status window will open.

If you click the GEAR button next to an output, the Configuration window will open.

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31 143

2.16  Configuring Outputs

2.16.2

The 1PPS and 10 MHz Outputs

The SecureSync base model includes one 1PPS output and one 10 MHz output. Additional

1PPS and frequency outputs are available with option cards. To configure these outputs, navigate to:

INTERFACES > OUTPUTS, or

INTERFACES > OPTION CARDS and select the 1PPS Output or 10 MHz Output you would like to see, or configure.

The 10 MHz signal is provided by the internal oscillator. External 1PPS sources ("references")—if present and valid—are utilized to discipline the oscillator, in other words to correct for oscillator drift (the oscillator cannot discipline to either NTP input, or a User set time, unless in Host Disciplining mode). If no external 1PPS input references that can be used for disciplining are present, the oscillator will be in Freerun mode.

The selected 1PPS input reference (as configured with the Reference Input Priority table) is used to align SecureSync’s on-time point. The on-time point serves to accurately align the outputs, such as the 1PPS output, to the correct time, based on its reference inputs.

With at least one 1PPS reference input available and considered valid, SecureSync’s ontime point is initially slewed over a short duration to align itself with the 1PPS reference

(this process can take a few minutes, once an input reference has become available).

SecureSync’s 1PPS output is generated from the oscillator’s 10 MHz output and is aligned to the on-time point. The on-time point of the 1PPS output can be configured to be either the rising or falling edge of the 1PPS signal (by default, the rising edge is the on-time point).

There is a fixed phase relationship between the 1PPS and the 10 MHz outputs, as described below:

SecureSync equipped with TCXO/OCXO/Low-Phase-Noise Rubidium oscillator : With oscillator disciplining active (one or more 1PPS references available and valid) and after the on-time point has been initially slewed into alignment with the selected reference, there will always be exactly 10 million counts of the oscillator between each 1PPS output, even while in the Holdover mode (= input references are currently unavailable) and even after input references have become available again.

SecureSync equipped with Rubidium (Rb) oscillator : With oscillator disciplining active (one or more 1PPS references available and valid), after the on-time point has been slewed into alignment with the selected reference, with the exception of 1PPS input reference changes occurring, there will always be exactly 10 million oscillator counts between each PPS output pulse.

With the Rubidium oscillator installed, when a 1PPS input reference change occurs

(such as switching from IRIG input to GNSS input, or switching from a reference

144 CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31

2.16  Configuring Outputs being valid to no reference being present or valid—known as the Holdover mode), the oscillator counts between two 1PPS outputs may momentarily not be exactly

10 million counts. Once the reference transition has occurred, however, the counts between each PPS output pulse will return to exactly 10 million counts.

Like other types of SecureSync's signal outputs, a 1PPS output can be configured in several ways:

Signature Control allows you to determine under which conditions an output signal shall be present, i.e. what SecureSync will do about a given output when an external reference is lost. See also

"Signature Control" on page 147 .

The on-time point of the 1PPS signal: rising or falling edge

The pulse width

An offset can be entered to account for cable delays or other latencies.

2.16.2.1

Configuring a 1PPS Output

To configure a 1PPS output:

1.

Navigate to INTERFACES: OUTPUTS , or to INTERFACES: OPTION CARDS (white on orange).

2.

In the panel on the right, click the GEAR button next to the 1PPS Output you want to edit.

3.

The 1PPS Output Edit window will display, allowing the following items to be configured:

Signature Control : Determines when the output is enabled. For more information, see

"Signature Control" on page 147 .

Offset [ns]: Allows to offset the system's 1PPS on-time point, e.g. to compensate for cable delays and other latencies [range = –500000000 to 500000000 ns =

±0.5 s]

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31 145

2.16  Configuring Outputs

Edge : Used to determine if the on-time point of the 1PPS output is the rising or the falling edge of the signal.

Rising

Falling

Pulse Width [ns]: Configures the Pulse Width of the 1PPS output.

[range = 20 to 900000000 ns = 0.0  μ s to 0.9 s]

[default = 200 ms]

4.

Click Submit.

2.16.2.2 Configuring the 10 MHz Output

To configure a10 MHz output:

1.

Navigate to INTERFACES > OUTPUTS , or to INTERFACES > OPTION CARDS

(white on orange).

2.

In the panel on the right, click the GEAR button next to the 10 MHz output that you want to edit.

3.

The 10 MHz edit window will display. Choose a value from the Signature Control field drop-down list to determine what SecureSync shall do with the output signal in the event its input reference is lost. For more information, see

"Signature Control" on the facing page

.

4.

Click Submit.

2.16.3

Configuring Optional Outputs

Next to the standard outputs, optional outputs e.g., ASCII or IRIG, are available through

Option Cards.

The functionality and configuration of these options are documented under

"Option

Cards" on page 351

.

146 CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31

2.16  Configuring Outputs

2.16.4

Network Ports

The Network Ports can be configured under MANAGEMENT > Network Setup . For more information, see

"Configure Network Settings" on page 56 .

2.16.5

Signature Control

Signature Control is a user-set parameter that controls under which output states an output will be present. This feature allows you to determine how closely you want to link an output to the status of the active input reference e.g., by deactivating it after holdover expiration. It is also offers the capability to indirectly send an input-reference-lost-alarm to a downstream recipient via the presence of the signal.

E X A M P L E S :

You can setup Signature Control such that SecureSync's built in 1PPS output becomes disabled the moment its input reference is lost (e.g., if a valid GNSS signal is lost).

Or, you can setup your output signal such that remains valid while SecureSync in holdover mode, but not in free run.

The available options are:

I.

Output Always Enabled —The output is present, even if SecureSync is not synchronized to its references (SecureSync is free running).

II.

Output Enabled in Holdover —The output is present unless SecureSync is not synchronized to its references (SecureSync is in Holdover mode).

III.

Output Disabled in Holdover —The 1PPS output is present unless the SecureSync references are considered not qualified and invalid (the output is NOT present while

SecureSync is in Holdover mode.)

IV.

Output Always Disabled —The output is never present, even if SecureSync references are present and valid.

Table 2-6: Signature control output-presence states

Ref.

Out-of-sync, no holdover

In holdover

In-sync with external reference

I.

II.

CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31 147

2.16  Configuring Outputs

Ref.

III.

Out-of-sync, no holdover

IV.

In holdover

In-sync with external reference

Configuring Signature Control for an Output

To review or configure the Signature Control setting for any output:

1.

Navigate to INTERFACES > OUTPUTS and click the output you want to configure.

2.

In the Outputs panel, click the GEAR button for the desired output. Ehe Edit window will open with the current Signature Control setting, and a drop-down list to change it.

148 CHAPTER 2 • SecureSync 1200 User Reference Guide Rev. 31

Managing Time

In this document, the notion of Managing Time refers not only to the concept of SecureSync's System Time, but also to reference configuration, as well as distribution of time and frequency.

The following topics are included in this Chapter:

3.1 The Time Management Screen

3.2 System Time

3.3 Managing References

3.4 Holdover Mode

3.5 Managing the Oscillator

150

151

167

219

223

CHAPTER 3 • SecureSync 1200 User Reference Guide 149

3.1  The Time Management Screen

3.1

The Time Management Screen

The Time Management screen is the point of entry for all System Time -related settings that are user-configurable.

To access the Time Management screen:

1.

Navigate to MANAGEMENT > OTHER: Time Management .

2.

The Time Management screen opens. It is divided into 4 panels:

150

System Time panel

The System Time panel displays the time scale and the year, and allows access to the Edit

System Time window via the GEAR icon in the top-right corner. This window is used to select the time scale, and to manually set a user- time, if so required.

See

"System Time" on page 152 .

Offsets panel

The Timescales UTC , TAI , and the GPS -supplied time are offset by several seconds, e.g. to accommodate leap seconds. The GPS offset may change over time, and can be managed via the GEAR icon in the top-right corner of this panel.

Leap Second Info panel

From time to time, a leap second is applied to UTC, in order to adjust UTC to the actual position of the sun. Via the Leap Second Info panel, leap second corrections can be applied to

CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31

3.2  System Time

SecureSync’s time keeping. It is also possible to enter the exact day and time when the leap second is to be applied, and to delete a leap second.

See also:

"Leap Seconds" on page 160

Local Clocks panel

You can create multiple different Local Clocks, as needed. The names of all Local Clocks that have already been created are displayed in the Local Clocks panel.

See also

"Local Clock(s), DST" on page 163 .

3.2

System Time

The time that SecureSync maintains is referred to as the System Time . The System Time is used to supply time to all of the available time-of-day outputs (such as the front panel

LED display, NTP time stamps, time stamps in the log entries, ASCII data outputs, etc.).

By default, the System Time is synchronized to SecureSync’s input references (such as

GNSS, IRIG, ASCII data, NTP, PTP, etc.).

If a UTC-based time is not required, however, it is also possible to manually set the System

Time to a desired time/date, or to use the unit's battery backed time (Real Time Clock) as

System Time (with an external 1PPS reference).

The flow chart below illustrates how SecureSync obtains the highest available and valid reference, depending on whether an external source is chosen as reference, or an internal

( User[x] , or Local System ).

CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31 151

3.2  System Time

Figure 3-1: How the System Time is derived

Note: User hand-set times can only be set in UTC (not Local time).

3.2.1

System Time

Several System Time parameters can be customized:

The System Timescale can be changed.

A user-defined time can be setup for e.g., for simulation purposes, or if no external reference is available.

The battery-backed RTC time can be used as System Time, until an external reference become available.

3.2.1.1

Configuring the System Time

To configure the System Time:

1.

Navigate to MANAGEMENT > OTHER: Time Management .

152

2.

In the System Time panel located in the top-left corner of the Time Management screen, click the GEAR icon.

3.

The Edit System Time pop-up window will display.

In the System Timescale field select a timescale from the drop-down list.

The options are:

CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31

3.2  System Time

UTC : Coordinated Universal Time (Temps Universel Coordonné); your local time zone determines the difference between UTC and local time.

Note that UTC is not a time zone, but a time standard, i.e. it is not used anywhere in the world as the official local time, whereas GMT (Greenwich Mean Time) is a time zone that is used in several European and

African countries as the official local time.

TAI : International Atomic Time (Temps Atomique International).

The TAI time scale is based on the SI second and is not adjusted for leap seconds. As of 5-March-2021, TAI is ahead of UTC by 37 seconds.

TAI is always ahead of GPS by 19 seconds.

GPS : The Global Positioning System time is the timescale maintained by the GPS satellites.

Global Positioning System time is the time scale maintained by the GPS satellites. The time signal is provided by atomic clocks in the GPS ground control stations. The UTC–GPS offset as of 5-March-2021 is 18 seconds.

For more information on Timescales, see

"Timescales" below .

4.

If you want to override the system time with a manually set User Time , check the

Manual Time Set checkbox. For information, see

"Manually Setting the Time" on page 155

.

5.

Click Submit to update the System Time and close the window.

3.2.1.2

Timescales

The System Time can be configured to operate in one of several timescales , such as UTC,

GPS and TAI (Temps Atomique International) . These timescales are based on international time standards, and are offset from each other by varying numbers of seconds.

When configuring SecureSync, in most cases, UTC will be the desired timescale to select.

Note: UTC timescale is also referred to as “ZULU” time. GPS timescale is the raw GPS time as transmitted by the GNSS satellites (in 2018 the GPS time is currently 18 seconds ahead of UTC time. UTC timescale observes leap seconds while GPS timescale does not).

CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31 153

3.2  System Time

Note: The TAI timescale also does not observe leap seconds. The TAI timescale is fixed to always be 19 seconds ahead of GPS time. As of 5-March-

2021 TAI time is 37 seconds ahead of UTC.

SecureSync's System timescale is configured via the MANAGEMENT > OTHER: Time

Management screen, see

"System Time" on page 152 .

Input timescales

Some of the inputs may not necessarily provide time to SecureSync in the same timescale selected in the System Time’s timescale field. These inputs have internal conversions that allow the timescale for the inputs to also be independently defined, so that they don’t have to be provided in the same timescale. For example, the System timescale can be configured as “UTC”, but the IRIG input data stream can provide SecureSync with “local” time, with no time jumps occurring when the reference is selected.

If an output reference is using the GPS or TAI timescale, and the System Time is set to

“UTC”, then the GPS Offset box in the Edit GPS Offset window must be populated with the proper timescale offset value in order for the time on the output reference to be correct. Some references (like GNSS) provide the timescale offset to the system. In the event that the input reference being used does not provide this information, it must be set in through the Offsets panel of the Time Management page.

Since the GPS and TAI offsets have a fixed relationship, only the GPS offset can be set. If only the TAI offset is known, subtract 19 from it to get the GPS offset.

Note: If the System Time is set to the UTC timescale, and all output references either use the UTC or “local” timescale, then it is not necessary to set the GPS and TAI timescale Offsets.

Caution: It is imperative to configure any input reference’s timescales appropriately. Otherwise, a System Time error may occur!

Output timescales

Some of the available SecureSync outputs (such as the front panel LED display, the IRIG option module’s outputs, ASCII data module’s outputs, etc.) won’t necessarily output in the same timescale selected in the System Time’s timescale field. These outputs have internal conversions that allow the timescale for the outputs to also be independently defined, so that they don’t have to be provided in the same timescale. For example, the System

154 CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31

3.2  System Time timescale can be configured as “UTC”, but the front panel LED display can be configured to still show “local” time, if desired.

Other SecureSync outputs will be provided in the same timescale that is selected in the

System timescale field. The NTP output for network synchronization and the time stamps included in all log entries will be in the same timescale as the configured System timescale.

For example, if “GPS” is selected as the System timescale, the log entries and the time distributed to the network will all be in GPS time (time broadcasted directly from the GNSS constellation). But, the LED display can still be configured to show the current “local” time.

3.2.1.3

Manually Setting the Time

For some applications, it may not be necessary to synchronize SecureSync to a UTC-based reference. Or, a GPS reference is not available yet (e.g., because the antenna is not yet installed), but the system has to be setup and tested.

In such cases, the System Time can be hand-set, and then used as a User [x] -set System

Time. For more information on when to use this functionality, see

"The "User/User" Reference" on page 173 .

Note: If synchronization to UTC is NOT required, it is advisable to set a time in the past or future, so as to avoid users inadvertently considering the distributed time to be genuine.

Caution: Note that this mode of operation is intended for special use cases e.g., autonomous systems, where legally traceable time is not required:

This time will be inaccurate/not traceable, since it is not tied to any reference.

To hand-set the System Time, and configure this time to be a valid reference:

1.

Navigate to MANAGEMENT > OTHER: Time Management .

2.

In the System Time panel on the left, click the GEAR icon.

3.

Select Manual Time Set . Set your time & date, as needed:

System Time [DATE; TIME]: If you do not select Set Year Only , this box will show the current time in the format: Year-Month-Day Hour:Minute:Second . To set the time manually, click anywhere in the System Time field. A drop-down calendar with time-setting sliders will appear:

CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31 155

3.2  System Time

156

The time in the System Time field will default to the current date and time.

To set the time, use the sliders. The time will display between the calendar and the sliders, and also next to the chosen date in the field directly above the calendar. To close the calendar, click anywhere in the Edit System Time window.

NOTE: Except for testing purposes, you should not choose a date other than the current day.

Set Year Only : Some legacy time formats (e.g., IRIG) do not support years.

Checking this box will open a data entry field to manually set the year. Orolia recommends not to utilize this feature, unless the IRIG format you are using does not provide a YEAR field.

Synchronize to Battery Backed Time on Startup : See

"Using Battery

Backed Time on Startup" on the facing page

.

4.

Click Submit at the precise moment desired.

5.

Navigate to MANAGEMENT > OTHER: Reference Priority .

6.

In order for the User time to be a considered a valid reference, verify that the Reference Priority table includes an "Enabled" User [x] Time, and 1PPS reference (" User-

/User "). For more information, see

"Input Reference Priorities" on page 167

and

"The "User/User" Reference" on page 173 .

7.

Move (drag & drop) the User time to the top of table, and disable all other references.

8.

Let Holdover expire. (Set it to a very short duration, if desired: i.

Navigate to MANGAGEMENT > OTHER: Disciplining .

ii.

In the Status panel, click the GEAR icon.

CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31

3.2  System Time iii.

In the Oscillator Settings window, set the Holdover Timeout .)

9.

Check on the HOME  screen that User 0 is displayed, with a green STATUS. Note that the Disciplining State will remain yellow , once Holdover has expired, since the system time is not synchronized to a reference.

Note: Contrary to the User reference discussed above, the Local System reference can be used for Time, or 1PPS (but not both). For more information, see

"The "Local System" Reference" on page 172 .

3.2.1.4

Using Battery Backed Time on Startup

Upon system startup, by default SecureSync will not declare synchronization until one of the external references becomes available and valid.

This functionality can be overridden by enabling the Synchronize to Battery Backed

Time on Startup , thus allowing the battery backed time to be used as System Time upon system startup. The Battery Backed Time is also referred to as the time maintained by the integrated Real Time Clock ( RTC )

This will result in SecureSync providing a System Time before one of the external references becomes available and valid. This will happen automatically, i.e. without user intervention. As soon an external reference will become available, its time will take precedence over the battery backed time: The System Clock will adjust the System Time for any time difference.

Note: The Battery Backed Time is also referred to as the time maintained by the integrated Real-Time Clock (RTC).

Use Cases

Using the Battery Backed Time on Startup is typically used in these cases: a.

If the synchronization state is to be reached as quickly as possible, even if this means the time distributed initially will most likely be less accurate than an external time reference.

b.

A system is intended to operate autonomously (i.e. without any external references) and the hand-set time entered manually during commissioning of the system is sufficiently accurate

CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31 157

3.2  System Time the system needs to be able to completely recover from a temporary power loss, or similar, without human intervention.

c.

A system is used for simulation or testing purposes, and UTC traceability is not required.

The Accuracy of the Battery Backed Time …

… depends on the accuracy of the hand-set time if the time is set manually in an autonomous system. In a non- autonomous system (i.e, when using external reference (s))

SecureSync's System Clock will regularly update the battery-backed time.

Another factor impacting the accuracy of the battery- backed time is how long a

SecureSync unit is powered off: Any significant amount of time will cause the batterybacked RTC to drift, i.e. the battery-backed time will become increasingly inaccurate.

The battery used for the RTC is designed to last for the lifetime of the product.

Distributing battery-backed time over NTP

When distributing a hand-set, battery backed time via NTP, please set the time relatively close to UTC, so as to prevent NTP synchronization problems when transitioning from the hand-set time to a UTC-based external input reference. See also

"Input Reference Priorities" on page 167 .

To use the battery-backed time as the synchronized time at start-up:

1.

Navigate to MANAGEMENT > OTHER: Time Management .

2.

In the System Time panel click the GEAR icon.

158

3.

The Edit System Time window will display. Select the checkbox Synchronize to

Battery Backed Time on Startup :

CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31

3.2  System Time

4.

Click the Submit button.

3.2.2

Timescale Offset(s)

Timescale offsets account for fixed differences between timescales, in seconds. Timescale offsets may change because of leap seconds, see

"Leap Seconds" on the next page .

3.2.2.1

Configuring a Timescale Offset

To configure a timescale offset to the System Time:

1.

Navigate to MANAGEMENT > OTHER: Time Management .

2.

In the Offsets panel on the left, click the GEAR icon in the top-right corner.

3.

The Edit GPS Offset window will display. Enter the desired GPS Offset in seconds, and click Submit.

Note: Since the GPS Offset and the TAI Offset have a fixed relationship, only the GPS Offset can be set. If only the TAI offset is known, subtract 19 from it, in order to obtain the GPS offset.

Note that the data stream of GPS and several other external references includes information about a pending Leap Second, and as such automatically corrects for a Leap Second.

Nevertheless, it is advisable to perform some testing in advance to ensure all system components will adjust flawlessly. For more information, see

"Leap Seconds" on the next page .

CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31 159

3.2  System Time

3.2.3

Leap Seconds

3.2.3.1

Reasons for a Leap Second Correction

A Leap Second is an intercalary 1 one-second adjustment that keeps broadcast standards for time of day close to mean solar time. Leap Seconds are required to synchronize time standards with civil calendars, thus keeping UTC time in sync with the earth’s rotation.

Leap seconds can be introduced in UTC at the end of the months of December or June.

The INTERNATIONAL EARTH ROTATION AND REFERENCE SYSTEMS SERVICE

(IERS) publishes a bulletin every six months, either to announce a time step in UTC, or to confirm that there will be no time step at the next possible date. A Leap Second may be either added or removed, but in the past, the Leap Seconds have always been added because the earth’s rotation is slowing down.

Historically, Leap Seconds have been inserted about every 18 months. However, the

Earth's rotation rate is unpredictable in the long term, so it is not possible to predict the need for them more than six months in advance.

Note: Leap Seconds only apply to the UTC and Local timescales. Leap

Seconds do NOT affect the GPS and TAI timescales.  However, a Leap

Second event will change the GPS to UTC, and TAI to UTC time offsets. 

When a Leap Second occurs, SecureSync will automatically change these offsets by the proper amount, no matter which timescale is currently being used by the system.

As of 2018 the GPS to UTC Offset is 18 seconds. The last Leap Second occurred on

December 31, 2016.

SecureSync can be alerted of impending Leap Seconds by any of the following methods:

GNSS Receiver (if available as an input reference): The GNSS satellite system transmits information regarding a Leap Second adjustment at a specific Time and Date an arbitrary number of months in advance.

Input references other than GNSS : Some of the other available input references

(e.g., IRIG, ASCII, NTP) can also contain pending Leap Second notification in their data streams (see chapter below).

Manual user input : SecureSync can be manually configured with the date/time of the next pending Leap Second. On this date/time, the System Time will auto-

160

1 Intercalary: (of a day or a month) inserted in the calendar to harmonize it with the solar year, e.g., February 29 in leap years.

CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31

3.2  System Time matically correct for the Leap Second (unless the System Time’s timescale is configured as either GPS or TAI).

3.2.3.2

Leap Second Alert Notification

SecureSync will announce a pending Leap Second adjustment by the following methods:

ASCII Data Formats 2 and 7 (among other formats) from the ASCII Data option modules contain a Leap Second indicator. During the entire calendar month preceding a Leap Second adjustment, these Formats indicate that at the end of the current month a Leap Second Adjustment will be made by using the character ‘L’ rather than a ‘_ ‘ [space] in the data stream. Note that this does not indicate the direction of the adjustment as adding or removing seconds. These formats always assume that the Leap Second will be added, not removed.

NTP Packets contain two Leap Indicator Bits. In the 24 hours preceding a Leap

Second Adjustment, the Leap Indicator Bits (2 bits) which normally are 00b for sync are 01b (1) for Add a Leap Second and 10b (2) for Remove a Leap Second. The bit pattern 11b (3) indicates out of sync and in this condition NTP does NOT indicate

Leap Seconds. The Sync state indicates Leap Seconds by indicating sync can be

00b, 01b, or 10b.

PTP Packets provide leap indication with a 12-hour notification window.

Some IRIG formats provide leap second notification indicators.

Note: It is the responsibility of the client software utilizing either the Data

Formats or NTP time stamps to correct for a Leap Second occurrence.

SecureSync will make the correction at the right time. However, because computers and other systems may not utilize the time every second, the

Leap Second correction may be delayed until the next scheduled interval, unless the software properly handles the advance notice of a pending Leap

Second and applies the correction at the right time.

3.2.3.3

Leap Second Correction Sequence

The following is the time sequence pattern in seconds that SecureSync will output at UTC midnight on the scheduled day (Note: This is NOT local time midnight; the local time at which the adjustment is made will depend on which Time Zone you are located in).

A.

Sequence of seconds output when adding a second ("positive Leap Second"):

56, 57, 58, 59, 60 , 0, 1, 2, 3 …

B.

Sequence of seconds output when subtracting a second ("negative Leap

CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31 161

3.2  System Time

Second"):

56, 57, 58, 0 , 1, 2, 3, 4 …

3.2.3.4

Configuring a Leap Second

To manually correct the System Time for a leap second:

1.

Navigate to MANAGEMENT> OTHER: Time Management . The Time Management screen will be displayed. In the lower left-hand corner, the Leap Second

Information panel will show if a leap second if pending. This panel will be empty, unless: a.

A leap second is pending, and SecureSync has obtained this information automatically from the GPS data stream.

b.

A leap second had been configured previously by a user via the Edit Leap

Second window.

2.

To access the Edit Leap Second information window, click the GEAR icon in the

Leap Second Information panel.

3.

The Edit Leap Second window will display:

162

4.

In the Leap Second Offset field enter the desired GPS Offset.

5.

In the Date and Time field, enter the date that the desired leap second should occur.

6.

Click Submit .

To delete a leap second correction, click the Delete button.

CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31

3.2  System Time

Note: The Delete button in the Edit Leap Second window will only be visible if a leap second has been set beforehand.

3.2.4

Local Clock(s), DST

The Local Clock feature allows for maintaining one or several local times. These times will reflect a time offset, thereby accounting for Time Zone, and DST (Daylight Savings Time) correction.

3.2.4.1

Adding a Local Clock

To add a Local Clock:

1.

Navigate to MANAGEMENT > OTHER: Time Management .

2.

Click the PLUS icon in the Local Clocks panel in the Time Management screen.

3.

The Local Clock pop-up window will display.

4.

Enter a Name for your local clock.

The name must be between 1 and 64 characters long; spaces are allowed.

The name can be any meaningful name that helps you know your point of reference (for example: “NewYork”, “Paris” or “EasternHQ”, etc.).

This name will be used as cross-reference drop-down in the applicable Input or Output port configuration. Please note the following limitations apply to this option:

CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31 163

3.2  System Time

Note: Acceptable characters for the name include: A-Z, a-z, 0-

9, (-+_) and space.

5.

In the UTC Offset field, choose a UTC Offset from the drop-down list.

All of the UTC Offset drop-down selections are configured as UTC plus or minus a set number of hours.

Examples for the US: For Eastern , choose UTC–05:00; for Central , choose

UTC-06:00; for Mountain , choose UTC-07:00; and for Pacific , choose UTC-

08:00.

If you wish to use DST (Daylight Savings Time ["Summer Time"]) rules, click the Use DST Rules box. Otherwise the time for the local clock will always be standard time.

DST options will appear in the Local Clock window:

164

6.

Set DST Rules by Region : Check this box to apply regional DST rules. A regions drop-down menu with the following options will display:

EU (Europe): For locations complying with the European DST Rule. This rule differs from all other rules because the DST changes occur based on UTC time, not local time (all time zones in Europe change for DST at precisely the same time relative to UTC, rather than offset by local time zone).

US-Canada : For locations complying with the USA’s DST Rule (as it was changed to back in 2006, where the “DST into” date is the Second Sunday of

CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31

3.2  System Time

March and the “DST out” date is the first Sunday of November).

Australia .

Note: If a pre-configured rule DST rule happens to be changed in the future (like the change to the US DST rule in 2006), this option allows the DST rules to be edited without the need to perform a software upgrade for a new DST rule to be defined.

Select this drop-down and enter the DST parameters for the new rule.

7.

DST Start Date and DST End Date : This option is provided for locations that do not follow any of the pre-configured DST rules. Click anywhere in either field to open a calendar, allowing you to enter any custom day & time rule.

8.

Offset : In seconds. Use this field to manually define your local clock’s DST offset e.g., 3600 seconds for a one hour offset.

9.

DST Reference : When configuring a Local Clock that is synchronized to an input reference (e.g., IRIG input), SecureSync needs to know the timescale of the input time

(Local Timescale, or UTC Timescale), in order to provide proper internal conversion from one Timescale to another.

Select Local or UTC , depending on the Timescale of the Input reference this Local

Clock is being used with.

Additional Local Clocks may need to be created if multiple input Timescales are being submitted.

10.

Click Submit . Your local clock will appear in the Local Clocks panel.

3.2.4.2

DST Examples

The following two examples illustrate the configuration of Daylight Savings Time (DST) for a Local Clock:

E x a m p l e 1 :

To create a Local Clock to UTC+1 with no DST rule:

1.  Navigate to

Clock .

MANAGEMENT > Time Management: Local Clocks > (+): Local

2.  In the Local Clock Name field, assign a meaningful name to the new Local Clock.

3.  From the UTC Offset pull down menu, select “UTC +01:00”.

4.  Confirm that the Use DST Rules checkbox is not selected.

CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31 165

3.2  System Time

5.  Review the changes made and click the Submit button.

The unit will display the status of the change.

E x a m p l e 2 :

To create a Local Clock for a SecureSync installed in the Eastern Time Zone of the US, and desiring the Local Clock to automatically adjust for DST (using the post 2006 DST rules for the

US).

1. In the window:

MANAGEMENT > Time Management: Local Clocks > (+): Local Clock

2. Navigate to

Clock .

MANAGEMENT > Time Management: Local Clocks > (+): Local

3. From the UTC Offset pull-down menu, select “UTC -05:00”.

4. Select the Use DST Rules checkbox.

5. Select the Set DST Rules by Region checkbox.

6. From the DST Region drop-down list, select “US-Canada.”

7. Review the changes made and click the Submit button.

The unit will display the status of the change.

3.2.4.3

DST and UTC, GMT

Neither UTC, nor GMT ever change to Daylight Savings Time (DST). However, some of the countries that use GMT switch to a different time zone offset during their DST period. The

United Kingdom is not on GMT all year, but uses British Summer Time (BST), which is one hour ahead of GMT, during the summer months.

Additional information about regional time zones and DST can be found on the following web sites:

http://www.worldtimeserver.com/

,

http://webexhibits.org/daylightsaving/b.html

.

166 CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31

3.3  Managing References

3.3

Managing References

3.3.1

Input Reference Priorities

SecureSync can be synchronized to different time and frequency sources that are referred to as Input References , or just References .

References can be a GNSS receiver, or other sources such as NTP, PTP, IRIG, ASCII or

HAVE QUICK time codes delivered into your SecureSync unit via dedicated (mostly optional) inputs. It is also possible to enter a system time manually, which SecureSync then can synchronize to.

Should you be installing new option cards, you will need to either manually set up the new card in the Reference Priority Table , or use the Restore Factory Defaults option in the

Reference Priority Actions panel, in order to update the table with the new reference information.

In order for SecureSync to declare synchronization, it needs both a valid 1PPS , and Time reference.

The concept of Reference Priority allows the ranking of multiple references for redundancy. This allows SecureSync to gracefully fall back upon a lower ranking 1PPS or Time reference without transitioning into Holdover, in case a reference becomes unavailable or invalid. The priority order you assign to your available references typically is a function of their accuracy and reliability.

Note: The References shown on your screen may look different from the illustration below, depending on your SecureSync Time and Frequency Synchronization System model and hardware configuration.

CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31 167

3.3  Managing References

Each available type of Time and 1PPS input reference is assigned a human-readable name or “title” that is used in the Reference Priority table, indicating the type of reference. The reference titles are listed in the following table:

Table 3-1: Reference priority titles

Title

ASCII Timecode

External 1PPS input

Frequency

GNSS

PTP

IRIG

Local System

NTP

User

HAVEQUICK

Reference

ASCII serial timecode input

External 1PPS input

External Frequency input

GNSS input

PTP input

IRIG timecode input

Built-in clock OR internal 1PPS generation

NTP input

Host (time is manually set by the user)

HAVEQUICK input

The number displayed indicates the number of feature inputs of that type presently installed in the SecureSync– starting with “0” representing the first feature input. For example:

IRIG 0 = 1 st

IRIG input instance

Frequency 1 = 2nd frequency input instance

NTP 2 = 3rd NTP input instance

The columns of the Reference Priority table are defined as follows:

Priority —Defines the order or priority for each index (row). The range is 1 to 16, with 1 being the highest priority and 16 being the lowest priority. The highest priority reference that is available and valid is the reference that is selected.

Time —The reference selected to provide the necessary “Time” reference.

1PPS —The reference selected to provide the necessary “1PPS” reference.

Enabled —The reference is enabled.

Delete —Removes the Index (row) from the Reference Priority table.

3.3.1.1

Configuring Input Reference Priorities

SecureSync can use numerous external time sources, referred to as "references". As external time sources may be subject to different degrees of accuracy and reliability, you

168 CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31

3.3  Managing References can determine in which order (= priority) SecureSync calls upon its external time and 1PPS references.

For additional information, see also

"Input Reference Priorities" on page 167 .

Accessing the Reference Priority Screen

To access the Reference Priority Setup screen:

1.

Navigate to MANAGEMENT > OTHER: Reference Priority .

OR:

1.

On the HOME screen, click the GEAR icon in the Reference Status panel:

2.

The Configure Reference Priorities screen will display.

The Reference Priority screen is divided into 3 areas: a.

The Actions panel, which provides a single action:

Restore Factory Defaults b.

The Configure Reference Priorities panel, which displays the priority of

SecureSync’s references in a table form.

In this panel you can:

CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31 169

3.3  Managing References

Add and configure new references

Delete references

Enable/disable references

Reorder the priority of SecureSync’s references c.

The Reference Status panel

The Reference Status panel provides a real time indicator of the status of the SecureSync’s references. It is the same as the Reference Status panel on the HOME screen of the Web UI.

Adding an Entry to the Reference Status Table

To add a new entry to the Reference Status table:

1.

Navigate to the Configure Reference Priorities screen via MANAGEMENT >

OTHER: Reference Priority .

2.

Click the PLUS icon in the top right-hand corner of the Configure Reference Priorities table.

3.

The Add Reference window will display:

170

4.

In the Add Reference window, enter:

Priority Level : Assign a priority to the new reference.

Time : Select the time reference.

PPS : Select the PPS reference.

Enabled : Check this box to enable the new reference.

5.

Click Apply or Submit . ( Submit will close the window.)

Deleting a Reference Entry

To delete an entry from the Reference Status table:

CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31

3.3  Managing References

1.

Navigate to the Configure Reference Priorities screen via MANAGEMENT >

OTHER: Reference Priority .

2.

In the Configure Reference Priorities table click the Delete button on the righthand side of the entry you wish to delete.

3.

In the pop-up window that opens click OK to confirm.

Reordering Reference Entries

To reorder the priority of a reference entry:

1.

Navigate to the Configure Reference Priorities screen via MANAGEMENT >

OTHER: Reference Priority .

2.

Click and hold on the item whose priority you wish to reorder.

3.

Drag the item up or down to the desired place.

4.

Click Submit.

Resetting Reference Priorities to Factory Defaults

To reset all references in the Reference Priority table to their factory default priorities:

1.

Navigate to the Configure Reference Priorities screen via MANAGEMENT >

OTHER: Reference Priority menu.

CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31 171

3.3  Managing References

2.

In the Actions panel, click the Restore Factory Defaults button.

172

3.3.1.2

The "Local System" Reference

The Local System reference is a "Self" reference, i.e. SecureSync uses itself as an input reference for Time, or as a 1PPS reference. The Local System is a unique input reference in that it can be used as either the Time reference, or the 1PPS reference, but never both .

Note: For SecureSync to operate as a Local System reference, you must have either a valid external Time reference, or a valid external 1PPS reference.

When the Time reference is configured as Local System , SecureSync's System

Time is considered a valid reference, as long as the external 1PPS input reference is valid.

Vice versa, when the 1PPS reference is configured as Local System , SecureSync's built-in oscillator is considered a valid reference, as long as the external Time reference is valid.

Use case "Local System Time"

The Local System reference when used for Time allows SecureSync to operate using its current Time-of-Day (ToD) for Time, while synchronized to an external 1PPS reference.

While you may intentionally offset the time in this scenario, the second will be precisely aligned to the external 1PPS reference. Therefore, this use case qualifies as a legitimate, traceable time source.

Instead of an offset time, Local System can also be used as a backup Time reference (e.g.,

Priority "2"): Should the external Time reference become invalid, the Local System Time will become the valid backup reference, disciplined by the external 1PPS reference:

SecureSync will transition to the Local System Time, without going into Holdover.

CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31

3.3  Managing References

Use case "Local System 1PPS"

The Local System reference can also be used for 1PPS : This allows SecureSync to operate using an external ToD for time, while generating 1PPS from its own internal oscillator.

In this rare use case the 1PPS is NOT aligned to any standard, therefore the time may drift, and must be considered untraceable.

3.3.1.3

The "User/User" Reference

While it is normally not required, it is possible for you as the "User" to override the System

Time (even if it is synchronized to a valid reference) with a manually set time, steered by an undisciplined oscillator, and use this manually set Time as an output reference. This concept is referred to as the User/User reference, because both the Time, and the 1PPS reference are not linked to any UTC-based external reference, but hand-set by you.

Caution: Since the User/User reference is not traceable to a valid reference, it does not qualify as a legitimate time source. Operating

SecureSync with a manually set User time bears the risk of inadvertently outputting an illegitimate System Time thought to be a valid reference time.

Use cases for the "User/User" reference

The User/User reference is provided for the following use cases: a.

No external references are available (yet), but you need a reference for testing or setup purposes. This may be the case e.g., while waiting for a GNSS antenna to be installed.

b.

No external references are required e.g., if SecureSync is used solely to synchronize computers on a network, with no need for traceable UTC-based timing.

c.

To utilize a backup reference as soon as possible after a power cycle or reboot of

SecureSync, while waiting for the primary reference (e.g., GNSS) to become valid.

To this end, in the Edit System Time window, the checkbox Synchronize to Battery Backed Time on Startup must be checked, AND the User/User reference is assigned a reference priority number other than "1". Note that a Time jump and/or

1PPS jump are likely to happen once the primary reference becomes valid.

Combining a User Time reference with a non-User 1PPS reference or vice versa is not a typical use case. Use the Local System reference instead, see

"The "Local System"

Reference" on the previous page

.

Built-in safety barrier

CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31 173

3.3  Managing References

In order to "validate" (=

green

status lights) the User/User reference, the hand-set time must be manually submitted every time after SecureSync reboots or resets, or after the

Holdover period has expired: In the Edit System Time window, the checkbox Manual

Time Set must be checked. The System Time displayed in the field below will become valid the moment the Submit button is clicked.

174

See also below, " How long will the User/User reference be valid?

": The notion of limiting the validity of the User/User reference also serves as a safety feature.

How long will the User/User reference be valid?

Since the User/User reference does not qualify as a legitimate, traceable time, it becomes invalid once SecureSync is reset, or power-cycles, or after the Holdover Time expires

(whichever occurs first). It then needs to be set manually and submitted again ( Edit System Time > Manual Time Set ).

The only workaround for this is

"Using Battery Backed Time on Startup" on page 157

.

This will allow SecureSync to apply the User/User reference after a power-cycle without manual intervention.

How to setup the User/User Reference

See

"Manually Setting the Time" on page 155 .

Using the "User" Reference with Other References

If the User/User reference is used in conjunction with other, external references (such as

GNSS or IRIG), the System Time should be set as accurately as possible:

Otherwise, the large time correction that needs to be bridged when switching from a lost reference to a valid reference, or from a valid reference to a higher-priority reference that has become available again, will cause NTP to exit synchronization. If the difference is

CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31

3.3  Managing References under 1 second, NTP will remain in sync and will "slew" (over a period of time) to the new reference time.

3.3.1.4

Reference Priorities: EXAMPLES

Example 1 – GNSS as primary reference, IRIG as backup:

In this use case, the objective is to use:

GNSS as the primary Time, and 1PPS reference

IRIG as the backup Time, and 1PPS reference.

Step-by-step procedure:

1.

Move the reference which has “GPS 0” in the Time column and “GPS 0” in the

1PPS column to the top of the table, with a Priority value of 1. Click the Enabled checkbox.

2.

Move the reference which has “GPS 0” in the Time column and “GPS 0” in the

1PPS column to the top of the table, with a Priority value of 1. Click the Enabled checkbox.

3.

Move the reference which has “GPS 0” in the Time column and “GPS 0” in the

1PPS column to the top of the table, with a Priority value of 1. Click the Enabled checkbox.

Since both of these references are default references, no additional references need to be added to the Reference Priority table.

Example 2 – IRIG as primary reference, NTP input as backup

In this use case, the objective is to use:

IRIG as the primary reference input

Another NTP server as backup reference

Step-by-step procedure:

1.

Move the reference which has “IRIG 0” in both the Time column and “IRIG 0” in the

1PPS column to the top of the table, with a Priority value of 1. Click the Enabled checkbox.

2.

Move the reference which has “NTP” in the Time column and “NTP” in the 1PPS column to the second place in the table, with a Priority value of 2. Click the

Enabled checkbox.

CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31 175

3.3  Managing References

3.

For all other references, uncheck the Enabled checkbox, so that they are all disabled.

Since both of these references are default references, no additional references need to be added to the Reference Priority table.

Example 3 – NTP input as the only available input (“NTP Stratum 2 operation”)

In this use case, the objective is to have NTP provided by another NTP server as the only available reference input, i.e. the unit to be configured is operated as a Stratum 2 server.

For more information, see

"Configuring "NTP Stratum Synchronization"" on page 107

.

Step-by-step procedure:

1.

Move the reference which has “NTP” in the Time column and “NTP” in the 1PPS column to the top of the table, with a Priority value of 1. Click the Enabled checkbox.

2.

For all other references, uncheck the Enabled checkbox, so that they are all disabled.

3.

Configure the NTP Service as described under

"Configuring "NTP Stratum Synchronization"" on page 107

.

Note: When selecting NTP as an input reference, do not select another reference (such as GNSS, IRIG, etc.) to work with NTP as a reference. NTP should always be selected as both the Time and 1PPS input when it is desired to use NTP as an input reference.

Example 4 – Time set manually by the User. Other references may or may not be available

Note: In order for a manually set time to be considered valid and used to synchronize SecureSync, a “User” needs to be created and enabled in the

Reference Priority table.

"The "User/User" Reference" on page 173 .

In this use case, the objective is to use a hand-set time, in combination with SecureSync's oscillator as a 1PPS source as valid references.

Step-by-step procedure:

176 CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31

3.3  Managing References

1.

If necessary (see NOTE above), create a “User.”

2.

Move the reference which has “User 0” in the Time column and “User 0” in the

1PPS column to the top of the table, with a Priority value of 1. Click the Enabled checkbox.

3.

For all other references, uncheck the Enabled checkbox, so that they are all disabled.

If the objective is to use a manually set time as a

GNSS or IRIG): backup to other references (such as

1.

Move the "User/User" reference to a place in the table that has a priority lower than the references the "User/User" reference will be backing up. Make sure the

Enabled checkbox is selected.

2.

With “User/User” enabled, if no other higher priority references are enabled or available (or if the higher priority references have since been lost), you can now manually set the System time to the desired value ( MANAGEMENT > OTHER: Time Management > System Time > Manual Time Set ). See

"System Time" on page 152

for more information. SecureSync will go into synchronization using this set time once you click the Submit button, and the front panel sync light will turn green.

Note: You will need to repeat this procedure each time SecureSync is power-cycled (with no other references available), unless you enabled the feature Synchronize to Battery Backed Time on Startup.

Example 5—Time at power-up ("Local System Time") to be considered

"Valid". GNSS input to serve as 1PPS reference

The objective of this use case is to allow SecureSync to use itself as a valid reference. This is referred to as “Local System” time.

In order for this to happen, SecureSync requires an external Time, or 1PPS reference. In other words, "Local System" cannot be both Time, and 1PPS. This makes "Local System" a legitimate, traceable reference.

Therefore the "Local System" does not have to be manually set ("validated") by the User after SecureSync was power cycled (as would be the case with a “User/User” reference).

Since “Local System” cannot be both Time , and 1PPS input together, in this example the

GNSS input will be set as the 1PPS reference (other use cases may require using different references, e.g. IRIG.)

As there is no default entry for “Local System” and “GPS”, a new entry needs to be added to the Reference Priorities table in order to use this combination of references.

Step-by-step procedure:

CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31 177

3.3  Managing References

1.

Add a reference to the Reference Priority by clicking the PLUS icon. Use the following settings, then click Submit :

In the Priority Level text box, enter 1 . This will give this reference the highest priority.

In the Time field, select “Local System”.

In the PPS field, select “GPS”.

Check the Enabled checkbox.

2.

Confirm that the first reference in the Reference Priority table has “Local System” as the Time input and "GNSS" as the 1PPS input.

3.

After a power cycle or reboot, as soon as GNSS is declared valid, the System Time will automatically be used as-is, with no manual intervention required.

3.3.2

Reference Qualification and Validation

3.3.2.1

Reference Monitoring: Phase

The quality of input references can be assessed by comparing their phase offsets against the current system reference, and against each other. This is called Reference Monitoring .

Reference Monitoring helps to understand and predict system behavior, and is an interference mitigation tool. It can also be used to manually re-organize reference priorities e.g., by assigning a lower reference priority to a noisy reference or a reference with a significant phase offset, or to automatically failover to a different reference if certain quality thresholds are no longer met (see

"Smart Reference Monitoring" on the facing page ).

SecureSync allows Reference Monitoring by comparing the phase data of references against the System Ontime Point. The phase values shown are the filtered phase differences between each input reference 1PPS, and the internal disciplined 1PPS.

The data is plotted in a graph in real-time. The plot also allows you to display historic data, zoom in on any data range or on a specific reference. A data set can be exported, or deleted.

To monitor the quality of references, navigate to TOOLS > SYSTEM: Reference Monitor . The Reference Monitor screen will display:

178 CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31

3.3  Managing References

On the left side of the screen, Status information is displayed for the System and the

References. Note that the Reference Status panel also displays the latest PHASE

OFFSET reading (1) for active references against the System Ontime Point. The reading is updated every 30 seconds.

This Reference Phase Offset Data is plotted over time (abscissa) in the Reference Monitor panel in the center of the screen. Use the check boxes in the References panel (2) to select the reference(s) for which you want to plot the phase offset data. Use the handles

(3) to zoom in on a time window.

The scale of the axis of ordinate (4) is determined by the largest amplitude of any of the references displayed in the current time window. Use the checkboxes in the References panel on the right to remove references from the graph, or add them to it.

Smart Reference Monitoring

Spectracom's Smart Reference Monitoring uses phase error validation in combination with automatic failover :

The phase error validation calculates long-term averages and standard deviations of the phase offset between the monitored external reference and the internal system reference. The standard deviation is used to calculate two validity thresholds, a higher and a lower one (the latter acts as a hysteresis buffer, preventing the status flip/flopping if the actual phase error validation value varies closely around the outer threshold). The thresholds are not user-configurable.

If the higher threshold value is exceeded, the automatic failover will cause SecureSync to fall back to its next lower reference (if available).

If no other reference is found, the unit will transition into a 1200-second coasting period.

During this coasting period, the TIME and 1PPS references will continue to be considered

CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31 179

3.3  Managing References valid, but SecureSync's oscillator will flywheel. Note that the PPS reference status light will turn yellow. After expiration of the 1200 seconds the unit will transition into Holdover.

Should, however, the above-mentioned higher threshold value no longer be exceeded, the unit will remain in the 1200-second flywheel mode until either (a) the lower threshold value is no longer exceeded, or (b) the 1200-second flywheel period expires. In both cases the PPS status light will turn green again.

Smart reference monitoring is OFF by default. To turn it ON:

1.

Navigate to MANAGEMENT > OTHER: Disciplining .

2.

In the Status panel on the left, click the GEAR icon. The Oscillator Settings window will open.

180

3.

Check the box next to 1PPS Phase Validation and click Submit.

3.3.2.2

Interference Detection and Mitigation (IDM Suite)

BroadShield

What is BroadShield?

BroadShield is an optional software module for SecureSync that is capable of detecting the presence of GPS jamming and/or spoofing in real time. Two types of BroadShield access are available: if you meet the right security qualifications, SecureSync provides the jamming-only portion through a software hotpatch. The full jamming AND spoofing functionality requires a purchased license.

How BroadShield Works

BroadShield monitors the GPS signal frequency band by applying proprietary error detection algorithms. If a threshold signal monitoring value level is exceeded, SecureSync will emit a Major Alarm and – depending on your system configuration – invalidate the GPS

CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31

3.3  Managing References reference causing SecureSync to either transition into Holdover mode (see

"Holdover

Mode" on page 219

), or go out of sync.

Even if you decide to turn off SecureSync's Auto Sync Control feature, which allows

BroadShield to disable the GNSS reference, BroadShield will still add value to your overall system capability by telling you (a) if your GNSS receiver is being spoofed, and (b) in the event of a signal loss due to jamming, why the signal is lost.

Also, if a normally strong GNSS signal becomes weakened, BroadShield's algorithms are capable of discerning a jamming event from natural events causing the signal to weaken.

Note: For an effective jamming detection, and – to some extent – spoofing detection, a good antenna placement with optimal sky view resulting in a high signal-to-noise ratio is essential. A strong signal is required to discern between normal signal fluctuations and a non-natural divergence of signal strength.

BroadShield Requirements

In order for BroadShield to work on your SecureSync system, the following requirements must be met:

1.

The optional BroadShield software license needs to be enabled by applying the

OPT-BSH BroadShield license key. For more information, contact your local Spectracom Sales Office. To determine if BroadShield has been activated on your

SecureSync unit, navigate to TOOLS: SYSTEM > Upgrade/Backup . The center panel System Configuration will list the Options installed in your unit.

2.

BroadShield only works with a u-blox M8T receiver , not with Trimble receivers. To determine which receiver is installed in your unit, navigate to TOOLS: SYSTEM >

Upgrade/Backup . The center panel System Configuration will list the GNSS

Receiver installed in your unit.

3.

System Software 5.7.1

or higher must be installed in your unit. To determine which software is installed in your unit, follow the instructions above and locate the System line item in the System Configuration panel.

Activating the BroadShield Patch and License

Newly purchased units that are ordered with either level of BroadShield should have the necessary patch and/or license already installed.

Customers adding BroadShield to their units will need to obtain access. For access to the jamming-only portion of BroadShield, you will need to install a patch. For access to the full

BroadShield service (both jamming and spoofing detection), you will need to apply both the patch and the license.

CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31 181

3.3  Managing References

In order to apply the Broadshield patch , follow the upgrade instructions under

"Software

Updates" on page 322 .

The installation of the BroadShield patch will have some unusual results with regard to the application of the patch in the Upgrade Status panel. The end result will read Upgrade Failure in red at the top, and the actual hotpatch will also show as Failed on the bottom of the page. This is normal, and if BroadShield is later accessible (see below) the patch was applied successfully.

Figure 3-2: BroadShield patch installation results

To confirm the installation of the patch, navigate to MONITORING: IDM Suite >

BroadShield and confirm that you can toggle BroadShield ON and OFF.

If you have purchased the BroadShield license key and now want to activate it , please follow the instructions under

"Applying a License File" on page 325

.

To confirm that the full BroadShield license has been activated on your SecureSync unit, navigate to TOOLS: SYSTEM > Upgrade/Backup . The center panel System Configuration will list the Options installed in your unit.

OPT_BSH indicates that the license is installed.

Enabling/Disabling the BroadShield Service

The BroadShield service can be run in two operating modes:

BroadShield only : In the event jamming or spoofing is detected (provided you have the spoofing detection license), SecureSync will emit a Major Alarm, however it will continue to consider the GNSS reference as valid, i.e. it will NOT go out of sync.

Auto Sync Control : In the event jamming or spoofing is detected, SecureSync will emit a Major Alarm AND it will go into Holdover mode.

To configure these settings:

1.

Navigate to MONITORING > BroadShield .

2.

In the BroadShield Service panel on the left, configure the desired setting:

182 CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31

3.3  Managing References

Note: Turning BroadShield OFF and Auto Sync Control ON is an invalid setting and will cause a " Failed to connect to the unit...

" error.

3.

In the BroadShield Web UI on the right, navigate to SETTINGS > ALGORITHMS , and ensure that Jamming and/or Spoofing detection are enabled.

Configuring BroadShield

To configure BroadShield:

1.

Navigate to MONITORING > BroadShield . (If you cannot see the MONITORING button in the Primary Navigation Bar of the HOME  screen, this license is not present.) The embedded BroadShield Web UI will open.

2.

Click SETTINGS to open the following sub-menus:

BROADSIGHT

BroadSight is a service that allows collection of data from multiple BroadShield units and provides a dashboard view of the data.

Note: BroadSight for SecureSync is currently not supported.

CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31 183

3.3  Managing References

HOME BASE

184

By setting the HOME BASE position you allow BroadShield to use this location as a reference position for spoofing detection: Should BroadShield detect that the geographic position reported by SecureSync's GPS receiver seems to move beyond the set Alarm

Threshold (even though SecureSync does not move), an alarm will be triggered.

The standard use case is to make your GNSS 1 Position your HOME BASE:

1.

Should the position fields be populated (other than the Alarm Threshold ), click

CLEAR LOCATION (this will prevent BroadShield from issuing an alarm once you

SAVEd the new position.)

2.

Click USE in the GNSS 1 Position box to apply the settings.

3.

The default Alarm Threshold is 50 m, i.e. any detected position shift beyond a 50m circle around the HOME BASE position will cause an alarm. You can change this setting to adjust the sensitivity.

4.

Click SAVE to accept the entered values.

A less common use case may be that you want to pre-set the unit's position for later use e.g., if the SecureSync unit will be deployed in a different location: Set a position manually by entering lat / long (format: xx.xxxxxx degrees) and alt . Note, however, that this may cause a spoofing alarm, since BroadShield detects a difference between the HOME BASE position and the GNSS position.

CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31

3.3  Managing References

ALGORITHMS

This menu option allows you to disaable/enable Jamming or Spoofing.

Spoofing refers to impersonating the live-sky GNSS signal, thus "deceiving" the GNSS receiver, while Jamming refers to interference of the signal, i.e. making the live-sky GNSS signal unusable. Per default, both are Enabled if you have the full BroadShield license. If you have the jammingonly portion of BroadShield installed, Spoofing detection will be disabled.

ABOUT

The About menu displays Version and Build Date of the BroadShield software. Periodic updates are released with SecureSync system software updates, as they become available.

Monitoring BroadShield

You can use the BroadShield Web UI to monitor the jamming and/or spoofing status, or the SecureSync Web UI. In the latter case, you will be informed of a Major Alarm, as described below:

3.3.3

BroadShield Alarm

If BroadShield detects a jamming or spoofing event, SecureSync will emit a BroadShield

Critical, Major Alarm (see illustration below). SecureSync will go into Holdover ( yellow

HOLD status light) and – depending on the BroadShield Service setting (see

"Enabling/Disabling the BroadShield Service" on page 182 ) and your SecureSync settings

– will either remain in sync ( green SYNC status light), i.e. it will continue to output time and frequency signals considered valid, or it will go out of sync ( red SYNC light).

CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31 185

3.3  Managing References

186

You can also configure a notification alarm, see

"Enabling/Disabling the BroadShield Service" on page 182 .

3.3.4

BroadShield Web UI Monitoring

The BroadShield Web UI will also display real time signal status information, or a map status.

Note: If at any time you receive an error message Failed to connect to the unit , the SecureSync Web UI may have timed out (see

"Web UI Timeout" on page 269 ). Refresh your browser page to log back in.

To open the BroadShield user interface:

1.

Navigate to MONITORING > BroadShield .

2.

The embedded BroadShield Web UI will open, displaying the Dashboard and providing access to the following panels:

DASHBOARD

The Dashboard panel displays up to 7 days of history data, and a real-time amplitude frequency spectrum. The headline background color indicates the current jamming/spoofing status: red = jamming or spoofing detected; green = no alarms at this time

CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31

3.3  Managing References

Top graph

The Dashboard top graph displays the past signal level over time, divided into a Normal and a Critical signal level (separated by a red line). A blue line in the Critical zone indicates a potential jamming incident, while a green line indicates that SecureSync may be subject to a spoofing attack.

You can change the time scale by clicking on any of the labels between 1 HOUR and

7 DAY .

Note: A SecureSync reboot will reset all history data (it can still be retrieved via LOGS.)

Bottom graph

The bottom graph labeled Spectrum visualizes the current signal over the GPS frequency band. Unusual amplitude spikes indicate a potential threat. If your system is equipped with more than one GNSS receivers, a green and an orange graph will indicate the signal level for additional receivers.

GNSS 1 Status

CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31 187

3.3  Managing References

188

Note: The BroadShield GNSS1 reference refers to the SecureSync GNSS 0 reference.

Status information

GPS Time : Time and Day as provided by SecureSync's GNSS receiver.

Position : The position as determined by SecureSync's GNSS receiver.

Satellites Used : The number of satellites currently received by SecureSync. This number includes all satellites currently received for all enabled constellations (see

"Selecting GNSS Constellations" on page 211 ). Note that BroadShield uses only

GPS signals for jamming/spoofing detection.

Average C/No : Average signal to noise ratio. An average C/No value higher than

30 can be considered "good".

Skyplot graph

The center of the skyplot represents the antenna position. The skyplot shows all GPS satellites currently being tracked and – if enabled (under INTERFACES: REFERENCES >

GNSS Reference: GNSS 0 > Edit button > Selected Constellations ) – will also display all GLONASS satellites (numbered 65 and higher). Note, however, that GLONASS satellites will not be used by BroadShield. Galileo and Beidou satellites will not be displayed.

Note: Even though SecureSync may be configured to track multiple GNSS constellations (see

"Selecting GNSS Constellations" on page 211

),

BroadShield only uses GPS.

CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31

3.3  Managing References

Signal-to-noise bar graph

This graph visualizes the signal-to-noise ratio for up to 20 received satellites in real time.

The satellites are numbered by their NMEA ID's (as in the skyplot mentioned above).

MAP

The map displays your current position, as reported by the GPS receiver. Should the displayed position differ from the actual antenna position, the GPS signal is likely spoofed.

Note that the map data is not part of the BroadShield software, but is downloaded from the

Internet. Hence, this feature is only available if your SecureSync unit is connected to the

Internet.

LOGS

To clear all current logs stored on SecureSync, click CLEAR LOGS .

To start a new log session, click NEW LOG SESSION .

To download current logs, click DOWNLOAD LOGS .

Broadshield Notifications

You can setup Notifications to be sent if BroadShield detects or clears an alarm:

Navigate to MANAGEMENT: OTHER > Notifications , and under the GPS tab, locate the two BroadShield line items. For further information on how to configure Noti-

CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31 189

3.3  Managing References fications, see

"Notifications" on page 237

.

3.3.5

The GNSS Reference

With most applications, SecureSync will be setup such that it utilizes a GNSS signal as the primary (if not the only) timing reference.

SecureSync's GNSS receiver utilizes the signal provided by the GNSS antenna.

The GNSS receiver analyzes the incoming GNSS data stream and supplies the GNSS time and 1PPS (Pulse-Per-Second) signal to SecureSync's timing system. The timing system uses the data to control the System Time and discipline the oscillator.

While SecureSync’s default GNSS receiver configuration will likely be adequate for most applications, it is advisable that you review the options and change settings as needed, particularly if you are experiencing poor signal reception.

190

To access the GNSS Receiver settings:

CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31

3.3  Managing References

1.

Navigate to INTERFACES > REFERENCES: GNSS 0 .

Note: Typically, there will be only one GNSS reference, numbered

"0".

2.

The GNSS 0 status window will open. To open the configuration window, click Edit in the bottom-left corner.

OR:

1.

Navigate to INTERFACES > REFERENCES: GNSS Reference .

2.

Click on the INFO button, or the GEAR button to configure the GNSS settings, or review GNSS reference status information.

Note that the configurable settings displayed in the configuration window are highly dependent on superordinate settings, as well as receiver manufacturer and type in your SecureSync unit:

Trimble Resolution-T ®

Trimble Res–SMT GG ® u-blox M8T ® .

3.3.5.1

Reviewing the GNSS Reference Status

To view the current status of your GNSS reference:

1.

Navigate to INTERFACES > REFERENCES: GNSS Reference .

2.

Click the INFO button next to GNSS 0 . The GNSS 0 status window will display; it contains two tabs, explained in detail below: Main [= default], and Satellite Data .

The "Main" tab

CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31 191

3.3  Managing References

192

Under the Main tab, the following information will display:

Note: Detailed information on the different parameters can be found in the subsequent GNSS topics.

CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31

3.3  Managing References

Manufacturer/Model : The manufacturer and/or model of the GNSS receiver in your SecureSync unit.

Validity : Status indicator lights for TIME and 1PPS signals: “ On ” ( green ) indicates a valid signal, “ Off ” ( red ) indicates that no valid signal is available. A yellow 1PPS light indicates that the monitored 1PPS value fell below a quality threshold and the unit is in flywheel mode (for more information, see

"Reference Monitoring: Phase" on page 284 ).

Receiver Mode:

Single Satellite : Used in areas with poor GNSS reception.

Standard : Default operating mode for the GNSS receiver.

Mobile : For non-stationary applications.

Receiver Dynamics : (u-blox receivers only); see

"Setting GNSS Receiver Dynamics" on page 200

.

Survey Progress : Real-time status:

ACQUIRING (x Satellites)— red

SURVEYING (x %)— yellow ; remains at 1% if no satellites are in view

COMPLETE — green

Number of Tracked Satellites : The number of satellites currently being tracked.

Offset : As set by the user, in nanoseconds.

Antenna Sense :

OK ( green )

Open : Check the antenna for the presence of an open.

Short : Check the antenna for the presence of a short circuit.

Position : SecureSync’s geographic position by:

Latitude : In degrees, minutes, seconds

Longitude : In degrees, minutes, seconds

Altitude : In meters MSL (Mean Sea Level)

Receiver Constellation : GPS/GLONASS/Galileo/BeiDou/SBAS/QZSS

Client A-GPS Status : A-GPS is ENABLED and running, or DISABLED

Client A-GPS Data : External A-GPS data is AVAILABLE, or UNAVAILABLE

Server A-GNSS Status : The Rinex Server feature is ENABLED and running, or

DISABLED

Server A-GNSS Data : A-GPS data is AVAILABLE and can be downloaded by clients, or it is UNAVAILABLE

CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31 193

3.3  Managing References

E

J

G

R

I

C

Identified Satellite Signal Strengths : Bar graphs for all satellites detected. Color indicates signal strength.

With your mouse pointer, hover over a bar graph to display tool tip information about satellite constellation, satellite number, and signal strength.

Letter Symbol GNSS Constellation

GPS

GLONASS

Galileo

QZSS

BeiDou

IRNSS

The "Satellite Data" tab

Under the Satellite Data tab, there are two graphs:

Number of Satellites over Time : A graphical track of how many satellites were being tracked over time.

SNR over Time : A graphical track of maximum SNR, and minimum SNR.

194 CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31

3.3  Managing References

In both graphs, to see a legend of the graphical data, and time-specific status data, click inside the graph, choosing the desired point in time. If necessary, increase the time resolution by dragging the time sliders. A pop-up window will display the legend for that graph, and the status information for the selected time.

3.3.5.2

Determining Your GNSS Receiver Model

Note: All SecureSync models are currently shipped with a u- blox M8T

Receiver.

To determine which GNSS receiver model is installed in a SecureSync unit:

Note: If a SecureSync unit is used exclusively as a Stratum 2 server, it may not be equipped with a GNSS receiver at all.

1.

Navigate to TOOLS > SYSTEM: Upgrade/Backup .

2.

In the System Configuration panel, locate the line item GNSS Receiver :

CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31 195

3.3  Managing References

GNSS Receiver Models

Orolia strives to equip SecureSync with current technology. Depending on the production date of your SecureSync unit, one of the following GNSS receiver models will be installed in your unit (if any):

u-blox

®

M8T

Production dates : Since 2016

Constellations : GPS, Galileo, GLONASS, BeiDou, QZSS

Other characteristics:

Client A-GPS option: Yes

Server A-GNSS option: Yes

Resurvey : Automatic, after being moved and rebooted — can be changed, see

"Setting GNSS Receiver Dynamics" on page 200

.

Multi-GNSS reception: Yes, within these permissible settings:

GPS Galileo GLONASS Beidou

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

Note: The augmentation systems SBAS and QZSS can be enabled only if GPS operation is configured.

196 CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31

3.3  Managing References

Note: As of System software version 5.7.0, the Multi GNSS Option is no longer required. After an upgrade, the previous constellation settings will be maintained.

Trimble Res-SMT™ GG

Production dates : 2014, 2015, 2016

Constellations : GPS, GLONASS, QZSS

Other characteristics:

Client A-GPS option: Yes

Server A-GNSS option: Yes, for GPS.

Resurvey : Automatic, after being moved and rebooted — can be changed, see

"Setting GNSS Receiver Dynamics" on page 200

.

Trimble Res-T

®

Production dates : up to 2014

Constellations : GPS

Other characteristics:

A-GPS option: No

Server A-GNSS option: Yes, for GPS.

Resurvey : Automatic, after being moved and rebooted — can be changed, see

"Setting GNSS Receiver Dynamics" on page 200

.

CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31 197

3.3  Managing References

3.3.5.3

Selecting a GNSS Receiver Mode

When connected to a GNSS antenna that receives a GNSS signal, SecureSync can use

GNSS as an input reference. The factory default configuration allows GNSS satellites to be received/tracked with no additional user intervention required.

However, there are several user-configurable GNSS settings:

The Receiver Mode function allows the GNSS receiver to operate in either a stationary mode (“ Standard ” or “ Single Satellite ” modes), or in a mobile mode environment e.g., in a vehicle, ship or aircraft.

Offset [ns]: to account for antenna cable delays and other latencies

Receiver dynamics (supported only by u-blox M8T and Trimble Res-T receivers): to optimize performance for land, sea or air operation

The ability to delete the stored GNSS position information (latitude, longitude and antenna height).

The option to determine when a resurvey is to be performed (supported only by newer GNSS receivers).

The option to select your constellation types

To configure the GNSS Receiver Mode for your SecureSync unit:

1.

Navigate to INTERFACES > REFERENCES : GNSS 0 . The GNSS 0 Status panel will open.

2.

Select Edit in the bottom-left corner. The GNSS 0 configuration window will open:

198

3.

Select the desired Receiver Mode, and click Submit .

GNSS Receiver Modes

The receiver modes are:

Standard GNSS Receiver Mode

The default GNSS receiver mode is the Standard Mode : It is the most accurate, and hence the preferred GNSS receiver mode.

CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31

3.3  Managing References

The Standard Mode can be used only for stationary applications , i.e. the SecureSync unit will not be moved. Also, it must be able to track initially at last four satellites in order to complete the survey. (Once the survey is completed, less than four satellites will provide a valid

Time and 1PPS.)

In the Standard Mode the GNSS survey will initially be performed, once at least four GNSS satellites become available. The GNSS survey is used to determine the exact position and time; it takes 2000 seconds (33 minutes) to complete a survey. During the survey, the

GNSS receiver must continue to track at least four satellites, otherwise the GNSS survey will not complete.

Upon completion of the GNSS survey the GNSS receiver will lock-in the calculated GNSS position and will enter Standard Mode . Once in Standard Mode , the GNSS survey will only be performed again if: the unit is halted or rebooted (see

"Performing a GNSS Receiver Survey" on page 202 ).

the equipment will be relocated to another location and the receiver detects this

(applies to most Trimble receivers) the Receiver Dynamics is set to Resurvey after every reboot (this feature is available only with u-blox receivers and Trimble RES-SMT-GG receivers; it can be turned off, see

"Setting GNSS Receiver Dynamics" on the next page

.) you manually delete the GNSS position, see

"Deleting the GNSS Receiver Position" on page 206

.

In the event that SecureSync cannot complete a GNSS survey within 24 hours (e.g., the survey progress does not go beyond 99%), see

"Single Satellite GNSS Receiver Mode" below .

Single Satellite GNSS Receiver Mode

The Single Satellite Mode is designed for use cases in which it is not possible for the

GNSS receiver to track at least four GNSS satellites for at least 33 minutes continuously in a 12-hour time window so as to complete the GNSS survey, i.e. obtain a 3-D fix. In such cases, SecureSync cannot operate in Standard Mode . This occurs frequently in areas with limited view of the sky (e.g., "urban canyons").

In Single Satellite Mode, the GNSS receiver will be considered a valid input reference as long as: a.

the receiver was able to complete a survey during a time window with good satellite reception, OR you have manually entered a valid position for your antenna location

(instructions can be found under

"Manually Setting the GNSS Position" on page 208

and

"Determining Your Position" on page 209

.) b.

the GNSS receiver continues to track at least one qualified satellite .

CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31 199

3.3  Managing References

Note that SecureSync is designed to provide the most accurate time in Standard Mode , hence the Single Satellite Mode should only be used if the GNSS receiver could not complete a survey. Note also that Single Satellite Mode can only be used if the SecureSync unit remains stationary at all times.

Mobile GNSS Receiver Mode

In Mobile Mode no surveys will be carried out since the position status is updated in near real-time. SecureSync will go into synchronization shortly after beginning to track satellites.

The Mobile Mode should only be selected if your SecureSync unit will NOT remain stationary at all times, i.e. instead of being operated in a building, it is installed in a mobile platform (such as a vehicle, ship, plane, etc.).

Note: With SecureSync's GNSS receiver configured in Mobile Mode , the specified accuracies of SecureSync will be degraded to less than three times that of Standard Mode .

Standard Mode accuracy of the receiver is less than 50 ns to GPS/UTC (1 sigma), hence Mobile Mode is less accurate than 150 ns to GPS/UTC time (1 sigma).

3.3.5.4

Setting GNSS Receiver Dynamics

Receiver Dynamics further refine the reception characteristics for the individual receiver modes and determine if the receiver will automatically resurvey after a reboot.

Note: This option only applies to u-blox M8T receivers and Trimble Res-T receivers (RES-SMT-GG and SAASM GPS do NOT support this.)

Caution: If you select a setting that does NOT resurvey, and subsequently relocate your unit (antenna) by more than 100 m, u-blox M8T and Trimble

Res-T receivers will NOT detect the new position, and hence provide an incorrect time.

For more information about the GNSS Survey , see

"Performing a GNSS Receiver Survey" on page 202 .

For more information on Receiver Modes , see

"Selecting a GNSS Receiver Mode" on page 198

.

200 CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31

3.3  Managing References

To change/review the GNSS Receiver Dynamics:

1.

Navigate to INTERFACES > REFERENCES: GNSS 0 .

2.

Under the Main tab of the GNSS 0 status window, the line item Receiver Dynamics will indicate the current setting.

3.

To change the setting, click Edit in the bottom-left corner. The GNSS 0 configuration window will display:

4.

Select a setting and click Submit.

Available GNSS Receiver Dynamics Settings

The following Receiver Dynamics settings are available:

Land (Resurvey) : [default]

When used with the Mobile Receiver Mode, the receiver is adjusted for typical dynamic land-based applications.

When used with the Standard Receiver Mode, this setting also will automatically initiate a resurvey after SecureSync reboots, in order to account for a possible relocation.

Sea : The receiver dynamics will be optimized for mobile motion patterns typical with marine applications, resulting in greater timing accuracy, and avoiding premature loss of synchronization.

Air : The receiver dynamics will be optimized for acceleration forces typically experienced in civil aviation applications.

Stationary (No Resurvey) : In Standard Mode, the receiver is set to a non-dynamic value for stationary applications.

There will be no automatic resurvey after a reboot. Should a unit be relocated, you need to delete its position, thus initiating a new survey.

The following table illustrates the interdependence between Receiver Dynamics, Receiver

Mode (see

"Selecting a GNSS Receiver Mode" on page 198

) and receiver type:

CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31 201

3.3  Managing References

Table 3-2: Receiver dynamics, ~modes, ~ dynamics, ~ types

Receiver Dynamics

Receiver Mode

Land

(Resurvey)

Sea Air

Stationary

(No Resurvey)

Single Satellite

Standard irrelevant irrelevant irrelevant irrelevant

Mobile (with u-blox receivers)

Mobile (with Trimble receivers)

(not recommended)

Notes:

Trimble Res-T and Res-SMT-GG receivers will report Land dynamics during a survey until the survey is complete. Then the dynamics becomes Stationary . This also indicates that the receiver has completed the survey.

The u-blox M8T receiver now uses Land to indicate it will RESURVEY on reboot, and Stationary to indicate it will not resurvey after reboot.

3.3.5.5

Performing a GNSS Receiver Survey

Note: This topic only applies to

stationary applications

– in Mobile receiver mode NO surveys will be carried out since the position is updated continuously.

When SecureSync's integrated GNSS receiver performs a survey, it tries to determine or verify its geographic position with high accuracy. An accurate geographic position is required to calculate a precise system time from the GNSS reference.

During a GNSS survey, the position will be iteratively recalculated while gradually increasing the position accuracy. A survey can take up to 33 minutes, but typically SecureSync will synchronize earlier, i.e. offer a valid Time and 1PPS reference, once it has obtained a sufficiently accurate preliminary position.

202 CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31

3.3  Managing References

Note: If a system has been moved, in Standard receiver mode and Land

Dynamics , receivers will automatically re-survey on reboot. In Standard mode and Stationary Dynamics , the unit will survey only once, and will not re-survey on reboot.

Initiating a GNSS Survey

Depending on the GNSS receiver model installed in your SecureSync, the default behavior is either: a.

that the GNSS receiver detects if the SecureSync has been relocated, and hence will initiate a GNSS survey to determine the new position b.

or that a power cycle, or a reboot will automatically initiate a GNSS survey.

To reboot your unit, navigate to TOOLS > SYSTEM: Reboot/Halt .

While a (re-)survey is crucially important if a SecureSync unit has been relocated, e.g. when commissioning a new unit, it is normally not required if a stationary unit is rebooted for other reasons. To turn off this functionality, see

"Setting GNSS Receiver Dynamics" on page 200 .

Note: Behavior (a.) applies to most Trimble

®

(b.) applies to u-blox ® receivers.

receiver types, while behavior

Verifying GNSS Survey Progress

To see if SecureSync's GNSS receiver is performing a survey and if so, verify its progress:

1.

Navigate to INTERFACES > REFERENCES: GNSS 0 .

2.

The survey status (ACQUIRING, COMPLETE, or progress in percent) is displayed under the line item Survey Progress.

CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31 203

3.3  Managing References

204

Note: Once a survey has been initiated, the Survey Progress may not be displayed right away until the receiver has completed its initialization process.

3.3.5.6

GNSS Receiver Offset

The Offset setting in the GNSS configuration window ( INTERFACES > GNSS 0 > " Edit ") allows you to enter an offset to the GNSS time and 1PPS reference in order to account for antenna cable delays or other latencies (entered and displayed in nanoseconds).

By setting the correct Offset value, you can offset the system’s on-time point by the Offset value to compensate for the antenna and in-line amplifier delays. Under typical conditions, the expected cable and amplifier delays are negligible. You can calculate the delay based on the manufacture’s specifications.

The offset range is ±½ seconds (i.e. ±500 ms, or ±500 000 000 ns). The default value is

0 nanoseconds, and the resolution is 1 nanosecond.

Configuring a GNSS receiver offset

To configure the GNSS receiver offset:

1.

Navigate to Interfaces > References: GNSS Reference

2.

Click on the GEAR button next to the GNSS Reference. The GNSS 0 window will open:

CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31

3.3  Managing References

3.

Locate the Offset field, and enter the desired value.

4.

Click Submit.

Calculating cable delay

The following formula can be used to calculate antenna cable delay:

D = ( L * C ) / V

Where:

D = Cable delay in nanoseconds

L = Cable length in feet

C = Constant derived from velocity of light: 1.016

V = Nominal velocity of propagation expressed as decimal, i.e. %66 = 0.66 Value is provided by cable manufacturer.

When using Orolia LMR-400 or equivalent coaxial cable, this formula equates to approximately 1.2 nanoseconds of delay per every foot of cable. To calculate the Offset value

(cable delay), multiply the length of the entire cable run by “1.2” and then enter this value into the Offset field.

E x a m p l e s o f c a b l e d e l a y s :

L M R - 4 0 0 ( o r

100 feet of cable = 120 nanoseconds of cable delay

200 feet of cable = 240 nanoseconds of cable delay e q u i v a l e n t ) c o a x

300 feet of cable = 360 nanoseconds of cable delay

3.3.5.7

Resetting the GNSS Receiver

The Reset Receiver command causes the GNSS receiver to execute a cold start: All data will be erased from the volatile receiver memory. Only non-volatile memory is preserved.

CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31 205

3.3  Managing References

Caution: Resetting the GNSS receiver may become necessary in the rare event of internal communication issues, and is typically ONLY required if

Orolia Technical Support advises you to execute this command.

Note that resetting the GNSS receiver is not the same as

"Deleting the GNSS Receiver

Position" below .

To reset the GNSS Receiver:

1.

Navigate to Interfaces > References: GNSS Reference

2.

Click on the GEAR button next to the GNSS Reference. The GNSS 0 window opens:

206

3.

Locate the Reset Receiver box, check it, and click Submit.

3.3.5.8

Deleting the GNSS Receiver Position

The SecureSync timing system requires the exact geographic position in order to calculate the exact system time from the GNSS signal.

The Delete Position command deletes the GNSS antenna position data that is stored in the non-volatile memory of the GNSS receiver.

The deletion of the position data will automatically initiate a new GNSS self survey , provided: a GNSS antenna is connected to SecureSync the GNSS receiver can track at least four satellites continuously and the GNSS receiver it is configured to operate in Standard Mode .

The objective of the GNSS Survey is to re-discover the current antenna position.

Note: A self survey will take at least 2000 seconds (33 minutes).

CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31

3.3  Managing References

Relocating SecureSync

The Delete Position command may need to be used if a SecureSync system is physically moved, and it did not self-initiate a new survey automatically, as is the case with u-blox

M8T-series receivers (see also

"Determining Your GNSS Receiver Model" on page 195 ).

Note that neglecting to delete the old position data and discover the new position data will cause SecureSync not to go into synchronization state.

Note: Software versions 5.4.5 and above by default will initiate a resurvey on reboot. See

"Setting GNSS Receiver Dynamics" on page 200

.

Sanitization

The Delete Position command must also be used when sanitizing a SecureSync unit

(ensuring that no trace of position data remains on the unit). See

"Sanitizing the Unit" on page 333 .

Deleting the GNSS position

To delete the GNSS position:

1.

Disconnect the GNSS antenna from the SecureSync unit (this is required only when sanitizing the unit).

2.

Navigate to Interfaces > References: GNSS Reference . 

3.

Click on the GEAR button next to the GNSS Reference (typically, there is only one reference, numbered "0"). The GNSS 0 window will open:

Locate the Delete Position box, check it, and click Submit.

4.

SecureSync will initiate a GNSS self survey.

CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31 207

3.3  Managing References

Note: In Mobile Receiver Mode it is NOT possible to delete the position and start the GNSS survey. This feature is only available in Standard Mode and in Single Satellite Mode . In Single Satellite Mode a GNSS survey may take up to 24 hours.

3.3.5.9

Manually Setting the GNSS Position

Note: This topic applies only to mode, or Single Satellite mode.

stationary applications

, i.e. to Standard

The exact geographic position (location and elevation) of the antenna your SecureSync unit—and thus its onboard GNSS receiver—is a major factor for SecureSync to calculate an accurate System Time from the GNSS reference.

Note: The elevation (altitude) should be set in accordance with the World

Geodetic System 1984 ( WGS 84 ), not Mean Sea Level (MSL).

Normally, the onboard GNSS receiver will track and adjust the antenna position during the so- called GNSS self survey , which is performed during initial commissioning of a

SecureSync unit, or when rebooting a unit after it had been powered down for some time

("cold start").

Depending on where your GNSS antenna is installed and thus, how good the reception is, the self survey may be adequate for most applications.

Setting a Manual Position , however, i.e. manually applying your current geographic position data (Latitude, Longitude, and Altitude) may be necessary if your GNSS receiver could not complete its survey due to poor reception.

In some cases, setting the position manually may also help to reduce the amount of time needed for the initial position "fix", i.e. for SecureSync to synchronize with the satellites in view.

Note that this position will also be used if Apply A-GPS Data is checked.

To manually set your position:

1.

Determine your geographic position. For more information, see

"Determining Your

Position" on the facing page

.

2.

Navigate to INTERFACES > REFERENCES: GNSS 0 . In the GNSS 0 status window, click Edit in the lower left corner. The GNSS 0 window will open:

208 CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31

3.3  Managing References

3.

Under Manual Position Set accurately enter latitude , longitude (both in decimal degrees), and altitude (in meters [ WGS 84 ]) of your GNSS antenna, SecureSync can use this data during the satellite tracking/adjustment process, which typically leads to a quicker "fix". It is recommended to enter the position as accurately as possible.

Determining Your Position

Note: This topic only applies to receiver mode is

not

set to Mobile .

stationary applications

, i.e. the GNSS

In case your geographic antenna position is not already known, there are several ways to determine it e.g., using a GPS-enabled device, such as a smart phone.

Google Maps™ is another option, described below.

R e a s o n s f o r m a n u a l l y e n t e r i n g y o u r p o s i t i o n

Manually entering your position may not only reduce the time to “first fix” during initial installation, it may also enable the unit to synchronize to satellite timing signals if your GNSS reception is poor.

After manually entering the position data, SecureSync will automatically check the status of the

GNSS receiver:

If no GNSS-based position data is available (yet), SecureSync will provide the GNSS receiver with the manually entered position.

CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31 209

3.3  Managing References

To determine your GNSS position, using Google Maps™:

1.

On your computer, open

Google Maps

.

2.

In Google Maps, locate your building, and the location of your antenna.

3.

Right-click on the location. Select What's here?

At the bottom, you will see a card with the coordinates.

4.

Take note of your decimal position (e.g., 43.083191, -77.589718).

Note: Should you prefer to determine your position in a different way, and as a result, have your latitude & longitude data in degrees/minutes/ seconds, you need to convert this data to the decimal format e.g., by using a conversion tool, such as Earth Point

www.earthpoint.us

, or

https://www.fcc.gov/media/radio/dmsdecimal

:

210

5.

Determine your altitude : To find the elevation of your location, search online for a

Google Maps elevation finder tool. Do not forget to add the height above ground for your antenna.

If a more exact altitude is desired, the use of a topographical map is recommended. Applying the

WGS 84

standard will likely yield the most accurate elevation.

CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31

3.3  Managing References

3.3.5.10 GNSS Constellations

Depending on the GNSS receiver installed in your unit (see

"Determining Your GNSS

Receiver Model" on page 195

), SecureSync allows you to select which GNSS constellations can be tracked. For example, you can determine if you want GLONASS satellites to be tracked (besides GPS).

Selecting GNSS Constellations

If your SecureSync is equipped with a GNSS receiver other than a Res-T model, it is capable of tracking multiple GNSS constellations simultaneously.

Note: As of System software version 5.7.0, the Multi GNSS Option is no longer required to receive several constellations simultaneously. After an upgrade, the previous constellation settings will be maintained.

To learn more about determining which receiver model is installed in your unit, and which

GNSS constellations and combinations are supported, see

"Determining Your GNSS

Receiver Model" on page 195

.

In new SecureSync units, per default both GPS , and Galileo are enabled. Either selection can be disabled, but not both of them (if both are turned off, no changes will be saved and the last constellation setting will be preserved).

To verify if satellite signals for the selected GNSS constellations are currently received, see

"Determining Which GNSS Satellites Are Received" on page 213

.

Configuring GNSS Constellations

To configure which GNSS constellations SecureSync's GNSS receiver shall track:

1.

Navigate to INTERFACES > REFERENCES: GNSS Reference .

2.

Click the GEAR button next to GNSS 0 . The GNSS 0 window will open:

CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31 211

3.3  Managing References

212

3.

Under Selected Constellations , review which constellations are currently tracked, and apply your changes. Note the following:

The u-blox M8T receiver is capable of receiving multiple GNSS constellations simultaneously; the table below shows which combinations are possible:

GPS Galileo GLONASS BeiDou

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

Note: The augmentation systems SBAS and QZSS can be enabled only if GPS operation is enabled.

CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31

3.3  Managing References

Note: Should you select more than 3 + QZSS constellations, you will receive a Constellation Error once you click Submit

( ConstError ).

About QZSS

QZSS is disabled by default. In order to receive QZSS signals, you must either be located in the Japan region, or use a GNSS simulator (such as Orolia GSG-5 or -6 Series).

QZSS is not considered a standalone constellation and while SecureSync allows you to enable QZSS by itself, it is recommended to use it in combination with GPS.

Determining Which GNSS Satellites Are Received

To see which GNSS satellites your SecureSync is currently receiving:

1.

Navigate to INTERFACES > REFERENCES: GNSS 0 .

2.

The GNSS 0 status window will open:

3.

Under Identified Satellite Signal Strengths hover with your cursor over the bars:

The letter in the tooltip window displayed for each signal bar indicates which

CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31 213

3.3  Managing References constellation the satellite belongs to:

Letter symbol GNSS Constellation

G

R

GPS

GLONASS

C

I

E

J

Galileo

QZSS

BeiDou

IRNSS

The number next to the letter indicates the satellite number. The number below indicates the signal strength (C/N o

).

3.3.5.11

A-GPS

A-GPS stands for Assisted GPS . This widely-used technology involves providing additional data to the GNSS receiver by an alternative means of communication (e.g., via IP, or by manual data entry), thereby reducing the time for the receiver to acquire and track the actual satellite signals. This may lead to a significantly shorter time for SecureSync to deliver a GNSS-based timing signal upon a “cold start” of the unit.

A-GPS client

The A-GPS client is used to send assistance data to the GPS receiver. This is most useful in areas with poor GPS reception.

The A-GPS client functionality is only available with the following GNSS receiver models:

Res-SMT GG u-blox M8T

A-GNSS server

An A-GNSS server allows a SecureSync unit to operate as a server, thus providing A-

GNSS ephemeris and almanac data to other client devices e.g., a Spectracom GSG-series

GNSS simulator.

The A-GNSS functionality largely depends on the GNSS receiver model installed in your unit:

Res-SMT GG: Produces server files only for GPS u-blox M8T: Produces server files for GPS, BeiDou, Galileo Rinex3 and Almanac

214 CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31

3.3  Managing References

Caution: Do NOT use GLONASS when operating SecureSync as an A-GNSS server, since this will likely crash the A-GNSS software.

To determine which GNSS receiver model is installed in your SecureSync unit, see

"Determining Your GNSS Receiver Model" on page 195 .

Configuring A-GPS

To review or configure SecureSync's A-GPS settings:

1.

Navigate to INTERFACES: REFERENCES > GNSS Reference . The GNSS screen will be displayed.

2.

In the GNSS Reference panel on the right, click the GEAR button next to GNSS 0 .

3.

In the GNSS 0 window, locate the A-GPS panel at the bottom.

Note: The options displayed on your screen depend on your system configuration.

4.

Configure the menu options as required:

Enable A-GPS Client

This feature will schedule assistance data to be collected and updated every hour. On startup, if data is present, it will be sent to the receiver.

CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31 215

3.3  Managing References

Apply A-GPS Data

If this option is selected, SecureSync will immediately apply the time, position and satellite data to the receiver once you click Submit .

Time and position are user-configurable via the next two menu options; SecureSync collects A-GPS satellite data from an external source automatically. 

Note: Once you click Submit , any parameters entered under Apply A-GPS

Data will override the System time and position data. Exercise caution when using this feature, since it could negatively impact the GNSS receiver operation.

Use Current System Time

Apply SecureSync's currently used System time to the GNSS receiver.

Set System Time

Enter a specific date and time, instead of the System time. This may be useful if the System time is known to be incorrect, or if you need a time in the past or future e.g., for simulation purposes. Enter the date and time by using the displayed calendar and time sliders.

Manual Position Set

By accurately entering latitude , longitude (both in decimal degrees), and altitude (in meters, WGS-84) of your antenna, SecureSync can use this data during the satellite tracking/adjustment process, which typically leads to a quicker "fix". It is recommended to enter the position as accurately as possible. For more information, see

"Manually Setting the

GNSS Position" on page 208 .

Note: When manually setting a position, SecureSync must be in one of the stationary modes, Standard or Single Satellite (see "Receiver Mode" above).

Generate RINEX/YUMA Files

Note: Regardless of which receiver is installed in your unit, the GNSS [x]

Status window will display the text " Server A-GNSS Status/Data ", even though RES-SMT GG receivers support only GPS server functionality.

216 CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31

3.3  Managing References

RES-SMT GG receiver

If the option RINEX Server License ( OPT-AGP ) and a RES-SMT GG GNSS receiver are installed on your SecureSync, it can be operated as an A-GPS server . An A-GPS server allows the collection of RINEX3-formatted navigation files and GPS almanac files. These files can then be accessed by other devices (e.g., GSG-series signal simulators) on your network, making this SecureSync unit a valid source for A-GNSS ephemeris and almanac data.

M8T receiver

If the option RINEX Server License ( OPT-AGP ) and a u-blox M8T GNSS receiver are installed on your SecureSync, it can be operated as an A-GNSS server by providing you the option to select not just GPS, but also Galileo, GLONASS, and/or BeiDou, thus allowing the collection of RINEX3 navigation files and almanac files for the GPS, Galileo, GLONASS, and/or BeiDou constellations.

Based on accessible and valid GNSS data, SecureSync generates its own ephemeris and almanac data, and stores it in RINEX files and YUMA files, respectively.

Note: RINEX files (ephemeris data) must be updated no later than every 2 hours, because the ephemeris data is valid for 4 hours.

Note that you can specify for a Trimble RES-SMT GG receiver how often the RINEX3 data is updated (" Generate Rinex File Every ... second "). This is not needed for u-blox M8T receivers since their data will be updated as needed automatically.

You can also determine how often, or at what time each day the YUMA almanac files will be created. Also, you can assign a 4-character Station Name to be used in the files generated by this unit so that their location can later be identified. Under Record Duration , you can determine after how many days the history files will be overwritten.

Note: YUMA files (almanac data) are valid for day.

The files can be remotely accessed via the

/pub path on the SecureSync or via the mapped drive.

Confirming that the A-GPS RINEX Server License is installed on your unit

Navigate to TOOLS > SYSTEM: Upgrade/Backup . In the System Configuration panel the option OPT-AGP A-GPS RINEX Server must be present.

Activating the A-GPS RINEX Server License functionality

CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31 217

3.3  Managing References

If an A-GPS RINEX Server License is installed on your unit, you have to activate it:

1.

Navigate to INTERFACES > GNSS Reference , and click the GEAR button next to

GNSS 0 .

2.

In the A-GPS panel, check the box Generate RINEX/YUMA Files and populate the following options:

218

Trimble RES-SMT GG receivers only: RINEX File Every : [default = 10 s]

Generate YUMA once a day :

If checked [default], enter the desired-time-of-day in the field YUMA

File At [default = 12:00].

If unchecked, determine how often a YUMA file is generated under

YUMA File Every [default=10 s; range = 10 s to 86400 s (1/day)].

Station Name : Enter an alphanumeric 4-letter station name for the server

[default: name.

spec ]. The names of the files generated will include the station

Record Duration : Determine the duration for how long to keep the generated data before it gets overwritten [default: 7 days; range = between 2 and 400 days]

3.

Click Submit to start logging ephemeris and almanac data.

4.

Once you submitted the changes, verify that the setup was successful by clicking on

Status , and confirming that the indicator lamp for Server A-GPS Status is green/ENABLED. The Server A-GPS Data indicator will be green if the RINEX server is running and the GPS receiver is valid in time and PPS.

Downloading RINEX/YUMA data

Any device that can use RINEX data, can be directed to the locations where they are stored. For example, Orolia's GSG-series GNSS simulators allow for a server location to be set. With other equipment, you can also download the data to your computer, and then move the files to where they are needed.

CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31

3.4  Holdover Mode

To download the data to a client computer, point your computer's web browser to the following address:

For hourly ephemeris data: http://[IP address of your unit]/files/pub/gps/data/hourly/[YYYY]/[ZZZ]/hour[ZZZ]0.15n.Z

For daily ephemeris data: http://[IP address of your unit]/files/pub/gps/data/daily/[YYYY]/[ZZZ]/15n/spec[ZZZ]0.15n.Z

For almanac data: http://[IP address of your unit]/files/pub/gps/data/almanac/[YYYY]/[ZZZ]/[ZZZ].alm

Where: YYYY : Year (Example: "2017"), and ZZZ : Day of year (Example: "050" for 19-

February)

3.4

Holdover Mode

When input references have been supplying input to SecureSync and input from all the references has been lost, SecureSync will not immediately declare loss of time synchronization, but first will go into Holdover mode. While the unit is in Holdover mode, the time outputs are derived from the internal 10 MHz oscillator incrementing the System

Time, but the oscillator is not disciplined/steered by the external reference e.g., GNSS.

Because of the stability of the internal oscillator, accurate time can still be derived even after all the primary references are no longer valid or present. The more stable the oscillator is without an external reference, the longer this holdover period can be and have it still maintain very accurate outputs. The benefit of Holdover is that time synchronization and the availability of the time outputs is not immediately lost when input references are no longer available.

CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31 219

3.4  Holdover Mode

While SecureSync is in Holdover, the only difference is the Holdover and associated Minor alarm are asserted. There are no changes to NTP or any of the other outputs, i.e. while in

Holdover mode, NTP inside SecureSync continues to be at the same Stratum level it was at before going into Holdover mode (such as Stratum 1 when synced to GPS). Should the

Holdover period expire, however, or the unit is rebooted, the NTP Stratum will go to 16, preventing any clients from being able to sync with SecureSync until GPS or another reference has been restored.

How long will the unit remain in Holdover mode?

SecureSync will remain in Holdover mode until either: a.

Any enabled and valid input reference becomes available again: If one or more references return and are declared valid before the Holdover period has expired (even momentarily, i.e. for at least one second), SecureSync exits the Holdover mode and returns to its fully synchronized state.

b.

The Holdover Timeout period expires. In this case, SecureSync will declare loss of synchronization.

Note that Holdover mode does not persist through reboots or power cycles. If a reboot or power cycle occurs while SecureSync is in Holdover mode, it will power-up and remain in a

“ not synchronized ” state until at least one valid Time and 1PPS input reference becomes available again. While in this state, NTP will be Stratum 15 and outputs will not be usable. If the input references are restored and then lost or declared not valid again, SecureSync will then go back into Holdover mode.

What is "Holdover Timeout"?

Holdover Timeout is the user-configurable allowable time period in which SecureSync remains in Holdover mode before it declares loss of synchronization. Holdover Timeout can be adjusted according to application-specific requirements and preferences. See below for recommendations on how long (short) the Holdover Timeout should be.

How to configure Holdover Timeout

To set the Holdover Timeout value:

Navigate to MANAGEMENT > OTHER: Disciplining , and click the GEAR icon in the

Status panel:

220 CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31

3.4  Holdover Mode

For more information on the TFOM value and Phase Error Limit, see

"Configuring the Oscillator" on page 226 .

Note: Changes made to the Holdover Timeout always take effect immediately. If SecureSync is in Holdover and the Holdover timeout is changed to a value that is less than the current time period that SecureSync has been in Holdover Mode, the unit will immediately declare loss of synchronization.

What is the recommended setting for the Holdover Timeout period?

The factory default Holdover period is 2 hours (7200 seconds) . The value can be increased to up to 5 years. During this time period, SecureSync will be useable by its NTP clients (or other consumers) after GNSS reception has been lost.

The length of time is really based on the type of oscillator installed in a unit, and what the typical accuracy requirements are for the NTP clients. The longer it can run in Holdover mode before it expires, the longer it can continue being a central time source for all of its clients. But the longer SecureSync runs in Holdover, the larger the offset to true UTC time will become, because the undisciplined oscillator will drift over time:

The better the type of oscillator installed, the more stable it is while in Holdover and therefore, the less its time will drift away from true UTC time. This results in more accurate timing, over extended durations upon the loss of GPS input. For instance, a Rubidium

CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31 221

3.4  Holdover Mode oscillator will maintain significantly better time over a longer Holdover duration than a

TCXO oscillator (TCXOs are considerably less stable than a Rb oscillator).

Oscillator Phase Drift

The chart below provides typical stability performance for the oscillator types that can be found in SecureSync units. These numbers are based on the oscillator being locked to a reference for two weeks, but then loses GPS reception for an extended period of time, while the ambient temperature remains stable.

This data can help you determine how long of a Holdover period can be tolerated, based on how much time drift may occur after GPS input is lost. The larger the time error that can be tolerated by SecureSync clients, based on the oscillator installed, the larger the Holdover timeout period can be set to.

Table 3-3: Estimated Phase Drifts

1PPS Phase Drift in Holdover

(no reference available)

TCXO OCXO

After 4 hours

After 24 hours

Low Phase Noise

OCXO

12 µs 1µs

450

µs

0.5 µs

25 µs 10 µs

Rubidium

0.2 µs

1µs

Low Phase Noise

Rubidium

0.2 µs

1µs

To find out which type of oscillator is installed in your SecureSync, navigate to

MANAGEMENT > OTHER: Disciplining , and look for the line item Oscillator Type in the

Status panel.

Typical Holdover lengths

The length of the allowed Holdover Timeout period is displayed and configured in seconds.

The table below provides example conversions for typically desired Holdover periods.

Table 3-4: Typical Holdover lengths in seconds

Desired Holdover Length Holdover Length (in seconds) to be entered

2 hours

24 hours

7 days

30 days

1 year

7200 seconds (default value)

86 400

604 800

2 419 200

29 030 400

222 CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31

3.5  Managing the Oscillator

Note: Due to Leap Seconds that are periodically inserted into the UTC and

Local timescales, it is not normally recommended to exceed 30 days of Holdover without an external reference that can supply Leap Second information being applied (such as GNSS).

Configuring a Holdover value exceeding 30 days could result in a one-second time error in the UTC or Local timescales until an external reference (GNSS or IRIG input) is restored or a manually configured Leap Second is asserted by a user (leap seconds do not affect the

GPS and TAI time scales).

If no external references (such as GNSS or IRIG) are available when a Leap Second is scheduled to occur, manual Leap Seconds can also be applied to the UTC or Local time base; see

"Leap Seconds" on page 160

.

If the Holdover Timeout has expired, do I need to reset the clock once GPS becomes available again?

No, the Holdover timer is automatically reset as soon as at least one reference has been restored/returned for at least one second. If GPS is restored and then lost again moments later, the Holdover timer starts again with its full value. If its set to one week in this case, it then gets another week of Holdover operation before NTP goes to Stratum 16 (if GPS remained unavailable for the entire week).

Holdover mode and the User/User reference

If the only available input reference is a manually set User time, and SecureSync is subsequently rebooted or power cycled, time sync will be lost when SecureSync powers backup. The time will need to be set manually again in order for SecureSync to return to its fully synchronized state. See

"The "User/User" Reference" on page 173

and

"Manually Setting the Time" on page 155

for more information.

3.5

Managing the Oscillator

The purpose of the built-in oscillator is to provide SecureSync with an accurate and very stable internal frequency source. This allows SecureSync to go into a holdover mode in the event that external time or frequency references are lost or become invalid. However, the oscillator can also be used as a legitimate 1PPS reference during normal operation, in conjunction with an external time reference (for more information, see

"Configuring Input

Reference Priorities" on page 168

.)

CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31 223

3.5  Managing the Oscillator

SecureSync’s internal oscillator is normally disciplined to an input reference (such as GNSS,

IRIG input, 1PPS input, etc.) in order to provide the highest degree of oscillator accuracy and to account for oscillator drift. While disciplining (with a 1PPS input reference input present and valid), the oscillator’s output frequency is monitored and based on the measured frequency, the oscillator is steered to maintain a very accurate 10 MHz output. If no valid 1PPS input references are present (or input references are present but not considered valid), the oscillator will be in Freerun mode instead.

If no external input reference such as GNSS, IRIG, etc. is available (or is temporarily lost),

SecureSync may become an NTP Stratum 2 or higher reference. If so configured,

SecureSync can use a reference such as an NTP daemon, referred to as a Host

Reference . If the Host Reference becomes active, it will automatically take over the disciplining of the oscillator. This built-in functionality is referred to as Host Disciplining .

224

Figure 3-3: Host disciplining

Note: Host disciplining is NOT supported by SecureSync units that are equipped with a Rubidium oscillator.

The Oscillators Settings page provides the user with some control of the disciplining process. This page is also used to configure the length of time SecureSync is allowed to remain in the Holdover mode when all references are lost.

3.5.1

Oscillator Types

SecureSync units are available with different types of internal oscillators:

CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31

3.5  Managing the Oscillator

TCXO (Temperature-Compensated Crystal Oscillator) one of two different types of OCXO (Oven-Controlled Crystal Oscillator) oscillators, or one of two different types of Rb (Rubidium) oscillators.

The two different types of OCXO oscillators are a precision OCXO oscillator and a high-precision (low phase noise) OCXO oscillator. The two different types of Rubidium oscillators are a precision Rubidium oscillator and a low-phase noise Rubidium oscillator. All of these internal oscillators are self-calibrating and can be disciplined to a 1PPS input reference for maximum accuracy.

To determine which oscillator is installed in your SecureSync unit, navigate to

MANAGEMENT > OTHER: Disciplining . The first entry in the Status panel on the left indicates the type of oscillator:

Because of its high degree of stability, the Rubidium oscillator provides the greatest ability to extend the hold-over period when input references are not present. Extending the hold-over period allows the unit to provide very accurate and useable time stamps and a 10

MHz output for a longer period of time once time synchronization has been lost.

Note: Oscillators are installed at the factory, in accordance with order specifications; an oscillator cannot be swapped/retrofitted later in the product life cycle (with the exception of repairs).

The Rubidium oscillator is atomic in nature but requires no MSDS (Material Safety Data

Sheet).

For additional information on oscillator accuracies, see

"10 MHz Output" on page 25 .

Note: External Oscillator : It is possible for an external oscillator to be locked to SecureSync's 10 MHz output via an external PLL, with the lock state of the external PLL monitored by SecureSync. Contact Orolia for more information.

CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31 225

3.5  Managing the Oscillator

3.5.2

Configuring the Oscillator

SecureSync is equipped with an internal oscillator. To configure the oscillator settings:

1.

Navigate to MANAGEMENT > OTHER: Disciplining .

2.

Click the GEAR icon at the top of the Status panel. The Oscillators Settings window will display:

226

3.

Populate the fields:

Maximum TFOM for Sync : When TFOM (Time Figure of Merit, see also

"Time Figure of Merit (TFOM)" on the facing page ) is greater than Max

TFOM, disciplining will still be attempted against the selected reference to improve the TFOM. If the condition persists, the system will transition to holdover, and eventually out of sync. When disciplining is performed such that

TFOM is no longer greater than max TFOM, the system will transition back into sync.

Holdover Timeout(s) : The default is 7200 s (= 2 hours).

For more information on holdover timeouts, see

"Typical Holdover lengths in seconds" on page 222 . For additional information on holdover, see

"What is

"Holdover Timeout"?" on page 220

.

Phase Error Limit : [Default=0 (disables this feature)]. Setting a Limit (valid for +/-) for the Phase Error between an external 1PPS reference and the System 1PPS will cause the disciplining tracking to restart automatically (after a few minutes delay) if that limit is exceeded. This will help to quickly re-align the System 1PPS with a reference.

When using a Host Reference as a primary or backup reference, for improved performance it is recommended to set the phase error limit for NTP to a sug-

CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31

3.5  Managing the Oscillator gested value of 100000 ns (= 100 µ second). Adjust this value as needed, based on your accuracy requirements.

Restart Tracking : Check this box, and click Submit if you want to manually restart disciplining tracking.

This option causes the disciplining algorithm to stop tracking the input reference and start over (as if it was just acquired). This can be useful if there is a large phase offset between reference 1PPS and system 1PPS, as it may occur when going back into sync to the external reference after a long holdover. A

Restart Tracking will re-align the system 1PPS with the reference 1PPS very quickly, but may cause the 1PPS output to jump.

Recalibrate : In rare cases, existing calibration data may no longer be suitable to calibrate the oscillator. This function will delete the existing calibration data, and begin a new calibration process (not applicable for low phase-noise Rubidium oscillators).

1PPS Phase Validation : Turn ON Smart Reference Monitoring. See

"Reference Monitoring: Phase" on page 284 .

Always Restart Tracking After Sync : When selected, this option will ensure that every time the unit exits holdover, the discipline tracking is restarted. It should be noted that this setting will only restart the tracking once when using the Phase Error Limit, unless the unit re-enters holdover.

4.

Click Submit.

3.5.2.1

Time Figure of Merit (TFOM)

The TFOM reflects the estimated error range values between the reference 1PPS (such as GPS 1PPS) and the System 1PPS which is being aligned to the 1PPS. The estimated error is referred to as the 1PPS Phase error. TFOM values are ranges of these phase errors.

The larger the phase error estimate, the larger the TFOM value will be. For example,

TFOM 3 is reported when the estimated phase error is any value between 10 ns to less than 100 ns of the offset between the selected 1PPS reference and the system’s 1PPS.

TFOM is SecureSync’s estimation of how accurately it is synchronized with its time and

1PPS reference inputs, based on several factors, known as the Estimated Time Error or

ETE. The larger the TFOM value, the less accurate SecureSync believes it is aligned with its 1PPS input that is used to perform disciplining. If this estimated error is too large, it could adversely affect the performance of oscillator disciplining. The available TFOM range is 1 through 15. You may refer to the following for the TFOM to ETE conversions:

1

Table 3-5: TFOM to ETE conversion

Reported TFOM Value Estimated Time Error (ETE)

<= 1 nsec

CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31 227

3.5  Managing the Oscillator

Reported TFOM Value Estimated Time Error (ETE)

10

11

12

13

14

15

8

9

6

7

4

5

2

3

1 nsec < ETE <= 10 nsec

10 nsec < ETE <= 100 nsec

100 nsec < ETE <= 1

1 μ

10 sec < ETE <= 10

μ

100 μ

ETE > 10000 sec

μ

μ sec sec sec < ETE <= 100 μ sec sec < ETE <= 1 msec

1 msec < ETE <= 10 msec

10 msec < ETE <= 100 msec

100 msec < ETE <= 1 sec

1 sec < ETE <= 10 sec

10 sec < ETE <= 100 sec

100 sec < ETE <= 1000 sec

1000 sec < ETE <= 10000 sec

Example

TFOM is a value between 1 and 15. TFOM can never exceed the default MaxTFOM value of 15.

Typically the MaxTFOM requires no adjustment, but in some instances it may be advisable to decrease MaxTFOM so that TFOM can potentially exceed it: For example, by lowering the MaxTFOM to “5” it is now possible for TFOM to be always higher than the MaxTFOM value:

Assuming the MaxTFOM is set to 5 and the TFOM happens to go to a 6, i.e. TFOM is now exceeding MaxTFOM. This condition will cause a 1PPS out of specification alarm to be asserted and the oscillator disciplining will change in order to speed-up the alignment of the system 1PPS to the selected reference (causing it to take less time getting closer into alignment with the reference):

This will cause the TFOM to start to decrease faster. Once TFOM no longer exceeds

MaxTFOM because the System 1PPS is now much closer to the reference 1PPS , the disciplining slows back down again as the system 1PPS continues to be brought into alignment with the selected 1PPS input.

3.5.3

Monitoring the Oscillator

The Oscillator Management screen provides current and history status information on disciplining state and accuracy.

228 CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31

3.5  Managing the Oscillator

To access the Oscillator Management screen:

1.

Navigate to MANAGEMENT > OTHER: Disciplining .

2.

The Oscillator Management screen will display. It consists of two panels:

The Oscillator Status Panel

This panel provides comprehensive information on the current status of SecureSync's timing state.

Oscillator Type : Type of oscillator installed in the unit.

Disciplining State : State of oscillator control and disciplining; indicates whether or not the internal oscillator is currently being disciplined (steered to an input reference). The states are: "Warm up", "Calibration", "Tracking Setup", "Lock State",

"Freerun", and "Fault".

1PPS Phase Error : A tracking measurement [scaled time, in ns, or ms] of the internal

1PPSs' phase error with respect to the selected input reference. Long holdover periods or an input reference with excessive jitter will cause the phase error to be high.

The oscillator disciplining control will gradually reduce the phase error over time.

Alternatively, restarting the tracking manually (see "Restart Tracking" under

"Configuring the Oscillator" on page 226

), or automatically via a pre-set Phase Error

Limit, will quickly reduce the phase error.

10 MHz Frequency Error : An internal estimated calculation (in Hertz) of the internal oscillator's frequency error, based on the phase accuracy error at the beginning and

CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31 229

3.5  Managing the Oscillator end of a frequency measurement window (the length of this window will vary depending upon the type of oscillator installed and the oscillator adjustment algorithm).

Current DAC Setting : Current DAC value, as determined by the oscillator disciplining system. The value is converted into a voltage that is used to discipline the oscillator. A stable value over time is desirable and suggests steady oscillator performance (see also the graph in the History Panel).

DAC Step : Step size for adjustments to the internal oscillator, as determined by the oscillator disciplining system. Larger steps = quicker, but coarser adjustments. The step size is mainly determined by the type of oscillator.

TFOM : The Time Figure of Merit is SecureSync’s estimation of how accurately the unit is synchronized with its time and 1PPS reference inputs, based on several factors, known as the Estimated Time Error or ETE. The larger the TFOM value, the less accurate SecureSync believes it is aligned with its 1PPS input that is used to perform disciplining. If this estimated error is too large, it could adversely affect the performance of oscillator disciplining. The available TFOM range is 1 through 15.

Max TFOM for Sync : Value, as set under

"Configuring the Oscillator" on page 226

Temperature(s) : Three temperatures are displayed:

Oscillator temperature, which has an effect on oscillator accuracy, and therefore can be used to interpret oscillator performance.

Board temperature (measured on the main board, sometimes also referred to as 'System temperature')

CPU temperature

Note: Oscillator temperature is plotted over time in the History panel on the right, while graphs for board and CPU temperature can be found under TOOLS > SYSTEM: System

Monitor .

Note that older SecureSync units may not be equipped with temperature sensors yet. (Can be retrofitted, please contact Spectracom.)

For more information, see

"Temperature Management" on page 300

.

Last Time Reference Change : [Timestamp: Last occurrence]

Last 1PPS Reference Change : [Timestamp: Last occurrence]

Last TFOM Change : [Timestamp: Last occurrence]

230 CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31

3.5  Managing the Oscillator

Last Sync State Change : [Timestamp: Last occurrence]

Last Holdover State Change : [Timestamp: Last occurrence]

The Oscillator History Panel

The Oscillator History Panel offers real- time graphical monitoring of SecureSync’s internal timing. The following graphs plot key oscillator-relevant data over time::

Phase Error Magnitude : See

1PPS Phase Error

Frequency Error : See

10_MHz_Frequency_Error

Scaled DAC Value : See

DAC Step

Oscillator Temperature , which has an effect on oscillator accuracy, and therefore can be used to interpret oscillator performance. See also

"Temperature Management" on page 300

,

"The Oscillator Status Panel" on page 229 .

You can zoom in on any of the graphs by grabbing the handles at either end and pulling them inwards. The graph will focus in on the time interval you choose in real time.

Clicking on the Delete icon in the top-right hand corner will erase all current oscillator log data.

Clicking on the Download arrow icon will download the latest oscillator log data as a .

csv file.

3.5.4

Oscillator Logs

To export, or delete the oscillator logs:

1.

Navigate to MANAGEMENT > OTHER: Disciplining .

2.

To download the log file: In the History panel, click the downwards pointing

ARROW icon. in the top-right corner:

3.

The log file will be downloaded onto your local computer. Its name is oscillatorStatusLog.csv

. Depending on the operating system you can open the file, or save it locally.

CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31 231

3.5  Managing the Oscillator

To delete the log file, click the TRASH CAN icon, and confirm.

232 CHAPTER 3 • SecureSync 1200 User Reference Guide Rev. 31

System Administration

The following topics are included in this Chapter:

4.1 Powering Up/Shutting Down

4.2 Notifications

4.3 Managing Users and Security

4.4 Miscellanous Typical Configuration Tasks

4.5 Quality Management

4.6 Updates and Licenses

4.7 Resetting the Unit to Factory Configuration

234

237

246

269

278

322

326

CHAPTER 4 • SecureSync 1200 User Reference Guide 233

4.1  Powering Up/Shutting Down

4.1

4.1.1

Powering Up/Shutting Down

Powering Up the Unit

1.

After installing your SecureSync unit, and connecting all references and network(s), verify that power is connected, then turn ON the unit using the switch on the rear panel (only if equipped with AC power input), and wait for the device to boot up.

Note: DC input power is not switched, so SecureSync will be powered up with DC input connected, unless you installed an external power switch.

2.

Observe that all of the front panel LEDs momentarily illuminate (the Power LED will then stay lit) and that the Information display LCD back light illuminates. The fan may or may not run, depending on the model year of your SecureSync unit. For more information, see

"Temperature Management" on page 300 .

The time display will reset and then start incrementing the time. About 10 seconds after power-up, “Starting up SecureSync” will be displayed in the information display. After approximately 2 minutes, the information display will then show the current network settings.

By default, the 4-line information display shows the unit’s hostname, IPv4 address, mask, and gateway.

The time display shows the current time: UTC (default), TAI, GPS or local timescale, as configured.

234

Figure 4-1: SecureSync front panel

3.

Check the front panel status LED indicators:

The Power lamp should be solid green.

The Sync lamp will probably be red, since synchronization has not yet been achieved.

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31

4.1  Powering Up/Shutting Down

The Fault lamp will be OFF, or solid orange, indicating a minor alarm, or solid red, asserting a power-up frequency error alarm (until the disciplining state is reached.)

For additional information, see

"Status LEDs" on page 6

and

"Status Monitoring via Front

Panel" on page 278

.

4.1.2

Shutting Down the Unit

Shutting down SecureSync by interrupting the AC and/or DC power supply is acceptable and will not damage the unit.

It is, however, worthwhile to point out the differences between shutting down the unit by interrupting the power supply vs. gracefully shutting it down e.g., via the Web UI.

To learn more, see

"Issuing the HALT Command Before Removing Power" below

.

For more information on AC and DC supply power, see

"Power Source Selection" on page 40 .

4.1.3

Issuing the HALT Command Before Removing Power

Gracefully shutting down SecureSync by using the HALT command offers the following advantages over shutting the unit down via the AC ON/OFF switch (see

"Unit Rear Panel" on page 7 ), or otherwise interrupting the AC or DC supply power:

The shutdown process will be logged

The System Clock will update the Real Time Clock with the latest System Time.

SecureSync's file system will be synchronized, which under some circumstances will allow for faster startup next time the unit will be powered up.

The HALT command may be issued to the SecureSync via: the Web UI the front panel keypad the front panel serial port.

Note: Wait 30 seconds after entering the HALT command before removing power.

Once the HALT process has been initiated via the Web UI or front panel, the front panel

LCD will display Power off SecureSync, and the front panel LED time display will stop incrementing.

Issuing a HALT Command via the Web UI

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31 235

4.1  Powering Up/Shutting Down

1.

Navigate to TOOLS > SYSTEM: Reboot/Halt .

2.

The Reboot/Halt window will display. Select the Shutdown the Unit checkbox.

3.

Click Submit .

4.

Wait 30 seconds after entering the HALT command before switching off the unit .

236

Once the HALT process has been initiated, the front panel LCD will display Power off SecureSync , and the front panel LED time display will stop incrementing.

Issuing a HALT Command via Keypad/SerialPort/Telnet/SSH:

The HALT command can be initiated not only via the SecureSync Web UI, but also via the keypad and LCD display. For more information on the keypad, see

"Front Panel Keypad, and Display" on page 4 .

With a serial connection to the front panel serial port, telnet connection or SSH connection, type halt <Enter> to halt the unit for shutdown. For more information on

SecureSync commands, see

"CLI Commands" on page 531

.

Once the HALT process has been initiated, the front panel LCD will display Power off

SecureSync , and the front panel LED time display will stop incrementing.

Note: After issuing the HALT command wait 30 seconds before you remove power.

Once you have halted your SecureSync, power must be removed and reapplied in order to restart the unit.

4.1.4

Rebooting the System

To reboot SecureSync via the Web UI:

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31

4.2  Notifications

1.

Navigate to TOOLS > SYSTEM: Reboot/Halt .

2.

Select the Restart after Shutdown box in the Reboot/Halt window.

3.

SecureSync will now be rebooted and be accessible again shortly thereafter.

Rebooting via LCD/Keypad, Serial Port, Telnet, SSH, SNMP

The Reboot command can be initiated not only via the SecureSync Web UI, but also via the keypad and LCD information display. See

"Front Panel Keypad, and Display" on page 4

for information on using the keypad to perform a system reboot.

With a serial connection to the front panel serial port, telnet connection or SSH connection, type reboot <Enter> to reboot SecureSync.

Reboot is also is available to be performed through an snmpset operation. For more information on SecureSync commands, see

"CLI Commands" on page 531 .

Once the Reboot process has been initiated, the front panel LCD will display a Power off message, and the front panel LED time display will stop incrementing until SecureSync has started booting back up again.

4.2

Notifications

If an event occurs e.g., SecureSync transitions into Holdover, or a short is detected in the

GNSS antenna, SecureSync can automatically notify users that a specific event has occurred.

In some situations, two events are generated. One event occurs in the transition to a specified state and then another event occurs when transitioning back to the original state.

Examples of these are losing sync and then regaining sync, or going into Holdover mode and then going out of Holdover mode. Other situations may only consist of one event. An example of this situation is switching from one input reference to another.

Notifications of each event that may occur can be via alarms, via SNMP Traps being sent to one or more SNMP Managers, via an email being sent to a specified email recipient, or a combination of the three. The Notifications page allows a user to configure whether the occurrence of each event automatically triggers an alarm to be generated, an SNMP trap to be sent out, an email to be sent out, or a combination of the three.

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31 237

4.2  Notifications

Also, this page allows the desired email recipient’s address for that particular event to be specified. Each event can be configured with the desired email address that is specific to just that one event only. Note that only one email address can be specified in each Email

Address field. If desired, the same email address can be used in all of the fields, or different addresses can be used for different events.

Note: Whether or not notifications are enabled/disabled for a given event, the occurrence of the event is always logged.

All available SecureSync events that can generate a notification to be sent are located under different tabs in the Notification Events panel: Timing , GPS , and System .

The SecureSync Events that can automatically trigger a notification are listed in the Event column. It is possible to:

Mask the alarm generation for specific events (prevent the alarm)

Enable “SNMP” (to send out an SNMP trap)

Send an email to the address specified in the corresponding “Email Address” column.

4.2.1

Configuring Notifications

To configure Notifications:

1.

Navigate to MANAGEMENT > OTHER: Notifications . The Notifications screen will display:

238 CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31

4.2  Notifications

It is divided into two panels:

The Actions panel, featuring:

The SNMP Setup button: See

"SNMP" on page 86 .

The Email Setup button: Configure SecureSync's interface settings for Exchange email servers and Gmail.

For more information on this subject, see the Technical Note

Notification Setup

.

Email

The Events panel, offering three tabs:

Timing : Events for Sync Status and Holdover, Frequency error, Input references and the internal oscillator.

GPS : Events related to the GNSS receiver, including antenna cabling, tracking less than the minimum number of satellites and GNSS receiver faults.

Systems : Events related to the system operation, including minor and major alarms being asserted, reboot, timing system errors and option cards.

2.

In the Events panel, choose the Timing , GPS or System tab. Configure your Notifications (see below), and click Submit.

The columns under each tab are:

Event —This is the event that will trigger the notification. The events under each tab will vary according to context.

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31 239

4.2  Notifications

Mask Alarm —Check here to enable an alarm mask. Enabling an alarm mask for a given notification will prevent that notification from generating an alarm condition. Other notifications for that event and logging of the event will still occur.

SNMP Trap —Check here to configure the event to trigger an SNMP Trap.

Email —Check here to configure the event to trigger an email notification.

Email Address —Enter the address to which the email should be sent when triggered by the event.

Note: Each event can be configured with the desired email address that is specific to just that one event only. Note that only one email address can be specified in each Email Address field.

For each event choose the notification you want and an email address – if any – to which you want the notification to be sent. For more information, see

"SNMP" on page 86

and

"Setting Up Email Notifications" on page 243 .

For each event, only the notification options available can be configured. For example, a mask alarm can be set for an In-Sync event, and a Not-in-Sync event, but not for an In-Holdover event.

4.2.2

Notification Event Types

The following types of events can be used to trigger notifications:

4.2.2.1

Timing Tab: Events

In Sync

Not In Sync

In Holdover

No Longer in Holdover

Frequency Error

Frequency Error Cleared

1PPS Not In Specification

1PPS Restored to Specification

Oscillator Alarm

Oscillator Alarm Cleared

240 CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31

4.2  Notifications

Reference Change (Cleared)

Reference Change

4.2.2.2

GPS Tab: Events

Too Few GPS Sat, Minor Alarm

Too Few GPS Sat, Minor, Cleared

Too Few GPS Sat, Major Alarm

Too Few GPS Sat, Major, Cleared

GPS Antenna Problem

GPS Antenna OK

GPS Receiver Fault

GPS Receiver Fault Cleared

Under the GPS Events tab, you can also configure Minor and Major Alarm Thresholds for GNSS fault events; see

"Configuring GPS Notification Alarm Thresholds" below

.

4.2.2.3

System Tab: Events

Minor Alarm Active

Minor Alarm Inactive

Major Alarm Active

Major Alarm Inactive

Unit Reboot

Timing System Software Error

Timing System Hardware Error

High Temperature, Minor Alarm

High Temperature, Minor, Cleared

High Temperature, Major Alarm

High Temperature, Major, Cleared

4.2.3

Configuring GPS Notification Alarm Thresholds

SecureSync allows you to configure Minor and Major alarm thresholds for the GNSS receiver. This is done by setting the minimum number of satellites the receiver can track for a set time before an alarm is triggered. If both conditions are met, i.e. the reception

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31 241

4.2  Notifications quality falls below the set number of satellites for the set amount of time, an alarm is triggered.

The alarm notification feature described below allows you to be notified of a potential reception issue BEFORE the GNSS reference becomes invalid. This may be useful e.g., to notify system operators of a deteriorating signal reception before SecureSync loses the

GNSS reference.

Note that SecureSync itself has a pre-defined minimum number of satellites that must be tracked in order for GNSS to be considered a valid reference. The minimum number of satellites depends e.g., on your receiver mode, the GNSS signal reception in the area where your antenna is located, and the type of receiver in your unit. In Stationary mode, and for SAASM units, the minimum number of satellites is normally 4 (four). Hence, it would be prudent to set the Minor Alarm Threshold to 8, and the Major Alarm Threshold to

6.

Note: While GPS Notification Alarms can be used in Mobile GNSS receiver mode , it is not advisable.

To determine which GNSS receiver mode your SecureSync is using and how many satellites your SecureSync unit is currently receiving, navigate to INTERFACES >

REFERENCES: GNSS 0 . See also

"Reviewing the GNSS Reference Status" on page 191

.

To set the GPS Alarm Thresholds:

1.

Navigate to MANAGEMENT > OTHER: Notifications , and choose the GPS tab.

2.

At the bottom of the window, locate the ALARM THRESHOLD panel:

242

3.

In the Minimum Satellites fields enter the minimum number of satellites that must be available before the alarm is triggered. The alarm will be triggered when the number of satellites available is BELOW this number.

4.

In the Duration Below Threshold (s) fields, enter the time in seconds that the system must be below the threshold set in the Minimum Satellites field before an alarm is triggered. The alarm will be triggered when this time is reached.

By default, this timeout value is set to 0 seconds: As soon as the receiver drops below the minimum number of satellites, the associated alarm is triggered. A delay

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31

4.2  Notifications of e.g., 5 seconds, however, would not trigger an alarm if the number of received satellites drops below the specified number for only 3 seconds.

You can configure this event to cause either a Minor alarm, or a Major alarm, or both.

To learn more about Minor and Major alarms, see

"Minor and Major Alarms" on page 339 .

Note that the GNSS receiver must initially be tracking more than the configured number of satellites in order for this alarm to be triggered (the alarm is triggered when the receiver falls below the number of Minimum Satellites you specified above).

4.2.4

Setting Up SNMP Notifications

SNMP Notifications are SNMP traps that occur on a change of a monitored event.

To configure SNMP notifications:

1.

Navigate to MANAGEMENT > OTHER: Notifications .

2.

In the Actions panel, click SNMP Setup .

For more information on SNMP, see

"SNMP" on page 86

.

4.2.5

Setting Up Email Notifications

The Email Setup window provides a means to configure SecureSync with the necessary settings to interface it with Exchange email servers and Gmail.

To set up Notification Emails:

1.

Navigate to MANAGEMENT> OTHER: Notifications .

2.

In the Actions panel of the Notifications screen, and click * Email Setup .

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31 243

4.2  Notifications

3.

The Email Setup window will display:

244

The Email Configuration box provides two example configuration files. One is for interfacing SecureSync with an Email Exchange server; and the other is for sending emails via Gmail:

4.

To configure the applicable example email configuration, delete the comments (“#”) from each line and replace the “<>” with the appropriate values for your particular email server (such as the user name and password for your Email server).

E x a m p l e I : S M T P i n t e r f a c e t o M S E x c h a n g e set smtp=outlook.office365.com

set [email protected]> set from="[email protected]" set smtp-auth-password=PASSWORD set smtp-auth=login set ssl-verify=ignore set smtp-use-starttls

E x a m p l e I I : S M T P i n t e r f a c e t o G m a i l set smtp=smtp.gmail.com:587 set smtp-use-starttls set ssl-verify=ignore

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31

4.2  Notifications set smtp-auth-user=<user name, example [email protected]> set smtp-auth-password=<password> set smtp-auth=login

5.

Click the Submit button at the bottom of the window.

6.

To test your settings:

In the Test Email Address field, enter an email address.

Click the Send Test Email button.

A notification that your email has been sent will appear at the top of the window.

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31 245

4.3  Managing Users and Security

4.3

Managing Users and Security

4.3.1

Managing User Accounts

Users need to authenticate as the login to SecureSync. The system administrator is responsible for maintaining a list of user accounts (user names, passwords etc.) via the

MANAGEMENT > OTHER: Authentication screen of the SecureSync Web UI

(HTTP/HTTPS). Note that user accounts CANNOT be created or edited via CLI commands using telnet or SSH.

To read more about how to login to the Web UI, see

"Accessing the Web UI" on page 54 .

4.3.1.1

Types of Accounts

There are three types of accounts:

Account

Type

Permissions

"user" These accounts are intended for users only e.g., operators. These "user" accounts are read-only accounts, i.e. they do not allow any editing rights and are restricted to reviewing status-related information. The Web UI will not show (or gray-out) any editing functionality.

"admin" Administrator accounts are intended to be used by system administrators. These accounts have writing access. You can add additional admin accounts to the pre-installed administrator account spadmin .

"factory" The default factory account with the username spfactory is meant to provide access to

Orolia technical support personnel. You can delete this account, if you so prefer. Note, however, that executing the

Clean and Halt command (see

"Cleaning the Configuration Files and Halting the System" on page 332 ) will recreate the Factory

account.

4.3.1.2

About "user" Account Permissions

As outlined above – unlike "administrator" accounts – "user" accounts are read- only accounts, i.e. they do not allow any editing rights and are restricted to reviewing statusrelated information. Otherwise, the privileges assigned to admin groups are exactly the same whether logging in via the Web UI, or connecting via SSH.

Account Differences, General

While most menus look the same to "admin" and "user" type accounts (except the

MANAGEMENT menu, see below), the screens and panels located below the main menus will differ in such that the "user" UI will show fewer (if any) configuration options:

246 CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31

4.3  Managing Users and Security

The status information presented, however, will be largely identical.

The most significant differences are visible in the MANAGEMENT menu, since most of the

Setup menus are hidden from "user" accounts:

Account Differences, by Menu

INTERFACES Menu

"user" and "admin" accounts can view and modify all settings in these pages (can view/edit

GNSS receiver, Outputs, and Option Cards).

MANAGEMENT Menu

Network : While the toggle switches in the Network Services panel are displayed, "user" cannot modify any of the network-related configurations (such as telnet, FTP, SSH and

HTTP/HTTPS). The switches can be moved, but an error message will be displayed shortly thereafter.

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31 247

4.3  Managing Users and Security

Authentication : "user" can access this page but can only change his/her own password.

Users cannot create any new accounts and cannot modify any accounts.

Reference Priority : "user" can access this page and modify settings.

Notifications : "user" can access this page and modify settings.

Time Management : "user" can access this page and modify settings.

Front panel : "user" can access this page and modify settings.

Log Configuration : "user" can access this page and modify settings.

Disciplining : "user" can access this page and modify settings.

Change my password : "user" can access this page and change only their password.

TOOLS Menu

Logs : "user" can view only the listed logs

Upgrade/Backup : "user" cannot perform any updates.

Reboot/Halt : "user" cannot reboot/shutdown/halt the unit.

4.3.1.3

Rules for Usernames

Length : Usernames can be between 3 and 32 characters long.

Accepted characters :

All letters, including the first, must be lower-case.

Numbers, underscores and dashes are accepted.

Next to punctuation symbols, the following special characters are NOT accepted: ! @ # $ % ^ & * ( )

4.3.1.4

Adding/Deleting/Changing User Accounts

To access the Users list, and the Password Security panel:

1.

Navigate to MANAGEMENT > OTHER: Authentication .

2.

The Users panel on the right shows a list of all user accounts, including their Username , the Group to which that user account is assigned to, and any Notes about

248 CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31

4.3  Managing Users and Security the user account:

SecureSync units are shipped with two default accounts: i.

The "administrator" account ( spadmin

), and ii.

The "factory" service account ( spfactory ).

Additional accounts may be added and deleted as desired. The number of accounts that can be setup is virtually unlimited.

Note: The password for the spadmin account can be changed (and it is recommended to do so for security reasons). However, the spadmin account name cannot be changed, and the account cannot be removed from SecureSync.

Note: The spfactory account is for use by Orolia service personnel. While the spfactory account can be deleted by an administrator, it should be noted that this may potentially limit remotely provided technical support.

User accounts can be created to have either limited user or full administrator rights. Each user can be assigned his own login password.

To ADD a user account, click the PLUS icon in the top-right corner of the Users screen.

To DELETE a user account, click the Delete button in that account’s entry on the

Users screen.

To APPLY CHANGES to a user account, click the Change button next to the desired user account.

When either the Change button or the PLUS icon is clicked, the Add or Change User window appears:

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31 249

4.3  Managing Users and Security

250

To add a user account:

1.

Enter a Username . (For rules, see

"Rules for Usernames" on page 248

.)

2.

Enter a Password . The password requirements are configurable, see

"Managing

Passwords" on the facing page . By default a password can be any combination of

upper- and lower-case characters. Minimum password length = 8 characters, maximum length = 32 characters.

3.

Repeat the new Password .

4.

In the Group field, choose the permission group to which you want the user to belong to: user or admin . The user permission level assigns permission to access and change all settings, with the following exceptions that are limited to the admin accounts:

Changing network settings

Adding and deleting user accounts

Web Interface Settings

Upgrading SecureSync system software

Resetting the SecureSync configuration

Clearing log files

Changing Disciplining Setup options

Changing configuration options for the following protocols or features:

NTP

HTTPS, SSH

LDAP/RADIUS

SNMP (with the exception of configuring SNMP notifications).

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31

4.3  Managing Users and Security

To change a user account:

1.

In the Add or Change User window the Username field will be populated.

a.

To change it, type the new name.

b.

To change the user account’s password, type the new password in the Password field and confirm it in the Repeat New Password field. Note that the password requirements are configurable, see

"Managing Passwords" below .

c.

To change the user account’s user permission group, select the group from the drop-down menu.

For more information, see also

"Managing Passwords" below .

4.3.2

Managing Passwords

Caution: For security reasons, it is advisable to change the default credentials.

4.3.2.1

Configuring Password Policies

To configure password requirements e.g., rules for minimum password length and special characters:

1.

Navigate to MANAGEMENT > OTHER: Authentication .

2.

In the Actions panel, click Security Policy .

3.

The Password Security window will display. Fill in the self-explanatory fields and

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31 251

4.3  Managing Users and Security click Submit.

252

4.3.2.2

The Administrator Password

The factory default administrator login password value of admin123 can be changed from the default value to any desired value. If the current password is known, it can be changed using the SecureSync Web UI.

Note: To follow this procedure, you must be logged in as the spadmin user.

If you are unable to login as spadmin , follow the procedure outlined in

"Lost

Password" on the facing page

.

If the password has already been changed from the default value, but the current value is no longer known, the administrator password can be reset back to the factory default value, see

"Lost Password" on the facing page

. Once reset, it can then be changed to a new desired value via the Web UI.

Changing the admin password

To change the admin password from a known value to another desired value:

1.

Navigate to MANAGEMENT > OTHER: Change My Password .

2.

The Change Password window will display.

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31

4.3  Managing Users and Security

3.

In the Old Password field, type the current password.

4.

In the New Password field, type the new password.

Note: The new password can be from 8 to 32 characters in length.

5.

In the Repeat New Password field, retype the new password.

6.

Click Submit .

For more information, see also

"Managing User Accounts" on page 246 .

4.3.2.3

Lost Password

If the current spadmin account password has been changed from the default value and has been forgotten or lost, you can reset the spadmin password back to the factory default value of admin123 .

Resetting the spadmin account password does not reset any user-created account passwords. This process only resets the spadmin account password.

Any user with administrator rights can reset the

MANAGEMENT > OTHER: Authentication window.

spadmin password through the

Changing the "spadmin" password via Web UI

To change the spadmin password:

1.

Navigate to the MANAGEMENT > OTHER: Authentication window.

2.

Locate the spadmin entry in the Users table.

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31 253

4.3  Managing Users and Security

3.

Click the CHANGE button.

4.

In the Add or Change User window:

1.

Enter a new password.

Note: The new password can be from 8 to 32 characters in length.

2.

Confirm the new password.

254

3.

Click Submit .

If you do not have access to SecureSync through another admin account, the spadmin password must be reset via the front panel keypad or using the front panel serial port.

Resetting the "spadmin" account password via the keypad:

1.

Use the front panel LCD and the keypad to perform a RESETPW . See also

"Front

Panel Keypad, and Display" on page 4

. ( RESETPW is located in the Home/System menus).

2.

You will be prompted to confirm the operation before the password is reset. The spadmin account password is now reset to “ admin123 ”.

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31

4.3  Managing Users and Security

To reset the "spadmin" account password via the serial port, or SSH:

1.

Connect a PC to the front panel serial port, and log in using an account with admin group rights (such as the spadmin account).

2.

Type: resetpw

<Enter>. The spadmin account password is now reset.

After resetting the password follow the procedure above to change the word in the MANAGEMENT > OTHER: Authentication window.

spadmin pass-

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31 255

4.3  Managing Users and Security

4.3.3

LDAP Authentication

LDAP (Lightweight Directory Access Protocol) authentication provides the means to use an external LDAP server to authenticate the user account credentials when logging in to

SecureSync. LDAP allows the login password for user-created accounts to be stored and maintained in a central LDAP or server on the network. This function greatly simplifies password management. Instead of having to change the password in many network appliances when a password needs to be changed, if a user password is changed in the LDAP server, it automatically changes the login password for all of the appliances that are using the LDAP server to authenticate a user login.

In order to use the LDAP authentication capability of SecureSync, it needs to first be configured with the appropriate settings in order to be able to communicate with the LDAP server(s) on the network.

Caution: If you plan on using LDAP, configure it with diligence. If not required, Spectracom recommends to keep LDAP disabled.

Configuring LDAP authentication

1.

Navigate to MANAGEMENT > OTHER: Authentication .

2.

In the Actions panel, click the LDAP Setup button.

256 CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31

3.

The LDAP Setup window will display.

4.3  Managing Users and Security

4.

There will be 5 tabs from which to choose:

Settings : This is where you set up the general LDAP Distinguished Name and

Bind settings.

Security : This is where you upload and manage the CA server certificate, CA client certificate and CA client key.

Group : This is where you enable/disable group-based authentication.

Advanced : This is where you set up your search filter(s) and login attribute.

Servers : This is where you identify the LDAP server to be used.

LDAP Settings

Under the LDAP Settings tab, set the following parameters:

Server Type : This must be the correct type—check with your LDAP server administrator if you are not sure which you are using. You have a choice of:

Active Directory : This will be used when the LDAP server is a Windows server.

Open LDAP : This will be used when the LDAP server is a Linux/UNIX server.

Server Base DN : Specifies the default base distinguished name to use for searches.

This is the base name to use in the database search. Typically, this is the top-level of the directory tree structure. Your LDAP server administrator will provide this information.

Bind DN : Enter the Distinguished Name used to bind to (this is an optional field if the database allows anonymous simple authentication). You are able to use any same

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31 257

4.3  Managing Users and Security level of the tree and everything below.

The bind DN is the user that is permitted to search the LDAP directory within the defined search base. Most of the time, the bind DN will be permitted to search the entire directory. The role of the bind DN is to query the directory using the LDAP query filter (as specified under the Advanced tab) and search base for the DN for authenticating users. When the DN is returned, the DN and password are used to authenticate the user.

Bind Password : Enter the password to be used to bind with the LDAP Server.

Leave this field empty for anonymous simple authentication.

NSS Password : Enter the password to be used for nss_base and nss_shadow .

Example: ou=People,dc=example,dc=com?one

.

Port : The port number of the LDAP server (default port numbers: regular LDAP =

389; secure LDAP = 636)

Checkbox Auto-follow Referrals : Allow the use of LDAP referrals to be utilized in order to access locations that more likely hold a requested object.

LDAP Security Settings

Under the LDAP Security tab, you can upload and install the SSL required certificates and

NTP client key. If your LDAP server requires secure communications with its "clients" (i.e.

the use of SSL), the Server Certificate , the Client Certificate , and the Client Key must be uploaded to SecureSync here.

258

You may upload a server certificate, a client certificate, or a client key.

For each:

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31

4.3  Managing Users and Security a.

If necessary, create the desired certificate or client key. See

"NTP Autokey: IFF

Autokey Support" on page 116

for information on client keys.

b.

Click the INFO icon for the certificate you wish to upload.

c.

In the Certificate window, click the Choose File button.

d.

Locate and upload the certificate or client key file.

e.

Click Submit .

The SSL certificates and/or client key you upload will be installed in the /home/spectracom/xfer/cert/ directory.

Use the checkbox Enable Security if you want to enable SSL security, i.e. use Secure

LDAP.

Use the checkbox Clean Security Certificates to remove all certificates currently stored on SecureSync (e.g., to eliminate expired certificates).

LDAP Group Settings

Under the LDAP Group tab, you can filter access by group.

To enable group authentication: a.

Select the Enable group filter checkbox.

b.

Enter information for:

Required Group —Enter the required group. Example. : ou=Group, dc=example, dc=com .

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31 259

4.3  Managing Users and Security

Group Attribute —Enter the group attribute. Example: member

.

NSS base group —Enter the nss_base group. Example: ou=Group, dc=example, dc=com?one.

c.

Click the Submit button.

LDAP Advanced Settings

Under the LDAP Advanced tab, you can set the search filter and the LDAP login attribute.

Fill in the following fields, as desired:

Search filter —This is the LDAP search filter. Example: objectclass=user .

Login Attribute —This is the LDAP login attribute. Example: sAMAccountName .

Verify Certificate (checkpeer) —Select this checkbox if you wish to turn on checkpeer authentication.

LDAP Servers Settings

Under the Servers tab, you manage the LDAP server(s) to be accessed:

260

Under the LDAP Servers tab, the window displays:

Server —The hostname(s) or IP address(es) of the LDAP server(s) that have been added.

Action —After a server has been listed, it can be removed by clicking the Xbutton.

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31

4.3  Managing Users and Security

LDAP Server Status —This will display one of the following states:

PASS ( green )—An LDAP server that has been set up is available and is able to pass data.

CONFIGURATION MISSING ( red )—No configuration files are available.

FAILED TO READ DATA ( red )—An LDAP server is available but no data was passed.

FAILED NOT REACHABLE ( red )—No LDAP server could be reached.

LDAP DISABLED —The Enabled checkbox under the Settings tab as not been selected.

Add additional server —Enter the hostname or IP address of the LDAP server to be queried. You may list multiple servers.

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31 261

4.3  Managing Users and Security

4.3.4

RADIUS Authentication

RADIUS authentication provides a means to use an external RADIUS server for authentication purposes when logging in to SecureSync. RADIUS allows the login password for user-created accounts to be stored and maintained in a central RADIUS server on the network.

This function greatly simplifies password management: Instead of having to change a password in many network appliances, it is changed on the RADIUS server only.

In order to use RADIUS authentication with SecureSync, RADIUS and the RADIUS network server first need to be configured. Currently, http/https/ssh/telnet/ftp protocols are supported, i.e. you can login to a SecureSync unit using RADIUS authentication via applications using any of these protocols.

Caution: In order to utilize RADIUS authentication, the account username on the RADIUS server must NOT be used with a local user account.

E x a m p l e :

A user with the username user3 on the RADIUS server will not be able to login to a

SecureSync unit, if on that unit a local user account with the username user3 exists. However, once the user deleted the local user3 account, she will be able to login with the RADIUS user3 account.

See also

"TACACS+ Authentication" on page 265

4.3.4.1

Enabling/Disabling RADIUS

To enable or disable the use of RADIUS authentication on a SecureSync unit:

1.

In the Web UI, navigate to MANAGEMENT > OTHER: Authentication .

2.

In the Actions panel on the left, click RADIUS . The RADIUS Setup window will be displayed:

262 CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31

4.3  Managing Users and Security

3.

Check the box labeled HTTP/HTTPS if you want to enable RADIUS, or uncheck the box if you want to disable RADIUS.

4.

If you are enabling the service, in the Retransmit Attempts field, select the number of retries for SecureSync to communicate with the RADIUS server (default = 0).

5.

Click Submit.

4.3.4.2

Adding/Removing a RADIUS Server

To add a RADIUS authentication server, or remove a server from the list:

1.

Navigate to MANAGEMENT > OTHER: Authentication .

2.

In the Actions panel on the left, click RADIUS Setup . The RADIUS Setup window will be displayed:

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31 263

4.3  Managing Users and Security

264

3.

Fill out the fields:

Host : The hostname or IP address of the RADIUS server

Port : Defines the RADIUS Port to use. The default RADIUS Port is 1812, but this can be changed, as required.

Secret Key : The secret key which is shared by SecureSync and the RADIUS server (the key is used to generate an MD5 hash).

Timeout : [seconds] Defines the Timeout that SecureSync will wait to communicate with the RADIUS server e.g., 10 seconds.

4.

Click the Add Server button. A confirmation message The item has been added will be displayed if the server could be added, and the server will be added to the list, indicating its status. The server status can be:

DISABLED : RADIUS service is disabled.

UNREACHABLE : This RADIUS server cannot be reached.

REACHABLE : This RADIUS server can be reached.

5.

To remove a RADIUS server from the list, click the X -button in the Actions column.

Note: SecureSync supports multiple RADIUS servers. The system performance, however, will be negatively affected by a large number of servers or invalid servers, respectively.

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31

4.3  Managing Users and Security

4.3.5

TACACS+ Authentication

Terminal Access Controller Access-Control System Plus (TACACS+) is a protocol that handles authentication, authorization, and accounting (AAA) services. SecureSync supports pam_tacplus , allowing users to validate their username/password when logging into

SecureSync via a TACACS+ server. Currently, http/https/ssh/telnet/ftp protocols are supported, i.e. you can login to a SecureSync unit using TACACS+ authentication via applications using any of these protocols.

Note: Your TACACS+ files will need to have either a pap or global user attribute. SecureSync does not authenticate tacacs.conf

files with the default login user attribute.

Caution: In order to utilize TACACS+ authentication, the account username on the TACACS+ server must NOT be used with a local user account.

E x a m p l e :

A user with the username user3 on the TACACS+ server will not be able to login to a

SecureSync unit, if on that unit a local user account with the username once the user deleted the local user3 exists. However, user3 account, she will be able to login with the TACACS+ user3 account.

Sources of general reference information on TACACS+: https://en.wikipedia.org/wiki/TACACS http://www.cisco.com/c/en/us/support/docs/security-vpn/remoteauthentication-dial-user-service-radius/13838-10.html

https://github.com/jeroennijhof/pam_tacplus

See also

"RADIUS Authentication" on page 262

4.3.5.1

Enabling/Disabling TACACS+

To enable or disable the use of TACACS+ authentication on a SecureSync unit:

1.

In the Web UI, navigate to MANAGEMENT > OTHER: Authentication .

2.

In the Actions panel on the left, click TACACS+ . The TACACS+ Setup window will be displayed.

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31 265

4.3  Managing Users and Security

3.

Check the box labeled HTTP/HTTPS if you want to enable TACACS+, or uncheck the box if you want to disable TACACS+.

4.

Click Submit.

4.3.5.2

Adding/Removing a TACACS+ Server

To add a TACACS+ authentication server, or remove a server from the list:

1.

Navigate to MANAGEMENT > OTHER: Authentication .

2.

In the Actions panel on the left, click TACACS+ Setup . The TACACS+ Setup window will be displayed:

266

3.

Fill out the fields:

Host : The hostname or IP address of the TACACS+ server

Port : Defines the TACACS+ Port to use.

Secret Key : The same encryption key as used on the TACACS+ server.

4.

Click the Add Server button. A confirmation message The item has been added will be displayed if the server could be added, and the server will be added to the list.

The server status can be:

DISABLED : The TACACS+ service is disabled.

UNREACHABLE : This TACACS+ server cannot be reached.

REACHABLE : This TACACS+ server can be reached.

5.

To remove a TACACS+ server from the list, click the X -button in the Actions column.

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31

4.3  Managing Users and Security

Note: SecureSync supports multiple TACACS+ servers. The system performance, however, will be negatively affected by a large number of servers or invalid servers, respectively.

4.3.6

HTTPS Security Levels

SecureSync supports two different modes of HTTPS operation:

The Standard HTTPS Level allows the use of medium strength ciphers and older

TLS (Transport Layer Security) protocols, while the High-Security Level is restricted to strong ciphers and TLS version 1.2

exclusively.

While Standard Mode is the default setting, the High-Security Level is preferred (unless you require the extra compatibility), since security vulnerabilities.

High Security turns off TLSv1, which has known

B r o w s e r S u p p o r t

Note that the High Security Level requires the use of current browsers - as of July 2016, the oldest compatable clients include:

• Firefox

®

 27

• Chrome

®

30

• Internet Explorer ® 11

• Safari ® 9.

(This is not an exhaustive list.)

To enable High-Security HTTPS :

1.

Navigate to MANAGEMENT > Network Setup .

2.

In the Actions Panel on the left, click on Web Interface Settings . The Web Interface Settings window will open.

3.

Click on the tab Security Level :

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31 267

4.3  Managing Users and Security

4.

Read the Caution statement and verify that you meet the requirements stated.

5.

Check the box Enable High Security , and click Submit.

6.

While it is NOT necessary to close the Web UI, and restart the browser, it is recommended to wait 90 seconds before continuing to use the Web UI, in order to allow the web server software to restart in the background.

It is also possible to disable High-Security HTTPS and TLS: Follow the procedure outlined above, but un check the box Enable High Security .

For more information on HTTPS certificates, see

"HTTPS" on page 67

.

4.3.7

Unlocking the Keypad via Keypad

The front panel keypad can be locked via the Web UI, under MANAGEMENT > OTHER:

Front Panel .

If the front panel keypad is locked, and you do not have access to the unit's Web UI to unlock it, press the following key sequence to locally unlock the keypad for use:

268

4.3.8

If a Secure Unit Becomes Inaccessible

Spectracom assumes that you are responsible for the physical security of the product.

Spectracom secure products are recommended to be locked in a secure enclosure, cabinet or room. Unauthorized persons are not to be given access to the product nor should a serial cable and terminal program be attached unless the system administrator is configuring or performing maintenance.

A secure SecureSync may become inaccessible if: your company disables HTTPS you lose the system passwords

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31

4.4  Miscellanous Typical Configuration Tasks you allow the Certificate to expire someone deletes the Certificate and Private Keys and deletes the Host Keys you forget the Passphrase.

To regain access to the SecureSync unit, you must utilize the front panel keypad and LCD in order to restore the spadmin account’s default password.

The spadmin account can then be used to enable HTTPS using the “ defcert

” command.

The “ defcert

” command generates a new self-signed SSL certificate.

Refer to

"Front Panel Keypad, and Display" on page 4

for information on using the keypad and LCD information display.

4.4

Miscellanous Typical Configuration Tasks

4.4.1

REST API Configuration

REST (Representational State Transfer) API offers many benefits for customers who require additional configuration access. Any functionality that can be done manually through the Web UI can be scripted, creating machine-to-machine automation and communication.

Common tasks that would ordinarily require manual interaction with the Web UI can be scheduled and automated.

REST API is free and available on any SecureSync with Web UI communication.

For detailed instructions on REST API configuration and to obtain access, contact your local sales or service representative.

4.4.2

Web UI Timeout

For security reasons, the Web UI will automatically timeout after a set number of minutes, i.e. you will be logged out by the system, regardless of activity, and need to actively login again.

Minimum timeout duration: 10 minutes

Maximum timeout duration: 1440 minutes (24 hours)

Default timeout duration: 60 minutes.

To change the time after which the Web UI will timeout:

1.

Navigate to the MANAGEMENT > Network Setup screen.

2.

In the Actions panel on the left, click on Web Interface Settings .

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31 269

4.4  Miscellanous Typical Configuration Tasks

3.

In the Web Interface Settings window, enter the desired value in minutes.

In order for a new setting to take effect, you need to log off, and then log back in again.

This setting affects all users, not just the user changing the value.

Note: The Web UI does not allow simultaneous logins. Any subsequent logins will discontinue any prior instances of the Web UI.

4.4.3

Configuring the Front Panel

The front panel of the SecureSync unit comprises three elements which can be configured via the SecureSync Web UI:

270

The keypad , which—in conjunction with the information display—can be used to access SecureSync's main functions directly via the unit's front panel. To prevent inadvertent keypad operation, it can be locked and unlocked from the Web UI. Learn more about front panel keypad operation:

"Front Panel Keypad, and Display" on page 4

.

The information display : A 4-line LCD display that can be configured to display different screens, and that is used in conjunction with the keypad.

The LED time display which can be configured to show the current time (UTC,

TAI, GPS or Local timescale) in either 12- or 24-hour format. By factory default, the

LED will display UTC time in 24-hour format.

Accessing the Front Panel Setup Screen

SecureSync's Web UI allows you to configure the main elements on the front panel of the unit, and to see an image of the information currently displayed on the 4-line front panel

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31

4.4  Miscellanous Typical Configuration Tasks information display.

To access the front panel configuration window:

1.

Navigate to MANAGEMENT > OTHER: Front Panel.

2.

The Front Panel configuration window will display:

Next to the graphical near-real time representation of the 4-line front panel information display, the following functionality can be accessed in this window:

Show Content —A drop-down of the options that can be shown on the information display. This field determines what is normally displayed in the information display when the keypad is not in use. The desired screen to display can be selected with either the keypad or with this drop-down field.

While switching from one screen to another either “Keypad Locked” or

“Keypad Unlocked” will be displayed on the LCD (depending on the setting of the keypad “Lock” field).

Clock Hour Format —This option configures the time display on the front panel as either in 12-hour or 24-hour format.

Timescale/Local Clock —This option configures the time scale for the LED time display. The available options are:

UTC (temps universel coordonné)

TAI (Temps Atomique International)

GPS : the raw GPS time as transmitted by the GNSS satellites (as of 5-

March-2021, GPS time is 18 seconds ahead of UTC time).

The Local timescale, which allows a Local Clock to apply a time offset for Time Zone and DST correction. This option is only available, if a

Local Clock has been enabled under MANAGEMENT/OTHER/Time

Management .

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31 271

4.4  Miscellanous Typical Configuration Tasks

Note: If GPS or TAI time is used, then the proper timescale offsets must be set on the MANAGEMENT/OTHER/Time Management page.

Lock Keypad —If desired, the front panel keypad can be locked to prevent inadvertent operation. Locking and unlocking of the keypad can be performed either with the keypad itself, or by means of this check box.

[DEFAULT = this box is NOT checked, i.e. the keypad is NOT locked]

Allow Position Display —As per DEFAULT, SecureSync allows to display the geographic position of your antenna in the information display, if so configured under the Show Content selection menu. The option to display the position can be disabled by unchecking this box. This will cause the information display on the front panel of the unit to show the message “Not

Enabled” when selecting and applying the Position option via the keypad.

Configuring the Front Panel Information Display

To configure the 4-line LCD information display on the front panel of the unit:

1.

Navigate to MANAGEMENT > OTHER: Front Panel .

2.

In the Show Content field, select the display you want from the drop-down list. The options are:

Rotate —This option enables sequential rotation of the content displayed in the information display as long as the keypad is not in use. Content will rotate through all enabled content for installed options. When Rotate is selected, a further option appears on the screen:

Rotation Delay —This option sets the duration in seconds for content display during rotation before the next content screen is displayed.

[Range = between 1 and 30 seconds]

Network (the default)—This option displays the current network settings. If an option card is installed that provides additional network interfaces, there will be additional network choices (i.e., Network: eth0, Network: eth1, etc.).

Status —This option displays current key status indications (such as NTP

Stratum level, TFOM –“Time Figure of Merit”, Sync status and Oscillator lock status).

Position —This option displays latitude, longitude and elevation of the antenna.

Day of Year —This option displays the day of year (such as “Day of Year

104”).

272 CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31

4.4  Miscellanous Typical Configuration Tasks

GNSS —This option displays the number of satellites currently being used

(and the strongest signal strength out of all these satellites) and their relative signal strengths of all the receiver channels that are tracking satellites as a bar graph.

Date —This option displays the current date (such as “16 November 2018”).

Note: The date is based on the timescale configured for the information display. It is possible that a date other than “today’s local date” may be shown, if the configured time scale has already rolled over to its new date, though local time has not yet rolled over to its new date.

Keys —This option is applicable to the SAASM GPS receiver option module only. The front panel will display “NOT SUPPORTED” unless a SAASM receiver is installed.

None —This option configures the front panel 4-line information display to remain blank unless the keypad is unlocked and in use.

3.

In the Timescale/Local Clock field, choose the timescale or local clock you wish to use as the time reference for the time shown on the front panel time display. The options available are:

UTC

TAI

GPS

Any Local Clocks you have set up. The Time Zone and DST rules, as configured under Time Management/Local Clocks will now be applied to the front panel time display. For more information on Local Clocks see

"Local

Clock(s), DST" on page 163 .

Note: With Timescale configured as “Local” and during DST (Daylight Saving Time, as configured in the Local Clock), a “DST indicator” (decimal point) will be displayed to the bottom-right of the minutes portion of the LED time display. The “DST indicator” extinguishes during “Standard” time. If the Local Clock is configured as “No DST/Always Standard Time”, the DST indicator won’t ever be lit.

4.

Select the Lock Keypad check box if you want to lock the front panel keypad.

[DEFAULT = unlocked (unchecked)]

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31 273

4.4  Miscellanous Typical Configuration Tasks

5.

Deselect the Allow Position Display checkbox if you do not want to enable the option to display position data on the front panel information display. See also

Allow

Position Display

.

Locking/Unlocking the Keypad via Web UI

To lock or unlock the keypad on the front panel of the unit (see illustration

Front Panel

):

1.

Navigate to MANAGEMENT> OTHER: Front Panel .

2.

Check or uncheck the Lock Keypad checkbox to disable, or enable the keypad

3.

Click Submit or Apply .

Note: If the keypad is unlocked, pressing any keypad key will temporarily return the information display to the “Home” menu display for keypad operation. One minute after the last keypad press, the information display will return to its configured screen.

It is also possible to unlock the keypad without using the Web UI; see

"Unlocking the

Keypad via Keypad" on page 268 .

Enabling/Disabling the Position Display Screen

To enable or disable [DEFAULT = enable] the option to display geographic position data on the information display, if so configured (see also

Allow Position Display

):

1.

Navigate to MANAGEMENT > OTHER: Front Panel .

2.

Check or uncheck the Allow Position Display checkbox.

3.

Click Submit or Apply .

4.4.4

Displaying Local Time

After physical product installation, a commonly requested scenario is for SecureSync to display local time on the front panel (rather than UTC time). To learn more about this feature, see

"Configuring the Front Panel" on page 270

.

4.4.5

Creating a Login Banner

A login banner is a customizable banner message displayed on the login page of the

SecureSync Web UI. The login banner can be used, for example, to identify a unit.

274 CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31

4.4  Miscellanous Typical Configuration Tasks

Figure 4-2: Login banner (example)

To configure a login banner:

1.

Navigate to the MANAGEMENT > Network Setup screen.

2.

In the Actions panel on the left, click Login Banner .

3.

The Network Access Banner window will display. Check the box Enable Custom

Banner .

4.

In the Plain Text Banner text box, type in your custom text.

Note: The Plain Text Banner is used to create a message for all interactive login interfaces (Web UI, telnet, SSH, FTP, SFTP, serial, etc.). It is not required to include HTML tags.

5.

Optionally, you may also use the Web Interface Banner text box.

Note: Enabling and using the Web Interface Banner text box will allow you to apply HTML formatting tags to your message (e.g., colors ). Note that this functionality is limited to browser-based Web UI

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31 275

4.4  Miscellanous Typical Configuration Tasks access.

276

6.

To test your new banner, click Apply to see a preview at the bottom of the window.

OR, click Submit , and log out of the Web UI, and back in so as to see the banner on the actual login page.

4.4.6

Show Clock

Instead of the Web UI, a large digital clock can be displayed on your computer screen. Next to the system status, the screen clock will display the UTC time, and the SecureSync front panel time.

To display the screen clock instead of the Web UI:

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31

4.4  Miscellanous Typical Configuration Tasks

1.

Navigate to TOOLS > SYSTEM: Show Clock :

2.

To return to the standard Web UI, click Home .

4.4.7

Product Registration

Orolia recommends that you register your SecureSync so as to allow our Customer Service and Technical Support to notify you of important software updates, or send you service bulletins, if required.

Upon initial start of the SecureSync Web UI (see

"Accessing the Web UI" on page 54

), you will be prompted to register your new product. It is also possible to register at a later time via the HELP menu item, or directly on the Orolia website: register.orolia.com/

4.4.8

Synchronizing Network PCs

Frequently, network PCs have to be synchronized to SecureSync via the Ethernet port, using NTP (Network Time Protocol). A detailed description on how to synchronize Windows PCs can be found online in the Orolia Technical Note Synchronizing Windows Computers on the

Orolia website

. This document also contains information and details about using the Orolia PresenTense NTP client software.

4.4.9

Selecting the UI Language

Orolia continues to localize the SecureSync Web UI into languages other than English e.g.,

French. Additional languages will be displayed under the Language button in the top-right

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31 277

4.5  Quality Management corner of the screen as they become available.

Once you have selected a language preference, it will be maintained across logins.

4.5

Quality Management

4.5.1

System Monitoring

4.5.1.1

Status Monitoring via Front Panel

When you have physical access to the SecureSync front panel, the Status LEDs and the

Information Display allow you to obtain a system status overview.

278

For more information on the Status LEDs, see

"Status LEDs" on page 6 .

For more information on the Information Display, see

"Configuring the Front Panel" on page 270 .

It is also possible to display the front panel information display on the Web UI: Navigate to

MANAGEMENT > Front Panel .

4.5.1.2

Status Monitoring via the Web UI

While the SecureSync front panel status LEDs provide an indication of the current operating status of the system (see

"Status Monitoring via Front Panel" above

), more detailed status information can be accessed via the SecureSync Web UI , such as:

Time synchronization status, including references

GNSS satellites currently being tracked

NTP sync status and current Stratum level

Estimated time errors

Oscillator disciplining

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31

4.5  Quality Management

Temperature monitoring

Status of outputs and presence of DC input power.

The HOME screen provides time server status information, while the TOOLS > System

Monitor screen also displays hardware status data, e.g. temperature curves:

Status Monitoring via the HOME Screen

The HOME screen of the SecureSync Web UI provides a system status overview (see also

"The Web UI HOME Screen" on page 18 ).

The HOME screen is divided into four panels :

System Status panel

Reference —Indicates the status of the current synchronizing reference, if any.

Power —Indicates whether the power is on and which type of power is being used. If the unit is configured for AC power, AC will appear in this panel. If the unit is configured for DC power, DC will appear in this panel. If the unit is configured for both

AC and DC, AC and DC will appear in this panel.

Status —Indicates the status of the network’s timing. There are three indicators in the Status field:

Sync —Indicates whether SecureSync is synchronized to its selected input references.

Green indicates SecureSync is currently synchronized to its references

(the front panel Sync light will also be green).

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31 279

4.5  Quality Management

Orange indicates SecureSync is not currently synchronized to its references (the front panel Sync light will be red).

Hold —When lit, SecureSync is in Holdover mode.

Fault —Indicates a fault in the operation of the SecureSync. See

"Troubleshooting via Web UI Status Page" on page 342

for instructions for troubleshooting faults.

Alarm Status : If a major or minor alarm is present, it will be displayed here.

NTP —Current STRATUM status of this SecureSync unit.

Temperature —The current board temperature will be displayed here, plus— depending on product configuration—oscillator, and CPU temperatures, as well. For more information, see

"Temperature Management" on page 300

.

Reference Status panel

REFERENCE : Indicates the name type of each reference. These are determined by the inputs set up for the SecureSync

PRIORITY : Indicates the priority of each reference. This number will be between 1 and 15. References in this panel appear in their order of priority. See

"Configuring

Input Reference Priorities" on page 168

for more information.

STATUS : Indicates which available input reference is acting as the Time reference and which available input reference is acting as the 1PPS reference.

Green indicates that the reference is present and has been declared valid.

Orange indicates the input reference is not currently present or is not currently valid.

PHASE : The measured time interval error ("TIE") between the internally disciplined

1PPS and the selected external 1PPS reference.

Performance panel

Disciplining State —Indicates whether or not the internal oscillator is currently being disciplined (steered to an input reference).

1PPS Phase Error —An internal measurement (in nanoseconds) of the internal

1PPSs’ phase error with respect to the selected input reference (if the input reference has excessive jitter, phase error will be higher)

10 MHz Frequency Error —An internal estimated calculation (in Hertz) of the internal oscillator’s frequency error, based on the phase accuracy error at the beginning and end of a frequency measurement window (the length of this window will vary depending upon the type of oscillator installed and the oscillator adjustment algorithm).

280 CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31

4.5  Quality Management

Events panel

The Events panel in the bottom-left corner of the HOME screen is a log of SecureSync’s recent activity. It updates in real time.

Note: If you know the individual reference or output whose status you wish to see, you can access the Status window of that reference or output directly through the INTERFACES > REFERENCES or INTERFACES >

OUTPUTS drop-down menu.

Status Monitoring via the System Monitor Screen

To display status information pertaining mainly to SecureSync's current hardware status, navigate to TOOLS > SYSTEM > System Monitor .

The information provided on the System Monitor Screen is subdivided into three panels:

System Status panel

This is identical with the HOME screen

"System Status panel" on page 279

.

Disk Status panel

This panel displays:

Total: [MB]

Used: [MB]

Free: [MB]

Percent: [%]

The last item refers to system storage. If you need to update the System Software, and this number is 70% or higher , it is recommended to clear logs and stats in order to free up memory space. (Navigate to TOOLS > SYSTEM: Upgrade/Backup , and click the corresponding buttons in the lower left-hand corner.)

System Monitor panel

Graphs are displayed for:

Board Temperature

CPU Temperature

Memory Used

CPU Used.

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31 281

4.5  Quality Management

To delete the logged data used to generate the displayed graphs, click the TRASHCAN icon. (Note that re-populating the graphs with fresh data generated at a 1/min. rate will take several minutes.)

To download the logged data in .csv

format, click the ARROW icon.

4.5.1.3

Status Monitoring of Input References

SecureSync’s input references can be monitored in real time through the INTERFACES menus. The menus will populate dynamically, depending on which references are available.

282

To display all references, navigate to INTERFACES > REFERENCES .

To display all references of a given type , click on the entry for that reference type

( not indented e.g., GNSS Reference ).

To display one particular reference, click on its entry (indented e.g., GNSS 0 ).

The Reference window will show the validity status for the chosen reference(s):

You can also click on any of the connectors shown in the rear panel illustration to highlight/identify the corresponding reference:

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31

4.5  Quality Management

To display more status information for a particular input reference, click the corresponding INFO button:

The reference window being displayed will show additional status information and option-card specific settings. The type of input reference, and the option card model determine which status information and option card settings will be displayed.

See

"Option Cards Overview" on page 10

to learn more about the different settings of available input reference option cards.

To change settings, click the Edit button in the bottom left corner.

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31 283

4.5  Quality Management

4.5.1.4

Reference Monitoring: Phase

The quality of input references can be assessed by comparing their phase offsets against the current system reference, and against each other. This is called Reference Monitoring .

Reference Monitoring helps to understand and predict system behavior, and is an interference mitigation tool. It can also be used to manually re-organize reference priorities e.g., by assigning a lower reference priority to a noisy reference or a reference with a significant phase offset, or to automatically failover to a different reference if certain quality thresholds are no longer met (see

"Smart Reference Monitoring" on the facing page ).

SecureSync allows Reference Monitoring by comparing the phase data of references against the System Ontime Point. The phase values shown are the filtered phase differences between each input reference 1PPS, and the internal disciplined 1PPS.

The data is plotted in a graph in real-time. The plot also allows you to display historic data, zoom in on any data range or on a specific reference. A data set can be exported, or deleted.

To monitor the quality of references, navigate to TOOLS > SYSTEM: Reference Monitor . The Reference Monitor screen will display:

284

On the left side of the screen, Status information is displayed for the System and the

References. Note that the Reference Status panel also displays the latest PHASE

OFFSET reading (1) for active references against the System Ontime Point. The reading is updated every 30 seconds.

This Reference Phase Offset Data is plotted over time (abscissa) in the Reference Monitor panel in the center of the screen. Use the check boxes in the References panel (2) to

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31

4.5  Quality Management select the reference(s) for which you want to plot the phase offset data. Use the handles

(3) to zoom in on a time window.

The scale of the axis of ordinate (4) is determined by the largest amplitude of any of the references displayed in the current time window. Use the checkboxes in the References panel on the right to remove references from the graph, or add them to it.

Smart Reference Monitoring

Spectracom's Smart Reference Monitoring uses phase error validation in combination with automatic failover :

The phase error validation calculates long-term averages and standard deviations of the phase offset between the monitored external reference and the internal system reference. The standard deviation is used to calculate two validity thresholds, a higher and a lower one (the latter acts as a hysteresis buffer, preventing the status flip/flopping if the actual phase error validation value varies closely around the outer threshold). The thresholds are not user-configurable.

If the higher threshold value is exceeded, the automatic failover will cause SecureSync to fall back to its next lower reference (if available).

If no other reference is found, the unit will transition into a 1200-second coasting period.

During this coasting period, the TIME and 1PPS references will continue to be considered valid, but SecureSync's oscillator will flywheel. Note that the PPS reference status light will turn yellow. After expiration of the 1200 seconds the unit will transition into Holdover.

Should, however, the above-mentioned higher threshold value no longer be exceeded, the unit will remain in the 1200-second flywheel mode until either (a) the lower threshold value is no longer exceeded, or (b) the 1200-second flywheel period expires. In both cases the PPS status light will turn green again.

Smart reference monitoring is OFF by default. To turn it ON:

1.

Navigate to MANAGEMENT > OTHER: Disciplining .

2.

In the Status panel on the left, click the GEAR icon. The Oscillator Settings window will open.

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31 285

4.5  Quality Management

3.

Check the box next to 1PPS Phase Validation and click Submit.

4.5.1.5

Ethernet Monitoring

To monitor Ethernet status and traffic:

1.

Navigate to TOOLS > SYSTEM: Ethernet Monitor . The Ethernet monitoring screen opens:

286

The data displayed is linked to a specific Ethernet port e.g., ETH0. If you enable additional

Ethernet ports, their throughput data will also be displayed.

In the Traffic pane on the right the traffic throughput in Bytes per second is displayed in two graphs. Drag the handles at the bottom of the graphs to zoom in on a particular time frame.

In the Actions panel on the left, you can clear or download monitoring data.

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31

4.5  Quality Management

In the Status panel on the left, information pertaining to the given Ethernet port is displayed, including throughput statistics and error statistics. The Mode field indicates which transmission mode is being used for the given Ethernet port:

FULL duplex, or

HALF duplex.

Note that the Mode is auto-negotiated by SecureSync. It can be changed only via the switch SecureSync is connected to, not by using the SecureSync Web UI.

4.5.1.6

Outputs Status Monitoring

Per standard configuration, SecureSync is equipped with one 1PPS and one 10 MHz output. Additional outputs can be added by means of output option cards.

Outputs can be monitored in real time via the INTERFACES drop-down menu. The menu will populate dynamically, depending on which outputs are installed.

Monitoring the status of all outputs

To display a list of all the outputs installed in a SecureSync unit:

1.

Select INTERFACES and click OUTPUTS in the menu heading.

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31 287

4.5  Quality Management

2.

The Outputs panel will list all the outputs installed, sorted by category.

To display more detailed information about a particular output, click the corresponding INFO button.

To edit the settings of an output, click the GEAR button

"Configuring Outputs" on page 142

To refresh the information displayed, click the REFRESH button (circling arrows icon on the right side of the screen).

On the rear panel illustration, click on an output connector to highlight its list entry.

Monitoring all outputs of a specific type

To monitor all the outputs of a particular category (PPS, for example) simultaneously:

1.

Navigate to INTERFACES > OUTPUTS , and click the desired output category ( not recessed e.g., PPS Output ):

2.

The Status window will display a list of all outputs of the selected category:

288 CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31

4.5  Quality Management

To display more detailed information about a particular output, click the corresponding INFO button.

To edit the settings of a given output, click the GEAR button

"Configuring Outputs" on page 142

To refresh the information displayed, click the REFRESH button (circling arrows icon).

In the illustration of the rear panel, click on a connector to highlight the corresponding list entry.

Displaying the settings of a specific output

The outputs installed in your SecureSync unit have specific settings that can be reviewed, and—to some extent—edited.

To display the settings of an output:

1.

Navigate to INTERFACES > OUTPUTS , and click on the desired output (recessed e.g.,

PPS Output 0 ):

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31 289

4.5  Quality Management

2.

The corresponding Status window will display:

Click the Edit button in the bottom-left corner to configure settings that are user-editable.

"Configuring Outputs" on page 142

4.5.1.7

Monitoring the Oscillator

The Oscillator Management screen provides current and history status information on disciplining state and accuracy.

To access the Oscillator Management screen:

1.

Navigate to MANAGEMENT > OTHER: Disciplining .

2.

The Oscillator Management screen will display. It consists of two panels:

290 CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31

4.5  Quality Management

The Oscillator Status Panel

This panel provides comprehensive information on the current status of SecureSync's timing state.

Oscillator Type : Type of oscillator installed in the unit.

Disciplining State : State of oscillator control and disciplining; indicates whether or not the internal oscillator is currently being disciplined (steered to an input reference). The states are: "Warm up", "Calibration", "Tracking Setup", "Lock State",

"Freerun", and "Fault".

1PPS Phase Error : A tracking measurement [scaled time, in ns, or ms] of the internal

1PPSs' phase error with respect to the selected input reference. Long holdover periods or an input reference with excessive jitter will cause the phase error to be high.

The oscillator disciplining control will gradually reduce the phase error over time.

Alternatively, restarting the tracking manually (see "Restart Tracking" under

"Configuring the Oscillator" on page 226

), or automatically via a pre-set Phase Error

Limit, will quickly reduce the phase error.

10 MHz Frequency Error : An internal estimated calculation (in Hertz) of the internal oscillator's frequency error, based on the phase accuracy error at the beginning and end of a frequency measurement window (the length of this window will vary depending upon the type of oscillator installed and the oscillator adjustment algorithm).

Current DAC Setting : Current DAC value, as determined by the oscillator disciplining system. The value is converted into a voltage that is used to discipline the oscillator. A stable value over time is desirable and suggests steady oscillator performance (see also the graph in the History Panel).

DAC Step : Step size for adjustments to the internal oscillator, as determined by the oscillator disciplining system. Larger steps = quicker, but coarser adjustments. The step size is mainly determined by the type of oscillator.

TFOM : The Time Figure of Merit is SecureSync’s estimation of how accurately the unit is synchronized with its time and 1PPS reference inputs, based on several factors, known as the Estimated Time Error or ETE. The larger the TFOM value, the less accurate SecureSync believes it is aligned with its 1PPS input that is used to perform disciplining. If this estimated error is too large, it could adversely affect the performance of oscillator disciplining. The available TFOM range is 1 through 15.

Max TFOM for Sync : Value, as set under

"Configuring the Oscillator" on page 226

Temperature(s) : Three temperatures are displayed:

Oscillator temperature, which has an effect on oscillator accuracy, and therefore can be used to interpret oscillator performance.

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31 291

4.5  Quality Management

Board temperature (measured on the main board, sometimes also referred to as 'System temperature')

CPU temperature

Note: Oscillator temperature is plotted over time in the History panel on the right, while graphs for board and CPU temperature can be found under TOOLS > SYSTEM: System

Monitor .

Note that older SecureSync units may not be equipped with temperature sensors yet. (Can be retrofitted, please contact Spectracom.)

For more information, see

"Temperature Management" on page 300

.

Last Time Reference Change : [Timestamp: Last occurrence]

Last 1PPS Reference Change : [Timestamp: Last occurrence]

Last TFOM Change : [Timestamp: Last occurrence]

Last Sync State Change : [Timestamp: Last occurrence]

Last Holdover State Change : [Timestamp: Last occurrence]

The Oscillator History Panel

The Oscillator History Panel offers real- time graphical monitoring of SecureSync’s internal timing. The following graphs plot key oscillator-relevant data over time::

Phase Error Magnitude : See

1PPS Phase Error

Frequency Error : See

10_MHz_Frequency_Error

Scaled DAC Value : See

DAC Step

Oscillator Temperature , which has an effect on oscillator accuracy, and therefore can be used to interpret oscillator performance. See also

"Temperature Management" on page 300

,

"The Oscillator Status Panel" on the previous page

.

You can zoom in on any of the graphs by grabbing the handles at either end and pulling them inwards. The graph will focus in on the time interval you choose in real time.

Clicking on the Delete icon in the top-right hand corner will erase all current oscillator log data.

Clicking on the Download arrow icon will download the latest oscillator log data as a .

csv file.

292 CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31

4.5  Quality Management

4.5.1.8

Monitoring the Status of Option Cards

SecureSync’s installed option cards can be monitored in real time through the

INTERFACES > OPTION CARDS drop-down menu. The menu will populate dynamically, depending on which option cards are installed.

Monitoring ALL Option Cards

To monitor all option cards, or a specific option card installed in your SecureSync:

1.

Navigate to INTERFACES , and click on OPTION CARDS :

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31 293

4.5  Quality Management

2.

The resulting screen will display all installed option cards, and their current status.

You can drill down on any of the listed input references and outputs by clicking the

INFO button (for status information), or the GEAR button (to edit settings).

Monitoring a SPECIFIC Option Card

To monitor the status of a selected option card:

1.

Navigate to INTERFACES > OPTION CARDS , and click on a specific option card, or one of its indented input references, or outputs drop-down menu.

294 CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31

2.

A window will display for the specific option you chose.

4.5  Quality Management

Via the GEAR button, INFO button, or Edit button you can access and edit more detailed settings.

4.5.1.9

NTP Status Monitoring

SecureSync's NTP Status Summary provides a means to monitor NTP status and performance parameters relevant to your SecureSync at a glance.

1.

To access the NTP Status Summary panel, navigate to MANAGEMENT >

NETWORK: NTP Setup .

2.

The NTP Status Summary panel is at the lower left of the screen. The panel contains the following information:

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31 295

4.5  Quality Management

Selected Ref —The reference SecureSync is currently using.

Stratum —This is the stratum level at which SecureSync is operating.

Leap Indicator —The leap indicator bits (usually 00). See

"Leap Second

Alert Notification" on page 161

.

Delay (ms) —The measured one-way delay between SecureSync and its selected reference.

Time Offset —This is a graphical representation of the system time offset over time. Clicking on this graph in the NTP Status Summary panel will open a window in the main panel containing a larger, more detailed view of the graph.

See

"The NTP Time Offset Performance Graph" below .

Offset (ms) —Displays the configured 1PPS offset values.

Frequency Offset —This is a graphical representation of the system frequency offset over time. Clicking on this graph in the NTP Status Summary panel will open a window in the main panel containing a larger, more detailed view of the graph. See

"The NTP Frequency Offset Performance Graph" on page 298 .

Jitter (ms) —Variance (in milliseconds) occurring in the reference input time

(from one poll to the next).

Jitter —This is a graphical representation of the system jitter over time. Clicking on this graph in the NTP Status Summary panel will open a window in the main panel containing a larger, more detailed view of the graph. See

"The

NTP Jitter Performance Graph" on page 299 .

Note: This panel is updated every 30 seconds, or upon clicking the browser refresh button.

The NTP Time Offset Performance Graph

To view the NTP Time Offset performance graph:

296 CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31

4.5  Quality Management

1.

Navigate to MANAGEMENT > NETWORK: NTP Setup .

2.

In the NTP Status Summary panel locate the Time Offset graph.

3.

Click the graph in the NTP Status Summary panel.

4.

The NTP Performance Graph panel will appear.

5.

To select the statistics for a particular day, select a date from the drop-down list in the Select Day for Statistics field. The default date is the present date. Click Apply .

6.

To display a higher resolution graph for a shorter time span, move one or both time

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31 297

4.5  Quality Management sliders at the bottom of the graph inwards.

The NTP Frequency Offset Performance Graph

To view the NTP Frequency Offset performance graph:

1.

Navigate to MANAGEMENT > NETWORK: NTP Setup .

2.

In the NTP Status Summary panel locate the Frequency Offset graph.

298

3.

Click the graph in the NTP Status Summary panel.

4.

The NTP Performance Graph panel will appear (the data may be displayed with a delay). The X-axis represents time, the Y-axis shows the frequency offset in partsper-million (PPM); e.g. 290 PPM is equivalent to .0290 percent.

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31

4.5  Quality Management

5.

To select the statistics for a particular day, select a date from the drop-down list in the Select Day for Statistics field (highlighted in green in the illustration above).

The default date is the present date. Click the Apply button.

To display a higher resolution graph of a shorter time frame, move one or both of the two sliders inwards.

The NTP Jitter Performance Graph

To view the NTP Jitter performance graph:

1.

Navigate to MANAGEMENT > NETWORK: NTP Setup screen.

2.

In the NTP Status Summary panel locate the Jitter graph.

3.

Click the graph in the NTP Status Summary panel.

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31 299

4.5  Quality Management

4.

The NTP Performance Graph panel will appear.

5.

To select the statistics for a particular day, select a date from the drop-down list in the Select Day for Statistics field. The default date is the present date. Click the

Apply button.

To display a higher resolution graph for a shorter time span, move one or both time sliders at the bottom of the graph inwards.

300

4.5.1.10

Temperature Management

SecureSync is equipped with one cooling fan, located behind the right-hand side of the front panel, and several hardware temperature sensors, including: the board temperature near the CPU the CPU temperature the air temperature near the oscillator .

Temperature readings are performed once per minute. The temperature data is logged, and can be visualized via graphs integrated into the Web UI. The temperature readings can also be used to control the fan. For details see below under Fan Control Feature .

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31

4.5  Quality Management

Units produced before 2016

SecureSync units produced before 2016 may not be equipped with the oscillator sensor.

They can be retrofitted, if so requested. For additional information, contact Technical Support (see

"Technical Support" on page 580 ). As the front panel cooling fan is internal tem-

perature controlled, the fan may not always be in operation. However, the fan may momentarily turn on each time SecureSync is power-cycled.

Units produced since 2016

Units produced since 2016 are often equipped with the Fan Control feature, which turns

ON the fan by default. This feature also allows for a custom temperature window to be set for the fan.

Fan Control Feature

The Web UI Fan Control feature allows you to define a temperature range for the fan to turn OFF and ON.

Note: Units produced before Dec. 2015 are not equipped with the Fan Control feature.

Does my unit have Fan Control?

To find out, navigate to the HOME screen. Your unit is equipped with the Fan Control feature, if there is a GEAR icon displayed in the System Status panel:

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31 301

4.5  Quality Management

To enable user-defined Fan Control:

The default fan setting is ALWAYS ON.

To apply custom fan temperature settings:

1.

Navigate to the HOME screen.

2.

In the System Status panel, click the Gear icon in the upper right-hand corner. The

System Options window will open:

302

3.

Choose between the Fan Settings :

Always On [Default]: The fan runs all the time.

User Defined : You determine the:

Fan Max Temperature : The CPU temperature in °C at which the fan will turn ON. It is advisable to set this temperature no higher than 40°C.

Fan Min Temperature : The CPU temperature in °C at which the fan will turn OFF (the default is 30°C).

The temperature between the two threshold values is the range in which the temperature is allowed to rise before the fan turns on again.

In addition there is a hardware temperature sensor that will automatically turn the fan ON if the measured temperature is over 40°C.

Temperature Monitoring

You can monitor the unit's measured temperatures actively by inspecting the temperature graphs in the Web UI, or passively by setting up automatic alarm messages.

Alarm notifications can be generated via SNMP Traps and Emails, as well as log messages in the Alarm and Event Logs. The alarms may optionally be masked.

Also, it is possible to implement a delay by setting the number of times the 1/minute readings need to exceed a temperature threshold before an alarm is triggered.

Monitoring CPU and Board Temperature

Current readings for Oscillator/Board/CPU Temperature are displayed in the System

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31

4.5  Quality Management

Status panel, which can be accessed via the HOME screen, or via TOOLS > System Monitor .

CPU and Board Temperature graphs are displayed under TOOLS > System Monitor :

The graph for the Oscillator Temperature is displayed under MANAGEMENT > OTHER:

Disciplining :

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31 303

4.5  Quality Management

304

Temperature readings are subject to environmental conditions and hardware configuration e.g., oscillator type. Under normal operating conditions, all temperatures should remain fairly constant. Drastic changes may indicate e.g., a problem with the fan. Note that the oscillator temperature will have a direct impact on its accuracy, i.e. there is a strong correlation between disciplining performance and oscillator temperature.

Setting Temperature Monitoring Alarms

Navigate to MANAGEMENT > OTHER: Notifications . In the Events panel, select the System tab:

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31

4.5  Quality Management

Under the System tab, you can set Notifications for Minor and Major Alarms/Clearances.

The temperature readouts used for the Alarms are generated by the CPU temperature sensor .

Also, you can set the temperature threshold value for Minor/Major alarms, and define a retry value by determining how many readings (1/min.) the temperature must exceed the threshold value before an alarm/clearance is triggered.

The default temperature threshold value for both Minor, and Major Alarms is 100°C. With simultaneous alarm triggerings, the Major Alarm will override the Minor Alarm, i.e. you will be notified only about the Major Alarm. If you want to be notified early about a rise in temperature, a recommended setting for the Minor Alarm temperature would be 90°C. Please

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31 305

4.5  Quality Management note that it is not advisable to set the Major Alarm temperature to a value higher than

100°C.

Downloading Temperature Data

It is possible to download the temperature data e.g., to plot your own temperature graphs, or because Orolia Technical Support inquires about this data for diagnostic purposes in the event of technical problems.

To download the logged data used to generate the displayed graphs, navigate to any panel that displays one or more graphs (see above), and click on the Arrow icon in the top-right corner.

A file named systemMonitorLog.csv

file will be generated in your designated download folder.

Deleting Temperature Data

Temperature graphs (and other graphs as well) will display up to approximately 10000 readings, which are generated at a 1/min. rate, i.e. the data displayed covers about 7 days.

Thereafter, the oldest data gets overwritten.

To delete the logged data used to generate the displayed graphs, click the TRASH

CAN icon in the top-right corner of the panel.

Note that re-populating the graphs with fresh data will take several minutes.

Temperature Readout via CLI

Temperature data can be read out via the CLI using the i2cget command:

E X A M P L E : i2cget -y 0 0x4d <register> i2cget returns temperature in Celsius in hex format. No additional conversion required.

Further reading

See also:

"Troubleshooting the Front Panel Cooling Fan" on page 348

.

4.5.2

Logs

SecureSync maintains different types of event logs (see below) to allow for traceability, and for record keeping. Should you ever require technical support from Orolia, you may be asked for a copy of your logs to facilitate remote diagnosis.

Logs stored internally are being kept automatically, while the storage of log files in a remote location has to be set up by the user.

306 CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31

4.5  Quality Management

For each type of log, four 75 KB files are maintained internally on a revolving basis, i.e. the oldest file will be overwritten, as soon as all four files have filled up with event data. The life expectancy of a log file depends on the amount of data accumulating over time: Some types of logs will fill up within days, while others can take months until they have reached their maximum storage capacity.

You can delete logs at any time, see

"Clearing Selected Logs" on page 322

.

4.5.2.1

Types of Logs

SecureSync generates log files for the following event categories:

Alarms Log

Displays log entries for the Timing System, for example:

The Unit has Rebooted : SecureSync was either rebooted or power cycled.

In Holdover : Input references were available, but all input references have since been lost. If the references are not restored before the Holdover period expires, time sync will be lost.

No longer in Holdover : Input references were lost at one point (or declared not valid), but have since been restored OR the Input references were not restored before the Holdover period expired (Time Sync alarm is asserted).

In Sync : SecureSync is synchronized to its selected Time and 1PPS reference inputs.

Not In Sync : SecureSync is not synchronized to its Time and 1PPS inputs and is not currently in Holdover. NTP will indicate to the network that it is Stratum 15 and so the time server likely be ignored as a time reference.

Frequency Error : The oscillator’s frequency was measured and the frequency error was too large. Or, the frequency couldn’t be measured because a valid input reference was not available.

Reference change : SecureSync has selected a different Time and 1PPS input reference for synchronization. Either the previously selected input reference was declared not valid (or was lost), so a lower priority reference (as defined by the Reference Priority Setup table) is now selected for synchronization OR a valid reference with higher priority than the previous reference is now selected for synchronization.

E X A M P L E :

GNSS is the highest priority reference with IRIG input being a lower priority. SecureSync is synced to GNSS and so GNSS is the selected reference. The GNSS antenna is disconnected and

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31 307

4.5  Quality Management

IRIG becomes the selected reference. The Reference change entry is added to this log.

Authentication Log

Displays log entries for authentication events (e.g., unsuccessful login attempts, an incorrectly entered password, etc.) that are made to SecureSync’s command line interfaces

(such as the front panel setup port, telnet, SSH, FTP, etc.).

Events Log

Displays log entries related to GNSS reception status changes, Sync/Holdover state changes, SNMP traps being sent, etc. Examples include:

Reference Change : SecureSync has switched from one input reference to another

(for example, IRIG was the selected input being used, but now GNSS is the selected reference).

GPS Antenna Problem : The GPS Antenna Problem alarm indicates the GNSS receiver has detected an over-current or undercurrent condition (an open or short exists in the GNSS antenna cable, or the GNSS antenna is not connected to

SecureSync). The receiver will attempt to continue the normal acquisition and tracking process regardless of the antenna status. The current draw measurements that will indicate an antenna problem are:

Under-current indication < 8 mA

Over-current indication > 80 mA

Note: This alarm condition will also be present if a GNSS antenna splitter that does not contain a load to simulate an antenna being present is being used.

GPS Antenna OK : The antenna coax cable was just connected or an open or short in the antenna cable was being detected but is no longer being detected.

Frequency Error : The oscillator’s frequency was measured and the frequency error was too large. Or, the frequency couldn’t be measured because a valid input reference was not available.

Frequency Error cleared : The Frequency Error alarm was asserted but was then cleared.

In Holdover : Input references were available, but all input references have since been lost. If the references are not restored before the Holdover period expires, time sync will be lost.

308 CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31

4.5  Quality Management

No longer in Holdover : Input references were lost at one point (or declared not valid), but have since been restored OR the Input references were not restored before the Holdover period expired (Time Sync alarm is asserted).

In Sync : SecureSync is synchronized to its Time and 1PPS inputs.

Not In Sync : SecureSync is not synchronized to its Time and 1PPS inputs and is not currently in Holdover. NTP will indicate to the network that it is Stratum 15 and so the time server likely be ignored as a time reference.

Sending trap for event 1 (SNMPSAD) : An SNMP trap was sent by the SNMP agent to the SNMP Manager. The event number in this entry indicates which SNMP trap was sent.

The Unit has Rebooted : SecureSync was either rebooted or power cycled.

Journal Log

Displays log entries created for all configuration changes that have occurred (such as creating a new user account, for example).

NTP Log (Not Configurable)

The NTP log displays operational information about the NTP daemon, as well as NTP throughput statistics (e.g., packets/sec.). Examples for entries in this log include indications for when NTP was synchronized to its configured references (e.g., it became a Stratum 1 time server), as well as stratum level of the NTP references.

The NTP throughput statistics data can be utilized to calculate mean values and the standard deviation.

Example log entries include:

Synchronized to (IP address), stratum=1 : NTP is synchronizing to another

Stratum 1 NTP server.

ntp exiting on signal 15 : This log entry indicates NTP is now indicating to the network that it is a Stratum 15 time server because it is not synchronized to its selected reference.

Time reset xxxxx s : These entries indicate time corrections (in seconds) applied to

NTP.

No servers reachable : NTP cannot locate any of its configured NTP servers.

Synchronized to PPS(0), stratum=0 : NTP is synchronized using the PPS reference clock driver (which provides more stable NTP synchronization).

Oscillator Log

Displays log entries related to oscillator disciplining. Provides the calculated frequency error periodically while synchronizing to a reference.

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31 309

4.5  Quality Management

GPS Qualification Log

If SecureSync is connected to a GNSS antenna and is tracking satellites, this log contains a running hourly count of the number of GNSS satellites tracked each hour. This history data can be used to determine if a GNSS reception problem exists and whether this is a continuous or intermittent reception issue.

GNSS reception may be displayed as cyclic in nature. A cyclic 12 hour pattern of decreased

GNSS reception typically indicates that the GNSS antenna has an obstructed view of the horizon. The GNSS satellites are in a 12-hour orbit, so if part of the sky is blocked by large obstructions, at the same time every day (at approximately 12 hour intervals), the GNSS reception may be reduced or may vanish altogether. If this occurs, the antenna should be relocated to afford it an unobstructed view of the sky.

Every hour (displayed in the log as UTC time), SecureSync counts the total number of satellites that were tracked during that hour. The GNSS qualification log shows the number of satellites that were tracked followed by the number of seconds that the particular number of satellites were tracked during the hour (3600 seconds indicates a full hour). The number to the left of the “=” sign indicates the number of satellites tracked and the number to the right of the “=” sign indicates the number of seconds (out of a total of 3600 seconds in an hour) that the unit was tracking that number of satellites. For example, “0=3600” indicates the unit was tracking 0 satellites for the entire hour, while “0=2700 1=900” indicates the unit was tracking one satellite for 900 seconds, but for the remaining portion of the hour it was tracking zero satellites.

Every hourly entry in the log also contains a quality value, represented by “Q= xxxx”

(where x can be any number from 0000 through 3600). The Qualification log records how many satellites were tracked over a given hour. If for every second of the hour a tracked satellite was in view, the Quality value will equal 3600. For every second SecureSync tracked less than the minimum number of satellites, the value will be less than 3600. The minimum requirement is one satellite at all times after the unit has completed the GNSS survey and indicates “Stationary”. A minimum of four satellites are required in order for the

GNSS survey to be initially completed.

If all entries in the qualification log are displayed as “0=3600”, a constant GNSS reception problem exists, so the cause of the reception issue is continuous. If the unit occasionally shows 0=3600 but at other times shows that 1 through 12 have numbers of other than

“0000”, the reception is intermittent, so the cause of the reception issue is intermittent. If the Quality value normally equals 3600 but drops to lower than 3600 about every 12 hours, the issue is likely caused by the GNSS antenna having an obstructed view of the sky.

E x a m p l e G P S Q u a l i f i c a t i o n L o g E n t r y :

6 = 151 7 = 1894 8 = 480 9 = 534 10 = 433 12 = 108 Q = 3600

310 CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31

4.5  Quality Management

In this example, SecureSync tracked no less that 6 satellites for the entire hour. Out of the entire hour, it was tracking 6 satellites for a cumulative total of 151 seconds (not necessarily in a row). For the duration of the hour, it was tracking, 7, 8, 9, 10 and 12 satellites for a period of time. Because it was tracking at least at least one satellite for the entire hour, this

Quality value is Q=3600.

Note: If SecureSync is not connected to a GNSS antenna, this log will remain empty.

System Log

Displays log entries related to the Timing System events and daemon events (such as the

Alarms, Monitor, Notification, or SNMP daemons starting or stopping, etc.)

Timing Log

Displays log entries related to Input reference state changes (for example, IRIG input is not considered valid), antenna cable status. Examples include:

GR GR = GNSS Reference 1 antenna fault : The GNSS Antenna Problem alarm indicates the GNSS receiver has detected an over-current or undercurrent condition (an open or short exists in the GNSS antenna cable, or the GNSS antenna is not connected to SecureSync). The receiver will attempt to continue the normal acquisition and tracking process regardless of the antenna status.

GR antenna ok : The antenna coax cable was connected at this time or an open or short in the antenna cabling was occurring but is no longer being detected.

Update Log

Displays log entries related to software updates that have been performed.

4.5.2.2

Local and Remote Logs

SecureSync logs are all stored internally by default. With the exception of the NTP log, all logs can also be configured to be stored externally, if so desired.

The log entries for the logs can also be configured to be automatically sent to a Syslog

Server for external log storage. In order for these logs to be sent to a Syslog server, each desired log needs to be configured for Syslog operation. With the exception of the

Authentication and NTP logs, all log setup options can be configured from the Logs Configuration page.

1

GR = GNSS Reference

311

4.5  Quality Management

Note: The NTP log has no available configuration options.

In each log, entries appear with the most recent events first (i.e. in reverse chronological order, starting from the top).

To set up a remote log server, see

"Setting up a Remote Log Server" on page 319

.

4.5.2.3

The Logs Screen

The Logs Screen not only provides a status overview of all log types, but also allows for all logs to be configured.

To access the Logs Screen:

1.

Navigate to MANAGEMENT > OTHER : Log Configuration.

2.

The Logs screen will appear. It is divided into three panels:

312

The Logs panel

The Logs panel on the right-hand side provides a logs overview, displaying the status of all

SecureSync logs.

To read a log, click the corresponding INFO button.

To configure a log, click the corresponding PENCIL button.

To clear a log, click the X-button.

Note: The Clear File feature does not delete any of the logs that have been sent to and stored in a Syslog server.

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31

4.5  Quality Management

A green indicator lamp shows if events of the corresponding log category are stored remotely or locally.

The Logs Actions panel

The Actions panel on the upper-left corner of the Logs screen allows you to perform batch actions on your logs:

Save and Download All Logs —Save and download all the logs on SecureSync.

See also:

"Saving and Downloading Logs" on page 315

.

Clear All Logs —Clear all the logs on SecureSync. See also:

"Clearing Selected

Logs" on page 322

.

Restore Configuration —Restore all log configurations to their factory settings.

See also:

"Restoring Log Configurations" on page 321 .

The Remote Log Server panel

The Remote Log Server panel, which is where you set up and manage logs on one or more remote locations. See also:

"Setting up a Remote Log Server" on page 319

.

4.5.2.4

Displaying Individual Logs

Next to displaying a Logs overview (see

"The Logs Screen" on the previous page

), it is also possible to access individual SecureSync logs:

1.

From the TOOLS drop-down menu, select the desired Logs category (for example,

“Alarms”, or “Events”) from the right-hand column.

– OR –

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31 313

4.5  Quality Management

1.

Access the Logs screen through the MANAGEMENT > OTHER: Log Configuration drop-down menu:

2.

The Logs screen will be displayed:

3.

Click on the INFO button for the desired log category.

314 CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31

4.5  Quality Management

4.

A short log will be displayed, showing recent entries. Click on the ARROWS icon in the top-right corner to expand to the full Logs view:

4.5.2.5

Saving and Downloading Logs

The SecureSync Web UI offers a convenient way to save, bundle, and download all logs in one simple step. This feature may be useful when archiving logs, for example, or for troubleshooting technical problems: Spectracom Technical Support/Customer Service may ask you to send them the bundled logs to remotely investigate a technical concern.

To save, bundle, and download all logs:

1.

Navigate to MANAGEMENT > OTHER: Log Configuration .

2.

On the left side of the screen, in the Actions panel, click on the Save and Download All Logs button.

By default, the log file will be saved in your local Downloads folder under the name securesync.log

.

The file is compressed; extract the .csv file using a standard decompression tool.

3.

If so asked by Spectracom Technical Support, attach the bundled log files (typically together with the oscillator status log, see:

"Saving and Downloading the Oscillator

Log" on the next page ) to your e-mail addressed to Spectracom Technical Support.

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31 315

4.5  Quality Management

Saving and Downloading the Oscillator Log

The oscillator status log captures oscillator performance data, such as frequency error and phase error. The data can be retrieved as a comma-separated .csv file that can be read and edited with a spreadsheet software, such as Microsoft Excel ® . You may want to review and/or keep this data for your own records, or you may be asked by Spectracom Technical

Support to download and send the oscillator status log in the event of technical problems.

To download the oscillator status log:

1.

Navigate to MANAGEMENT > OTHER: Disciplining .

2.

Click on the ARROW icon in the top-right corner of the screen. Save the .csv file to your computer.

316

3.

If so asked by Spectracom Technical Support, attach the oscillator status log file (typically together with the bundled SecureSync log files, see:

"Saving and Downloading

Logs" on the previous page ) to your e-mail addressed to Spectracom Technical Sup-

port.

4.5.2.6

Configuring Logs

Note: The NTP log has no available configuration options.

To configure a log:

1.

Navigate to MANAGEMENT > OTHER: Log Configuration .

2.

In the Logs panel select the log category you wish to configure e.g., System , then click the PENCIL button next to it.

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31

4.5  Quality Management

3.

In the Log File window, fill in the available fields (see below for explanations).

4.

Click Submit .

The following log configuration options are available: a.

Add/Remove Remote Server : The Syslog server(s) to which remote logs are sent.

This panel is only available if Remote Log is checked below in the Log Configuration panel. If the log has a remote log server to which it writes, the name of the server will appear here. Click Delete to remove the remote server.

Note: Clicking the Delete button in the Log File configuration window does NOT remove the remote log server from the network. In this instance it merely deselects the server as that particular log’s remote log server.

If the log does not have a remote log server assigned, there will be a drop-down list of server choices.

If this list is empty, you will need to set up a remote log server through the Remote

Log Server panel. See

"Setting up a Remote Log Server" on page 319 .

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31 317

4.5  Quality Management

318

Click Add to add a remote server from the drop-down list.

b.

Log File : Displays the name of the log file being configured.

c.

Facility : Value (defined by the Syslog server) to determine where the log is stored in the Syslog server. Set this value to match the scheme used by the remote server.

d.

Priority : Value (defined by the Syslog server) to determine where the log is stored in the Syslog server. Set this value to match the scheme used by the remote server.

Note: Regarding Facility and Priority values: In addition to configuring the log entries to be sent to a specific location in the Syslog server, the combination of these two values also determines which local log the entries are sent to inside the unit.

Changing either or both of these values from the factory default values will alter which log the entries are sent to inside SecureSync.

The table below indicates which Log Tab the log entries will be sent to (by default), based on the configuration of these two values.

If remote logging is not being used, the Facility and Priority values should not be changed from the default values. Altering these values can cause log entries that have similar values to be sent to the same log file (combining different types of log entries into one log). The factory default settings for the Facility and Priority configurations of all logs that can be sent to a Syslog server are as follows:

Table 4-1: Factory default facility and priority codes

Log Tab Name Facility Priority

Event Local Use 7 Alert

Alarms

Oscillator

GPS Qualification

Journal

Update

Timing

System

Local Use 7

Local Use 7

Local Use 7

Local Use 7

Local Use 7

Local Use 7

Local Use 7

Critical

Debug

Warning

Notice

Information

Error

Emergency

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31

4.5  Quality Management e.

Local Log : Enable or disable this particular log being stored inside SecureSync.

When this box is checked, the log will be stored in SecureSync.

f.

Remote Log : Configure the desired Syslog servers. When this box is checked, the particular log will be sent to a Syslog server.

In order for the logs to be formatted correctly for Syslog storage, all log entries are displayed using Syslog formatting. Each log entry contains the date and time of the event, the source of the log entry, and the log entry itself.

The “time” of all log entries will be in UTC, Local, TAI or GPS time, as configured under

MANAGEMENT > OTHER: Time Management > System Time . For more information, see

"Timescales" on page 153 .

4.5.2.7

Setting up a Remote Log Server

Storing log files on a remote log server supports advanced logging functionality.

Adding a remote log server:

1.

Navigate to MANAGEMENT > OTHER: Log Configuration.

2.

In the Remote Log Server panel, click on the PLUS icon in the top-right corner of the panel. The Add Remote Log Servers window displays.

3.

Enter the IP address or host server name (e.g., “MyDomain.com”) you want to use as a remote log server.

4.

Click the Submit button.

5.

Your remote log server will appear in the Remote Log Server panel, and as a

SERVER NAME in any Log File configuration screen:

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31 319

4.5  Quality Management

6.

Once a remote log server has been setup successfully, do not forget to configure the logs to be sent to the remote server, see

"Configuring Logs" on page 316 .

Changing or deleting a remote log server:

1.

Navigate to MANAGEMENT > OTHER: Log Configuration .

2.

In the Remote Log Server panel locate the remote server you wish to change or delete.

320

3.

Choose the MINUS button to delete the remote log server. Confirm by clicking OK in the message window.

—OR—

3.

In the Remote Log Server panel, click the GEAR button to change the remote log server. Type in a new IP address or host domain server (e.g., MyDomain.com).

Note: Clicking the Delete button in any of the Log file configuration windows does NOT remove the chosen remote log server from the network; it merely deselects the server as that particular log’s remote log server.

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31

4.5  Quality Management

Note: In the event that a syslog server does not support listening on the standard syslog port, you may redirect the syslog port to the desired port by utilizing built-in port forwarding capability in network switches (search online for port forwarding or port mapping ).

4.5.2.8

Restoring Log Configurations

To restore log configurations:

1.

Navigate to the MANAGEMENT > OTHER: Log Configuration .

2.

In the Actions panel, click on the Restore Configurations button.

3.

Click the Browse button.

4.

Navigate to the directory where the configurations are stored and click Upload .

4.5.2.9

Clearing All Logs

Note: Authentication logs and NTP logs cannot be cleared.

All local logs in the home/spectracom directory will be logged. Other logs e.g., located on

Syslog Servers, must be maintained by the user.

To clear all locally stored log files:

1.

Navigate to MANAGEMENT > OTHER: Log Configuration .

2.

In the Actions panel, click Clear All Logs :

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31 321

4.6  Updates and Licenses

3.

In the grey confirmation window, click OK .

4.5.2.10 Clearing Selected Logs

Note: NTP logs cannot be cleared.

To clear selected locally stored log files:

1.

Navigate to MANAGEMENT > OTHER: Log Configuration .

2.

In the Logs panel, click the X-icon next to the log category you wish to clear (e.g.,

Alarms log).

322

3.

In the grey confirmation box, click OK .

4.6

Updates and Licenses

4.6.1

Software Updates

Spectracom periodically releases new versions of software for SecureSync. These updates 1 are offered for free and made available for download from the Spectracom

1 The terms update and upgrade are both used throughout Spectracom technical literature, as software releases may include fixes and enhancements, as well as new features.

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31

4.6  Updates and Licenses website. If you register your product, you will be notified of software updates.

To download a software update for your SecureSync as it becomes available, click

here

.

This web page also offers detailed instructions on how to perform a software update.

General Notes:

SecureSync will save system configurations across upgrades but will not save other information. In particular, update files may not be retained after a successful update.

All system elements will be forced to the versions in the update file, and all configuration information will be erased as part of the update. See

"Backing-up and Restoring Configuration Files" on page 327

for details.

To “roll back” system elements to an earlier version, select the older Update File in the

Choose File pull- down, select both Update System and Force Update , and click

Update . All system elements will be “forced” to the version in the update file.

Step-by-Step Instructions:

Note: These instructions apply to updates to recent software. Updates to software versions older than 5.0.x may require additional steps. These will be covered in the Software Update Instructions documents, which can be found under the above-mentioned link.

1.

In the Web UI, under Tools > Upgrade/Backup , determine the System software version and the type of GNSS receiver . Proceed if your existing software is V5.1.5 or

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31 323

4.6  Updates and Licenses higher, AND you have a RES-SMT GG receiver.

(Otherwise, consult the above-mentioned instructions for updating SecureSync software.)

2.

Free up disk space, if needed:

Under Tools > Upgrade/Backup > Disk Status , check Percent Used : If the number is greater than 70% , free up disk space.

Note: If required, existing logs can be archived; for details consult the above-mentioned instructions for updating SecureSync software.)

To free up disk space: a.

Delete old log files: Tools > Upgrade/Backup > Disk Status > Clear All

Logs .

b.

Delete old statistics files: [~] > Clear All Stats .

c.

Delete previous Upgrade files: Tools > Upgrade/Backup > Actions >

Update System > Delete Upgrade File (s). Note that Delete Upgrade File and Update System cannot be selected at the same time.

3.

Verify that your disk has enough life left to perform the upgrade. Navigate to Tools

> Upgrade/Backup > Disk Health . If the Health is listed as OK, your disk has the capacity to upgrade sucessfully. If the health is listed as Disk Maintenance Required, and your disk has less than three months of remaining life, you should NOT upgrade.

Contact Technical Support..

4.

Download

the upgrade software bundle onto your PC.

5.

Check if you have any of the following option cards installed:

Simulcast (Model 1204-14)

PTP (Model 1204-12)

Gigabit Ethernet (Model 1204-06)

If this is the case, see above-mentioned instructions for updating SecureSync software (unless this has been addressed at an earlier update).

6.

Perform the actual upgrade by navigating to TOOLS > Upgrade/Backup >

Actions : Update System File : Upload the upgrade software bundle previously downloaded onto your PC ( updateXYZ.tar.gz

), and carry out the upgrade, as instructed.

7.

Verify that the upgrade was successful: Tools > Upgrade/Backup , confirm the new

SW version.

324 CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31

4.6  Updates and Licenses

Note: In case the update failed, see

"Troubleshooting Software Update" on page 350

for additional information.

4.6.2

Applying a License File

Software options must be activated by applying a license file (OPT-xyz):

Typically, SecureSync units are shipped with the license file pre-installed, reflecting the system configuration as ordered. If, however, a feature is to be activated after delivery of the

SecureSync unit, please contact your local Orolia Sales Office first to have a license file generated. License files are archive files with a tar.gz

extension. One license file may contain multiple licenses for multiple products.

To apply the license file, you need to upload it into your SecureSync unit and install it:

1.

Save the license file license.tar.gz

to a location on your PC (which needs to be connected to the same network SecureSync is.)

2.

Open the SecureSync Web UI, and navigate to Tools > Upgrade/Backup :

3.

In the Actions panel, click Apply License File .

4.

In the Apply License File window, click Upload New File .

5.

In the Upload File window, click Choose File . Using the Explorer window, navigate to the location mentioned under the first step, select the license file, and monitor the installation progress in the Status Upgrade window until the application has rebooted.

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31 325

4.7  Resetting the Unit to Factory Configuration

6.

Refresh the browser window, and login to the Web UI again. Re-navigate to Tools >

Upgrade/Backup , and confirm that the newly installed Option is listed in the System Configuration panel.

4.7

Resetting the Unit to Factory Configuration

In certain situations, it may be desired to reset all SecureSync configurations back to the factory default configuration. The GNSS location, any SecureSync configurations and the locally stored log files can be cleared via the Web UI.

Caution: It is not possible to clear the Authentication logs and NTP logs.

Note: Restoring configurations (reloading a saved configuration), erasing the stored GNSS location and clearing the log files are separate processes.

You may restore one without restoring the others.

If SecureSync was assigned a static IP address before cleaning the configurations, it will be reset to DHCP after the clean has been performed. If no DHCP server is available after the clean operation, the static IP address will need to be manually reconfigured. See

"Assigning a Static IP Address" on page 48 .

4.7.1

Resetting All Configurations to their Factory Defaults

To restore the configuration files to their factory defaults:

1.

Navigate to TOOLS > SYSTEM: Upgrade/Backup .

2.

In the Actions panel, click the Restore Factory Defaults (Clean) button.

326 CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31

4.7  Resetting the Unit to Factory Configuration

3.

SecureSync restores the configuration files to the factory settings, and then reboots in order to read the new configuration files. Once powered back up, SecureSync will be configured with the previously stored files.

Note: While the geographic GNSS position is stored and retained through power cycles, choosing Clean (Restore Factory Configuration) will erase the stored GNSS position.

Erasing the position stored in your GNSS receiver means that the next time the

GNSS antenna is connected and the GNSS receiver is able to continuously track at least four satellites, a new GNSS survey will be initiated, so the position can be recalculated and locked-in. A GNSS survey typically takes up to 33 minutes.

4.7.2

Backing-up and Restoring Configuration Files

Once SecureSync has been configured, it may be desired to back up the configuration files to a PC for off-unit storage. If necessary in the future, the original configuration of the

SecureSync can then be restored into the same unit.

The capability to backup and restore configurations also adds the ability to “clone” multiple

SecureSync units with similar settings. Once one SecureSync unit has been configured as desired, configurations that are not specific to each unit (such as NTP settings, log configs, etc.) can be backed up and loaded onto another SecureSync unit for duplicate configurations.

There are several configuration files that are bundled in one file for ease of handling.

Note: For security reasons, configurations relating to security of the product, such as SSH/SSL certificates, cannot be backed up to a PC.

4.7.2.1

Accessing the System Configuration Screen

The System Configuration Screen provides comprehensive information about hardware and software status. To access the System Configuration screen:

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31 327

4.7  Resetting the Unit to Factory Configuration

1.

Navigate to TOOLS > SYSTEM: Upgrade/Backup .

2.

The System Configuration screen will display:

328

The System Configuration screen consists of 6 panels:

The Actions panel

The Actions panel is used for updating the system software, managing license files, saving and restoring the configuration files, and restoring the factory defaults.

The System Configuration panel

The System Configuration panel provides the following information:

System —The model name of this unit, and the software version currently installed.

Model —The model number of this unit.

Serial Number —The serial number of this unit.

Power Supply —The type of power supply installed in this unit. This can be AC, DC or both.

Oscillator —The type of internal timing oscillator installed in this unit.

Timing Processor —The timing processor in use with this unit.

GNSS Receiver —The GNSS receiver in use with this unit.

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31

4.7  Resetting the Unit to Factory Configuration

HW Slots 1–6 —The Option Cards installed in this unit.

Option —The optional features also included on this unit.

The Upgrade Log panel

The upgrade log is a running log of system upgrades, used for historical and troubleshooting purposes. It can be expanded by clicking on the DIAGONAL ARROWS icon in the topright corner:

Each log entry is comprised of a unique ID, the date the entry was created, the originator of the entry, and the actual message. Refresh the log by clicking the CIRCLE ARROWS icon in the top- right corner. Go to the First, Last, or Previous entries by clicking the corresponding buttons in the bottom-right corner.

The Disk Status panel

The Disk Status panel provides information on the Compact Flash card memory usage.

This information is relevant for troubleshooting purposes, and when preparing the system for a software update.

The Disk Health panel

The Disk Health panel provides information about the remaining life that is present on your disk.

The Software Versions panel

This panel provides version information on the different SW components utilized by the system.

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31 329

4.7  Resetting the Unit to Factory Configuration

4.7.2.2

Saving the System Configuration Files

To save (back up) the system configuration files:

1.

Navigate to TOOLS > SYSTEM: Upgrade/Backup .

2.

In the Actions panel, click the Save Configuration button.

3.

Click OK in the grey confirmation window that displays.

4.

Save the configuration file to a directory where it will be safe. SecureSync simultaneously saves a file at /home/spectracom/xfer/config/securesync.conf

.

4.7.2.3

Uploading Configuration Files

To upload configuration files from a PC:

1.

Navigate to TOOLS > SYSTEM: Upgrade/Backup .

2.

In the Actions panel, click the Upload Configuration button.

330

3.

Click Choose File in the window that displays, and navigate to the directory on your

PC where the bundled file is stored.

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31

4.7  Resetting the Unit to Factory Configuration

4.

Click the Upload button. SecureSync saves the uploaded bundled file in the

/home/spectracom/xfer/config/ directory.

Note: When uploading files remotely via long distances, or when uploading multiple files via several browser windows simultaneously, the upload process may fail to complete. In this case, cancel the upload by clicking X, and go back to Step 2.

5.

To use the new configuration file for this SecureSync, click the Restore Configuration button, and follow the procedure described under

"Restoring the System Configuration" below

.

4.7.2.4

Restoring the System Configuration

To restore the System Configuration:

1.

Navigate to TOOLS > SYSTEM: Upgrade/Backup .

2.

In the Actions panel, click Restore Configuration .

3.

Click OK in the grey confirmation window. The system will restore the configuration using the bundled file stored at

/home/spectracom/xfer/config/ SecureSync .conf

, then reboot in order to

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31 331

4.7  Resetting the Unit to Factory Configuration read the new configuration file. Once powered back up, SecureSync will be configured with the previously stored file.

4.7.2.5

Restoring the Factory Defaults

For instructions on how to restore the SecureSync's configuration files to their factory default settings see

"Resetting All Configurations to their Factory Defaults" on page 326 .

4.7.3

Cleaning the Configuration Files and Halting the System

The "Clean and Halt" procedure restores the configuration files to their factory defaults and then immediately halts the system, so as to prevent any changes from being applied to the factory default condition.

To perform a "Clean and Halt":

1.

Navigate to TOOLS > SYSTEM: Upgrade/Backup .

2.

In the Actions panel, click * Clean Configuration and Halt * .

332

3.

SecureSync restores the configuration files to their factory default, and halts the system.

4.7.4

Default and Recommended Configurations

The factory default configuration settings were chosen for ease of initial setup. However, some of the default settings may deviate from best practices recommendations. The following table outlines the differences between factory default and recommended configuration settings for your consideration:

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31

4.7  Resetting the Unit to Factory Configuration

Table 4-2: Default and recommended configurations

Feature Default Setting Recommended Setting

Where to

Configure

HTTP Enabled Disabled

Disabled or Enabled (with SNMP v3 w/ encryption*)

Web UI or

CLI

HTTPS Enabled (using customer-generated certificate and key or default Spectracom self-signed certificate and common public/private key SSH/SCP/SFTP enabled with unit unique 1024-bit keys)

Web UI

SNMP Enabled Web UI

NTP Enabled (with no MD5 values entered)

Daytime

Protocol

Disabled

Time

Protocol

Disabled

Enabled (use MD5 authentication with user-defined keys)

Web UI

Disabled Web UI

Disabled

Command Line Interface

Web UI

Serial

Port

Available

Telnet Enabled

SSH Enabled (default private keys provided)

Available

Disabled (use SSH instead)

Enabled n/a

Web UI

Web UI

FTP

SCP

SFTP

Enabled

Available

Available

File Transfer

Disabled (use SFTP or SCP)

Disabled (use SFTP or SCP)

Disabled (use SFTP or SCP)

Web UI

Web UI

Web UI

* Orolia recommends that secure clients use only SNMPv3 with authentication for secure installations.

4.7.5

Sanitizing the Unit

The concept of sanitizing a SecureSync unit refers to erasing usage data that may be stored in volatile and/or non-volatile memory, i.e. permanently eliminating any data that could be used to trace the unit's former usage. This data may include – but is not limited to

– logs, configuration settings, IP addresses, passwords, GNSS geographic positioning data, and network-specific usage data.

From a top level, cleaning a SecureSync involves restoring the following to factory default configurations:

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31 333

4.7  Resetting the Unit to Factory Configuration

1.

The file system on the Compact Flash (CF) card is restored to factory state by removing the logs and restoring all configuration files to the default factory state.

2.

Commercial GPS/GNSS receivers have stored position data deleted, and are setup to resurvey on reboot.

The command line gpsreset clean option erases the GPS/GNSS receiver flash memory, returning it to factory state and setting up to resurvey.

3.

SAASM GPS receivers are zeroized which deletes position, GPS data and keys.

Without valid keys the SAASM GPS only operates in L1 C/A mode like a commercial GPS receiver.

4.7.5.1

Physically Removing the CF Card

1.

Read the topic

"SAFETY" on page 34

and follow all applicable instructions pertaining to safety and ESD compliance.

2.

Remove the top cover off the chassis.

3.

Locate the card socket on the main PCB.

4.

Remove the metal bar that holds the card in the socket.

334

4.7.5.2

Cleaning/Restoring

Starting in system software version 4.8.7 (see under TOOLS > SYSTEM:

Upgrade/Backup ), the Compact Flash card can be modified in several different ways via

Actions panel under TOOLS > SYSTEM: Upgrade/Backup :

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31

4.7  Resetting the Unit to Factory Configuration

Restore Configuration : This will reset all user configurations to factory defaults with the exception of networking settings and GPS position. Network settings can be changed, if desired, via the Web UI, via the front panel, or the serial command line interface. The GPS position can be deleted via INTERFACES > REFERENCES:

GNSS 0 .

* Clean Configuration and Halt * : This will delete the network settings and the

GPS position, as well as resetting all other user configurations to factory default.

Alternatively, "Clean" or "CleanHalt" can be initiated through the front panel or command line interface.

4.7.5.3

Removing Other Files From the CF Card

While the restore and clean functions reset the configuration parameters, they do not remove any files that may have been uploaded via FTP. One way to delete these files, if any, is via the Update System Software functionality under TOOLS > SYSTEM:

Upgrade/Backup .

The Clean Upgrade function wipes the CF card clean and recreates every system file. An upgrade alone does not.

Note: When selecting both the Perform Upgrade checkbox, and the Clean

Upgrade checkbox, Force Upgrade will also be automatically selected, as necessary for this process.

4.7.5.4

Further Reading

For more information on sanitization, see:

CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31 335

4.7  Resetting the Unit to Factory Configuration

"Deleting the GNSS Receiver Position" on page 206

.

Certificate of Volatility for SecureSync:

https://support.spectracom.com/bulletins/securesync-1200-certificatevolatility

Certificate of Volatility for SecureSync Option Cards:

https://support.spectracom.com/bulletins/securesync-options-certificatevolatility

Additional information regarding Sanitization and Volatility may be found in the Spectracom knowledge base

support.spectracom.com

Contact Spectracom Technical Support (see

"Technical Support" on page 580

).

336 CHAPTER 4 • SecureSync 1200 User Reference Guide Rev. 31

Appendix

The following topics are included in this Chapter:

5.1 Troubleshooting

5.2 Option Cards

5.3 Command-Line Interface

5.4 Time Code Data Formats

5.5 IRIG Standards and Specifications

5.6 Technical Support

5.7 Return Shipments

5.8 License Notices

5.9 List of Tables

5.10 List of Images

5.11 Document Revision History

581

581

593

594

596

338

351

529

536

563

580

SecureSync 1200 User Reference Guide • APPENDIX 337

APPENDIX

5.1

5.1.1

Troubleshooting

The front panel LEDs and the Web UI provide SecureSync status information that can be used to help troubleshoot failure symptoms that may occur.

Troubleshooting Using the Status LEDs

The front panel Status LEDs can provide “local” status information about SecureSync.

Observe the front panel Status LEDs and use the table below to find the recommended troubleshooting steps or procedure for the observed condition.

LED

Current

Status

Indication

Power LED is blank

(not lit).

SecureSync has no AC and/or

DC input power applied.

Troubleshooting

Sync LED is off

Sync LED is orange

No valid Reference inputs available since power-up.

Holdover mode: All available inputs have been lost.

1) Verify AC power is connected to an AC source and AC power switch is ON.

2) Verify DC power (within the correct voltage range, as stated on the DC connector) is applied to the DC power connector.

3) See

"Unpacking and Inventory" on page 33

1) Make sure the Input Reference Priority table has the desired inputs enabled, based on desired priority.

2) Make sure the desired input references are connected to the correct port of SecureSync.

3) See

"Configuring Input Reference Priorities" on page 168

1) Make sure the Input Reference Priority table still has the desired inputs enabled, based on desired priority. See

"Configuring Input

Reference Priorities" on page 168

.

2) Make sure desired input references are still connected to the correct port of SecureSync.

4) Verify GNSS antenna installation (if applicable).

See

"Troubleshooting GNSS Reception" on page 344

.

338 SecureSync 1200 User Reference Guide

APPENDIX

LED

Current

Status

Indication Troubleshooting

Sync LED is red

Fault LED is blinking orange

Time Sync alarm: SecureSync was just powered-up and has not yet synced to its references.

Or, all available reference inputs have been lost and the Holdover mode has since expired.

Note: If SecureSync was just recently powered-up or rebooted and input references are applied, no troubleshooting may be necessary. Allow a few minutes for the input reference to be declared valid (allow 35 – 40 minutes for a new install with GNSS input).

1) Make sure the Input Reference Priority table still has the desired inputs enabled, based on desired priority. Refer to

"Configuring Input

Reference Priorities" on page 168

.

2) Make sure desired input references are still connected to the correct port of SecureSync.

3) Verify GNSS antenna installation (if applicable). Make sure the antenna has a clear view of the sky.

GNSS Antenna problem alarm is asserted

1) Verify GNSS antenna is connected to

SecureSync GNSS input connector

2) Check antenna cable for presence of an open or a short. Refer to XXX for additional information.

Major alarm is asserted Refer to XXX Fault LED is solid red

Fault LED is solid orange

Minor alarm is asserted Refer to XXX

Table 5-1: Troubleshooting SecureSync, using the front panel Status LED indications

5.1.2

Minor and Major Alarms

Minor Alarm

There are several conditions that can cause the front panel Fault lamp, or Web UI status lights to indicate a Minor alarm has been asserted. These conditions include:

Too few GPS satellites, 1st threshold : The GNSS receiver has been tracking less than the minimum number of satellites for too long of a duration. Refer to

SecureSync 1200 User Reference Guide 339

APPENDIX

"Troubleshooting GNSS Reception" on page 344

for information on troubleshooting GNSS reception issues.

Major Alarm

There are several conditions that can cause the front panel Fault lamp, or Web UI status lights to indicate a Major alarm has been asserted. These conditions include:

Frequency error : Indicates a jump in the oscillator’s output frequency has been detected. Contact Tech Support for additional information.

1PPS is not in specification : The 1PPS input reference is either not present or is not qualified.

Not In Sync : A Major alarm is asserted when the Timing System is not in sync (Input references are not available and the unit is not in Holdover). Examples of not being synced include:

When the Timing System has just booted-up and has not yet synced to a reference.

When all input references were lost and Holdover Mode has since expired.

Timing System Error : A problem has occurred in the Timing System. Contact Orolia technical support if the error continues.

5.1.3

Troubleshooting: System Configuration

One of the first tasks when troubleshooting a unit is to read out the current system configuration (you may also be asked for this when contacting Orolia Technical Support.)

Select TOOLS > Upgrade/Backup : The screen displayed will provide information on:

System configuration

Disk status, disk health status, memory status

Software versions, and

Recent log entries.

340 SecureSync 1200 User Reference Guide

APPENDIX

5.1.3.1

System Troubleshooting: Browser Support

Orolia recommends using one of the following Web browsers to run the

SecureSyncWeb UI on: Google Chrome, Mozilla Firefox, Internet Explorer > Ver. 8.

Using different or older browsers may lead to some incompatibility issues.

5.1.4

Troubleshooting – Unable to Open Web UI

With SecureSync connected to either a stand-alone or networked PC and with the network configuration correct, it should be possible to connect to the Web UI.

SecureSync 1200 User Reference Guide 341

APPENDIX

Verify Current Status

LEDs on network connector

Green “Good link” is not solid green

Green “Good

Link” is solid green on both

SecureSync and other end of network cable.

Indication

SecureSync ICMP test is failing.

SecureSync is not connected to PC via Ethernet connection

SecureSync ICMP test is passing.

SecureSync is connected to PC via

Ethernet connection

Troubleshooting

1) Verify one end of standard network cable is connected to SecureSync’s Ethernet port and other end is connected to a hub/switch. Or a network cable is connected to SecureSync and a stand-alone PC.

2) Verify network settings of SecureSync are valid for the network/PC it is connected with

(IP address is on the same subnet as the other

PC).

1) Disconnect SecureSync’s network cable and ping its assigned address to ensure no response (no duplicate IP addresses on the network).

2) Try accessing SecureSync from another

PC on the same network.

3) Network Routing/firewall issue. Try connecting directly with a PC and network cable.

Table 5-2: Troubleshooting network connection issues

5.1.5

Troubleshooting via Web UI Status Page

SecureSync’s Web UI includes pages that provide current “remote” status information about SecureSync. The following table includes information that can be used as a troubleshooting guidance if status fault indications or conditions occur.

342 SecureSync 1200 User Reference Guide

APPENDIX

Table 5-3: Troubleshooting using the Web UI Status indications

Web UI Page location

Current Status Indication Troubleshooting

HOME page, System Status panel,

Status row

SYNC indicator is not

“lit” (not Green).HOLD

indicator is “lit”

(Orange).—OR—FAULT indicator is “lit” (Red).

Below the System Status panel there is an Out of

Sync alarm statement

SecureSync is in Holdover mode—OR—

SecureSync is now out of

Time Sync

HOME page, System Status panel,

Power row

AC and/or DC indicator is red instead of greenNOTE: The AC indicator will only display on the HOME screen if

SecureSync is equipped with an AC power input.

The DC indicator will only display on the

HOME screen if

SecureSync is equipped with a DC power input.

Specified AC and/or DC input power is not present.

All available Input References have been lost. The Reference Status table on the HOME page will show the current status of all inputs

(Green is valid and Red is invalid or not present).

1. Make sure the Input Reference Priority table still has the desired reference inputs Enabled, based on the desired priority. See

Input Reference Priorities" on page 168

.

"Configuring

2. Make sure the desired input references are still connected to the correct input port of SecureSync.

3. Verify GNSS antenna installation

(if applicable). See

ing GNSS Reception" on the next page

.

"Troubleshoot-

Refer to Section

"Connecting

Supply Power" on page 40

for

AC and DC power connection information:

If AC indicator is red:

1. Verify AC power cord is connected to an AC outlet.

2. Verify AC power input switch is

ON.

3. Check the two fuses in the AC power module.

If DC indicator is red:

1. Verify DC power source is within range specified at the DC power connector.

2. Verify DC power is present at the input connector.

3. Verify DC input polarity.

SecureSync 1200 User Reference Guide 343

APPENDIX

Web UI Page location

Current Status

MANAGEMENT/

NTP Setup page

Stratum 15

NTP Status Summary panel

Stratum row

MANAGEMENT/

NETWORK page

Cannot login or access the Web UI.

Indication Troubleshooting

NTP is not synchronized to its available input references

(SecureSync may have been in Holdover mode, but Holdover has since expired without the return of valid inputs)

Note: If SecureSync was just recently powered-up or rebooted and input references are applied, no troubleshooting may be necessary.

Allow at least 10-20 minutes for the input references to be declared valid and NTP to align to the System

Time (allow an additional 35-40 minutes for a new install with GNSS input).

1. Verify in the Configure Reference

Priorities table that all available references enabled. See

"Configuring Input Reference

Priorities" on page 168

.

2. Verify that the Reference Status on the HOME page shows “OK”

(Green) for all available references.

3. Verify NTP is enabled and configured correctly. See

ence Configuration" on page 105

.

"NTP Refer-

The following error message is displayed:

“Forbidden

You don’t have permission to access/ on this server”

This message is displayed when any value has been added to the Network Access Rules table and your

PC is not listed in the table as an

Allow From IP address. To restore access to the Web UI, either

1. Login from a PC that is listed as an

Allow From in this table; or

2. If it is unknown what PCs have been listed in the Access table, perform an unrestrict command to remove all entries from the Network Access Rules table. This will allow all PCs to be able to access the

Web UI.

5.1.6

Troubleshooting GNSS Reception

If SecureSync reports GPS, Holdover, and/or Time Sync Alarms caused by insufficient

GNSS reception:

When a GNSS receiver is installed in SecureSync, a GNSS antenna can be connected to the rear panel antenna connector via a coax cable to allow it to track several satellites in

344 SecureSync 1200 User Reference Guide

APPENDIX order for GNSS to be an available input reference. Many factors can prevent the ability for the GNSS receiver to be able to track the minimum number of satellites.

With the GNSS antenna installed outdoors, with a good view of the sky (the view of the sky is not being blocked by obstructions), SecureSync will typically track between 5-10 satellites (the maximum possible is 12 satellites). If the antenna’s view of the sky is hindered, or if there is a problem with the GNSS antenna installation, the GNSS receiver may only be able to a few satellites or may not be able to track any satellites at all.

When GNSS is a configured time or 1PPS input reference, if the GNSS receiver is unable to continuously track at least four satellites (until the initial GNSS survey has been completed) or at least one satellite thereafter, the GNSS signal will not be considered valid. If no other inputs are enabled and available, SecureSync may not initially be able to go into time sync. Or, if GNSS reception is subsequently lost after initially achieving time sync,

SecureSync will go into the Holdover mode. If GNSS reception is not restored before the

Holdover period expires (and no other input references become available) SecureSync will go out of sync. The GNSS reception issue needs to be troubleshot in order to regain time sync.

For additional information on troubleshooting GNSS reception issues with SecureSync, please refer to the GNSS Reception Troubleshooting Guide , available

here

on the Orolia website.

5.1.7

Troubleshooting – Keypad Is Locked

The SecureSync front panel keypad can be locked in order to prevent inadvertent operation. It can be locked and unlocked using either the keypad or the Web UI. When locked, the keypad operation is disabled until it is unlocked using either of the two following processes:

To unlock the front panel keypad, using the keypad (locally), perform the following key sequence:

To unlock the front panel keypad, using the Web UI (remotely):

1.

Open the SecureSync Web UI, and navigate to MANAGEMENT > OTHER:

Front Panel .

2.

Check the Lock Keypad box.

3.

Click Submit .

SecureSync 1200 User Reference Guide 345

APPENDIX

5.1.8

Troubleshooting – 1PPS, 10 MHz Outputs

If the 1PPS and/or the 10 MHz output(s) are not present, input power may not be applied.

Or SecureSync is not synchronized to its input references and Signature Control is enabled.

Web UI Page Current Status Indication Troubleshooting

HOME page Reference

Status Table

One or more input references indicate “Not Valid”

(red)

Navigate to

INTERFACES/OUTPUTS/

PPS Output page

Select the PPS

Output screen.

See

"The Outputs Screen" on page 142 .

Signature Control will show

"Output Always

Enabled",

"Output

Enabled in Holdover",

"Output Disabled in Holdover" or

"Output Always

Disabled".

All available Input References have been lost. The Reference Status table on this same page will show the current status of all inputs

(Green is valid and red is not valid, or not present). If Signature Control is enabled in this state, the output may be disabled, see

"The Outputs Screen" on page 142

.

1. Make sure the Input Reference

Priority table still has the desired inputs enabled, based on desired priority.

2. Make sure desired input references are still connected to the correct input port of SecureSync.

3. Verify GNSS antenna installation

(if applicable).

1. With "Output Always Enabled" selected, the selected output will be present no matter the current synchronization state.2. Any other configured value will cause the applicable output to be halted if

SecureSync is not fully synchronized with its input references.

Table 5-4: Troubleshooting 1PPS and/or 10 MHz outputs not being present

5.1.9

Troubleshooting – Blank Information Display

If the front panel 4-line LCD Information Display is blank:

346 SecureSync 1200 User Reference Guide

APPENDIX

As long as input power is applied (as indicated by the power light being green and the LED time display incrementing) the 4-line LCD Information Display is capable of displaying data.

The Information Display can be configured to display different data while the keypad is not in use. One available configuration is to have the Information Display show a blank page when not in use. The Information Display operation can be verified and can also be configured via the Web UI, or the front panel keypad.

A.

Using the front panel keypad to verify the LCD Information Display is configured to display a blank page:

To verify the front panel LCD Information Display is configured to display a blank page, just press any keypad button. As long as the keypad is unlocked, the Home screen will be displayed (after one minute of not pushing any keys, the screen will go back to blank).

Note: The information that is selected, is the page that is normally displayed in the LCD window, beginning one minute after the keypad is no longer being used.

B.

Using the front panel keypad to change the information normally displayed in the LCD when the keypad is not in use:

To use the front panel keypad to reconfigure the LCD Information Display to show something other than a blank page (such as GNSS information, network configuration, etc.), see

"Front Panel Keypad, and Display" on page 4 .

C.

Using the Web UI to change the information normally displayed in the LCD

Information Display when the keypad is not in use:

To use the Web UI to reconfigure the LCD Information Display to show something other than a blank page (such as GNSS information, network configuration, etc.), refer to

"Configuring the Front Panel" on page 270

.

5.1.10

Troubleshooting the Front Panel Serial Port

The front panel or serial port can be used for SecureSync configuration or to obtain select data. The serial port is a standard DB9 female port. Communication with this port is via a standard DB9 F to DB9M serial cable (minimum pinout is pin 2 to 2, pin 3 to 3 and pin 5 to

5) connected to a PC running a terminal emulator program such as Tera Term or Microsoft

HyperTerminal. The port settings of the terminal emulator should be configured as 9600,

N, 8, 1 (flow control setting does not matter).

SecureSync 1200 User Reference Guide 347

APPENDIX

If the terminal emulator program does not display any data when the keyboard <Enter> key is pressed, either SecureSync is not powered up or there is a problem with the connection between SecureSync and the PC.

Using a multimeter, ring out the pins from one end of the serial cable to the other. Verify the cable is pinned as a straight-thru serial cable (pin 2 to 2, pin 3 to 3 and pin 5 to 5) and not as a null-modem or other pin-out configuration.

Disconnect the serial cable from SecureSync. Then, jumper (using a wire, paperclip or car key, etc.) pins 2 and 3 of the serial cable together while pressing any character on the PC’s keyboard. The character typed should be displayed on the monitor. If the typed character is not displayed, there is a problem with either the serial cable or with the serial COM port of the PC.

Refer to

"Setting up a Terminal Emulator" on page 530

for more information on using a terminal emulator software to communicate with SecureSync via serial port.

5.1.11

Troubleshooting the Front Panel Cooling Fan

The cooling fan (located on the front panel, to the right of the LED time display) is a temperature controlled cooling fan. Temperature sensor(s) determine when the cooling fan needs to turn on and off. It is normal operation for the cooling fan to not operate the entire time SecureSync is running. It may be turned off for long periods at a time, depending on the ambient and internal temperatures.

To verify the cooling fan is still operational, power cycle SecureSync unit (if AC and DC power are both applied, momentarily turn off the AC power switch and disconnect the DC power connector).

Note: If the internal temperature in the unit is below 30 degrees Celsius, the fan may not turn on as part of the power-up sequence. In this case, it is recommended to let the unit “warm up” for approximately 30 minutes, in order to allow the unit to get to the appropriate temperature.

See also:

"Temperature Management" on page 300

5.1.12

Troubleshooting the Internal Battery

The Orolia SecureSync time and frequency synchronization system contains a Lithium Battery for the purpose of providing power to the real time clock on the processor board. This

348 SecureSync 1200 User Reference Guide

APPENDIX battery is not essential to operation, but keeps the time and date for the system BIOS when the SecureSync is powered down.

Some legacy units will continue to operate when the battery is no longer functioning; on these units, the display clock will show 1 Jan 2000, 00:00:00 after power-up until an external reference is synced. SecureSyncs with a newer ETX board will not complete power up with a dead or removed battery.

The battery life is rated for at least five years of continuous power down condition. It will not drain if the unit is powered up.

Note: The specific type of battery required for replacement is a BR3032 lithium coin-cell (3V DC - 500mAh). This battery type should be available via a local or online electronics retailer.

When replacing the battery, the BIOS clock power will be temporarily interrupted and the

BIOS clock will stop counting. This is not a problem if the interruption in battery power is for a short time period.

To replace the internal battery:

Review the Safety information:

"SAFETY" on page 34

.

Power down the unit safely and REMOVE ALL POWER SUPPLIES .

Locate the battery and gently remove it from the battery holder.

Install the new battery (positive facing up).

SecureSync 1200 User Reference Guide 349

APPENDIX

Replace chassis cover, replace power supplies, and power up the unit.

Note: Some units will encounter an error when powering up for the first time after a battery change. If your unit appears unresponsive, remove power and restart. The unit should behave normally after the second startup.

5.1.13

Troubleshooting – Network PCs Cannot Sync

In order for clients on the network to be able to sync to SecureSync, several requirements must be met:

1.

The PC(s) must be routable to SecureSync. Make sure you can access SecureSync

Web UI from a PC that is not syncing. If the PC cannot access the Web UI, a network issue likely exists. Verify the network configuration.

2.

The network clients have to be configured to synchronize to SecureSync's address.

For additional information on syncing Windows PC's, see

https://www.orolia.com/documents/synchronizing-windows-computers

.

The last section of this document also contains troubleshooting assistance for Windows synchronization. For UNIX/Linux computer synchronization, please visit

http://www.ntp.org/

.

3.

If at least one PC can sync to SecureSync, the issue is likely not with SecureSync itself. The only SecureSync configurations that can prevent certain PCs from syncing to the time server are the NTP Access table and MD5 authentication. See

"Configuring NTP Symmetric Keys" on page 121

. A network or PC issue likely exists. A firewall may be blocking Port 123 (NTP traffic), for example.

4.

NTP in SecureSync must be “in sync” and at a higher Stratum level than Stratum 15

(such as Stratum 1 or 2, for example). This requires SecureSync to be either synced to its input references or in Holdover mode. Verify the current NTP stratum level and the sync status.

5.1.14

Troubleshooting Software Update

When experiencing slow data transmission rates, or other network issues, it may be possible that a system software update will be aborted due to a web server timeout during the transfer.

In such an event, the Upload New File window will disappear, and the Upgrade System

Software window will be displayed again instead.

350 SecureSync 1200 User Reference Guide

APPENDIX

Should this happen repeatedly, you can transfer the update file using a file transfer protocol such as scp, sftp or ftp, if security is not a concern. The update can then be initiated from the Web UI or Command Line.

Disk Status: In the event of an aborted update process, under Tools >

Upgrade/Backup > Disk Status , check Percent Used : If the number is greater than 70% , free up disk space, before starting another attempt to update the System

Software.

Disk Health: It is recommended that you verify that your Disk Health is adequate for the upgrade process. If your Compact Flash card has less than three months estimated on the remaining life, you may not be able to complete an upgrade and must contact Technical Support.

Software Versions older than 5.3.0:

Note that failed update attempts may result in lost Disk Space on the SecureSync. Reboot the system to erase unwanted update files.

Software Version 5.3.0 and higher:

In the event that an update process becomes aborted, clicking Update System Software will automatically erase unwanted update files.

5.2

Option Cards

This Chapter lists all option cards currently available, their features, specifications, and how to configure them via the Web UI.

SecureSync 1200 User Reference Guide 351

APPENDIX

5.2.1

Accessing Option Cards Settings via the Web UI

The topics below describe Web UI functionality that is common to all Option Cards.

5.2.1.1

Web UI Navigation: Option Cards

352

Figure 5-1: Option card navigation

To view or edit option card settings in the SecureSync Web UI (see also image above):

Status Summary panel

Under INTERFACES > OPTION CARDS , clicking the superordinate list entry will open the Status Summary panel , which provides a status overview, as well as access to the Status window and the Edit window .

Status window

Under INTERFACES > OPTION CARDS , clicking subordinate (indented) entries will open the Status window , providing detailed option card status information.

SecureSync 1200 User Reference Guide

APPENDIX

Edit window

To edit option card settings, either click the Edit button in the lower-left corner of the Status window , or click the GEAR button in the Status Summary panel : The

Edit window will open.

5.2.1.2

Viewing Input/Output Configuration Settings

The configurable settings of any SecureSync input or output interface can be viewed in its

Status window. The Status window can be accessed in several ways; the procedure below describes the standard way:

1.

Identify the name of the option card, (e.g., PPS OUT, 4-BNC ) and the name of the input or output you want to configure (e.g., PPS Output 1 ).

Note: If you have only one input or output of any type, SecureSync will number that input or output 0. Additional inputs or outputs will be numbered 1 or above.

2.

Navigate to INTERFACES > OPTION CARDS , and click the list entry of the option card identified above. The option card’s Status Summary panel opens:

3.

Click on the INFO button next to the input or output whose settings you wish to review. The Status window will open:

SecureSync 1200 User Reference Guide 353

APPENDIX

354

4.

If you want to change any of the settings shown in the Status window, click the Edit button in the bottom-left corner. The Edit window will open:

5.

Information about the configurable settings can be found in the corresponding option card section, see

"Option cards listed by their ID number" on page 15

.

5.2.1.3

Configuring Option Card Inputs/Outputs

The configurable settings of any SecureSync input or output interface are accessible through the Edit window of the option card to which the input or output belongs. The Edit window can be accessed in several ways; the procedure below describes the standard way:

1.

Identify the name of the card, (e.g., PPS OUT, 4-BNC ), and verify the name of the input or output you want to configure (e.g., PPS Output 1 ).

SecureSync 1200 User Reference Guide

APPENDIX

Note: If you have only one input or output of any type, SecureSync will number that input or output 0. Additional inputs or outputs will be numbered 1 or above.

2.

Navigate to the INTERFACES > OPTION CARDS drop-down menu, and click the list entry of the option card identified above. The option card’s Status Summary panel opens:

3.

Click on the GEAR button next to the input or output you wish to configure (as verified in Step 1 of this procedure). The Edit window of the input or output opens:

4.

Information about the configurable settings can be found in the corresponding option card section, see

"Option cards listed by their ID number" on page 15

.

SecureSync 1200 User Reference Guide 355

APPENDIX

5.2.1.4

Viewing an Input/Output Signal State

To view if an input or output is currently enabled or disabled, go to the option card’s Status

Summary panel:

1.

Identify the name of the option card, (e.g., PPS OUT, 4-BNC ), and the name of the input or output you want to configure (e.g., PPS Output 1 ).

Note: If you have only one input or output of any type, SecureSync will number that input or output 0. Additional inputs or outputs will be numbered 1 or above.

2.

Navigate to the INTERFACES > OPTION CARDS drop-down menu, and click the list entry of the option card identified above. The option card’s Status Summary panel opens:

356

All the inputs and/or outputs of this option card are listed in the Status Summary panel.

In accordance with the Signature Control setting, and the Lock Status, the current signal state for an output is indicated as:

ENABLED (green); or

DISABLED (orange)

The current state of an input signal is indicated as:

VALID (in green); or

INVALID (in red)

The Status Summary panel will be refreshed automatically every 30 seconds. Click the

Refresh button (circling arrows) on the right to refresh the status instantaneously. A slight refreshment delay is normal (the duration depends on the configuration of your system.)

SecureSync 1200 User Reference Guide

APPENDIX

5.2.1.5

Verifying the Validity of an Input Signal

The HOME page of the SecureSync Web UI provides quick access to the status of all inputs via its Reference Status panel.

If an INPUT is not present , or not valid, and qualified , the 1PPS Validity and Time Validity fields will be “ Not Valid ” (orange).

If an INPUT is present , and the signal is considered valid, and qualified , the two indicators will then turn “ Valid ” (Green).

5.2.2

Option Card Field Installation Instructions

Typically, SecureSync units are shipped with custom-ordered option cards pre-installed at the factory. In the event that an option card is purchased at a later time, you need to install it yourself, following the instructions below.

5.2.2.1

Field Installation: Introduction

SecureSync time and frequency synchronization system offers customizability and expandability via the addition of a range of modular option cards. Up to 6 option cards can be

SecureSync 1200 User Reference Guide 357

APPENDIX accommodated to offer not only synchronization to a variety of input references, but also numerous types of output signals, supporting an extensive number of traditional and contemporary timing protocols including: digital and analog timing and frequency signals (1PPS, 1MHz/5MHz/10 MHz) timecodes (IRIG, STANAG, ASCII) high accuracy and precision network timing (NTP, PTP) telecom timing (T1/E1), and more.

Note: The installation procedure varies, depending on the type of option card and the installation location to be installed.

5.2.2.2

Outline of the Installation Procedure

The general steps necessary for installing SecureSync option cards are as follows:

1.

If adding or removing option cards that provide a reference, optionally backup your

SecureSync configuration (refer to

"[2]: Saving Refererence Priority Configuration" on the facing page

, if applicable to your scenario or environment.)

2.

Safely power down the SecureSync unit and remove the top cover of the main chassis (housing).

Caution: NEVER install an option card from the rear of the unit,

ALWAYS from the top, after removing the chassis cover.

3.

Select one of the unused Slots as installation location for the new card. The chosen

Slot determine s the installation procedure (see

"[3]: Determining the Installation

Procedure" on page 360 ).

4.

Prepare slot (if required), and plug card into the slot.

5.

Connect any required cables and secure option card into place.

6.

Replace chassis cover, power on unit.

7.

Log in to the SecureSync web interface; verify the installed card is identified.

8.

Restore SecureSync configuration (if it had been backed up before, see above).

358 SecureSync 1200 User Reference Guide

APPENDIX

5.2.2.3

Safety

Before beginning any type of option card installation, please carefully read the safety statements and precautions under

"SAFETY: Before You Begin Installation" on page 35 .

5.2.2.4

[1]: Unpacking

On receipt of materials, unpack and inspect the contents and accessories (retain all original packaging for use in return shipments, if necessary).

The following additional items are included with the ancillary kit for the field installation of option card(s). Some of the parts listed below will be required for the installation (depending upon option card model, and installation location).

Table 5-5: Parts list, Ancillary Kit [1204-0000-0700]

Item Quant.

Part Number

50-pin ribbon cable

Washer, flat, alum., #4,  .125 thick

Screw, M3-5, 18-8SS, 4 mm, thread lock 5

Standoff, M3 x 18 mm, hex, M-F, Zinc-pl. brass 2

1

2

Standoff, M3 x 12 mm, hex, M-F, Zinc-pl. brass 1

Cable tie 2

CA20R-R200-0R21

H032-0440-0002

HM11R-03R5-0004

HM50R-03R5-0018

HM50R-03R5-0012

MP00000

In addition to the parts supplied with your option card ancillary kit, you will need a #1 Philips head screwdriver, and may need a cable tie clipper and 6mm hex wrench.

5.2.2.5

[2]: Saving Refererence Priority Configuration

Note: This step is optional .

When adding or removing option cards with reference inputs such as IRIG Input, ASCII

Timecode Input, etc., any user-defined Reference Priority configuration will be reset back to the factory default. This means that you will need to re-configure the Reference Priority table at the end of the installation procedure.

SecureSync 1200 User Reference Guide 359

APPENDIX

To avoid this manual re-configuration, you can save your configuration: For instructions, see

"Saving the System Configuration Files" on page 330 .

Note: The Reference Priority configuration must be saved BEFORE beginning with the hardware installation.

After completion of the hardware installation, the Reference Priority configuration needs to be restored; see STEP [12].

5.2.2.6

[3]: Determining the Installation Procedure

The installation procedure for option cards varies, depending on: i.

option card model ii.

installation slot chosen by you, and iii.

for upper slots only: if the bottom slot is used or not.

Determining the correct installation procedure

a.

Identify the last two digits of the part number of your option card (see label on bag).

b.

Inspect the back of the SecureSync housing, and select an empty slot for the new card. If the card is to be installed in one of the upper slots (2, 4, or 6), take note if the corresponding lower slot is occupied.

Figure 5-2: Unit rear view c.

See table "Installation steps" below: i.

Find your part number in the left-hand column.

ii.

Choose your Installation Location (as determined above).

360 SecureSync 1200 User Reference Guide

APPENDIX iii.

If using an upper slot (2, 4, or 6), select either the Bottom Slot row "empty" or "populated".

iv.

Note or highlight the PROCEDURE STEPS [x] for your installation scenario and follow the procedure step by step.

Note: Follow only the PROCEDURE STEPS [x] listed for your option card and installation scenario!

Table 5-6: Installation steps

Part No. Option Card

1204-

1204-

1204-

1204-

1204-

1204-

08

26

1C

0C

0F

06

All other Part No.'s

Card Function

Installation

Location

Bottom Slot PROCEDURE STEPS [x]

Frequency output Slot 2, 4, or 6 empty (1), 2, 3, 5, 7, 11, (12) populated (1), 2, 3, 6, 7, 11, (12)

Alarm relay

Slot 1, 3, or 5 (1), 2, 3, 4, 7, 11, (12)    

Slot 2, 4, or 6 empty (1), 2, 3, 5, 7, 10, 11, (12) populated (1), 2, 3, 6, 7, 10, 11, (12)

Slot 1, 3, or 5 (1), 2, 3, 4, 7, 10, 11, (12) 

Gigabit Ethernet Slot 2 empty (1), 2, 3, 8, 11, (12) populated (1), 2, 3, 9, 11, (12)

(miscellaneous) Slot 2, 4, or 6 empty (1), 2, 3, 5, 11, (12) populated (1), 2, 3, 6, 11, (12)

Slot 1, 3, or 5 (1), 2, 3, 4, 11, (12)     

5.2.2.7

[4]: Bottom Slot Installation

Instructions for installing an option card into one of the bottom slots ( 1 , 3 , or 5 ): a.

Safely power down the unit and remove the top cover of the main chassis (housing).

Save the screws.

SecureSync 1200 User Reference Guide 361

APPENDIX

Caution: NEVER install an option card from the rear of the unit,

ALWAYS from the top, after removing the chassis cover.

b.

Remove the blank option card plate, or the existing option card in the slot. Save the screws.

If a card is populating the slot above the bottom slot your option card is to be installed into, remove it temporarily (also remove and save the standoffs for reuse).

c.

Insert the card into the bottom slot by carefully pressing its connector into the mainboard connector (see Figure below), and by lining up the screw holes on the card with the screw holes on the chassis.

362

Figure 5-3: Connector installation d.

Using the supplied M3 screws, screw the board, and the option card plate into the chassis, applying a torque of 0.9 Nm/8.9 in-lbs.

If you are reinstalling an option card above this one, you can instead follow the instructions for

" [6]: Top Slot Installation, Bottom Slot Occupied" on page 365

(you will be screwing on standoffs, rather than screws, in this situation).

SecureSync 1200 User Reference Guide

APPENDIX

Caution: Ensure that screw holes on the card are properly lined up and secured to the chassis before powering the unit up, otherwise damage to the equipment may result.

5.2.2.8

[5]: Top Slot Installation, Bottom Slot Empty

Instructions for installing an option card into an upper slot ( 2 , 4 , or 6 ) of the SecureSync unit, with no card populating the bottom slot: a.

Safely power down your SecureSync unit and remove the top cover of the main chassis (housing). Save the screws.

Caution: NEVER install an option card from the rear of the unit,

ALWAYS from the top, after removing the chassis cover.

b.

Remove blank option card plate, or existing option card. Save the screws.

c.

Place one of the supplied washers over each of the two chassis screw holes (see

Figure below), then screw the 18 mm standoffs (= the longer standoffs) into the chassis (see Figure below), applying a torque of 0.9 Nm/8.9 in-lbs.

SecureSync 1200 User Reference Guide 363

APPENDIX

364

Figure 5-4: Washers & standoffs secured to chassis screw holes d.

Insert option card into the slot, lining up the screw holes on the card with the standoffs.

e.

Using the supplied M3 screws, screw the board into the standoffs, and the option card plate into the chassis, applying a torque of 0.9 Nm/8.9 in-lbs.

f.

Take the supplied 50-pin ribbon cable and carefully press it into the connector on the mainboard (lining up the red sided end of the cable with PIN 1 on the mainboard), then into the connector on the option card (see Figure below).

Figure 5-5: Ribbon cable installation

SecureSync 1200 User Reference Guide

APPENDIX

Caution: Ensure that the ribbon cable is aligned and fastened properly to all pins on the connector of the card. Otherwise, damage to the equipment may occur during power-up.

5.2.2.9

[6]: Top Slot Installation, Bottom Slot Occupied

Instructions for installing an option card into an upper slot ( 2 , 4 , or 6 ), above a populated bottom slot: a.

Safely power down the SecureSync unit, and remove the top cover of the main chassis (housing). Save the screws.

b.

Caution: NEVER install an option card from the rear of the unit,

ALWAYS from the top, after removing the chassis cover.

c.

Remove the blank option card plate, or the existing option card. Save the screws.

d.

Remove screws securing the card already populating the bottom slot. Save the screws.

e.

Screw the 18-mm standoffs into the option card populating the bottom slot (see

Figure below) , applying a torque of 0.9 Nm/8.9 in-lbs.

SecureSync 1200 User Reference Guide 365

APPENDIX

366

Figure 5-6: Bottom card with standoffs installed f.

Insert option card into the slot above the existing card, lining up the screw holes with the standoffs.

g.

Using the supplied M3 screws, screw the board into the standoffs, and the option plate into the chassis, applying a torque of 0.9 Nm/8.9 in-lbs.

h.

Take the supplied 50-pin ribbon cable and carefully press it into the connector on the mainboard (lining up the red sided end of the cable with PIN 1 on the mainboard), then into the connector on the option card (see Figure below).

SecureSync 1200 User Reference Guide

APPENDIX

Figure 5-7: Ribbon cable installation

Caution: Ensure that the ribbon cable is aligned and fastened properly to all pins on the connector of the card. Otherwise, damage to equipment may result during power up.

5.2.2.10 [7]: Frequency Output Cards: Wiring

Additional installation instructions for the following option card models:

Frequency Output cards:

1MHz (PN 1204-26)

5MHz (PN 1204-08)

10 MHz (PN 1204-0C)

10 MHz (PN 1204-1C)

For the cable installation, follow the steps detailed below: a.

Install the coax cable(s) onto the main PCB, connecting them to the first available open connectors, from J1… J4. See figure below:

SecureSync 1200 User Reference Guide 367

APPENDIX

368

Figure 5-8: J Connectors

Note: For 10 MHz option cards with 3 coax cables:  From the rear of the option card, outputs are labeled J1, J2, J3. Start by connecting the cable attached to J1 on the card to the first available open connector on the SecureSync mainboard, then connect the cable attached to J2, then J3, etc.

b.

Using the supplied cable ties, secure the coax cable from the option card to the white nylon cable tie holders fastened to the mainboard.

5.2.2.11

[8]: Gb ETH Card Installation, Slot1 Empty

Installation of the Gigabit Ethernet module card (PN 1204-06), if Slot 1 is empty:

Note: The Gigabit Ethernet option card must be installed in Slot 2 . If there is a card already installed in Slot 2, that card must be relocated to a different slot.

a.

Safely power down the SecureSync unit and remove the chassis cover. Save the screws.

SecureSync 1200 User Reference Guide

APPENDIX b.

Caution: NEVER install an option card from the rear of the unit,

ALWAYS from the top, after removing the chassis cover.

c.

Remove the blank option card plate, or the existing option card. Save the screws.

d.

Take the supplied washers and place them over the chassis screw holes (see figure below).

Figure 5-9: Washer placement e.

Screw the supplied 18-mm standoffs into place above the washers (see figure below), applying a torque of 0.9 Nm/8.9 in-lbs.

f.

On the SecureSync mainboard, remove the screw located under the J11 connector and replace with the supplied 12-mm standoff (see figure below).

g.

Insert the Gigabit Ethernet option card into Slot 2, and carefully press down to fit the connectors on the bottom of the Gigabit Ethernet card to the connectors on the mainboard.

h.

Secure the option card by screwing the supplied M3 screws into: both standoffs on the chassis the standoff added onto the mainboard and into the rear chassis. Apply a torque of 0.9 Nm/8.9 in-lbs.

SecureSync 1200 User Reference Guide 369

APPENDIX

370

Figure 5-10: Gigabit Ethernet option card installation

5.2.2.12 [9]: Gb ETH Card Installation, Slot1 Occupied

Installation of the Gigabit Ethernet card (PN 1204-06), if there is an option card installed in slot 1:

Note: The Gigabit Ethernet option card must be installed in Slot 2. If there is a card already installed in Slot 2, it must be relocated to a different slot.

a.

Safely power down the SecureSync unit and remove chassis cover. Save the screws.

b.

Caution: NEVER install an option card from the rear of the unit,

ALWAYS from the top, after removing the chassis cover.

c.

Remove the blank option card panel, or the existing option card. Save the screws.

d.

Remove the two screws securing the lower card (not the panel screws). Save the screws.

e.

Screw the supplied 18-mm standoffs into place, applying a torque of 0.9 Nm/8.9 inlbs.

SecureSync 1200 User Reference Guide

APPENDIX f.

On the SecureSync mainboard, remove the screw located under the J11 connector and replace with the supplied 12-mm standoff (see figure below).

g.

Insert the Gigabit Ethernet option card into Slot 2, and carefully press down to fit the connectors on the bottom of the card to the connector on the mainboard.

h.

Secure the option card by screwing the supplied M3 screws into

- both standoffs on the chassis

- the standoff added onto the mainboard

- and into the rear chassis. Apply a torque of 0.9 Nm/8.9 in-lbs.

Figure 5-11: Gigabit Ethernet option card installation

5.2.2.13 [10]: Alarm Relay Card, Cable Installation

Additional steps for the installation of the Alarm Relay Output card (PN 1204-0F).

a.

Connect the supplied cable, part number 8195-0000-5000, to the mainboard connector J19 “RELAYS”.

SecureSync 1200 User Reference Guide 371

APPENDIX

372

Figure 5-12: Cable routing b.

Using the supplied cable ties, secure the cable, part number 8195-0000-5000, from the option card to the white nylon cable tie holders fastened to the mainboard (see figure above).

5.2.2.14 [11]: Verifying HW Detection and SW Update

Complete the Option Card installation procedure by verifying that SecureSync detected the card, and by updating the system software: a.

Re-install the top cover of the unit chassis (housing), using the saved screws.

Caution: Ensure that screw holes on the card are properly lined up and secured to the chassis before powering the unit up, otherwise damage to the equipment may result.

b.

Power on the unit.

c.

Verify the successful installation by ensuring the card has been detected:

SecureSync Web UI, ≤ Version 4.x

Open a web browser, and login to the SecureSync Web UI. Navigate to the

STATUS/INPUTS and/or STATUS/OUTPUTS pages. Information displayed on these

SecureSync 1200 User Reference Guide

APPENDIX pages will vary depending upon your option module card/SecureSync configuration (for example, the Multi-Gigabit Ethernet option module card has both input and output functionality, and so is displayed in both pages).

Note: If after an installation the card does not appear to be properly identified, it may be necessary to update the SecureSync system software to the latest available version.

Figure 5-13: Example STATUS/INPUTS page – SecureSync Web UI

Figure 5-14: Example STATUS/OUTPUTS page – SecureSync Web user interface

SecureSync Web UI, ≥ Version 5.0

Open a web browser, log in to the SecureSync Web UI, and navigate to INTERFACES >

OPTION CARDS : The new card will be displayed in the list.

If the card does not appear to be properly identified, proceed with the Software update as described below, and then navigate to INTERFACES > OPTION CARDS

SecureSync 1200 User Reference Guide 373

APPENDIX again to confirm the card has been detected.

If the card has been detected properly, proceed with the Software update as described below to ensure SecureSync and the newly installed card are using the same, latest available version.

Updating the System Software

Even if the newly installed option card has been detected, and even if the latest System

Software version is installed on your SecureSync unit, you must (re-)install the software to ensure both SecureSync, and the option card are using the latest software:

Follow the System Software update procedure, as outlined under

"Software

Updates" on page 322 .

NEXT : Restore your reference priority configuration, as described in the following topic, and configure other option card-specific settings, as described in the main User Manual.

5.2.2.15 [12]: Restoring Reference Priority Configuration

If you saved your Reference Priority configuration under STEP [2], you can now restore it:

For instructions, see

"Restoring the System Configuration" on page 331 .

Card-specific configuration instructions may be found in the Option Cards Guide, see

"Option Card Identification" on page 14

to locate your card.

5.2.3

Time and Frequency Option Cards

This section contains technical information and Web UI procedures relevant to

SecureSync option cards designed to deliver time and frequency signals.

5.2.3.1

1PPS Out [1204-18, -19, -21, -2B]

1PPS Output Modules (TTL, 10V, RS-485)

The 1PPS output module provides four additional 1PPS outputs on BNC connectors or terminal block for the SecureSync platform.

374 SecureSync 1200 User Reference Guide

Model 1204-18 1PPS Output (TTL): Specifications

Outputs: (4) 1PPS output

Signal Type and Connector: TTL (BNC)

Output Load Impedance: 50 Ω

Rise Time to 90% of Level: <10 ns

Programmable Pulse Width: 100 ns to 900 ms with 20 ns resolution

Absolute Phase Error: ±50 ns (1 σ )

Programmable Phase Shift: ±5ns to 500 ms with 5ns resolution

Maximum Number of Cards: 6

Ordering Information: 1204-18 1PPS TTL output module, BNC connector

APPENDIX

Figure 5-15: Model 1204-18 option card rear plate

Model 1204-19 1PPS Output (10 V): Specifications

Outputs: ( 4) 1PPS output

Signal Type and Connector: 10 V (BNC)

Output Load Impedance: 50 Ω

Rise Time to 90% of Level: <30 ns

Programmable Pulse Width: 100 ns to 900 ms with 20 ns resolution

Absolute Phase Error: ±50 ns (1 σ )

Programmable Phase Shift: ±5ns to 500 ms with 5ns resolution

Maximum Number of Cards: 6

Ordering Information: 1204-19 1PPS 10 V output module, BNC connector

SecureSync 1200 User Reference Guide 375

APPENDIX

376

Figure 5-16: Model 1204-19 option card rear plate

Model 1204-21 1PPS Output (RS-485): Specifications

Inputs/Outputs: (4) 1PPS output

Signal Type and Connector: RS-485 (terminal block)

Output Load Impedance: 120 Ω

Rise Time to 90% of Level: <10 ns

Programmable Pulse Width: 100 ns to 900 ms with 20 ns resolution

Absolute Phase Error: ±50 ns (1 σ )

Programmable Phase Shift: ±5ns to 500 ms with 5ns resolution

Maximum Number of Cards: 6

Ordering Information: 1204-21 1PPS RS-485 output module, terminal block

Figure 5-17: Model 1204-21 option card rear plate

Model 1204-21 terminal block pin assignments

Pin No.

1

Function

1PPS Output 1 +

SecureSync 1200 User Reference Guide

APPENDIX

Pin No.

8

9

6

7

10

4

5

2

3

Function

1PPS Output 1 -

GND

1PPS Output 2 +

1PPS Output 2 -

1PPS Output 3 +

1PPS Output 3 -

GND

1PPS Output 4 +

1PPS Output 4 -

Model 1204-2B 1PPS Output (Fiber Optical): Specifications

Inputs/Outputs: (4) 1PPS output

Operating Wavelength: 820/850 nm

Optical Power: -15 dBm average into 50/125 fiber

Fiber Optic Compatibility: 50/125  μ m, 62.5/125  μ m multi-mode cable

Optical Connector: ST

Programmable Pulse Width: 100 ns to 900 ms with 20 ns resolution

Absolute Phase Error: ±50 ns (1 σ )

Programmable Phase Shift: ±5ns to 500 ms with 5ns resolution

Maximum Number of Cards: 6

Ordering Information: 1204-12B 1PPS Fiber Optic output module, ST connector

Figure 5-18: Model 1204-2B option card rear plate

SecureSync 1200 User Reference Guide 377

APPENDIX

1PPS Output: Edit Window

To configure the settings of a 1PPS Output , go to its Edit window. For instructions, see:

"Configuring Option Card Inputs/Outputs" on page 354

.

The Web UI list entries for these option cards are:

1PPS OUT, 4-BNC

1PPS OUT, 10 V

1PPS OUT, RS-485

1PPS OUT, Fiber

Note: SecureSync starts numbering I/O ports with 0 (only 1PPS and

10 MHz outputs start at 1, because of the built-in outputs).

378

The Edit window allows the configuration of the following settings:

Signature Control: Used to control when the 1PPS output signal will be present.

See

"Signature Control" on page 147

.

Offset: Used to account for 1PPS cable delays or other latencies in the 1PPS output.

The Offset value is entered and displayed in nanoseconds (ns). The available Offset range is -500 to +500 ms.

Edge: The operator can select if the output signal is a positive (reference on the rising edge) or a negative (reference on the falling edge) pulse.

Pulse Width: Configures the Pulse Width of the 1PPS output. The Pulse Width is entered and displayed in nanoseconds (ns). The default Pulse Width is 200 milliseconds.

SecureSync 1200 User Reference Guide

APPENDIX

1PPS Output: Status Window

To view the current settings of a 1PPS Output , go to its Status window. For instructions, see:

"Viewing Input/Output Configuration Settings" on page 353 .

The Web UI list entries for these option cards are:

1PPS OUT, 4-BNC

1PPS OUT, 10V

1PPS OUT, RS-485

1PPS OUT, Fiber

Note: SecureSync starts numbering I/O ports with 0 (only 1PPS and

10 MHz outputs start at 1, because of the built-in outputs).

The Status window displays the following settings:

Signature Control: Displays the current configuration of Signature Control; see

"Signature Control" on page 147 .

Frequency: Indicates the configured frequency of the 1PPS output signal.

Offset: Displays the configured Offset (to account for cable delays or other latencies).

Edge: Shows if the on-time point of the 1PPS output is the rising or falling edge of the pulse.

Pulse Width: Displays the configured Pulse Width of the 1PPS output. The Pulse

Width is displayed in nanoseconds (ns). The default Pulse Width is 200 milliseconds.

SecureSync 1200 User Reference Guide 379

APPENDIX

5.2.3.2

1PPS In/Out [1204-28, -2A]

These 1PPS input/output cards provide one 1PPS input, and three or two additional 1PPS outputs on BNC or ST connectors for the SecureSync platform.

Model 1204-28 1PPS Input/Output: Specifications

Inputs/Outputs : (1) 1PPS input/(3) 1PPS output

Signal Type and Connector : TTL (BNC)

Input Impedance : 50 Ω

Output Load Impedance : 50 Ω

Rise Time to 90% of Level : <10 ns

Programmable Pulse Width : 100 ns to 900 ms with 20 ns resolution

Absolute Phase Error : ±50 ns (1 σ )

Programmable Phase Shift : ±5ns to 500 ms with 5ns resolution

Maximum Number of Cards : 6

Ordering Information : 1204-28: 1PPS 1-input/3-output, BNC connectors

380

Figure 5-19: Model 1204-28 option card rear plate

Model 1204-2A 1PPS Input/Output: Specifications

Inputs/Outputs : (1) 1PPS input/(2) 1PPS output

Operating Wavelength : 820/850 nm

Optical Input Minimum Sensitivity : -25 dBm @ 820 nanometers

Optical Output Power : -15 dBm average into 50/125 fiber

Fiber Optic Compatibility : 50/125  μ m, 62.5/125  μ m multi-mode cable

Optical Connector : ST

Output Programmable Pulse Width : 100 ns to 900 ms with 20 ns resolution

SecureSync 1200 User Reference Guide

Output Absolute Phase Error : ±50 ns (1 σ )

Output Programmable Phase Shift : ±5ns to 500 ms with 5ns resolution

Maximum Number of Cards : 6

Ordering Information : 1204-2A: 1PPS 1-in/2-output, ST connectors

APPENDIX

Figure 5-20: Model 1204-2A option card rear plate

1PPS Input or Output: Viewing Signal State

To quickly view if the 1PPS inputs and outputs of this option card are currently enabled or disabled, go to the option card’s Status Summary panel. For instructions, see:

"Viewing an Input/Output Signal State" on page 356

.

1PPS Output: Edit Window

To configure the settings of a 1PPS output , go to its Edit window. For instructions, see:

"Configuring Option Card Inputs/Outputs" on page 354

.

The Web UI list entries for these cards are:

1PPS In/Out

1PPS In/Out, Fiber

The connector numbers are:

J2, J3, J4 (model -28)

J2, J3 (model -2A)

Note: SecureSync starts numbering I/O ports with 0 (only 1PPS and

10 MHz outputs start at 1, because of the built-in outputs).

SecureSync 1200 User Reference Guide 381

APPENDIX

382

The fields available are:

Signature Control : Used to control when the 1PPS output signal will be present.

See:

"Signature Control" on page 147 .

Offset : Used to account for 1PPS cable delays or other latencies in the 1PPS output.

The Offset value is entered and displayed in nanoseconds (ns). The available Offset range is -500 to +500 ms.

Edge : The operator can select if the output signal is a positive (reference on the rising edge) or a negative (reference on the falling edge) pulse.

Pulse Width : Configures the Pulse Width of the 1PPS output. The Pulse Width is entered and displayed in nanoseconds (ns). The default Pulse Width is 200 milliseconds.

1PPS Output: Status Window

To view the current settings of a 1PPS output , go to its Status window. For instructions, see:

"Viewing Input/Output Configuration Settings" on page 353 .

The Web UI list entries for these cards are:

1PPS In/Out

1PPS In/Out, Fiber

The connector numbers are:

J2, J3, J4 (model -28)

J2, J3 (model -2A)

Note: SecureSync starts numbering I/O ports with 0 (only 1PPS and

10 MHz outputs start at 1, because of the built-in outputs).

SecureSync 1200 User Reference Guide

APPENDIX

The fields displayed are:

Signature Control : Displays the current configuration of Signature Control. See

"Signature Control" on page 147 .

Frequency : Indicates the configured frequency of the 1PPS output signal.

Offset : Displays the configured Offset (to account for cable delays or other latencies).

Edge : Shows if the on-time point of the 1PPS output is the rising or falling edge of the pulse.

Pulse Width : Displays the configured Pulse Width of the 1PPS output. The Pulse

Width is displayed in nanoseconds (ns). The default Pulse Width is 200 milliseconds.

1PPS Input: Edit Window

To configure the settings of the PPS Input (also referred to as ‘Reference’), go to its Edit window. For instructions, see:

"Configuring Option Card Inputs/Outputs" on page 354 .

The Web UI list entries for these cards are:

1PPS In/Out

1PPS In/Out, Fiber

The connector number for the input is: J1

Note: SecureSync starts numbering I/O ports with 0 (only 1PPS and

10 MHz outputs start at 1, because of the built-in outputs).

SecureSync 1200 User Reference Guide 383

APPENDIX

The Edit window allows the configuration of the following settings:

Edge : The operator can select either the rising or the falling edge as the input time reference (defines the on-time point of the signal).

Offset : It is possible to add an offset to the input signal (to account for cable delays), with a resolution of 5ns and a positive or negative value of 500 ms maximum.

1PPS Input: Status Window

To view the current settings of the PPS Input (also referred to as ‘Reference’), go to its

Status window. For instructions, see:

"Viewing Input/Output Configuration Settings" on page 353 .

The Web UI list entries for these cards are:

1PPS In/Out

1PPS In/Out, Fiber

The connector number for the input is: J1

Note: SecureSync starts numbering I/O ports with 0 (only 1PPS and

10 MHz outputs start at 1, because of the built-in outputs). .

384

The Status window displays the following settings:

Reference ID : Name used to represent this 1PPS input reference in the Reference

Priority table. See also:

"Configuring Input Reference Priorities" on page 168

.

SecureSync 1200 User Reference Guide

APPENDIX

1PPS Validity : Indicates “OK” (green) if the 1PPS input signal is present and valid.

Indicates “Not Valid” (orange) if the 1PPS input signal is either not present or is not considered valid.

Edge : Displays the selected Edge (rising of falling) of the 1PPS input that defines the on-time point.

Offset : Displays the configured 1PPS offset values.

The 1PPS Input signal is analyzed and an absence of the signal triggers a “Not Valid” indication.

5.2.3.3

1PPS In/Out, 10 MHz In [1204-01, -03]

Model 1204-01, 1PPS/Freq Input (TTL): General Specifications

Inputs/Outputs : One Frequency Input (=J1), one 1PPS Input (=J2), one 1PPS Output

Signal Type And Connector : TTL/Sine (BNC into 50 Ω)

Maximum Number of Cards : 6

Ordering Information : 1204-01: 1PPS/Freq input (TTL levels) module

Figure 5-21: Model 1204-01 option card rear plate

Model 1204-03, 1PPS/Freq Input (RS-485): General Specifications

Inputs/Outputs : (1) 1PPS Input, (1) Freq Input (1) 1PPS Output. All input and output signals are RS-485 compatible.

Signal Type And Connector : Balanced RS-485 (3.8 mm terminal block)

Maximum Number of Cards : 6

Ordering Information : 1204-03: 1PPS/Freq input (RS-485 levels) module

SecureSync 1200 User Reference Guide 385

APPENDIX

386

Figure 5-22: Model 1204-03 option card rear plate

Table 5-7: Model 1204-03 1PPS/Freq Input: Connector pin assignment

Pin No.

Signal Function

7

8

5

6

3

4

1

2

9

10

GND Ground

FREQIN_RS485+ RS-485 Frequency Input +

FREQIN_RS485RS-485 Frequency Input –

GND Ground

PPSIN_RS485+

PPSIN_RS485-

RS-485 1PPS Input +

RS-485 1PPS Input –

GND Ground

PPSOUT_RS485+ RS-485 1PPS Output +

PPSOUT_RS485RS-485 1PPS Output –

GND Ground

Models 1204-01,-03: Input/Output Specifications

FREQ Input Specifications

Signal Type And Connector : Sine wave (BNC)

Detected Level : +13 dBm to -6dBm

Frequency Setting : 1KHz…10 MHz in 1Hz steps

1PPS Input Specifications

Input Impedance : 50 Ω

Minimum Pulse Width detected : 100 ns

SecureSync 1200 User Reference Guide

APPENDIX

Input Signal Jitter : <±500 ns t o achieve oscillator lock, <±50 ns to achieve system performance

Programmable Phase Shift : ±5ns to 500 ms with 5ns resolution

1PPS Output Specifications

Signal Type And Connector : TTL level (BNC)

Output Load Impedance : 50 Ω

Rise Time to 90% of Level : <10 ns

Programmable Pulse Width : 100 ns to 900 ms with 20 ns resolution

Absolute Phase Error : ±50 ns (1 σ )

Programmable Phase Shift : ±5ns to 500 ms with 5ns resolution

1PPS Input and Output: Viewing Signal State

To quickly view if the PPS inputs and outputs of this option card are currently enabled or disabled, go to the option card’s Status Summary panel. For instructions, see:

"Viewing an

Input/Output Signal State" on page 356

.

1PPS Input: Edit Window

To configure the settings for the 1PPS Input (also referred to as ‘Reference’), go to its Edit window. For instructions, see:

"Configuring Option Card Inputs/Outputs" on page 354 .

The Web UI list entries for these cards are: 1PPS/Frequency BNC and 1PPS/Frequency

RS-485 . The connector number is: J2 (Model 1204-03: RS-485 connector: Pins 5 and 6)

Note: SecureSync starts numbering I/O ports with 0 (only 1PPS and

10 MHz outputs start at 1, because of the built-in outputs).

The Edit window allows the configuration of the following settings:

SecureSync 1200 User Reference Guide 387

APPENDIX

Edge : The operator can select either the rising or the falling edge as the input time reference (defines the on-time point of the signal).

Offset : It is possible to add an offset to the input signal (to account for cable delays), with a resolution of 5ns and a positive or negative value of 500 ms maximum.

1PPS Input: Status Window

To view the current settings of the PPS Input (also referred to as ‘Reference’), go to its

Status window. For instructions, see:

"Verifying the Validity of an Input Signal" on page 357

.

The Web UI list entries for these cards are: 1PPS/Frequency BNC and 1PPS/Frequency

RS-485. The connector number is: J2 (Model 1204-03: RS-485 connector: Pins 5 and 6)

Note: SecureSync starts numbering I/O ports with 0 (only 1PPS and

10 MHz outputs start at 1, because of the built-in outputs).

388

The Status window displays the following settings:

Reference ID : Name used to represent this 1PPS input reference in the Reference

Priority table; see

"Configuring Input Reference Priorities" on page 168

for more information on reference priority configuration.

1PPS Validity : Indicates “OK” (green) if the 1PPS input signal is present and valid.

Indicates “Not Valid” (orange) if the 1PPS input signal is either not present or is not considered valid.

Edge : Displays the selected Edge (rising of falling) of the 1PPS input that defines the on-time point.

Offset : Displays the configured 1PPS offset values.

The 1PPS Input signal is analyzed and an absence of the signal triggers a “Not Valid” indication.

SecureSync 1200 User Reference Guide

APPENDIX

Frequency Input: Edit Window

To configure the settings for the Frequency Input (also referred to as ‘Reference’), go to its Edit window. For instructions, see:

"Configuring Option Card Inputs/Outputs" on page 354 .

The Web UI list entries for these cards are: 1PPS/Frequency BNC and 1PPS/Frequency

RS-485. The connector number is: J1 (BNC card); J1 (RS-485 card).

Note: SecureSync starts numbering I/O ports with 0 (only 1PPS and

10 MHz outputs start at 1, because of the built-in outputs).

The Edit window allows the configuration of the following settings:

Reference Mode : Used to control how the reference mode operates in determining its validity. Values are:

Primary Reference —Allows the frequency reference to be valid based solely on its own presence.

Secondary Reference —Requires another valid reference to synchronize the system before the frequency reference can be determined to be valid. This is used when the frequency reference is intended to operate as a backup reference to a different primary reference source.

Frequency : Used to configure the frequency (in Hertz) of the input signal. The available Frequency range is 1KHz…10 MHz in 1Hz steps.

The input frequency is measured versus internal frequency and compared to the setup value. If the discrepancy is larger than 1kHz, the input is disqualified and not considered valid. The frequency reference does not inherently provide an on-time point, so it relies on the current on-time point of the system prior to its taking over for synchronization.

SecureSync 1200 User Reference Guide 389

APPENDIX

Frequency Input: Status Window

To view the current settings of the Frequency Input (also referred to as ‘Reference’), go to its Status window. For instructions, see:

"Viewing Input/Output Configuration Settings" on page 353

.

The Web UI list entries for these cards are: 1PPS/Frequency BNC and 1PPS/Frequency

RS-485.

The connector number is: J1 (BNC card); J1 (RS-485 card).

Note: SecureSync starts numbering I/O ports with 0 (only 1PPS and

10 MHz outputs start at 1, because of the built-in outputs).

390

The Status window displays the following settings:

Reference ID : Name used to represent this 1PPS input reference in the Reference

Priority table; see

"Configuring Input Reference Priorities" on page 168

for more information on reference priorities.

1PPS Validity : Indicates “OK” (green) if the 1PPS input signal is present and valid.

Indicates “Not Valid” (orange) if the 1PPS input signal is either not present or is not considered valid.

Reference Mode : Displays how the reference mode operates in determining its validity.

Frequency : Displays (in Hertz) the configured frequency of the input frequency signal.

The 1PPS Input signal is analyzed and an absence of the signal triggers a “Not Valid” indication.

SecureSync 1200 User Reference Guide

APPENDIX

1PPS Output: Edit Window

To configure the settings of the 1PPS output , go to its Edit window. For instructions, see:

"Configuring Option Card Inputs/Outputs" on page 354

.

The Web UI list entries for these cards are: 1PPS/Frequency BNC and 1PPS/Frequency

RS-485.

The connector number is: J3 (BNC card); J1 (RS-485 card).

Note: SecureSync starts numbering I/O ports with 0 (only 1PPS and

10 MHz outputs start at 1, because of the built-in outputs).

The Edit window allows the configuration of the following settings:

Signature Control : Used to control when the 1PPS output signal will be present.

See

"Signature Control" on page 147

for more information.

Offset : Used to account for 1PPS cable delays or other latencies in the 1PPS output.

The Offset value is entered and displayed in nanoseconds (ns). The available Offset range is -500 to +500 ms.

Edge : The operator can select if the output signal is a positive (reference on the rising edge) or a negative (reference on the falling edge) pulse.

Pulse Width : Configures the Pulse Width of the 1PPS output. The Pulse Width is entered and displayed in nanoseconds (ns). The default Pulse Width is 200 milliseconds.

PPS Output: Status Window

To view the current settings of the 1PPS output , go to its Status window. For instructions, see:

"Viewing Input/Output Configuration Settings" on page 353 .

The Web UI list entries for these cards are: 1PPS/Frequency BNC and 1PPS/Frequency

RS-485.

SecureSync 1200 User Reference Guide 391

APPENDIX

The connector number is: J3 (BNC card); J1 (RS-485 card).

Note: SecureSync starts numbering I/O ports with 0 (only 1PPS and

10 MHz outputs start at 1, because of the built-in outputs).

392

The Status window displays the following settings:

Signature Control : Displays the current configuration of Signature Control. See also:

"Signature Control" on page 147 .

Frequency : Indicates the configured frequency of the 1PPS output signal.

Offset : Displays the configured Offset (to account for cable delays or other latencies).

Edge : Shows if the on-time point of the 1PPS output is the rising or falling edge of the pulse.

Pulse Width : Displays the configured Pulse Width of the 1PPS output. The Pulse

Width is displayed in nanoseconds (ns). The default Pulse Width is 200 milliseconds.

5.2.3.4

Frequency Out [1204-08, -1C, -26, -38]

Frequency Out [1204-08, -1C, -26, -38]: Specifications

Outputs : (3) 1MHz, (3) 5MHz, or (3) 10 MHz Outputs

Signal Type and Connector :

(10 MHz) +13 dBm into 50 Ω, BNC, or TNC (-38)

(5MHz)   +10 dBm into 50 Ω, BNC, or TNC (-38)

(1MHz) +10 dBm into 50 Ω, BNC, or TNC (-38)

SecureSync 1200 User Reference Guide

APPENDIX

1MHz or 5MHz Phase Noise (with OCXO or low phase noise Rubidium oscillator):

-115 dBc/Hz @ 10 Hz

-130 dBc/Hz @ 100 Hz

-140 dBc/Hz @ 1kHz

1MHz or 5MHz Phase noise (with Rubidium oscillator):

-85 dBc/Hz @ 10 Hz

-110 dBc/Hz @ 100 Hz

-130 dBC/Hz @ 1kHz

10 MHz Phase Noise (with TCXO oscillator):

-110 dBc/Hz @ 100 Hz

-135 dBc/Hz @ 1kHz

-140 dBc/Hz @ 10 kHz

10 MHz Phase Noise (with OCXO oscillator) [Numbers in brackets represent Low

Phase Noise OCXO option]:

-95 [-100] dBc/Hz @ 1Hz

-123 [-128] dBc/Hz @ 10 Hz

-140 [-148] dBc/Hz @ 100 Hz

-145 [-153] dBc/Hz @ 1kHz

-150 [-155] dBc/Hz @ 10 kHz

Harmonics : -40 dBc minimum

Spurious :

-60 dBc minimum (1MHz)

-50 dBc minimum (5MHz)

-70 dBc minimum (10 MHz)

Accuracy : See

"10 MHz Output" on page 25

Maximum Number of Cards :

(4)

SecureSync 1200 User Reference Guide 393

APPENDIX

Ordering Information :

1204-1C: 10 MHz output (3X) Module

1204-38: 10 MHz TNC output (3X) Module

1204-08: 5MHz output (3X) Module

1204-26: 1MHz output (3X) Module

Figure 5-23: Model 1204-1C option card rear plate

Figure 5-24: Model 1204-38 option card rear plate

Figure 5-25: Model 1204-08 option card rear plate

394 SecureSync 1200 User Reference Guide

APPENDIX

Figure 5-26: Model 1204-26 option card rear plate

The Frequency Out option cards each have 3 outputs, distributing a 1MHz signal, 5MHz or

10 MHz signal (depending on the card model). All 3 outputs are configured as a single output and will appear as such in the SecureSync Web UI, numbered sequentially by card instance, starting with 0 (except the 10 MHz option card, which starts with no.1 because of the built-in 10 MHz output.)

Frequency Output: Edit Window

To configure the settings of a Frequency Output , go to its Edit window. For instructions, see:

"Configuring Option Card Inputs/Outputs" on page 354 .

The list entry for this card is named: 1/5/10 MHz BNC (or: TNC)

The connector numbers are: J1…J3.

Note: SecureSync starts numbering I/O ports with 0 (only 1PPS and

10 MHz outputs start at 1, because of the built-in outputs).

The Edit window allows the configuration of the following settings:

Signature Control : Controls when the output will be present; see

"Signature Control" on page 147 .

Frequency Output: Status Window

To view the settings of a Frequency output , go to its Status window. For instructions, see:

"Viewing Input/Output Configuration Settings" on page 353

.

The Web UI list entry for this card is named: 1/5/10 MHz BNC (or: TNC).

The connector numbers are: J1…J3.

Note: SecureSync starts numbering I/O ports with 0 (only 1PPS and

10 MHz outputs start at 1, because of the built-in outputs).

SecureSync 1200 User Reference Guide 395

APPENDIX

396

The Status window displays the following settings:

Signature Control : Controls when the output will be present. See also:

"Signature

Control" on page 147 .

Frequency : The frequency of the output: 1MHz, 5MHz or 10 MHz, depending on the card model.

For more information on monitoring installed option cards, see:

"Monitoring the Status of

Option Cards" on page 293 .

5.2.3.5

Programmable Frequency Out [1204-13, -2F, -30]

Programmable Frequency Output option modules provide output square waves at programmable pulse rates, or sine waves at programmable frequencies. The output frequency, which is adjustable via the SecureSync Web UI, is locked to the SecureSync system-disciplined oscillator.

These option cards can be used for a variety of applications requiring programmable frequency outputs. The RS-485 model of this card can be operated as an N.8 frequency synthesizer.

Depending on your card model number, the outputs are available in different formats:

RS-485 on a pluggable terminal block

TTL square wave on BNC, or

Sine wave on BNC

Each output can be phase-offset between 0-360° in 0.1°-increments.

Programmable Frequency Card 1204-13 (Sine Wave, BNC): Specifications

Outputs : (4) independently programmable sine wave outputs

Signal Type : +13 dBm

Wave Form : sine

SecureSync 1200 User Reference Guide

APPENDIX

Connector : BNC

Output Load Impedance : 50 Ω

Output Pulse/Frequency Rates : 1Hz to 25 MHz in 0.1-Hz increments

Accuracy : Function of input synchronization source (GPS, IRIG, 1 PPS, etc.)

Synchronization : Output frequency locked to SecureSync disciplined 10 MHz

Jitter , cycle-to-cycle: n/a

Phase Noise :

-120 dBc/Hz @ 1kHz offset

-130 dBc/Hz @ 10-kHz offset

-140 dBc/Hz @ 100-kHz offset

Harmonics : <-30 dBc

Spurious : <-60 dBc

Maximum Number of Cards : 6

Ordering Information : 1204-13, Programmable Frequency Card, sine wave, BNC

Figure 5-27: Model 1204-13 option card rear plate

Programmable Frequency Card 1204-2F (TTL, BNC): Specifications

Outputs : (4) independently programmable square wave outputs

Signal Type : TTL (BNC)

Wave Form : square

Connector : BNC

Output Load Impedance : 50 Ω

Output Pulse/Frequency Rates : 1PPS to 25 MPPS in 0.1-PPS increments

Accuracy : Function of input synchronization source (GPS, IRIG, 1 PPS, etc.)

SecureSync 1200 User Reference Guide 397

APPENDIX

398

Synchronization : Output frequency locked to SecureSync disciplined 10 MHz

Jitter , cycle-to-cycle: <10 ns

Phase Noise : n/a

Harmonics : n/a

Spurious : n/a

Maximum Number of Cards : 6

Ordering Information : 1204—2F, Programmable Frequency Card, TTL, BNC

Figure 5-28: Model 1204-2F option card rear plate

Progr. Frequ. Card 1204-30 (TTL, RS-485): Specifications

Outputs : (4) independently programmable square wave outputs

Signal Type : RS-485

Wave Form : square

Connector : Terminal block

Output Load Impedance : n/a

Output Pulse/Frequency Rates : 1PPS to 25 MPPS in 0.1-PPS increments

Accuracy : Function of input synchronization source (GPS, IRIG, 1 PPS, etc.)

Synchronization : Output frequency locked to SecureSync disciplined 10 MHz

Jitter , cycle-to-cycle: <10 ns

Phase Noise : n/a

Harmonics : n/a

Spurious : n/a

Maximum Number of Cards : 6

Ordering Information : 1204—30, Programmable Frequency Card, TTL, RS-485

SecureSync 1200 User Reference Guide

APPENDIX

Figure 5-29: Model 1204-30 option card rear plate

Table 5-8: Model 1204-30 terminal block pin assignments

Pin No.

Function

7

8

5

6

3

4

1

2

9

10

Frequ. Output 1 +

Frequ. Output 1 –

GND

Frequ. Output 2 +

Frequ. Output 2 –

Frequ. Output 3 +

Frequ. Output 3 –

GND

Frequ. Output 4 +

Frequ. Output 4 –

Programmable Frequency Output: Edit Window

To configure a Programmable Frequency Output , go to its Edit window. For instructions, see:

"Configuring Option Card Inputs/Outputs" on page 354

.

The Web UI list entry for this card is: Prog Freq Out, Sine [or: TTL, or: RS-485, respectively].

The connector numbers are: J1…J4 [J1 for the RS-485 model].

Note: SecureSync starts numbering I/O ports with 0 (only 1PPS and

10 MHz outputs start at 1, because of the built-in outputs).

SecureSync 1200 User Reference Guide 399

APPENDIX

400

The Edit window allows the configuration of the following settings:

Signature Control : Controls when the output will be present. See also:

"Signature

Control" on page 147 .

Frequency : Enter the desired output frequency. The ranges are as follows:

Sine wave output frequency (model no. 1204-13): 1 to 25,000,000 Hz

Pulse rate output in Hertz (model no.’s 1204-2F/-30): 1 to 25,000,000 PPS

Phase : Adjust the phase by entering a phase offset (0.1 to 360°), if required.

Note: The phase offset will lose its reference at a SecureSync reboot, and hence the value will be reset to 0 (ZERO).

The reference will also be lost if you enter a new output frequency for a port – however in this case, the value will not be reset to 0, but instead remain unchanged. In both cases you will need to re-enter the required phase offset value.

Programmable Frequency Output: Status Window

To view the settings of a Programmable Frequency Output , go to its Status window. For instructions, see:

"Viewing Input/Output Configuration Settings" on page 353 .

The Web UI list entry for this card is named: Prog Freq Out, Sine [or: TTL, or: RS-485, respectively].

The connector numbers are: J1…J4 [J1 for the RS-485 model].

SecureSync 1200 User Reference Guide

APPENDIX

Note: SecureSync starts numbering I/O ports with 0 (only 1PPS and

10 MHz outputs start at 1, because of the built-in outputs).

The Status window displays the following settings:

Signature Control : Controls when the output will be present. See also:

"Signature

Control" on page 147 .

Frequency : Indicates the configured frequency.

Phase : Displays the configured phase offset (e.g., to account for delays caused by different cable lengths, or other latencies).

Lock : Shows, if the output frequency is locked to the SecureSync system-disciplined oscillator.

Note: Even if an output frequency status is LOCKED, it will not be available at the output port, if the Signature Control for that port has been

DISABLED.

5.2.3.6

Programmable Square Wave Out [1204-17]

The Model 1204-17 Square Wave output Option Card provides four programmable square wave outputs for the SecureSync platform.

Inputs/Outputs : (4) Programmable square wave outputs

Signal Type and Connector : TTL (BNC)

Accuracy : ±50 ns (1 σ )

SecureSync 1200 User Reference Guide 401

APPENDIX

Output Load Impedance : 50 Ω

Rise Time to 90% of Level : <10 ns

Programmable Period : 100 ns to 2,000,000,000 ns in 5ns steps, or to

1,800,000,000 µs in 1µs steps

Programmable Pulse Width : 20 ns to 900 ms with 5 ns resolution

Maximum Number of Cards : 6

Ordering Information : 1204-17: Square Wave Out

Figure 5-30: Model 1204-17 option card rear plate

Configuring a Square Wave Output

To configure one of the Square Wave Outputs :

1.

Navigate INTERFACES >OUTPUTS: Square Wave Output . The panel on the right side of the screen displays all Sqr. Wv. Outputs and their statuses. All outputs are numbered by signal type (e.g., 'pulse'), hence the numbering may not start with 0.

To determine which output number is allocated to which connector (J1–J4), hover your mouse pointer over the back panel image .

Click on the INFO button next to one of the outputs to open a detailed Status

402 SecureSync 1200 User Reference Guide

panel (the displayed settings are described below.)

APPENDIX

2.

Click on the GEAR button to open the Edit window.

The Edit window allows the configuration of the following settings:

Note: The fields viewable are contextually determined according to the Output Mode .

Output Mode :

SecureSync 1200 User Reference Guide 403

APPENDIX

404

Direct Output Value

1PPS

1PPM

5MPPS/1PPS

Square Wave

Custom

Output Value : Determines the output level (Low or High).

Re-Initialize : Re-initializes square wave generation and aligns to 1PPS.

Signature Control : Controls when the output will be present.  See also:

"Signature Control" on page 147 .

Edge : Used to determine if the on-time point of the output is the Rising or

Falling edge of the signal.

Offset : Accounts for cable delays and other latencies [nanoseconds].

On-Time Point Pulse Width : The on-time point pulse width is the pulse width of the first square wave pulse aligned to the 1PPS On-Time Point.  This is only active when the alignment count is non-zero [nanoseconds].

Pulse Width : Pulse width of the output [nanoseconds].

Alignment Count (s) : The alignment counter determines how often (in seconds) the square wave will be aligned back to the 1PPS.  Setting zero will disable PPS alignment beyond the initial alignment.

Time Alignment : (Enabled/Disabled) The time alignment enable changes the function of the alignment counter to align the square wave whenever the current time’s seconds value is a multiple of the alignment count. For example: If time alignment is enabled and alignment count is set to 15 seconds, the square wave will be aligned to the 1PPS when the seconds value on the time display equals 00, 15, 30, 45. The current Time Alignment range is from 0 to 3600 seconds.

Period : Sets the period of the square wave (in ns or µs scale).

The wave’s frequency will display at the top of the window once you have configured the output. The frequency is calculated based on the

Period and Period Correction settings.

SecureSync 1200 User Reference Guide

APPENDIX

Period Correction : Period correction allows for the generation of more precise frequencies at the expense of additional period jitter. Over a length of time, the true square wave period comes to:

Period + [(numerator/denominator) * 5 ns]

5.2.3.7

Simulcast (CTCSS/Data Clock) [1204-14]

The Simulcast CTCSS/Data Sync/Data Clock Option Card provides CTCSS, data clock, and alarm outputs through relays for the SecureSync platform through one DB-9 and one

RJ-12 connector. The maximum number of cards installed is six (6).

a.

Connector : DB-9

Outputs :

(3) RS-485 Outputs (Data Clocks, CTCSS frequencies, 1PPS)

(1) Alarm

Voltage :

Alarms: GND normally, high impedance when Alarm b.

Connector : RJ-12

Outputs :

(1) RS-485 Outputs (Data Clocks, CTCSS frequencies, 1PPS)

(2) Alarm

Voltage :

Alarms: 5V pulled up through 10 kΩ normally, GND when Alarm

Note: By factory default, all CTCSS outputs are DISABLED.

SecureSync 1200 User Reference Guide 405

APPENDIX

Figure 5-31: Model 1204-14 option card rear plate

Pin Assignment: DB-9 Connector

Outputs : Alarm0, CTC0 Out, CTC1 Out, CTC2 Out (with only one Simulcast option card installed)

Note: Alarm Output 0 through Alarm Output 3 are reserved by

SecureSync. In the Web UI, numbering for alarm outputs for this option card will begin at Alarm 4, which is available on the DB-9 output, while

Alarms 5 and 6 are assigned to the RJ-12 connector.

406

Figure 5-32: DB-9 connector pin-out

3

4

1

2

7

8

5

6

9

Table 5-9: DB-9 pin-out

PIN NOTES SIGNAL 819x Mapping 819x Option17 Mapping

RS-485 + Terminal Output 0+

RS-485 + Terminal Output 1+

+9.6 kHz

+18 kHz

+CTCSS #1

+18 kHz

RS-485 + Terminal Output 2+

Ground = Normal

OPEN = ALARM

+1 PPS +CTCSS #2

Major Alarm Major Alarm Major Alarm

Cable Shield Ground Ground

RS-485 – Terminal Output 0 – –9.6 kHz

RS-485 – Terminal Output 1 – –18 kHz

RS-485 – Terminal Output 2 – –1PPS

Cable Shield GROUND GROUND

Ground

– CTCSS #1

– 18 kHz

– CTCSS #2

GROUND

SecureSync 1200 User Reference Guide

APPENDIX

Pin Assignment: RJ-12 Connector

Outputs: Alarm1, Alarm2, CTC3 Out, (with only one Simulcast option card installed)

Note: Alarm Output 0 through Alarm Output 3 are reserved by

SecureSync. In the Web UI, numbering for alarm outputs for this option card will begin at Alarm 4, which is available on the DB-9 output, while

Alarms 5 and 6 are assigned to the RJ-12 connector.

Figure 5-33: RJ-12 connector pin-out

1

2

3

4

5

Table 5-10: RJ-12 pin assignments

PIN

6

NOTES SIGNAL 938x SP360 Mapping

Cable Shield GROUND GROUND

5V = NORMAL

GROUND = ALARM

MAJOR ALARM RELAY MAJOR ALARM RELAY

RS-485 + Terminal Output 3+

RS-485 - Terminal Output 3-

+ 1PPS

- 1PPS

5V = NORMAL

GROUND = ALARM

MINOR ALARM RELAY MINOR ALARM RELAY

Cable Shield GROUND GROUND

CTCSS and Alarm Outputs: Viewing Signal States

To quickly view the current signal state of the 1204-14 Simulcast outputs , in the Web UI navigate to the option card’s Status Summary panel. For instructions, see:

"Viewing an

Input/Output Signal State" on page 356

.

SecureSync 1200 User Reference Guide 407

APPENDIX

All outputs are listed, displaying their current output states. For a listing of the states, see

"CTCSS Outputs: Edit Window" on the facing page

, and

"Alarm Outputs: Edit Window" on page 410 .

To view the settings of one of the Alarm Outputs or CTCSS Outputs , go to its Status window. For instructions, see:

"Viewing Input/Output Configuration Settings" on page 353 .

The Web UI list entry for this card is named: Simulcast .

Note: Alarm Output 0 through Alarm Output 3 are reserved by

SecureSync. Numbering for alarm outputs from the option card will begin at Alarm 4, which is available on the DB-9 output, while Alarms 5 and 6 are assigned to the RJ-12 connector.

408

Figure 5-34: Simulcast Alarm Output Status window

SecureSync 1200 User Reference Guide

APPENDIX

CTCSS Outputs: Edit Window

To configure a CTCSS output , go to its Edit window. For instructions, see:

"Configuring

Option Card Inputs/Outputs" on page 354 .

The Web UI list entry for this card is named: Simulcast .

The Edit window allows the configuration of the following settings:

Signal Type : Allows selection of the desired signal type. Available options include:

Disabled

CTCSS 1/3 Tones

CTCSS 1/10 Tones

Data Clocks

1PPS

Signal Output :

CTCSS 1/3 Tones (see also:

"CTCSS exact (1/3 Hz) tones" on page 411 )

CTCSS 1/10 Tones (see also:

"CTCSS exact (1/10 Hz) tones" on page 412 )

Data Clocks (see also:

"Data Clock Signals" on page 412

)

1PPS (see also:

"1PPS Duty Cycle" on page 412 )

Offset : Value in nanoseconds that can be used to adjust for cable delays or latencies.

Signature Control : Controls when the output will be present. For more information, see

"Signature Control" on page 147 .

819x Option 17 Mapping

To replicate settings used in Series 819x devices, use the following information to configure option card no. 1204-14 for compatible CTCSS operation:

SecureSync 1200 User Reference Guide 409

APPENDIX

DB-9 Output Index 0 : Set to desired CTCSS 1/10 or CTCSS 1/3 tone

DB-9 Output Index 1 : Set to 18 kHz Data Clock

DB-9 Output Index 2 : Set to desired CTCSS 1/10 or CTCSS 1/3 tone.

Alarm Outputs: Edit Window

To configure one of the ALARM Outputs , go to its Edit window. For instructions, see:

"Configuring Option Card Inputs/Outputs" on page 354

.

The Web UI list entry for this card is named: Simulcast .

Note: Alarm Output 0 through Alarm Output 3 are reserved by

SecureSync. Numbering for alarm outputs from the option card will begin at Alarm 4, which is available on the DB-9 output, while Alarms 5 and 6 are assigned to the RJ-12 connector.

Note: You can configure the alarm type (None, Minor, or Major) for both the

DB-9 and RJ-12 connectors. For additional information on alarm types, see

"Minor and Major Alarms" on page 339 .

The Edit window allows the configuration of the following settings:

Alarm Type :

None—Will not output for an alarm

Minor—Will output on a minor alarm

Major—Will output on a major alarm.

410 SecureSync 1200 User Reference Guide

CTCSS Encoding Tables, Signal Data

Table 5-11: CTCSS exact (1/3 Hz) tones

Code Tone Freq. Code Tone Freq. Code Tone Freq.

YB

ZZ

ZA

ZB

1Z

XZ 67.000

WZ 69.333

XA 72.000

WA 74.333

XB 77.000

WB 79.666

YZ

YA

82.666

85.333

88.666

91.666

95.000

97.333

100.000

136.666

141.333

146.333

151.333

156.666

162.333

168.000

103.666

107.333

111.000

115.000

119.000

123.000

127.333

132.000

5A

5B

6Z

4Z

4A

4B

5Z

2B

3Z

3A

3B

1A

1B

2Z

2A

173.666

180.000

186.333

193.000

203.666

206.666

210.666

218.333

225.666

229.000

233.666

242.000

250.333

254.000

M4

9Z

M5

M6

M7

0Z

M1

8Z

M2

M3

6A

6B

7Z

7A

APPENDIX

SecureSync 1200 User Reference Guide 411

APPENDIX

Table 5-12: CTCSS exact (1/10 Hz) tones

Code Tone Freq. Code Tone Freq. Code Tone Freq.

YB

ZZ

ZA

ZB

1Z

1A

XZ 67.0

WZ 69.3

XA 71.9

WA 74.4

XB 77.0

WB 79.7

YZ

YA

82.5

85.4

88.5

91.5

94.8

97.4

100.0

103.5

M4

9Z

M5

M6

M7

0Z

M1

8Z

M2

M3

6A

6B

7Z

7A

141.3

146.2

151.4

156.7

162.2

167.9

107.2

110.9

114.8

118.8

123.0

127.3

131.8

136.5

4A

4B

5Z

5A

5B

6Z

3Z

3A

3B

4Z

1B

2Z

2A

2B

225.7

229.1

233.6

241.8

250.3

254.1

173.8

179.9

186.2

192.8

203.5

206.5

210.7

218.1

Table 5-13: Data Clock Signals

Output Duty Cycle

9.6 kHz, 18.0 kHz, 64.0 kHz 50% ±2%

17 2/3 Hz 888 µs pulse width

26 2/3 Hz

33 1/3 Hz

25% low, 75% high

208 µs pulse width

Table 5-14: 1PPS Duty Cycle

Output Duty Cycle

1PPS 20% ±5%

412 SecureSync 1200 User Reference Guide

APPENDIX

5.2.4

Telecom Option Cards

This section contains technical information and Web UI procedures relevant to

SecureSync option cards commonly used in the telecommunications industry.

5.2.4.1

T1/E1 Out [1204-09, -0A, -4C, -53]

The 1204-09 and 1204-0A E1/T1 option card provide 1.544 MHz or 2.048 MHz and E1 or

T1 data outputs for the SecureSync platform. The 1204-4C and 1204-53 E1/T1 option cards each provide (4) E1 or T1 data outputs (but do not include a clock output).

SecureSync meets G.812 Type I when installed with a Rubidium option, and G.811 when installed with a Rubidium option and synchronized with GNSS.

Note: Rubidium oscillators are recommended for the E1/T1 option cards.

Model 1204-09 E1/T1 (75 Ω): Specifications

Outputs :

(1) 1.544/2.048 MHz Output

(2) Unbalanced E1/T1 Outputs

T1 mode :

1.544 MHz (square wave) frequency output

(2) 1.544 Mb/sec data rate outputs:

Outputs are DS1 framed all ones

Supports Super Frame (SF or D4) and Extended Super Frame (ESF)

SSM support

E1 mode :

2.048 MHz (square wave) frequency output

(2) 2.048 Mb/sec data rate outputs:

Outputs are E1 frame all ones

Supports CRC4 and CAS Multiframe

SSM support

SecureSync 1200 User Reference Guide 413

APPENDIX

414

Connector and Signal Type : BNC

1.544/2.048 MHz TTL into 50 Ω

T1 according to GR-499-CORE (75 Ω)

E1 according to ITU-T G703 (75 Ω)

Maximum Number of Cards : 6

Ordering Information : 1204-09: T1/E1 (75 Ω) module

Figure 5-35: Model 1204-09 option card rear plate

Model 1204-0A E1/T1 (100/120 Ω): Specifications

Outputs :

(1) 1.544/2.048 MHz RS-485 Outputs

(2) Balanced E1/T1Outputs

T1 mode :

1.544 MHz (square wave) frequency output

(2) 1.544 Mb/sec data rate outputs:

Outputs are DS1 framed all ones

Supports Super Frame (SF or D4) and Extended Super Frame (ESF)

SSM support

E1 mode :

2.048 MHz (square wave) frequency output

(2) 2.048 Mb/sec data rate outputs:

Outputs are E1 frame all ones

Supports CRC4 and CAS Multiframe

SSM support

SecureSync 1200 User Reference Guide

APPENDIX

Connector and Signal Type : Terminal block

1.544/2.048 MHz RS-485

T1 according to GR-499-CORE (100 Ω)

E1 according to ITU-T G703 (120 Ω)

Maximum Number of Cards : 6

Ordering Information : 1204-0A: T1/E1 (100/120 Ω) module

Figure 5-36: Model 1204-0A option card rear plate

7

8

5

6

3

4

1

2

9

10

Table 5-15: 1204-0A option card pin assignments

Pin Assignments

Pin No.

Signal Function Description

GND Ground Ground

1.544MHz/2.048MHz RS-485 A Terminal Square wave

1.544MHz/2.048MHz RS-485 B Terminal Square wave

GND Ground Ground

T1/E1 output A1

T1/E1 output B1

GND

T1/E1 output A2

T1/E1 output B2

GND

GR-499/G.703

GR-499/G.703

Ground

GR-499/G.703

GR-499/G.703

Ground

Tip

Ring

Ground

Tip

Ring

Ground

Model 1204-53 E1/T1 (75 Ω): Specifications

Outputs :

(4) Unbalanced E1 or T1 Outputs

SecureSync 1200 User Reference Guide 415

APPENDIX

T1 mode :

(4) 1.544 Mb/sec data rate outputs:

Outputs are DS1 framed all ones

Supports Super Frame (SF or D4) and Extended Super Frame (ESF)

SSM support

E1 mode :

(4) 2.048 Mb/sec data rate outputs:

Outputs are E1 frame all ones

Supports CRC4 and CAS Multiframe

SSM support

Connector and Signal Type : BNC

T1 according to GR-499-CORE (75 Ω)

E1 according to ITU-T G703 (75 Ω)

Maximum Number of Cards : 6

Ordering Information : 1204-53: T1/E1 (75 Ω) module

Figure 5-37: Model 1204-53 option card rear plate

Model 1204-4C E1/T1 (100/120 Ω): Specifications

Outputs :

(4) Balanced E1 or T1 Outputs

T1 mode :

(4) 1.544 Mb/sec data rate outputs:

416 SecureSync 1200 User Reference Guide

APPENDIX

Outputs are DS1 framed all ones

Supports Super Frame (SF or D4) and Extended Super Frame (ESF)

SSM support

E1 mode :

(4) 2.048 Mb/sec data rate outputs:

Outputs are E1 frame all ones

Supports CRC4 and CAS Multiframe

SSM support

Connector and Signal Type : Terminal block

T1 according to GR-499-CORE (100 Ω)

E1 according to ITU-T G703 (120 Ω)

Maximum Number of Cards : 6

Ordering Information : 1204-4C: T1/E1 (100/120 Ω) module

Figure 5-38: Model 1204-4C option card rear plate

3

4

1

2

5

Table 5-16: 1204-4C option card pin assignments

Pin Assignments

Pin No.

Signal Function Description

GND Ground Ground

T1/E1 output A1 GR-499/G.703 Tip

T1/E1 output B1 GR-499/G.703 Ring

T1/E1 output A2 GR-499/G.703 Tip

T1/E1 output B2 GR-499/G.703 Ring

SecureSync 1200 User Reference Guide 417

APPENDIX

Pin No.

8

9

6

7

10

Signal

Pin Assignments

Function Description

T1/E1 output A3 GR-499/G.703 Tip

T1/E1 output B3 GR-499/G.703 Ring

T1/E1 output A4 GR-499/G.703 Tip

T1/E1 output B4 GR-499/G.703 Ring

GND Ground Ground

E1/T1 Output: Edit Window

To configure an E1/T1 data output (1.544/2.048 MHz clock on J1 BNC connector and unbalanced E1/T1 outputs on J2 to J3 BNC connectors, or all terminal block J1 outputs), navigate to its Edit window. For instructions, see:

"Configuring Option Card Inputs/Outputs" on page 354 .

In the Web UI this card is listed under: E1/T1 Out BNC and E1/T1 OUT Terminal .

Note: SecureSync starts numbering I/O ports with 0 (only 1PPS and

10 MHz outputs start at 1, because of the built-in outputs).

418

The Edit window allows the configuration of the following settings:

Signature Control : Controls when the output will be present. For more information, see

"Signature Control" on page 147 .

SecureSync 1200 User Reference Guide

APPENDIX

Mode : This option selects T1, E1, or disabled mode. For T1 mode, the clock output

(on the -09 and -0A cards) will be 1.544 MHz, and for E1 the clock output will be

2.048 MHz.

SSM Enabled : Enables or disables Sync Status Messaging (SSM). T1 SSM is not valid with D4/Superframe or AIS framing. E1 SSM is not valid with AIS framing.

E1 Encode : HDB3 only.

E1 Framing : This option selects the framing standard (CRC-4, No CRC-4, or AIS).

T1 Framing : This option selects the framing standard (D4/Superframe, Extended

Superframe [CRC-6/no CR C-6], or AIS).

T1 Encoding : This option selects the encoding method (B8ZS or AMI).

T1SSM Value : This option selects the SSM quality level transmitted when SSM is enabled.

E1 SSM Value : This option selects the SSM quality level transmitted when SSM is enabled.

E1/T1 Output: Status Window

To view the configuration settings of the E1 OUT  or T1 OUT  output, go to its Status window. For instructions, see:

"Viewing Input/Output Configuration Settings" on page 353 .

The Web UI list entries for these cards are: E1/T1 Out BNC and E1/T1 OUT Terminal .

Note: SecureSync starts numbering I/O ports with 0 (only 1PPS and

10 MHz outputs start at 1, because of the built-in outputs).

SecureSync 1200 User Reference Guide 419

APPENDIX

The E1/T1 Output 0 Status Screen will vary according to whether the output signal mode is E1 or T1.

The Status windows display the following settings:

Signature Control : Controls when the output will be present; see

"Signature Control" on page 147 .

Mode : This option selects T1, E1, or disabled mode. For T1 mode, the clock output

(on the -09 and -0A cards) will be 1.544 MHz, and for E1 the clock output will be

2.048 MHz.

SSM Enabled : Enables or disables Sync Status Messaging (SSM). T1 SSM is not valid with D4/Superframe or AIS framing. E1 SSM is not valid with AIS framing.

E1 Encoding : HDB3 only.

E1 Framing : This option selects the framing standard (CRC-4, No CRC-4, or AIS).

T1 Framing : This option selects the framing standard (D4/Superframe, Extended

Superframe [CRC-6/no CR C-6], or AIS).

T1 Encoding : This option selects the encoding method (B8ZS or AMI).

T1 SSM Value : This option selects the SSM quality level transmitted when SSM is enabled.

E1 SSM Value : This option selects the SSM quality level transmitted when SSM is enabled.

5.2.5

Time Code Option Cards

This section contains technical information and SecureSync Web UI procedures for option cards designed to deliver timing data in time code formats, e.g. IRIG, HAVE QUICK, or

STANAG.

5.2.5.1

IRIG Out [1204-15, -1E, -22]

These IRIG Output option cards provide SecureSync with four IRIG outputs. Available with

BNC connectors, Fiber Optic ST connectors, or RS-485 terminal block.

420 SecureSync 1200 User Reference Guide

APPENDIX

IRIG Out (BNC): Specifications

Inputs/Outputs : (4) IRIG Outputs

Output Signal : IRIG A, B, G, E or NASA-36, amplitude modulated sine wave (AM),

0.5V to 6V p-p into 50 Ω; or pulse-width-coded (DCLS). User-selectable.

AM Carrier : IRIG B 1000 Hz, IRIG A and G 100 or 100

AM Signal Level : 500 mV to 10 V p-p

[high Z]; (modulated 2:1 to 6:1).

DCLS Signal Level : >10 kΩ TTL

Connector : AM and DCLS: BNC female

Accuracy : see

"IRIG Output Accuracy Specifications" on page 579

Number of Cards : Up to 6

Ordering Information : 1204-15, IRIG module, BNC Connector

Figure 5-39: Model 1204-15 option card rear plate

IRIG Out (Fiber Optic): Specifications

Inputs/Outputs : (4) IRIG Outputs

Signal : IRIG A, B, E, G or NASA-36

Operating Wavelength : 820/850 nm

Optical Power : -15 dBm average into 50/125 fiber

Fiber Optic Compatibility : 50/125 μ m, 62.5/125 μ m multi-mode cable

Optical Connector : ST

Signal Type : DC Level Shift (unmodulated)

Accuracy : see

"IRIG Output Accuracy Specifications" on page 579

Maximum Number of Cards : 6

Ordering Information : 1204-1E Four IRIG Output Module, Fiber Optic

SecureSync 1200 User Reference Guide 421

APPENDIX

422

Figure 5-40: Model 1204-1E option card rear plate

IRIG Out (RS-485): Specifications

Inputs/Outputs : (4) IRIG Outputs

Signal : IRIG A, B, E, G or NASA-36

Signal Type and Connector : RS-485 levels (terminal block)

Output Load Impedance : 120 Ω

Accuracy : see

"IRIG Output Accuracy Specifications" on page 579

Maximum Number of Cards : 6

Ordering Information : 1204-22 Four IRIG Output Module, RS-485

Figure 5-41: Model 1204-22 option card rear plate

3

4

1

2

Pin Assignments

J1 Pin No.

Function

IRIG Output 1 +

IRIG Output 1 –

GND

IRIG Output 2 +

SecureSync 1200 User Reference Guide

APPENDIX

7

8

5

6

9

10

J1 Pin No.

Function

IRIG Output 2 –

IRIG Output 3 +

IRIG Output 3 –

GND

IRIG Output 4 +

IRIG Output 4 –

Table 5-17: 1204-22 terminal block pin-out

IRIG Output: Viewing Signal State

To quickly view if an IRIG output is enabled or disabled, go to the option card’s Status Summary panel. For instructions, see:

"Viewing an Input/Output Signal State" on page 356 .

IRIG Output: Edit Window

To configure an IRIG Output , go to its Edit window. For instructions, see:

"Configuring

Option Card Inputs/Outputs" on page 354 .

The Web UI list entries for these option cards are: IRIG Out BNC, IRIG Out Fiber, IRIG

Out RS-485 .

Note: SecureSync starts numbering I/O ports with 0 (only 1PPS and

10 MHz outputs start at 1, because of the built-in outputs).

SecureSync 1200 User Reference Guide 423

APPENDIX

424

The Edit window allows the configuration of the following settings:

Signature Control : Used to control when the IRIG modulation will be present. This function allows the modulation to stop under certain conditions; see also

"Signature

Control" on page 147 .

Format : Used to configure the desired IRIG output formatting. The available choices are:

IRIG A

IRIG B

IRIG G

IRIG E

NASA-36

Modulation : Changes the type of output signal modulation. The available choices are:

IRIG DCLS: TTL-modulated output

IRIG AM: Amplitude-modulated output. The amplitude of the output is determined by the value entered in the Amplitude field.

Frequency : The IRIG modulation frequency. This is determined by the configuration of Format and Modulation Type. See

"IRIG Carrier Frequencies" on page 563

for details.

SecureSync 1200 User Reference Guide

APPENDIX

Coded Expression : Defines the data structure of the IRIG signal, where:

BCD = Binary Coded Decimal

TOY = Time of Year

CF = Control Field

SBS = Straight Binary Seconds

Note: The available options will vary according to the values of Format and

Modulation Type.

Control Function Field : IRIG signals have an optional section in the data stream that can be used to include additional information (such as the present year, for example). This field allows the Control Field section of the IRIG output to be defined.

The available configurations are:

Fields conform to RCC 200-04 : IRIG spec 200-04 specified a location for year value, if included in this field.

Fields conform to IEEC 37.118-2005 (IEEE 1344): Control Field contains year, leap second and daylight savings time information.

Fields conform to Spectracom Format : Year is included in Control Field but not in the same location as RCC-2004 output (year is offset by one position).

Fields conform to Spectracom FAA Format : A unique IRIG output Control

Field that contains satellite lock status and time error flags.

Fields conform to NASA Formats : Variants of IRIG B

Fields confirm to Spectracom IEEE C37.118-2005 : Has been extended to support one-month leap second notification

Note: The available options will vary according to the configurations of

Format and Modulation Type.

Timescale : Used to select the time base for the incoming time code data. The entered Timescale is used by the system to convert the time in the incoming data stream to UTC time for use by the System Time. The available choices are:

SecureSync 1200 User Reference Guide 425

APPENDIX

UTC : Coordinated Universal Time ("temps universel coordonné"), also referred to as ZULU time

TAI : Temps Atomique International

GPS : The raw GPS time as transmitted by the GNSS satellites (as of 5-March-

2021, this is 18 seconds ahead of UTC)

A local clock set up through the Time Management Page: This option will appear under the name of the local clock you have set up. See for more information. Local timescale allows a Local Clock to apply a time offset for

Time Zone and DST correction.

Amplitude : The peak-to-peak output voltage level into a 600 Ω load is adjusted by entering a digital control value in this field. The level adjustment has no effect on

TTL outputs, only on AM formats. The value of 128 will cause the Mark amplitude to be about 5V p-p into high impedance. A value of 200 results in an output amplitude of about 9V p-p into high impedance.

Note: These are nominal values only. Actual values will vary from unit to unit. To adjust the level precisely, connect an oscilloscope to the output connector when adjusting.

Offset : Provides the ability to account for IRIG cable delays or other latencies in the

IRIG input. The Offset value is entered and displayed in nanoseconds (ns). The available Offset range is -500 to +500 ms.

For IRIG frequency and output specifications, see

"IRIG Standards and Specifications" on page 563 .

For information on IRIG output resolution, see

"About the IRIG Output Resolution" on page 563 .

IRIG Output: Status Window

To view the specifications of an IRIG Output , go to its Status window. For instructions, see:

"Viewing Input/Output Configuration Settings" on page 353

.

The Web UI list entries for these option cards are: IRIG Out BNC, IRIG Out Fiber, IRIG

Out RS-485 .

426 SecureSync 1200 User Reference Guide

APPENDIX

Note: SecureSync starts numbering I/O ports with 0 (only 1PPS and

10 MHz outputs start at 1, because of the built-in outputs).

Descriptions of the settings shown in the Status window can be found

"IRIG Output: Edit

Window" on page 423

. For IRIG frequency and output specifications, see

"IRIG Standards and Specifications" on page 563

.

5.2.5.2

IRIG In/Out [1204-05, -27]

The IRIG Input/Output option card provides SecureSync with one IRIG input and two IRIG outputs. The IRIG input can be used as the primary SecureSync time and 1PPS reference input for synchronization. Or, it can also be used in conjunction with other primary references (such as GNSS and NTP) to synchronize SecureSync. Available with BNC or Fiber

Optic ST connectors.

SecureSync 1200 User Reference Guide 427

APPENDIX

IRIG In/Out, BNC [1204-05]: Input Specifications

Input Signal : IRIG A, B, G or NASA-36; amplitude modulated sine wave (AM) OR pulse-width-coded (DCLS); user-selectable, with automatic switching of load on input

AM Carrier : IRIG B 1000 Hz, IRIG A 10 kHz and G 100 kHz

AM Signal Level : 500 mV to 10 V p-p

(modulated 2:1 to 6:1); 50 Ω load

DCLS Signal Level : TTL; 0.8V max., 2.3V min fail.; >10 kΩ load

Connector : AM and DCLS: BNC female

Accuracy : n/a

Number of Cards : Up to 6

Ordering Information : 1204-05, IRIG module, BNC Connector

IRIG In/Out, BNC [1204-05]: Output Specifications

Output Signal : IRIG A, B, G, E or NASA-36, amplitude modulated sine wave (AM),

0.5V to 6V p-p into 50 Ω; or pulse-width-coded (DCLS). User-selectable.

AM Carrier : IRIG B 1000 Hz, IRIG A and G 100 or 100

AM Signal Level : 500 mV to 10 V p-p

[high Z]; (modulated 2:1 to 6:1).

DCLS Signal Level : >10 kΩ TTL

Connector : AM and DCLS: BNC female

Accuracy : see

"IRIG Output Accuracy Specifications" on page 579

Number of Cards : Up to 6

Ordering Information : 1204-05, IRIG module, BNC Connector

Figure 5-42: Model 1204-05 option card rear plate

428 SecureSync 1200 User Reference Guide

IRIG In/Out, Fiber Opt. [1204-27]: Input Specifications

Signal : IRIG A, B, G or NASA-36, (DCLS only, unmodulated)

Operating Wavelength : 820/850 nm

Optical Minimum Sensitivity : -25 dBm @ 820 nm

Fiber Optic Compatibility : 50/125  μ m, 62.5/125  μ m multi-mode cable

Optical Connector : ST

Accuracy : n/a

Number of Cards : Up to 6

Ordering Information : 1204-27, IRIG module, Fiber Optic ST Connector

IRIG In/Out, Fiber Opt. [1204-27]: Output Specifications

Signal : IRIG A, B, E, G or NASA-36, (DCLS only, unmodulated)

Operating Wavelength : 820/850 nm

Optical Power : -15 dBm average into 50/125 fiber

Fiber Optic Compatibility : 50/125  μ m, 62.5/125  μ m multi-mode cable

Optical Connector : ST

Accuracy : see

"IRIG Output Accuracy Specifications" on page 579

Number of Cards : Up to 6

Ordering Information : 1204-27, IRIG module, Fiber Optic ST Connector

APPENDIX

Figure 5-43: Model 1204-27 option card rear plate

Supported IRIG Formats

The IRIG option cards models 1204-05 and -27 support IRIG input and output formats A, B, and G (DCLS and AM). Additionally, the cards support inputs with frequency/resolution values of no carrier/index count interval, 1kHz/1ms, 10 kHz/0.1 ms, and 100 kHz/10 ms, as well as IRIG input coded expressions of the fields BCD

TOY

, CF, SBS, and BCD

YEAR

.

SecureSync 1200 User Reference Guide 429

APPENDIX

A130

A131

A132

A133

A134

A000

A001

A002

A003

A004

A005

A006

A007

A-AM

The IRIG inputs support the following coded expression combinations for BCD

TOY

SBS, and BCD

YEAR fields:

, CF,

0 – BCD

TOY

, CF, SBS

1 – BCD

TOY

, CF

2 – BCD

TOY

3 – BCD

TOY

, SBS

4 – BCD

TOY

, BCD

YEAR

, CF, SBS

5 – BCD

TOY

, BCD

YEAR

, CF

6 - BCD

TOY

, BCD

YEAR

7 - BCD

TOY

, BCD

YEAR

, SBS

The cards support synchronization with the following analog and DCLS IRIG input formats:

Provided

IRIG Code Format

A-DCLS

Code Description

IRIG A, DCLS, BCD

TOY

, CF, SBS

IRIG A, DCLS, BCD

TOY

, CF

IRIG A, DCLS, BCD

TOY

IRIG A, DCLS, BCD

TOY

, SBS

IRIG A, DCLS, BCD

TOY

, BCD

YEAR

, CF, SBS

IRIG A, DCLS, BCD

TOY

, BCD

YEAR

, CF

IRIG A, DCLS, BCD

TOY

, BCD

YEAR

IRIG A, DCLS, BCD

TOY

, BCD

YEAR

, SBS

IRIG A, AM, 10kHz, BCD

TOY

, CF, SBS

IRIG A, AM, 10kHz, BCD

TOY

, CF

IRIG A, AM, 10kHz, BCD

TOY

IRIG A, AM, 10kHz, BCD

TOY

, SBS

IRIG A, AM, 10kHz, BCD

TOY

, BCD

YEAR

, CF, SBS

430 SecureSync 1200 User Reference Guide

APPENDIX

E000

E001

E002

E003

E004

Provided

IRIG Code Format

A135

A136

A137

B-DCLS

Code Description

IRIG A, AM, 10kHz, BCD

TOY

, BCD

YEAR

, CF

IRIG A, AM, 10kHz, BCD

TOY

, BCD

YEAR

IRIG A, AM, 10kHz, BCD

TOY

, BCD

YEAR

, SBS

B000

B001

B002

B003

B004

B005

B006

B007

B-AM

IRIG B, DCLS, BCD

TOY

, CF, SBS

IRIG B, DCLS, BCD

TOY

, CF

IRIG B, DCLS, BCD

TOY

IRIG B, DCLS, BCD

TOY

, SBS

IRIG B, DCLS, BCD

TOY

, BCD

YEAR

, CF, SBS

IRIG B, DCLS, BCD

TOY

, BCD

YEAR

, CF

IRIG B, DCLS, BCD

TOY

, BCD

YEAR

IRIG B, DCLS, BCD

TOY

, BCD

YEAR

, SBS

B120

B121

B122

B123

B124

B125

B126

B127

IRIG B, AM, 1kHz, BCD

TOY

, CF, SBS

IRIG B, AM, 1kHz, BCD

TOY

, CF

IRIG B, AM, 1kHz, BCD

TOY

IRIG B, AM, 1kHz, BCD

TOY

, SBS

IRIG B, AM, 1kHz, BCD

TOY

, BCD

YEAR

, CF, SBS

IRIG B, AM, 1kHz, BCD

TOY

, BCD

YEAR

, CF

IRIG B, AM, 1kHz, BCD

TOY

, BCD

YEAR

IRIG B, AM, 1kHz, BCD

TOY

, BCD

YEAR

, SBS

E-DCLS (output only)

IRIG E, DCLS, BCD

TOY

, CF, SBS

IRIG E, DCLS, BCD

TOY

, CF

IRIG E, DCLS, BCD

TOY

IRIG E, DCLS, BCD

TOY

, SBS

IRIG E, DCLS, BCD

TOY

, BCD

YEAR

, CF, SBS

SecureSync 1200 User Reference Guide 431

APPENDIX

E120

E121

E122

E123

E124

E125

E126

E127

E110

E111

E112

E113

E114

E115

E116

E117

G-DCLS

G001

G002

G005

G006

G-AM

Provided

IRIG Code Format

Code Description

E005

E006

E007

IRIG E, DCLS, BCD

TOY

, BCD

YEAR

, CF

IRIG E, DCLS, BCD

TOY

, BCD

YEAR

IRIG E, DCLS, BCD

TOY

, BCD

YEAR

, SBS

E-AM (output only)

IRIG E, AM, 100 Hz, BCD

TOY

, CF, SBS

IRIG E, AM, 100 Hz, BCD

TOY

, CF

IRIG E, AM, 100 Hz, BCD

TOY

IRIG E, AM, 100 Hz, BCD

TOY

, SBS

IRIG E, AM, 100 Hz, BCD

TOY

, BCD

YEAR

, CF, SBS

IRIG E, AM, 100 Hz, BCD

TOY

, BCD

YEAR

, CF

IRIG E, AM, 100 Hz, BCD

TOY

, BCD

YEAR

IRIG E, AM, 100 Hz, BCD

TOY

, BCD

YEAR

, SBS

IRIG E, AM, 100 Hz, BCD

TOY

, CF, SBS

IRIG E, AM, 1 kHz, BCD

TOY

, CF

IRIG E, AM, 1 kHz, BCD

TOY

IRIG E, AM, 1 kHz, BCD

TOY

, SBS

IRIG E, AM, 1 kHz, BCD

TOY

, BCD

YEAR

, CF, SBS

IRIG E, AM, 1 kHz, BCD

TOY

, BCD

YEAR

, CF

IRIG E, AM, 1 kHz, BCD

TOY

, BCD

YEAR

IRIG E, AM, 1 kHz, BCD

TOY

, BCD

YEAR

, SBS

IRIG G, DCLS, BCD

TOY

, CF

IRIG G, DCLS, BCD

TOY

IRIG G, DCLS, BCD

TOY

, BCD

YEAR

, CF

IRIG G, DCLS, BCD

TOY

, BCD

YEAR

G141 IRIG G, AM, 100kHz, BCD

TOY

, CF

432 SecureSync 1200 User Reference Guide

APPENDIX

Provided

IRIG Code Format

G142

G145

G146 

NASA-36

Code Description

IRIG G, AM, 100kHz, BCD

TOY

IRIG G, AM, 100kHz, BCD

TOY

, BCD

YEAR

, CF

IRIG G, AM, 100kHz, BCD

TOY

, BCD

YEAR

NASA-36

NASA-36

NASA-36, AM, 1 msec

NASA-36, DCLS, 10 msec

Table 5-18: Accepted IRIG reference formats

IRIG Output: Signal State

To quickly view if an IRIG output is enabled, or disabled, navigate to the option card’s

Status Summary panel. For instructions, see:

"Viewing an Input/Output Signal State" on page 356 .

IRIG Input: Edit Window

To configure the IRIG Input (also referred to as ‘Reference’), navigate to its Edit window.

For instructions, see:

"Configuring Option Card Inputs/Outputs" on page 354 .

The Web UI list entries for these cards are: IRIG In/Out BNC and IRIG In/Out Fiber .

The connector number is: J1.

Note: SecureSync starts numbering I/O ports with 0 (only 1PPS and

10 MHz outputs start at 1, because of the built-in outputs).

SecureSync 1200 User Reference Guide 433

APPENDIX

434

The Edit window allows the configuration of the following settings:

Format : Sets the formatting of the IRIG input signal, as defined by the IRIG generator time source. The available choices are:

IRIG A

IRIG B

IRIG G

NASA-36

Modulation Type : Configures the type of input signal modulation. The choices are:

IRIG DCLS—A TTL (Phase) modulated signal.

IRIG AM—An amplitude modulated signal.

Frequency : The IRIG modulation frequency. This is determined by the configuration of Format and Modulation Type. See

"IRIG Carrier Frequencies" on page 563

for details.

Coded Expression —Defines the data structure of the IRIG signal, where:

BCD = Binary Coded Decimal

TOY = Time of Year

SecureSync 1200 User Reference Guide

APPENDIX

CF = Control Field

SBS = Straight Binary Seconds

The available options will vary according to the configurations of Format and

Modulation Type.

Control Function Field : IRIG signals have an optional section in the data stream that can be used to include additional information (such as the present year, for example). This field allows the Control Field section of the IRIG output to be defined.

The available configurations are:

Fields conform to RCC 200-04 : IRIG spec 200-04 specified a location for year value, if included in this field.

Fields conform to IEEC 37.118-2005 (IEEE 1344): Control Field contains year, leap second and daylight savings time information.

Fields conform to Spectracom Format : Year is included in Control Field but not in the same location as RCC-2004 output (year is offset by one position).

Fields conform to Spectracom FAA Format : A unique IRIG output Control

Field that contains satellite lock status and time error flags.

Fields conform to NASA Formats : Variants of IRIG B

Fields confirm to Spectracom IEEE C37.118-2005 : Has been extended to support one-month leap second notification

The available options will vary according to the configurations of Format and Modulation Type.

Note: If the Format value is changed, the Control Field and Coded Expression change to the default values for the given Format value. The user can only change the Control Field field and Coded Expression field to allowed values for the Format field.

It is recommended that the SecureSync administrator/operator only use this if they do not know what the IRIG Input Format is, and they wish to identify the signal type, or to determine if a signal is present.

Local Clock : The incoming IRIG input time information may be provided as local time, but System Time may be configured as UTC time, so internal computations need to be performed. With the Timescale field set to “Local”, select the name of a

SecureSync 1200 User Reference Guide 435

APPENDIX previously created Local Clock. The Time Zone and DST rules, as configured in the

Local Clock will be applied to the front panel time display.

Offset : Provides the ability to account for IRIG cable delays or other latencies in the

IRIG input. The Offset value is entered and displayed in nanoseconds (ns). The available Offset range is -500 to +500 ms.

Configuring the IRIG Input Year

The IRIG time source may be able to provide SecureSync with the current year information via the IRIG input data stream. As the year value is not a required field in the IRIG data stream, (and if the year value is present, it may not always be in the same location of the

Control Field), if the year value is contained in the control field section of the IRIG data stream, the control field “layout” needs to be defined in SecureSync (as determined by the

Coded Expressions and Control Field values). If the year value is not present in the IRIG input signal, the year value will need to be manually set in SecureSync when using IRIG input as the only input Time reference.

Note: By default, the “year” fields in the IRIG message are ignored and a user-defined value is used.

Note: By default, the “year” fields in the IRIG message are ignored and a user-defined value is used. Make sure the year is set correctly when the

SecureSync is installed. If the year is not set correctly before NTP achieves time synchronization, it will use the value entered. The unit will also default to the year entered if it is powered down during the rollover of the year. If the SecureSync was not switched on during the rollover, this value must be updated.

Note: When the IRIG Input year is updated, NTP must be restarted from the Web UI NTP page (or the SecureSync unit rebooted) for the New Year value to take effect.

The current year value can be manually entered from the MANAGEMENT/OTHER/Time

Management page. The year value only needs to be manually entered once, as it will auto-

436 SecureSync 1200 User Reference Guide

APPENDIX matically increment to the next year each New Year’s day. See

"System Time" on page 152

for instructions on how to set the current year manually.

Verifying IRIG Input Signal Validity

See:

"Verifying the Validity of an Input Signal" on page 357

.

IRIG Input: Status Window

To view the current settings of the IRIG Input (also referred to as ‘Reference’), go to its

Status window. For instructions, see:

"Viewing Input/Output Configuration Settings" on page 353 .

The Web UI list entries for these cards are: IRIG In/Out BNC and IRIG In/Out Fiber . The connector number is: J1.

Note: SecureSync starts numbering I/O ports with 0 (only 1PPS and

10 MHz outputs start at 1, because of the built-in outputs). .

The Status window displays the following settings:

Reference ID : If you have only one IRIG card installed, SecureSync will number that card 0 and it will be identified as irg0. Additional cards will be numbered irg1 or above.

Validity : If the IRIG input is not present, or is not considered valid and qualified, the

“1PPS Validity” and “Time Validity” fields will be considered “Not Valid” (Orange).

SecureSync 1200 User Reference Guide 437

APPENDIX

Once the IRIG input has been supplied and the signal is considered valid and qualified, the two indicators will then turn “Valid” (Green).

Format : Identifies the formatting of the IRIG input signal, as defined by the IRIG generator time source. The possible values are:

IRIG A

IRIG B

IRIG G

NASA-36

Modulation Type : Identifies the type of input signal modulation. The possible values are:

IRIG DCLS—A TTL (Phase) modulated signal.

IRIG AM—An amplitude modulated signal.

Frequency—The IRIG modulation frequency. This is determined by the configuration of Format and Modulation Type. See also:

"IRIG Carrier Frequencies" on page 563

.

Coded Expression : Defines the data structure of the IRIG signal, where:

BCD = Binary Coded Decimal

TOY = Time of Year

CF = Control Field

SBS = Straight Binary Seconds

Message : The IRIG message.

IRIG Output: Edit Window

To configure the settings of one of the two IRIG Outputs , go to its Edit window. For instructions, see:

"Configuring Option Card Inputs/Outputs" on page 354 .

The Web UI list entries for these cards are: IRIG In/Out BNC and IRIG In/Out Fiber .

The connector numbers are: J2 and J3.

Note: SecureSync starts numbering I/O ports with 0 (only 1PPS and

10 MHz outputs start at 1, because of the built-in outputs). .

438 SecureSync 1200 User Reference Guide

APPENDIX

The Edit window allows the configuration of the following settings:

Signature Control : Is used to control when the IRIG modulation will be present.

This function allows the modulation to stop under certain conditions; see also

"Signature Control" on page 147 .

Format : Used to configure the desired IRIG output formatting. The available choices are:

IRIG A

IRIG B

IRIG G

IRIG E

NASA-36

Modulation : Changes the type of output signal modulation. The available choices are:

IRIG DCLS—A TTL-modulated output.

IRIG AM-–An amplitude modulated output. The amplitude of the output is determined by the value entered in the Amplitude field.

Frequency—The IRIG modulation frequency. This is determined by the configuration of Format and Modulation Type. See also

"IRIG Carrier Frequencies" on page 563

.

SecureSync 1200 User Reference Guide 439

APPENDIX

Coded Expression : Defines the data structure of the IRIG signal, where:

BCD = Binary Coded Decimal

TOY = Time of Year

CF = Control Field

SBS = Straight Binary Seconds

The available options will vary according to the values of Format and Modulation Type.

Control Function Field : IRIG signals have an optional section in the data stream that can be used to include additional information (such as the present year, for example). This field allows the Control Field section of the IRIG output to be defined.

The available configurations are:

Fields conform to RCC 200-04 : IRIG spec 200-04 specified a location for year value, if included in this field.

Fields conform to IEEC 37.118-2005 (IEEE 1344): Control Field contains year, leap second and daylight savings time information.

Fields conform to Spectracom Format : Year is included in Control Field but not in the same location as RCC-2004 output (year is offset by one position).

Fields conform to Spectracom FAA Format : A unique IRIG output Control

Field that contains satellite lock status and time error flags.

Fields conform to NASA Formats : Variants of IRIG B

Fields confirm to Spectracom IEEE C37.118-2005 : Has been extended to support one-month leap second notification

The available options will vary according to the configurations of Format and Modulation Type.

Timescale : Used to select the time base for the incoming time code data. The entered Timescale is used by the system to convert the time in the incoming data stream to UTC time for use by the System Time. The available choices are:

UTC —Coordinated Universal Time ("temps universel coordonné"), also referred to as ZULU time

TAI —Temps Atomique International

GPS —The raw GPS time as transmitted by the GNSS satellites (as of 5-

March-2021, this is 18 seconds ahead of UTC time).

440 SecureSync 1200 User Reference Guide

APPENDIX

A local clock set up through the Time Management Page—This option will appear under the name of the local clock you have set up. See

"Local Clock

(s), DST" on page 163

for more information. Local timescale allows a Local

Clock to apply a time offset for Time Zone and DST correction.

Amplitude : The peak-to-peak output voltage level into a 600 Ω load is adjusted by entering a digital control value in this field. The level adjustment has no effect on

TTL outputs, only on AM formats. The value of 128 will cause the Mark amplitude to be about 5V p-p of about 9V p-p into high impedance. A value of 200 results in an output amplitude into high impedance.

Note: These are nominal values only. Actual values will vary from unit to unit. To adjust the level precisely, connect an oscilloscope to the output connector when adjusting.

Offset : Provides the ability to account for IRIG cable delays or other latencies in the

IRIG input. The Offset value is entered and displayed in nanoseconds (ns). The available Offset range is -500 to +500 ms.

For IRIG frequency and output specifications, see

"IRIG Standards and Specifications" on page 563 .

IRIG Output: Status Window

To view the current settings of one of the IRIG Outputs , go to its Status window. For instructions, see:

"Viewing Input/Output Configuration Settings" on page 353 .

The Web UI list entries for these cards are: IRIG In/Out BNC and IRIG In/Out Fiber . The connector numbers are: J2 and J3.

Note: SecureSync starts numbering I/O ports with 0 (only 1PPS and

10 MHz outputs start at 1, because of the built-in outputs).

SecureSync 1200 User Reference Guide 441

APPENDIX

442

The Status window displays the following settings:

Signature Control : is used to control when the IRIG modulation will be present.

This function allows the modulation to stop under certain conditions; see also

"Signature Control" on page 147 .

Format : Used to configure the desired IRIG output formatting. The possible values are:

IRIG A

IRIG B

IRIG G

IRIG E

NASA-36

Modulation : Changes the type of output signal modulation. The possible values are:

IRIG DCLS—A TTL-modulated output.

IRIG AM-–An amplitude modulated output. The amplitude of the output is determined by the value entered in the Amplitude field.

Frequency—The IRIG modulation frequency. This is determined by the configuration of Format and Modulation Type. See also:

"IRIG Carrier Frequencies" on page 563

.

Coded Expression : Defines the data structure of the IRIG signal, where:

BCD = Binary Coded Decimal

TOY = Time of Year

SecureSync 1200 User Reference Guide

APPENDIX

CF = Control Field

SBS = Straight Binary Seconds

The possible values will vary according to the values of Format and Modulation Type

Message : The IRIG message of the output.

For IRIG frequency and output specifications, see

"IRIG Standards and Specifications" on page 563 .

5.2.5.3

STANAG Out [1204-11, -25]

The STANAG Output option card models 1204-11 and 1204-25 provide (2) configurable

STANAG outputs and (1) 1PPS output for the SecureSync platform.

STANAG Out [1204-11, -25]: Specifications

Outputs : (2) STANAG Outputs, (1) 1PPS Output

Signal Type and Connector : 5V or 10 V or RS-485 level (user selectable) for

STANAG and 1PPS output. DB-25 connector.

Formats Supported :

STANAG 4246 HAVE QUICK I

STANAG 4246 HAVE QUICK II

STANAG 4372 HAVE QUICK IIA

STANAG 4430 Extended HAVE QUICK

STANAG 4430 Standard Time Message (STM)

ICD-GPS-060A BCD Time Code

ICD-GPS-060A HAVE QUICK

DOD-STD-1399 BCD Time Code

Programmable Pulse Width (1PPS Output): 100 ns to 500 ms with 20 ns resolution

Accuracy : ±50 ns (1 σ )

Maximum Number of Cards : 6

Ordering Information : 1204-11 (for non-isolated board); 1204-25 (for isolated board)

SecureSync 1200 User Reference Guide 443

APPENDIX

444

Figure 5-44: Model 1204-11 option card rear plate

Figure 5-45: Model 1204-25 option card rear plate

Pin Assignments

Pin No.

Signal

7

8

5

6

3

4

1

2

9

10

11

12

13

Function Pin No.

GND Ground 14

TOD1+ TOD1 RS-485+ Out 15

NC 16

TOD2+ TOD2 RS-485+ Out 17

NC

GND

GND

NC

-

Ground

Ground

-

18

19

20

21

1PPS+ 1PPS RS-485+ Out 22

TFD Time Fault Discrete 23

TOD1 TOD1 TTL Out

GND Ground

TOD2 TOD2 TTL Out

24

25

Signal Function

TOD1TOD1 RS-485- Out

NC -

NC -

TOD2- TOD2 RS-485- Out

NC

NC

-

5 MHz Out (1204-11 Only)

NC -

1PPS1PPS RS-485- Out

NC -

GND Ground

1PPS 1PPS TTL Out

GND Ground

SecureSync 1200 User Reference Guide

APPENDIX

Table 5-19: Models 1204-11, -25: DB-25 pin-out

STANAG Output: Edit Window

To configure a STANAG output , go to its Edit window. For instructions, see:

"Configuring

Option Card Inputs/Outputs" on page 354 .

The Web UI list entries for these cards are: STANAG Out and STANAG Out, Isolated .

The outputs are named: Stanag HQ Output [number] .

Note: SecureSync starts numbering I/O ports with 0 (only 1PPS and

10 MHz outputs start at 1, because of the built-in outputs).

The Edit window allows the configuration of the following settings:

Under General Settings :

Level of Single-ended Signals : 10 V or 5V can be selected for the TOD 1 and 1PPS

Output.

Generate Time Fault Discrete (TFD) :

SecureSync 1200 User Reference Guide 445

APPENDIX

Enabled: The TFD signal uses the “Threshold to activate” value to provide the level of TFD.

Disabled: The TFD signal is always valid.

Threshold to activate TFD : If the TFD is activated, the user can select the TFOM value threshold. Below this value, the TFD is high, otherwise the TFD is low.

Generate Bit Synchronization (BS) :

Enabled : The second STANAG signal (TOD 2) is used to send the BS (Bit

Stream) signal used with STANAG 4430-STM. When BS is active, the configuration of TOD 2 is superseded and only used for BS.

Disabled : The second STANAG signal (TOD 2) can be used to send an independent TOD.

Timescale : Used to select the time base for the incoming time code data. The entered Timescale is used by the system to convert the time in the incoming data stream to UTC time for use by the System Time. The available choices are:

UTC —Coordinated Universal Time ("temps universel coordonné"), also referred to as ZULU time

TAI —Temps Atomique International

GPS —The raw GPS time as transmitted by the GNSS satellites (as of 5-

March-2021, this is 18 seconds ahead of UTC time)

A local clock set up through the Time Management Page—Refer to

"The

Time Management Screen" on page 150

for more information on how to configure and read the System Time. Local timescale allows a Local Clock to apply a time offset for Time Zone and DST correction.

The incoming input time information may be provided as local time, but System Time may be configured as UTC time, so internal computations need to be performed. With the

Timescale field set to “Local”, select the name of a previously created Local Clock. The

Time Zone and DST rules, as configured in the Local Clock will be applied to the front panel time display. Refer to for more information on Local Clocks.

Configurable settings for each Time of Day are:

Signature Control : Used to control when the signal will be present. This function allows the modulation to stop under certain conditions, see also

"Signature Control" on page 147 .

446 SecureSync 1200 User Reference Guide

APPENDIX

TOD Format : The user-selectable format to be used. Available formats include:

STANAG 4246 HQI

STANAG 4246 HQII

STANAG 4372 HQIIA

STANAG 4430 STM

STANAG 4430 XHQ

ICD-GPS-060A BCD

ICD-GPS-060A HQ

DOD-STD-1399 BCD

Electrical Format : Selects signaling on either RS-485 or TTL (supporting up to 10

V levels) signal lines.

Time Scale : Used to set the desired time scale (UTC, TAI, GPS, or Local). See above.

Offset (ns) : Provides the ability to account for STANAG Line (TOD1 and TOD2 independently) cable delays or other latencies in the STANAG output. Available Offset range is –500 to +500 ms in 5ns steps.

Configurable settings under 1PPS Output are:

PPS Signature Control : Used to control when the signal will be present. This function allows the modulation to stop under certain conditions, see also

"Signature Control" on page 147 .

PPS Offset (ns) : Used to account for 1PPS cable delays or other latencies in the

1PPS output. Available Offset range is –500 to +500 ms in 5ns steps.

PPS Edge : The operator can select if the output signal is a rising or falling edge pulse.

PPS Pulse Width : Configures the Pulse Width of the 1PPS output. The Pulse Width is entered and displayed in nanoseconds (the default Pulse Width is 200 ms).

PPS Electrical Format : Selects signaling on either RS-485 or TTL (supporting up to 10 V levels) signal lines.

STANAG Output: Status Window

To view the current settings of a STANAG Output , go to its Status window. For instructions, see:

"Viewing Input/Output Configuration Settings" on page 353

.

The Web UI list entries for these cards are: STANAG Out and STANAG Out, Isolated .

SecureSync 1200 User Reference Guide 447

APPENDIX

The outputs are named: Stanag HQ Output [number] .

Note: SecureSync starts numbering I/O ports with 0 (only 1PPS and

10 MHz outputs start at 1, because of the built-in outputs).

448

The Status window displays the following settings:

Under General Status :

Level of Single-ended Signals : 10 V or 5V will be indicated for the TOD 1 and 1PPS

Output.

Generate Time Fault Discrete (TFD) :

Enabled : The TFD signal uses the “Threshold to activate” value to provide the level of TFD.

Disabled : The TFD signal is always valid.

Threshold to activate TFD : If the TFD is activated, indicates the TFOM value threshold. Below this value, the TFD is high, otherwise the TFD is low.

Generate Bit Synchronization (BS) :

Enabled : The second STANAG signal (TOD 2) is used to send the BS (Bit

Stream) signal used with STANAG 4430-STM. When BS is active, the configuration of TOD 2 is superseded and only used for BS.

SecureSync 1200 User Reference Guide

APPENDIX

Disabled : The second STANAG signal (TOD 2) can be used to send an independent TOD.

Timescale : Indicates the time base for the incoming time code data. The entered

Timescale is used by the system to convert the time in the incoming data stream to

UTC time for use by the System Time. The available choices are:

UTC —Coordinated Universal Time ("temps universel coordonné"), also referred to as ZULU time

TAI —Temps Atomique International

GPS —The raw GPS time as transmitted by the GNSS satellites (as of 5-

March-2021, this is 18 seconds ahead of UTC time).

A local clock set up through the Time Management Page—Refer to

"The

Time Management Screen" on page 150

for more information on how to configure and read the System Time. Local timescale allows a Local Clock to apply a time offset for Time Zone and DST correction.

The incoming input time information may be provided as local time, but System Time may be configured as UTC time, so internal computations need to be performed. With the

Timescale field set to “Local”, select the name of a previously created Local Clock. The

Time Zone and DST rules, as configured in the Local Clock will be applied to the front panel time display. Refer to for more information on Local Clocks.

For each Time of Day the following settings are displayed:

Signature Control : Indicates when the signal is present. This function allows the modulation to stop under certain conditions, see

"Signature Control" on page 147

.

TOD Format : The user-selectable format being used. Available formats include:

STANAG 4246 HQI

STANAG 4246 HQII

STANAG 4372 HQIIA

STANAG 4430 STM

STANAG 4430 XHQ

ICD-GPS-060A BCD

ICD-GPS-060A HQ

DOD-STD-1399 BCD

SecureSync 1200 User Reference Guide 449

APPENDIX

Electrical Format : Selects signaling on either RS-485 or TTL (supporting up to

10 V levels) signal lines.

Time Scale : Used to set the desired time scale (UTC, TAI, GPS, or Local). See above.

Offset (ns) : Provides the ability to account for STANAG Line (TOD1 and TOD2 independently) cable delays or other latencies in the STANAG output. Available Offset range is –500 to +500 ms in 5ns steps.

STANAG TFOM : The Time Figure of Merit for the output.

Under 1PPS Output , the following settings are displayed:

PPS Signature Control : Indicates whether the signal will be present. This function allows the modulation to stop under certain conditions, see

"Signature Control" on page 147

.

PPS Offset (ns) : Used to account for 1PPS cable delays or other latencies in the

1PPS output. Available Offset range is –500 to +500 ms in 5ns steps.

PPS Edge : Indicates whether the output signal is a rising or falling edge pulse.

PPS Pulse Width : Indicates the Pulse Width of the 1PPS output. The Pulse Width is entered and displayed in nanoseconds (the default Pulse Width is 200 ms).

PPS Electrical Format : Indicates signaling on either RS-485 or TTL (supporting up to 10 V levels) signal lines.

5.2.5.4

STANAG In [1204-1D, -24]

The STANAG Input option cards 1204-1D and 1204-24 STANAG provide (2) configurable

STANAG inputs and (1) 1PPS input for the SecureSync platform.

STANAG In [1204-1D, -24]: Specifications

Inputs : (2) STANAG Inputs, (1) 1PPS Input

Signal Type and Connector : TTL or RS-485 level (user selectable) for STANAG and 1PPS input. DB25.

Formats Supported :

STANAG 4246 HAVE QUICK I

STANAG 4246 HAVE QUICK II

STANAG 4372 HAVE QUICK IIA

450 SecureSync 1200 User Reference Guide

STANAG 4430 Extended HAVE QUICK

STANAG 4430 Standard Time Message (STM)

ICD-GPS-060A BCD Time Code

ICD-GPS-060A HAVE QUICK

DOD-STD-1399 BCD Time Code

Accuracy : 100 ns

Maximum Number of Cards : 6

Ordering Information : 1204-1D (for non-isolated board); 1204-24 (for isolated board)

APPENDIX

Figure 5-46: Model 1204-1D option card rear plate

Figure 5-47: Model 1204-24 option card rear plate

Pin Assignments

Pin No.

Signal

3

4

1

2

GND

Function

Ground

Pin No.

14

TOD1+ TOD1 RS-485+ Input 15

NC 16

TOD2+ TOD2 RS-485+ Input 17

Signal

TOD1-

NC

NC

Function

TOD1 RS-485- Input

-

-

TOD2- TOD2 RS-485- Input

SecureSync 1200 User Reference Guide 451

APPENDIX

Pin No.

Signal

9

10

11

12

13

7

8

5

6

Function Pin No.

NC

GND

GND

NC

-

Ground

Ground

-

1PPS+ 1PPS RS-485+ Input 22

TFD Time Fault Discrete 23

TOD1 TOD1 TTL Input

GND Ground

TOD2 TOD2 TTL Input

24

25

18

19

20

21

Signal Function

NC

NC

-

-

NC -

1PPS1PPS RS-485- Input

NC -

GND Ground

1PPS 1PPS TTL Input

GND Ground

Table 5-20: 1204-1D, 1204-24 option cards: DB-25 pin-outs

STANAG Input: Edit Window

To configure a STANAG Input (also referred to as ‘Reference’), go to its Edit window. For instructions, see:

"Configuring Option Card Inputs/Outputs" on page 354 .

The Web UI list entries for this card are: STANAG In and STANAG In, Isolated .

The inputs are named: Stanag HQ Input [number] .

Note: SecureSync starts numbering I/O ports with 0 (only 1PPS and

10 MHz outputs start at 1, because of the built-in outputs). .

The configurable settings are grouped under the following three tabs:

General Settings tab

452 SecureSync 1200 User Reference Guide

APPENDIX

Use of Time Fault Discrete : There are two options:

Enabled : The TFD input signal is used to validate the STANAG input.

Disabled (default): The TFD input signal is ignored.

Use of Bit Synchronization (BS) : There are two options:

Enabled : The second STANAG input (TOD 2) is used to receive the BS (Bit

Stream) signal used with STANAG 4430-STM. When BS is active, the configuration of TOD2 is superseded and only used for BS.

Disabled : The second STANAG input (TOD 2) can be used to receive an independent TOD.

Timescale : Used to select the time base for the incoming time code data. The entered Timescale is used by the system to convert the time in the incoming data stream to UTC time for use by the System Time. The available choices are:

UTC : Coordinated Universal Time ("temps universel coordonné"), also referred to as ZULU time

TAI : Temps Atomique International

GPS : The raw GPS time as transmitted by the GNSS satellites (as of 5-March-

2021, this is 18 seconds ahead of UTC time).

A local clock set up through the Time Management Page: Refer to

"The

Time Management Screen" on page 150

for more information on how to configure and read the System Time. Local timescale allows a Local Clock to apply a time offset for Time Zone and DST correction.

SecureSync 1200 User Reference Guide 453

APPENDIX

The incoming input time information may be provided as local time, but System Time may be configured as UTC time, so internal computations need to be performed. With the Timescale field set to “Local”, select the name of a previously created Local Clock. The Time Zone and DST rules, as configured in the Local Clock will be applied to the front panel time display. Refer to for more information on Local Clocks.

Reference Selection : Selects TOD 1 or TOD 2 (configured below) which TOD signal is used for synchronization.

Time of Day Settings tab

454

For Time of Day 1 and Time of Day 2 (STANAG content supports two ToD streams).

ToD Format : The user-selectable format to be used. Available formats include:

STANAG 4246 HAVE QUICK I

STANAG 4246 HAVE QUICK II

SecureSync 1200 User Reference Guide

APPENDIX

STANAG 4372 HAVE QUICK IIA

STANAG 4430 Extended HAVE QUICK

STANAG 4430 Standard Time Message (STM)

ICD-GPS-060A BCD Time Code

ICD-GPS-060A HAVE QUICK

DOD-STD-1399 BCD Time Code

Electrical Type : Selects synchronization to either RS-485 or TTL (supporting up to

10 V levels) signal lines.

Offset : Provides the ability to account for STANAG Line (TOD1 and TOD2 independently) cable delays or other latencies in the STANAG input. Available Offset range is –500 to +500 ms in 5ns steps.

TFOM Threshold : Under the STANAG protocol, the TFOM (Time Figure of Merit) threshold value can be utilized as a means to validate timing data based on the

TFOM. For more information on TFOM, see

"Configuring the Oscillator" on page 226 .

1PPS Input Settings tab

1PPS Offset : Used to account for 1PPS cable delays or other latencies in the 1PPS input. Available Offset range is –500 to +500 ms in 5ns steps

PPS Edge : The operator can select if the output signal is a rising or falling edge pulse.

SecureSync 1200 User Reference Guide 455

APPENDIX

PPS Electrical Format : Selects synchronization to either RS-485 or TTL (supporting up to 10 V levels) signal lines.

STANAG Input: Status Window

To view the current settings of a STANAG Input (also referred to as ‘Reference’), go to its

Status window. For instructions, see:

"Viewing Input/Output Configuration Settings" on page 353 .

The Web UI list entries for this card are: STANAG In and STANAG In, Isolated .

The inputs are named: Stanag HQ Input [number] .

Note: SecureSync starts numbering I/O ports with 0 (only 1PPS and

10 MHz outputs start at 1, because of the built-in outputs). .

456 SecureSync 1200 User Reference Guide

APPENDIX

The Status window displays the following settings:

Under General Status:

Reference ID : This is the identifier given to the input by SecureSync.

Validity : Indicates the validity of the Time input and the PPS input. If the input signal is valid the indicator will be green. If the signal is not valid, the indicator will be orange.

SecureSync 1200 User Reference Guide 457

APPENDIX

Use of Time Fault Discrete : There are two options:

Enabled : The TFD input signal is used to validate the STANAG input.

Disabled (default): The TFD input signal is ignored.

Time Fault Discrete State : If this is valid, the indicator will be green. If it is not valid, the indicator will be orange.

Use of Bit Synchronization (BS) : There are two options:

Enabled : The second STANAG input (TOD 2) is used to receive the BS (Bit

Stream) signal used with STANAG 4430-STM. When BS is active, the configuration of TOD2 is superseded and only used for BS.

Disabled : The second STANAG input (TOD 2) can be used to receive an independent TOD.

Reference Selection : Indicates which TOD signal is used for synchronization. This will be either TOD 1 or TOD 2.

The incoming input time information may be provided as local time, but System Time may be configured as UTC time, so internal computations need to be performed. With the

Timescale field set to “Local”, select the name of a previously created Local Clock. The

Time Zone and DST rules, as configured in the Local Clock will be applied to the front panel time display. Refer to for more information on Local Clocks.

Under Time of Day Inputs:

TOD Format : The user-selectable format being used. Available formats include:

STANAG 4246 HAVE QUICK I

STANAG 4246 HAVE QUICK II

STANAG 4372 HAVE QUICK IIA

STANAG 4430 Extended HAVE QUICK

STANAG 4430 Standard Time Message (STM)

ICD-GPS-060A BCD Time Code

ICD-GPS-060A HAVE QUICK

DOD-STD-1399 BCD Time Code

Electrical Type : Either RS-485 or TTL (supporting up to 10 V levels) signal lines.

Time Scale : Used to select the time base for the incoming time code data. The entered Timescale is used by the system to convert the time in the incoming data

458 SecureSync 1200 User Reference Guide

APPENDIX stream to UTC time for use by the System Time. The available choices are:

UTC : Coordinated Universal Time ("temps universel coordonné"), also referred to as ZULU time

TAI : Temps Atomique International

GPS : The raw GPS time as transmitted by the GNSS satellites (as of 5-March-

2021, this is 18 seconds ahead of UTC time).

A local clock can be set up through the Time Management Page; see

"Local

Clock(s), DST" on page 163

. Local timescale allows a Local Clock to apply a time offset for Time Zone and DST correction.

Offset : Provides the ability to account for STANAG Line (TOD1 and TOD2 independently) cable delays or other latencies in the STANAG input. Available Offset range is –500 to +500 ms in 5ns steps.

Stanag TFOM : The Time Figure of Merit for the input.

Under 1PPS Input:

1PPS Offset : Used to account for 1PPS cable delays or other latencies in the 1PPS input. The available Offset range is –500 to +500 ms in 5ns steps.

PPS Edge : Indicates whether the output signal is a rising or falling edge pulse.

PPS Electrical Format : Indicates whether the signal is synchronized to RS-485 or

TTL (supporting up to 10 V levels) signal lines.

5.2.5.5

HAVE QUICK Out [1204-10, -1B]

The HAVE QUICK option cards provide (4) HAVE QUICK outputs for the SecureSync platform.

HAVE QUICK Out, BNC [1204-10]: Specifications

Outputs : (4) HAVE QUICK

Signal Type and Connector : TTL levels (BNC)

Formats Supported :

STANAG 4246 HAVE QUICK I

STANAG 4246 HAVE QUICK II

STANAG 4372 HAVE QUICK IIA

SecureSync 1200 User Reference Guide 459

APPENDIX

STANAG 4430 Extended HAVE QUICK

STANAG 4430 Standard Time Message (STM)

ICD-GPS-060A BCD Time Code

ICD-GPS-060A HAVE QUICK

DOD-STD-1399 BCD Time Code

Output Load Impedance : 10 kΩ

Start of Signal : <10 µs after 1PPS output

Programmable Phase Shift : ±20ns to 500 ms with 20ns resolution

Accuracy : ±50 ns (1 σ )

Maximum Number of Cards : 6

Ordering Information : 1204-10 HAVE QUICK outputs, BNC

Figure 5-48: Model 1204-10 option card rear plate

HAVE QUICK Out, RS-485 [1204-1B]: Specifications

Outputs : (4) HAVE QUICK outputs

Signal Type and Connector : RS-485 levels (terminal block)

Formats Supported :

STANAG 4246 HAVE QUICK I

STANAG 4246 HAVE QUICK II

STANAG 4372 HAVE QUICK IIA

STANAG 4430 Extended HAVE QUICK

STANAG 4430 Standard Time Message (STM)

ICD-GPS-060A BCD Time Code

460 SecureSync 1200 User Reference Guide

ICD-GPS-060A HAVE QUICK

DOD-STD-1399 BCD Time Code

Output Load Impedance : 120 Ω

Start of Signal : <10 µs after 1PPS output

Programmable Phase Shift : ±5ns to 500 ms with 5ns resolution

Accuracy : ±50 ns (1 σ )

Maximum Number of Cards : 6

Ordering Information : 1204-1B HAVE QUICK outputs, RS-485

Figure 5-49: Model 1204-1B option card rear plate

Pin Assignments

Pin No.

7

8

5

6

3

4

1

2

9

10

Function

HAVE QUICK Output 1 +

HAVE QUICK Output 1 -

GND

HAVE QUICK Output 2 +

HAVE QUICK Output 2 -

HAVE QUICK Output 3 +

HAVE QUICK Output 3 -

GND

HAVE QUICK Output 4 +

HAVE QUICK Output 4 -

APPENDIX

SecureSync 1200 User Reference Guide 461

APPENDIX

Table 5-21: 1204-1B terminal block pin-out

HAVE QUICK Output: Viewing Signal State

To quickly view if a HAVE QUICK Output is enabled or disabled, go to the option card’s

Status Summary panel. For instructions, see:

"Viewing an Input/Output Signal State" on page 356 .

HAVE QUICK Output: Edit Window

To configure a HAVE QUICK Output , go to its Edit window. For instructions, see:

"Configuring Option Card Inputs/Outputs" on page 354

.

The Web UI list entries for this card are: HAVE QUICK out, BNC and HAVE QUICK Out,

RS-485 .

The outputs are named: HQ Output [number] .

Note: SecureSync starts numbering I/O ports with 0 (only 1PPS and

10 MHz outputs start at 1, because of the built-in outputs).

462

The Edit window allows the configuration of the following settings:

Signature Control : Signature Control is used to control when the HAVE QUICK modulation is present; see also

"Signature Control" on page 147 .

Format : Used to configure the formatting of the four available HAVE QUICK outputs. The available output formats are as follows:

STANAG 4246 HQ I

STANAG 4246 HQ II

STANAG 4372 HQ IIA

SecureSync 1200 User Reference Guide

APPENDIX

STANAG 4430 Ext HQ (Extended HAVE QUICK)

STANAG 4430 STM (Standard Time Message)

ICD-GPS-060A BCD

ICD-GPS-060A HQ

DOD-STD-1399 BCD

Timescale : Used to select the time base for the incoming time code data. The entered Timescale is used by the system to convert the time in the incoming data stream to UTC time for use by the System Time. The available choices are:

UTC : Coordinated Universal Time ("temps universel coordonné"), also referred to as ZULU time

TAI : Temps Atomique International

GPS : The raw GPS time as transmitted by the GNSS satellites (as of 5-March-

2021, this is 18 seconds ahead of UTC time)

A local clock set up through the Time Management Page: This option will appear under the name of the local clock you have set up. Refer to

"The Time

Management Screen" on page 150

for more information on how to configure and read the System Time. Local timescale allows a Local Clock to apply a time offset for Time Zone and DST correction.

The incoming input time information may be provided as local time, but System Time may be configured as UTC time, so internal computations need to be performed. With the

Timescale field set to “Local”, select the name of a previously created Local Clock. The

Time Zone and DST rules, as configured in the Local Clock will be applied to the front panel time display. See also .

Offset : Provides the ability to account for HAVE QUICK cable delays or other latencies in the HAVE QUICK outputs. The Offset values are entered in nanoseconds

(ns). The available Offset range is –500 to +500 ms.

HAVE QUICK Output: Status Window

To view the current settings of a HAVE QUICK Output , go to its Status window. For instructions, see:

"Viewing Input/Output Configuration Settings" on page 353 .

The Web UI list entries for this card are: HAVE QUICK out, BNC and HAVE QUICK Out,

RS-485 .

The outputs are named: HQ Output [number] .

SecureSync 1200 User Reference Guide 463

APPENDIX

Note: SecureSync starts numbering I/O ports with 0 (only 1PPS and

10 MHz outputs start at 1, because of the built-in outputs).

464

The Status window displays the following settings:

Signature Control : Signature Control is used to control when the HAVE QUICK modulation is present, see

"Signature Control" on page 147

.

Format : Used to configure the formatting of the four available HAVE QUICK outputs. The available output formats are as follows:

STANAG 4246 HQ I

STANAG 4246 HQ II

STANAG 4372 HQ IIA

STANAG 4430 Ext HQ (Extended HAVE QUICK)

STANAG 4430 STM (Standard Time Message)

ICD-GPS-060A BCD

ICD-GPS-060A HQ

DOD-STD-1399 BCD

Timescale : Used to select the time base for the incoming time code data. The entered Timescale is used by the system to convert the time in the incoming data stream to UTC time for use by the System Time. The available choices are:

UTC : Coordinated Universal Time ("temps universel coordonné"), also referred to as ZULU time

TAI : Temps Atomique International

GPS : The raw GPS time as transmitted by the GNSS satellites (as of 5-March-

2021, this is 18 seconds ahead of UTC time)

SecureSync 1200 User Reference Guide

APPENDIX

A local clock set up through the Time Management Page: This option will appear under the name of the local clock you have set up. Refer to

"The Time

Management Screen" on page 150

for more information on how to configure and read the System Time. Local timescale allows a Local Clock to apply a time offset for Time Zone and DST correction.

The incoming input time information may be provided as local time, but System Time may be configured as UTC time, so internal computations need to be performed. With the

Timescale field set to “Local”, select the name of a previously created Local Clock. The

Time Zone and DST rules, as configured in the Local Clock will be applied to the front panel time display. Refer to for more information on Local Clocks.

Offset : Provides the ability to account for HAVE QUICK cable delays or other latencies in the HAVE QUICK outputs. The Offset values are entered in nanoseconds

(ns). The available Offset range is –500 to +500 ms.

5.2.5.6

HAVE QUICK In/Out [1204-29]

The HAVE QUICK input/output option card 1204- 29 provides SecureSync with (1)

HAVE QUICK input and (3) HAVE QUICK outputs.

HAVE QUICK In/Out [1204-29]: Specifications

Inputs/Outputs : (1) HAVE QUICK input/(3) HAVE QUICK outputs

Signal Type and Connector : TTL levels (BNC)

Output Load Impedance : 10 kΩ

Start of Signal : <10 µs after 1PPS output

Programmable phase shift : ±5ns to 500 ms with 5ns resolution

Maximum Number of Cards : 6

Ordering Information : 1204-29: HAVE QUICK Input/Output

Figure 5-50: Model 1204-29 option card rear plate

SecureSync 1200 User Reference Guide 465

APPENDIX

HAVE QUICK Output: Viewing Signal State

To quickly view if a HAVE QUICK Output is enabled or disabled, go to the option card’s

Status Summary panel. For instructions, see:

"Viewing an Input/Output Signal State" on page 356 .

HAVE QUICK Input: Edit Window

To configure the settings of the HAVE QUICK Input (also referred to as ‘Reference’), go to its Edit window. For instructions, see:

"Configuring Option Card Inputs/Outputs" on page 354 .

The Web UI list entry for this card is: HAVE QUICK In/Out .

The input is named: HQ Input [number] .

Note: SecureSync starts numbering I/O ports with 0 (only 1PPS and

10 MHz outputs start at 1, because of the built-in outputs).

466

The Edit window allows the configuration of the following settings:

Format : Used to configure the formatting of the four available HAVE QUICK outputs. The available output formats are as follows:

STANAG 4246 HQ I

STANAG 4246 HQ II

STANAG 4372 HQ II A

SecureSync 1200 User Reference Guide

APPENDIX

STANAG 4430 STM

STANAG 4430 Ext HQ

ICD-GPS-060A BCD

ICD-GPS-060A HQ

DOD-STD-1399 BCD

Timescale : Used to select the time base for the incoming time code data. The entered Timescale is used by the system to convert the time in the incoming data stream to UTC time for use by the System Time. The available choices are:

UTC: Coordinated Universal Time ("temps universel coordonné"), also referred to as ZULU time

TAI: Temps Atomique International

GPS: The raw GPS time as transmitted by the GNSS satellites (as of 5-March-

2021, this is 18 seconds ahead of UTC time)

Offset: Provides the ability to account for HAVE QUICK cable delays or other latencies in the HAVE QUICK outputs. The Offset values are entered in nanoseconds (ns). The available Offset range is –500 to +500 ms.

HAVE QUICK Input: Status Window

To view the current settings of the HAVE QUICK Input (also referred to as ‘Reference’), go to its Status window. For instructions, see:

"Viewing Input/Output Configuration Settings" on page 353

.

The Web UI list entry for this card is: HAVE QUICK In/Out .

The input is named: HQ Input [number] .

Note: SecureSync starts numbering I/O ports with 0 (only 1PPS and

10 MHz outputs start at 1, because of the built-in outputs).

SecureSync 1200 User Reference Guide 467

APPENDIX

468

The Status window displays the following settings:

Reference ID : Indicates the letters used in the Input Reference Priority table for this particular input reference.

Validity : [TIME, PPS] Indicates the validity of the Time input and the PPS input. If the input signal is valid the indicator will be green. If the signal is not valid, the indicator will be orange.

Format : Used to configure the formatting of the four available HAVE QUICK outputs. The available output formats are as follows:

STANAG 4246 HQ I

STANAG 4246 HQ II

STANAG 4430 STM

STANAG 4430 Ext HQ

ICD-GPS-060A BCD

ICD-GPS-060A HQ

DOD-STD-1399 BCD

Timescale : Used to select the time base for the incoming time code data. The entered Timescale is used by the system to convert the time in the incoming data stream to UTC time for use by the System Time. The available choices are:

UTC : Coordinated Universal Time ("temps universel coordonné"), also referred to as ZULU time

TAI : Temps Atomique International

SecureSync 1200 User Reference Guide

APPENDIX

GPS : The raw GPS time as transmitted by the GNSS satellites (as of 5-March-

2021, this is 18 seconds ahead of UTC time).

Offset : Provides the ability to account for HAVE QUICK cable delays or other latencies in the HAVE QUICK outputs. The Offset values are entered in nanoseconds

(ns). The available Offset range is –500 to +500 ms.

TFOM : The Time Figure of Merit for the input.

HAVE QUICK Output: Edit Window

To configure the settings of a HAVE QUICK Output , go to its Edit window. For instructions, see:

"Configuring Option Card Inputs/Outputs" on page 354

.

The Web UI list entry for this card is: HAVE QUICK In/Out .

Outputs are named: HQ Output [number] .

Note: SecureSync starts numbering I/O ports with 0 (only 1PPS and

10 MHz outputs start at 1, because of the built-in outputs).

The Edit window allows the configuration of the following settings:

Signature Control : Signature Control is used to control when the HAVE QUICK modulation is present, see

"Signature Control" on page 147

.

Format : Used to configure the formatting of the four available HAVE QUICK outputs. The available output formats are as follows:

SecureSync 1200 User Reference Guide 469

APPENDIX

STANAG 4246 HQ I

STANAG 4246 HQ II

STANAG 4372 HQ IIA

STANAG 4430 Ext HQ (Extended HAVE QUICK)

STANAG 4430 STM (Standard Time Message)

ICD-GPS-060A BCD

ICD-GPS-060A HQ

DOD-STD-1399 BCD

Timescale : Used to select the time base for the incoming time code data. The entered Timescale is used by the system to convert the time in the incoming data stream to UTC time for use by the System Time. The available choices are:

UTC : Coordinated Universal Time ("temps universel coordonné"), also referred to as ZULU time

TAI : Temps Atomique International

GPS : The raw GPS time as transmitted by the GNSS satellites (as of 5-March-

2021, this is 18 seconds ahead of UTC time).

A local clock set up through the Time Management Page: This option will appear under the name of the local clock you have set up. Refer to

"The Time

Management Screen" on page 150

for more information on how to configure and read the System Time. Local timescale allows a Local Clock to apply a time offset for Time Zone and DST correction.

The incoming input time information may be provided as local time, but System

Time may be configured as UTC time, so internal computations need to be performed. With the Timescale field set to “Local”, select the name of a previously created Local Clock. The Time Zone and DST rules, as configured in the Local Clock will be applied to the front panel time display. Refer to for more information on Local

Clocks.

Offset : Provides the ability to account for HAVE QUICK cable delays or other latencies in the HAVE QUICK outputs. The Offset values are entered in nanoseconds

(ns). The available Offset range is –500 to +500 ms.

HAVE QUICK Output: Status Window

To view the current settings of a HAVE QUICK Output , go to its Status window. For instructions, see:

"Viewing Input/Output Configuration Settings" on page 353 .

470 SecureSync 1200 User Reference Guide

APPENDIX

The Web UI list entry for this card is: HAVE QUICK In/Out .

Outputs are named: HQ Output [number] .

Note: SecureSync starts numbering I/O ports with 0 (only 1PPS and

10 MHz outputs start at 1, because of the built-in outputs).

The Status window displays the following settings:

Signature Control : Signature Control is used to control when the HAVE QUICK modulation is present, see

"Signature Control" on page 147

.

Format : Used to configure the formatting of the four available HAVE QUICK outputs. The available output formats are as follows:

STANAG 4246 HQ I

STANAG 4246 HQ II

STANAG 4372 HQ IIA

STANAG 4430 Ext HQ (Extended HAVE QUICK)

STANAG 4430 STM (Standard Time Message)

ICD-GPS-060A BCD

ICD-GPS-060A HQ

DOD-STD-1399 BCD

Timescale : Used to select the time base for the incoming time code data. The entered Timescale is used by the system to convert the time in the incoming data stream to UTC time for use by the System Time. The available choices are:

UTC : Coordinated Universal Time ("temps universel coordonné"), also referred to as ZULU time

TAI : Temps Atomique International

SecureSync 1200 User Reference Guide 471

APPENDIX

GPS : The raw GPS time as transmitted by the GNSS satellites (as of 5-March-

2021, this is 18 seconds ahead of UTC time)

A local clock set up through the Time Management Page: This option will appear under the name of the local clock you have set up. Refer to

"The Time

Management Screen" on page 150

for more information on how to configure and read the System Time. Local timescale allows a Local Clock to apply a time offset for Time Zone and DST correction.

The incoming input time information may be provided as local time, but System Time may be configured as UTC time, so internal computations need to be performed. With the

Timescale field set to “Local”, select the name of a previously created Local Clock. The

Time Zone and DST rules, as configured in the Local Clock will be applied to the front panel time display. Refer to for more information on Local Clocks.

Offset : Provides the ability to account for HAVE QUICK cable delays or other latencies in the HAVE QUICK outputs. The Offset values are entered in nanoseconds

(ns). The available Offset range is –500 to +500 ms.

5.2.5.7

ASCII Time Code In/Out [1204-02, -04]

The ASCII Time Code Option Card, Model 1204-02 (RS-232) provides: one male DB-9 RS-232 input connector (J2), and one female DB-9 RS-232 output connector (J1)

The ASCII Time Code Option Card, Model 1204-04 (RS-485) consists of one RS-485 input, and one RS-485 output, integrated in a shared terminal block connector.

The interfaces accept Asynchronous Serial signals including date and time information.

The input and output Data Formats are selected among predefined formats.

ASCII input

The ASCII input provides a serial data interface between an ASCII time generator (e.g., another SecureSync unit), serving as an input reference for Time and 1PPS in order to synchronize SecureSync (in conjunction with, or in lieu of, other available inputs, such as

GNSS and/or IRIG).

ASCII output

The ASCII output provides SecureSync with the ability to output one, two or three backto-back ASCII time code data streams that can be provided to peripheral devices which

472 SecureSync 1200 User Reference Guide

APPENDIX accept an ASCII RS-232 input data stream for either their external time synchronization or for data processing. See

"Time Code Data Formats" on page 536

for a description of all supported time code formats.

The RX signal on an output interface is used for triggering the output ASCII message output when a configured character is received from the peripheral device.

When SecureSync is configured to output only one format message (the second and third formats configured as “None”), the one configured message will be available on the output port as either a broadcast message or only upon a request character being received.

SecureSync has the ability to output one or two additional data stream messages immediately following the first message. In this configuration, only the first message determines the on-time point for the entire output string. The on-time points for the second and third messages that are provided at the same time as the first message are discarded. This unique capability allows SecureSync to be able to simultaneously provide multiple pieces of data from different selected format messages.

An example of selecting multiple formats is selecting “NMEA GGA” as the first format,

“NMEA RMC” as the second format and “NMEA ZDA” as the third format. Depending on the setting of the “Mode” field (which determines if the data streams are available every second or upon a request character being received), at the next second or the receipt of the next request character, the output port will provide the GGA message followed immediately by the corresponding RMC message for that same second, followed immediately by the corresponding ZDA message for that same second. The first GGA message will provide the on-time point for the entire output data stream.

ASCII Time Code, RS-232 [1204-02]: Specifications

Inputs/Outputs : (1) Input, (1) Output

Signal Type and Connector :

Connector J1 — (RS-232 Output) RS-232 DB-9 F

Connector J2 –- (RS-232 Input) RS-232 DB-9 M

Accuracy : ±100…1000 µs (format dependent)

Maximum Number of Cards : 6

Ordering Information : 1204-02: ASCII Time Code Module (RS-232)

SecureSync 1200 User Reference Guide 473

APPENDIX

Figure 5-51: Model 1204-02 option card rear plate

Pin Assignments: OUTPUT connector J1

474

Figure 5-52: OUTPUT connector J1

Table 5-22: Pin-out, OUTPUT connector "J1"

Pin Number

Signal Function

Top row of 5 pins

Notes

1

2

3

4

5

PPS_OUT

SERIAL_

OUT_TX

SERIAL_IN_

RX

NC

GND

Bottom row of 4 pins

1PPS output

RS-232 Transmit data

TTL level on 50 Ω

Data output (ToD messages)

RS-232 Receive data

Data input into unit; use this to transmit commands to the unit)

No connection

Ground

6 NC No connection

SecureSync 1200 User Reference Guide

Pin Number

7

8

9

NC

NC

NC

Signal Function

No connection

No connection

No connection

Pin Assignments: INPUT connector J2

Notes

Figure 5-53: INPUT connector J2

Table 5-23: Pin-out, INPUT connector "J2"

Pin Number Signal Function

Top row of 5 pins

Notes

8

9

6

7

3

4

1

2

5

PPS_IN 1PPS input

SERIAL_IN_RX RS-232 Receive data Data input into unit; ToD message

NC

NC

GND

No Connection

No connection

Ground

Bottom row of 4 pins

NC

NC

NC

NC

No connection

No connection

No connection

No connection

APPENDIX

SecureSync 1200 User Reference Guide 475

APPENDIX

ASCII Time Code, RS-485 [1204-04]: Specifications

Inputs/Outputs : (1) Input, (1) Output

Signal Type and Connector : (1) RS-485 terminal block for both Input and Output

Accuracy : ±100…1000 µs (format dependent)

Maximum Number of Cards : 6

Ordering Information : 1204-04 ASCII Time Code Module (RS-485)

476

Figure 5-54: Model 1204-04 option card rear plate

Pin Assignments

Table 5-24: Pin-out, RS-485 terminal block connector J1

Pin No.

Signal Function

7

8

5

6

3

4

1 (left)

2

SERIALTX_RS485+ + RS-485 data output

SERIALTX_RS485-

GND

PPS_OUT_RS485+ + 1PPS output

PPS_OUT_RS485-

GND

9 PPS_IN_RS485+

10 (right) PPS_IN _RS485-

- RS-485 data output

Ground

- 1PPS output

SERIALRX_RS485+ + RS-485 data input

SERIALRX_RS485- RS-485 data input

Ground

+ 1PPS input

- 1PPS input

ASCII Time Code Input: Edit Window

To configure the ASCII Input (also referred to as ‘Reference’), go to its Edit window. For instructions, see:

"Configuring Option Card Inputs/Outputs" on page 354 .

SecureSync 1200 User Reference Guide

APPENDIX

The Web UI list entries for this card are: ASCII TIMECODE RS-232 and ASCII TIMECODE

RS-485 .

Note: SecureSync starts numbering I/O ports with 0 (only 1PPS and

10 MHz outputs start at 1, because of the built-in outputs).

The Input Edit window allows the configuration of the following settings:

Format Group : Determines the time code message format category (see also

"Time Code Data Formats" on page 536

.) Choices are:

Auto

Spectracom

SecureSync 1200 User Reference Guide 477

APPENDIX

NMEA

ICD-153

EndRun

Format : Once a Format Group has been selected, one or more Format fields may appear, allowing you to select one or more time code Formats . For detailed specifications and limitations on the supported time code formats, see

"Time Code Data

Formats" on page 536

.

Note: If Auto is chosen as the format group, the format will automatically be Auto-detect. SecureSync will attempt to identify the format of the incoming ASCII message.

Offset : Provides the ability to account for ASCII input cable delays or other latencies in the ASCII input. The Offset value is entered and displayed in nanoseconds (ns).

The available Offset range is –500 to +500 ms.

Timescale : Used to select the time base for the incoming ASCII time code data. The entered Timescale is used by the system to convert the time in the incoming ASCII data stream to UTC time for use by the System Time. The available choices are:

UTC : Coordinated Universal Time ("temps universel coordonné"), also referred to as ZULU time

TAI : Temps Atomique International

GPS : The raw GPS time as transmitted by the GNSS satellites (as of 5-March-

2021, this is 18 seconds ahead of UTC time)

A local clock set up through the Time Management Page: This option will appear under the name of the local clock you have set up. Refer to

"The Time

Management Screen" on page 150

for more information on how to configure and read the System Time. Local timescale allows a Local Clock to apply a time offset for Time Zone and DST correction.

The incoming input time information may be provided as local time, but System Time may be configured as UTC time, so internal computations need to be performed. With the Timescale field set to “Local”, select the name of a previously created Local Clock. The Time Zone and DST rules, as configured in the Local Clock will be applied to the front panel time display. See for more information on Local Clocks.

478 SecureSync 1200 User Reference Guide

APPENDIX

Note: The Timescale of the ASCII input (as configured in the ASCII time source) must be set correctly, especially if other input references are enabled. Failure to configure the Timescale of the ASCII input correctly could result in time jumps occurring in the System

Time when input reference changes occur. These time jumps could affect NTP and normal operation of the system.

PPS Source – choices are:

Message : The 1PPS on time point is extracted from the ASCII message received.

1PPS Pin : The origin of the 1PPS on-time-point is the 1PPS input connector.

Baud Rate : Determines the speed at which the input port will operate.

Data Bits : Defines the number of Data Bits for the input output.

Parity : Configures the parity checking of the input port.

Stop Bits : Defines the number of Stop Bits for the input port.

ASCII Time Code Output: Edit Window

To configure the ASCII Output , go to its Edit window. For instructions, see:

"Configuring

Option Card Inputs/Outputs" on page 354 .

The Web UI list entries for this card are: ASCII TIMECODE RS-232 and ASCII TIMECODE

RS-485 .

Note: SecureSync starts numbering I/O ports with 0 (only 1PPS and

10 MHz outputs start at 1, because of the built-in outputs). .

SecureSync 1200 User Reference Guide 479

APPENDIX

480

The Output Edit window allows the configuration of the following settings:

Format Group – configures the message format type. Choices are:

None (no message will be output)

Spectracom

NMEA

BBC

ICD-153

EndRun

Once selected, the Format Group may offer a choice of Formats . For more information on supported Formats , see

"Time Code Data Formats" on page 536

.

Format 1 : Selects either the first of up to three, or the only format message to be output.

Format 2 : Selects the second consecutive format message to be outputted.

Select “None” if only one output format is desired. “None” will be the only choice available if Format 1 is “None.”

SecureSync 1200 User Reference Guide

APPENDIX

Format 3 : Selects the third consecutive format message to be outputted.

Select “None” if only one output format is desired. “None” will be the only choice available if Format 2 is “None.”

Signature Control : Signature Control controls when the selected ASCII data output format will be present; see

"Signature Control" on page 147 .

Output Mode : This field determines when the output data will be provided. The available Mode selections are as follows:

Broadcast : The format messages are automatically sent out on authorized condition (Signature control), every second a message is generated in sync with the 1PPS.

Request (On-time) : A format message is generated in sync with 1PPS after the configured request character has been received.

Request (Immediate) : A format message is generated as soon as the request character is received. As this selection does not correlate the output data to the on-time point for the message, in Data Formats that do not provide sub-second information (such as Formats 0 and 1 whereas Format 2 provides sub-second information), it should be noted that the output data can be provided immediately, but a time error could occur when using the on-time point of the message in addition to the data for timing applications.

Note: The choices available in this field are determined by the choices of Format Group and Format.

Time Scale : Used to select the time base for the incoming data. The entered Timescale is used by the system to convert the time in the incoming data stream to UTC time for use by the System Time. The available choices are:

UTC : Coordinated Universal Time ("temps universel coordonné"), also referred to as ZULU time

TAI : Temps Atomique International

GPS : The raw GPS time as transmitted by the GNSS satellites (as of 5-March-

2021, this is currently 18 seconds ahead of UTC time).

If GPS or TAI time is used, then the proper timescale offsets must be set on the

MANAGEMENT/OTHER/Time Management page. (See

"The Time Management

SecureSync 1200 User Reference Guide 481

APPENDIX

Screen" on page 150

for more information on how to configure and read the System Time). Local timescale allows a Local Clock to apply a time offset for Time Zone and DST correction.

A Local Clock can be set up through the Time Management page: This option will appear under the name of the local clock you have set up. See for more information. Local timescale allows a Local Clock to apply a time offset for Time Zone and DST correction.

The incoming input time information may be provided as local time, but System Time may be configured as UTC time, so internal computations need to be performed. With the Timescale field set to “Local”, select the name of a previously created Local Clock. The Time Zone and DST rules, as configured in the Local Clock will be applied to the front panel time display. See for more information on Local Clocks.

Baud Rate : Determines the speed at which the output port will operate.

Data Bits : Defines the number of Data Bits for the output port.

Parity : Configures the parity checking of the output port.

Stop Bits : Defines the number of Stop Bits for the output.

ASCII Time Code Output: Status Window

To view the current settings of the ASCII Output , go to its Status window. For instructions, see:

"Viewing Input/Output Configuration Settings" on page 353

.

The Web UI list entries for this card are: ASCII TIMECODE RS-232 and ASCII TIMECODE

RS-485 .

Note: SecureSync starts numbering I/O ports with 0 (only 1PPS and

10 MHz outputs start at 1, because of the built-in outputs).

482

The Status window displays the following settings:

SecureSync 1200 User Reference Guide

APPENDIX

Signature Control : Indicates whether Signature Control is enabled (Signature Control determines when the ASCII data stream will be enabled to be present). See also:

"Signature Control" on page 147 .

Format 1 : Indicates the configured format of the ASCII time code input data stream.

Format 2 : Indicates the configured format of the second consecutive ASCII time code input data stream.

Format 3 : Indicates the configured format of the third consecutive ASCII time code input data stream.

ASCII Time Code Input: Status Window

To view the current settings of the ASCII Input (also referred to as ‘Reference’), go to its

Status window. For instructions, see:

"Viewing Input/Output Configuration Settings" on page 353 .

The Web UI list entries for this card are: ASCII TIMECODE RS-232 and ASCII TIMECODE

RS-485 .

Note: SecureSync starts numbering I/O ports with 0 (only 1PPS and

10 MHz outputs start at 1, because of the built-in outputs).

The Status window displays the following settings:

Reference ID : Indicates the letters used in the Input Reference Priority table for this particular input reference.

Validity : Indicates whether the ASCII input data is present and considered valid for Time and 1PPS references.

SecureSync 1200 User Reference Guide 483

APPENDIX

A green light indicates a valid reference.

An orange light indicates the reference is not considered valid.

Leap Flag : Displays whether the incoming data stream is indicating that a pending leap second is to be added to the UTC timescale at the end of the month. See

"Leap

Seconds" on page 160 .

Format : Indicates the configured format of the ASCII time code input data stream.

5.2.6

Network Interface Option Cards

This section contains technical information and SecureSync Web UI procedures pertaining to option cards designed as Ethernet network interfaces using, e.g. the PTP format.

5.2.6.1

Gigabit Ethernet [1204-06]

This option card provides SecureSync with three 10/100/1000 Base-T network interfaces, in addition to the standard 10/100 Base-T network interface.

Gigabit Ethernet [1204-06]: Specifications

Inputs/Outputs : (3) Gigabit Ethernet (10/100/1000 Base-T)

Connectors : RJ-45 (3x)

Management : Enabled or Disabled (NTP server only)

Maximum Number of Cards : 1

Ordering Information : 1204-06: Gigabit Ethernet (3X) Module

Figure 5-55: 1204-06 option card rear plate

Network Setup

To monitor and manage Ethernet on SecureSync:

484 SecureSync 1200 User Reference Guide

APPENDIX

Navigate to MANAGEMENT > Network Setup . On the right side of the Network

Setup screen, the Ports panel will display the available Ethernet ports, and their connection status:

Eth0 is the built-in SecureSync Ethernet port.

Eth1 through eth3 are the ports provided by the 1204-06 card.

To learn more about Ethernet setup, see

"Configure Network Settings" on page 56

.

Routing Tables

There are five (5) routing tables in the system: one for each network interface, and one main routing table.

Main Routing Table : This routing table is used when network traffic is generated from the server. It will generally have the same default gateway as the routing table for eth0 , unless configured otherwise.

Interface Routing Tables : These routing tables are specific to each interface. They are named t0 (for eth0 interface) though t3 (for eth3 interface).

The system is configured by default with rules to use the individual routing table for each interface for all network traffic being received or transmitted from or to the corresponding interface. For example, when an NTP request is received on interface eth2 , it is tagged as such and the response will use routing table t2 when sending the NTP response packet.

Each routing table has a default gateway that is used when there is no explicit routing table entry that matches the destination address for a given network packet.

SecureSync 1200 User Reference Guide 485

APPENDIX

For information on configuring routing tables see

"Static Routes" on page 64

, and see

Spectracom Tech Note

Routing of data across multiple networks

.

Domains and Domain Name Servers (DNS)

Each network interface may exist on a separate domain and therefore have a different domain name and domain name servers from the other interfaces.

The system supports a single domain name and up to 2 DNS addresses per network interface. These may be assigned via DHCP or configured manually via the Web UI configuration screen for each network interface.

Configuring Ethernet Ports

For information on configuring Ethernet ports, see

"Network Ports" on page 59

.

5.2.6.2

PTP Grandmaster [1204-32]

Precision Time Protocol (PTP) is a protocol that can be used to synchronize computers on an Ethernet network. The Precision Time Protocol (PTP) option module supports PTP Version 2, as specified in the IEEE 1588-2008 standard (PTP Version 1 is not supported), via one (1) Ethernet port.

The PTP option module implements a PTP Ordinary Clock that can be configured to run as a Master Clock only. It transmits PTP packets via the Ethernet port, with information about the current time and synchronization reference selected by the SecureSync device.

PTP Grandmaster [-32]: Specifications

Inputs/Outputs : (1) Configurable as Input or Output

Signal Type and Connector : Ethernet via SFP, and 1PPS Output via BNC

Management : Web UI

Resolution : 8ns (±4ns) packet time stamping resolution

Accuracy : 30 ns accuracy (3 σ ) Master to Slave, via crossover cable

Network Speeds : 100 Mb/s, or 1Gb/s, depending on SFP module used

PTP Version supported: PTP 2 (IEEE 1588-2008)

PTP Profiles supported: Default, Telecom, Enterprise

Transmission modes : Unicast [default], Multicast

486 SecureSync 1200 User Reference Guide

Maximum Number of Cards : 6

Ordering Information : 1204-32: PTP/Precision Timing Protocol Option Module

APPENDIX

Figure 5-56: Model 1204-32 option card rear plate

PTP Grandmaster [-32]: Edit Window

1.

To configure this option card, go to its Edit window. For instructions, see

"Configuring Option Card Inputs/Outputs" on page 354

.

Note: If you have only one input or output of any type, SecureSync will number that input or output 0. Additional inputs or outputs will be numbered 1 or above.

SecureSync 1200 User Reference Guide 487

APPENDIX

2.

The Gb PTP Edit window will display. It includes the top panel , and offers access to three different tabs , described below:

488

Top panel settings

Enable PTP : Enables/Disables PTP. Check the box to enable PTP. Uncheck it to disable PTP.

Profile : offers a choice of:

Default (incl. Enterprise)

Telecom

Bottom panel: tabs

Main : These settings pertain to network connectivity.

Contract : These settings pertain to the unicast contract.

Advanced : These setting pertain to time Sync information.

SecureSync 1200 User Reference Guide

APPENDIX

Main tab settings

Domain Number : Sets the current PTP Domain Number, as defined in IEEE Std

1588-2008 Section 7.1

Clock Mode : PTP has two ways to transmit the initial T1 timestamp of the Sync packet transmission from the Master to the Slave:

One-Step Master: The Sync packet is timestamped, then the timestamp is inserted into the Sync packet in real-time, as it is transmitted.

Two-Step Master : The Sync packet is timestamped, but the timestamp value in the Sync packet is ignored. The actual T1 value is transmitted in a "Follow-

Up" packet after the Sync packet.

Note: PTP Masters must select one mode or the other to operate in. The default mode is one-step.

Enable DHCP : This is a checkbox to enable or disable the delivery of IP addresses from a DHCP Server. The default setting is enabled (the box is checked).

Static IP Address : When a DHCP server is not requested or is requested but not available, the PTP Module will use this IP address. In the format “#.#.#.#” with no leading zeroes or spaces, where each ‘#’ is a decimal integer from the range [0,255].

Network Mask : When a DHCP server is not requested or is requested but not available, the PTP Module will use this Network Mask. In the format “#.#.#.#” with no leading zeroes or spaces, where each ‘#’ is a decimal integer from the range [0,255].

Default Gateway : When a DHCP server is not requested or is requested but not available, the PTP Module will use this Default Gateway. In the format “#.#.#.#” with no leading zeroes or spaces, where each ‘#’ is a decimal integer from the range

[0,255].

Contract tab settings

Note: The settings under this tab only apply to Unicast mode.

[Default settings in parenthesis]

SecureSync 1200 User Reference Guide 489

APPENDIX

Min Sync Interval : The minimum value of Sync interval granted by the Master

Clock. In packets per second. [128 Per Second]

Max Sync Duration : The maximum value of Sync interval granted by the Master

Clock. In seconds. [10000]

Min Announce Interval : The minimum value of the Announce interval granted by the Master Clock. In packets per second. [128 Per Second

Max Announce Duration : The maximum value of the Announce interval granted by the Master Clock. In seconds. [10000]

Min Delay_Req Interval : In packets per second. [128 Per Second]

Max Delay_Req Duration : In seconds. [10000]

Max Slaves : The maximum number of slaves the card will serve. [4000]

Advanced tab settings

A b o u t … P T P T r a n s m i s s i o n M o d e s

The PTP Card is able to transmit the PTP packets in three transmission modes:

• Multicast Mode : PTP packets are transmitted to all PTP Clocks by means of Multicast IP addresses dedicated to the PTP protocol (224.0.1.129, 224.0.0.107). PTP packets received by the PTP Clocks are then filtered from the Domain Number, the Port Identity (Clock Identity +

Port Number) of the transmitter, the packet identifier (Sequenced). When the Master Clock is set in Multicast mode, this module will deny the requests from the Slaves Clocks to run in

Unicast mode. When the Master Clock is set in Unicast mode, it doesn’t transmit any PTP messages until a Slave has been granted to run in Unicast mode.

• Unicast Mode : This mode is enabled by default. This is a Point-to-Point transmission mode between two PTP Clocks by means of the unique IP address assigned to each PTP Clock.

---------------------------------------------

N O T E: The Unicast mode is only implemented for the following PTP packets:

Announce , Sync and Follow-Up , Delay_Req and Delay_Resp .

The Unicast mode is activated at the initiative of the Slaves. Each Slave, which wants to run in

Unicast mode, shall first negotiate Unicast contracts with the Master.

_______________

490 SecureSync 1200 User Reference Guide

APPENDIX

• Minicast/Hybrid Mode : The Minicast/Hybrid mode is a method to minimize the PTP packets payload on the network, where: The transmissions initiated by the Master (Announce,

Sync/Follow-Up) run in Multicast mode.

The transmissions initiated by the Slaves (Delay_Req/Delay_Resp) run in Unicast mode.

Multicast Sync : Activating this option will cause the PTP Master to broadcast Sync and Announce messages to the Multicast address (as long as it is the Best Master on the network). Deactivating this option will remove the messages. When the PTP module is set in multicast mode, this will deny the requests from the Slaves Clocks to running in unicast mode.

Checking this box will cause two additional fields to display that will allow you to configure the:

Multicast Sync Rate

Multicast Announce Rate

Multicast Delay_Req : Activating this option will cause the PTP Master to respond to multicast Delay Requests (as long as it is the Best Master on the network). Deactivating this option will prevent the Master from responding to these.

Unicast Sync : The PTP Master will always respond to attempts from Unicast slaves to communicate with it, provided the Slaves use the proper Unicast Auto-Negotiation process. This setting is always enabled.

Unicast Delay_Req : The PTP Master will always respond to attempts from Unicast slaves to communicate with it, provided the Slaves use the proper Unicast Auto-

Negotiation process. This setting is always enabled.

Transport Protocol : Selects the transport protocol used for PTP packets.

Clock Class Set : Parameter broadcast in a PTP profile, indicating the quality of the attached reference; PTP [default], ARB, ITU [Telecom 1 ]. See also "ESMC Signal

Control" below.

1

The Telecom profile uses different clock class values than the default profile. It uses clock classes in the range from 80 to

110, and these values map to the SSM Quality level that is broadcast in the ESMC message, as defined in Section 6.7.3.1 of

G8265.1. If the user enables Sync-E, and broadcasting of the ESMC message, the parameter that controls which SSM quality level is broadcast when the unit is in sync is user-accessible. This will appear both in the ESMC message, and in the

Clock Class (if the “Clock Class Set” is set to ITU). It is also possible to control whether the ESMC message chosen degrades to QL-DNU when out of sync.

SecureSync 1200 User Reference Guide 491

APPENDIX

Time To Live (Packet Lifespan) : Sets the TTL field for PTP packets except for

Peer-to-Peer packets for which TTL is forced to 1 as specified in IEEE Std 1588-

2008 Annex D.3.

1PPS Offset : The 1PPS signal of this option card can be offset from the main System 1PPS. This offset will be applied to all timestamps created by this card. It can be set in 8ns increments. Range is -500 ms to +500 ms.

Priority 1 : See IEEE 1588-2008, Section 8.10.1, 8.10.2.

Priority 2 : See IEEE 1588-2008, Section 8.10.1, 8.10.2.

Enable SyncE : If checked, allows access to the synchronous Ethernet settings.

There will always be an ESMC message broadcast if Enable SyncE is checked.

Note: For full functionality, SyncE requires Fiber Optic SFP modules.

Standard RJ45/ 1000BASE-T modules are generally not compatible with SyncE.

Enable ESMC : [checkbox]

ESMC Signal Control : Determines which SSM to use in the ESMC message. One of two messages will be broadcast: either the message selected in the SSM Code dropdown or the QL_DNU code. The user may set one of the following broadcasting options:

Output Always Enabled : Always broadcasts the selected SSM code, even when SecureSync is not synchronized to its references.

Output Enabled in Holdover : The output uses the selected

SSM code unless SecureSync is not synchronized to its references (the output is present while in the Holdover mode).

While SecureSync is not synchronized, QL-DNU SSM code will be broadcast.

Output Disabled in Holdover : The output uses the selected

SSM code unless the SecureSync references are considered not qualified and invalid (the output is not present while in the Holdover mode). While references are invalid, QL-DNU SSM code will be broadcast.

492 SecureSync 1200 User Reference Guide

APPENDIX

Output Always Disabled : The output is not present, even if any

SecureSync references are present and considered qualified.

QL-DNU SSM code is broadcast.

SSM Code : The Sync Status Messaging (SSM) code to be used.

Choice of code is made through the drop-down list.

Note: Note: Some parameters define a PTP packet's throughput. They use the "log2seconds", defined as follows.

Positive Value: n => 2n seconds between two successive PTP packets

Negative Value: -n => 2(-n) = (1/2n) => 2n PTP packets per second

PTP Grandmaster [-32]: Status Window

To view the status of a PTP interface, go to its Status window. For instructions, see

"Viewing Input/Output Configuration Settings" on page 353

.

The GB PTP Status window contains two tabs: Main and Advanced .

Main tab: Status information

Ethernet Status : Whether the module is connected to a network through Ethernet.

Green =Connected. The speed of the connection is indicated.

Orange =Not connected.

SecureSync 1200 User Reference Guide 493

APPENDIX

Port State : Reports the current state of the PTP State Machine:

Disabled : PTP Ethernet port is Disabled. See PTP Setup/Network page, PTP

Network Settings options.

Initializing : Ethernet link is unplugged/PTP Module is in power-up state. A

Master Clock doesn’t leave this state while it can’t get the current time and synchronization references from the SecureSync to synchronize with it.

Listening : PTP module is looking for a Master Clock.

Master : PTP Master has become the active Master Clock on the network.

Passive : PTP Module has become a Passive Master Clock. (There is another

Master Clock on the network with better quality or higher priority). This

Master will wait until the Best Master Clock Algorithm determines it should become the best Master Clock, and then it will transition to the Master Clock state.

Uncalibrated : PTP Slave has selected a Master Clock on the network attempts to synchronize with it using sync packets.

Number of Unicast Slaves : Number of PTP Slaves that have been granted by the

PTP Master to run in unicast mode (maximum = 4000 unicast contracts)

Profile : Whether the profile is the default or Telecom.

Domain Number : The current PTP Domain Number.

Clock Mode : See

"Main tab settings" on page 489 .

Current IP Address : The IP address currently being used by the PTP interface.

MAC Address : The MAC address currently being used by the PTP interface.

Advanced tab: Status information

Time Properties:

UTC Offset : The Master’s current offset between UTC time and TAI time. Units: seconds.

UTC Offset Valid : Indicates whether or not the Master’s UTC Offset is valid.

Leap Second : The Leap second correction as set on the Time Management page.

Time Traceable : Indicates whether the Master’s time is traceable (Enabled) to a primary reference or not (Disabled).

494 SecureSync 1200 User Reference Guide

APPENDIX

Frequency Traceable : Indicates whether the Master’s Frequency is traceable

(Enabled) to a primary reference or not (Disabled).

PTP Time Scale : Indicates the timescale that the Master is using to broadcast its time. TAI is the default PTP timescale.

Time source : The Time Source that the Master is using. Refer to IEEE Standard

1588-2008, Section 7.6.2.6.

Clock Quality:

Clock Accuracy : A number describing the accuracy of the oscillator in the Master relative to its UTC reference (see IEEE Standard 1588-2008, Section 7.6.2.5).

Offset Scaled Variance : A constant value based on the variance of the oscillator installed in the SecureSync unit.

Clock Class : A number describing the state of the time and 1pps references of the

PTP Clock.

See table below for Clock Class definitions (see also: IEEE Standard 1588-2008,

Section 7.6.2.4, Table 5).

Table 5-25: Clock class definitions

PTP

Time

Scale

Arbitrary

Time

Scale

6 13

7

52

14

58

187 193

255 255

248 248

Clock Class Definition

Time and 1pps references are synchronized with the host references and PTP clock shall not be a slave to another clock in the domain.

Time and 1pps references are in holdover state, within specifications and PTP clock shall not be a slave to another clock in the domain.

Time and 1pps references are in holdover state, not within specifications, and PTP clock shall not be a slave to another clock in the domain. Then, applied to Master

Clocks who have just powered on and have not yet achieved a suitable TFOM value.

Time and 1pps references are in holdover state, not within specifications, and PTP clock may be a slave to another clock in the domain.

Class assigned to “Slave-Only” clocks.

“Unknown” class.

Ethernet Status

Current IP Address : The IP address currently being used by the PTP interface.

SecureSync 1200 User Reference Guide 495

APPENDIX

Note: If the PTP Module is set up for DHCP but fails to obtain an IP address, it will use the Static IP instead. To reacquire a DHCP address, reset the module via the Main tab in the PTP settings window.

Current Network Mask : The Network Mask currently being used by the PTP interface.

Current Gateway : The Gateway address currently being used by the PTP interface.

Port Status

Port State : Reports the current state of the PTP State Machine:

Disabled : PTP Ethernet port is Disabled. See PTP Setup/Network page, PTP

Network Settings options.

Initializing : Ethernet link is unplugged/PTP Module is in power-up state. A

Master Clock doesn’t leave this state while it can’t get the current time and synchronization references from SecureSync to synchronize with it.

Listening : PTP module is looking for a Master Clock.

Master : PTP Master has become the active Master Clock on the network.

Passive : PTP Module has become a Passive Master Clock. (There is another

Master Clock on the network with better quality or higher priority). This

Master will wait until the Best Master Clock Algorithm determines it should become the best Master Clock, and then it will transition to the Master Clock state.

Uncalibrated : PTP Slave has selected a Master Clock on the network attempts to synchronize with it using sync packets.

One Step Mode : Determines the number of steps in the PTP protocol. Will be one of the following:

Disabled : Two-Step Mode is enabled

Enabled : One-Step Mode is enabled

[Default=Disabled]

496 SecureSync 1200 User Reference Guide

APPENDIX

Note: One-Step Mode is not supported with the Peer-to-Peer

Delay Mechanism.

The current implementation of One-Step Mode involves a software oriented timestamping. The Two- Step Mode imlements a hardware oriented timestamping, insensitive to software execution time variations. The Two-

Step Mode is recommended, as it increases the PTP Clock's accuracy

Delay Mechanism : Will be one of the following:

E2E : End-to-End Delay Mechanism

P2P : Peer-to-Peer Mechanism

Disabled : No Delay Mechanism

Default setting: E2E

Note: Peer-to-Peer Delay Mechanism is only applicable on networks equipped with Transparent Clocks

(switches/routers IEEE 1588 compatible). Peer-to-Peer

Delay Mechanism is not supported in Unicast transmission mode.

PPS Offset : See

"Advanced tab settings" on page 490

.

Module Information

Software Version : Version number of embedded software

Hardware Version: Version number

Configuration — General Steps

Ensure that SecureSync's PTP port is connected to the network (check the Link

Status in the PTP Status/Network page).

Ensure the PTP port speed is 100 Mb/s (see: PTP Status page > Advanced tab >

Port Speed ).

Be sure that valid time and 1PPS references are currently selected (go to

MANAGEMENT/OTHER/Time Management ).

SecureSync 1200 User Reference Guide 497

APPENDIX

In order to operate properly as a Master Clock, SecureSync must be synchronized to a non-

PTP reference. Confirm that the chosen reference transmits the following information (as reported by the Time Properties on the PTP Status page, under the Advanced tab):

The proper TAI or UTC time (including the current year)

The current TAI to UTC offset (required even if the reference’s time is in TAI)

Pending leap second information at least a day in advance.

If the reference does not transmit this information, it must be provided by the user in order for the Master Clock to function properly.

The built-in GNSS reference provides all information needed with no user intervention.

Configuration — PTP-Specific Steps

Confirm that:

The PTP Port Activity is enabled (check the Port Status on the PTP Status page under the Advanced tab). If not, enable it from the Port Activity of the PTP

Setup/Network page).

The clock is set to be a Master-Only clock (check the Clock Mode on the PTP

Setup/Clock page).

A valid IP address is currently being used (check the Ethernet Settings on the PTP

Setup/Network page).

When the PTP Module is set to be a Master Clock, the module will immediately attempt to become the active Master Clock on the network ( PTP Port State = Master ). If it does, it will start to transmit PTP packets (even if SecureSync is not yet synchronized).

There are several reasons why the PTP Module may not become the active Master Clock, or may not be broadcasting the correct time, even if it is set to be a Master Clock: a.

If using any reference other than self for 1PPS, SecureSync will not become an active Master Clock until the Time Figure of Merit (TFOM) value of the system is less than 15. After first going into sync after power-up, it may take a minute or two for the Time Figure of Merit (TFOM) value to fall to an acceptable level. The current

Time Figure of Merit (TFOM) value is available in the Time Properties panel under the Advanced tab on the Status page.

b.

PTP uses the TAI timescale to transfer time. Many timing references communicate time in the UTC timescale. UTC is offset from TAI by a small amount which changes every time a leap second occurs. The TAI to UTC Offset is part of the PTP Specification and must be provided to a Master Clock. If no active reference can provide

498 SecureSync 1200 User Reference Guide

APPENDIX that information, the offset must be provided by the Host. The TAI to UTC Offset can be set from the MANAGEMENT/OTHER/Time Management page (while setting the GPS to UTC Offset).

c.

The PTP protocol also provides for the transfer of Leap Second information. If the active time reference does not provide Leap Second information, it must be added by the user through the MANAGEMENT/OTHER/Time Management page. If this is not done, the PTP network will have the incorrect UTC time after a leap second event.

d.

If there are multiple multicast Master Clocks on the network, the PTP Module uses the Best Master Clock (BMC) algorithm specified in the PTP Specification to decide whether or not to become the active Master Clock. The BMC algorithm selects the

Best Master Clock on the network from the following criteria: i.

The BMC algorithm first selects the clock having the higher Priority1 parameter (a lowest value means a higher priority).

ii.

If the BMC cannot be determined from the previous parameter, the BMC algorithm selects the clock having the higher Clock Quality (Clock Class, Clock

Accuracy, Clock Variance).

iii.

If the BMC cannot be determined from the previous parameters, the BMC algorithm selects the clock having the higher Priority2 parameter.

The Master Clock selected by the BMC algorithm as the Best Master Clock will transition into the Master state to become the active Master Clock on the network. It will then start to transmit Sync packets to the Slave Clocks. The other Master Clocks will transition into the

Passive state.

Enabling PTP

To enable PTP:

SecureSync 1200 User Reference Guide 499

APPENDIX

1.

Navigate to the Top panel of the GB PTP Edit window.

2.

Check the Enable PTP box.

Configuring Multicast Mode

To enter Multicast mode, perform the following steps:

1.

In the GB PTP Edit window, navigate to the Advanced tab.

2.

Select the Multicast Sync checkbox.

3.

Select the Multicast Sync Rate from the drop-down list.

4.

Select the Multicast Announce Rate from the drop-down list.

Configuring Unicast Mode

To enter the Unicast mode, perform the following steps:

1.

In the GB PTP Edit window, navigate to the Advanced tab.

2.

Confirm that Unicast Sync is checked. The 1204-32 PTP module should always

500 SecureSync 1200 User Reference Guide

APPENDIX respond to unicast negotiations.

Configuring Minicast/Hybrid Mode

To enter the Minicast/Hybrid mode, perform the following steps:

1.

In the GB PTP Edit window, navigate to the Advanced tab.

2.

Select the Multicast Sync checkbox.

3.

Select the Multicast Sync Rate from the drop-down list.

4.

Select the Multicast Announce Rate from the drop-down list.

5.

Confirm that Unicast Sync is checked. The 1204-32 PTP module should always respond to unicast negotiations.

Configuring PTP on the Network

To configure PTP on the network:

1.

In the GB PTP Edit window, navigate to the Main tab.

2.

Under the Main tab of the GB PTP Edit window, make the following settings:

Domain Number : Sets the current PTP Domain Number, as defined in IEEE

Std 1588-2008 Section 7.1

Clock Mode : See under

"Main tab settings" on page 489 .

Enable DHCP : This is a checkbox to enable or disable the delivery of IP addresses from a DHCP Server. The default setting is enabled (the box is checked).

Static IP Address : When a DHCP server is not requested or is requested but not available, the PTP Module will use this IP address. In the format “#.#.#.#” with no leading zeroes or spaces, where each ‘#’ is a decimal integer from the range [0,255].

SecureSync 1200 User Reference Guide 501

APPENDIX

Network Mask : When a DHCP server is not requested or is requested but not available, the PTP Module will use this Network Mask. In the format

“#.#.#.#” with no leading zeroes or spaces, where each ‘#’ is a decimal integer from the range [0,255].

Default Gateway : When a DHCP server is not requested or is requested but not available, the PTP Module will use this Default Gateway. In the format

“#.#.#.#” with no leading zeroes or spaces, where each ‘#’ is a decimal integer from the range [0,255].

Configuring PTP Contracts

1.

Navigate to the Contract tab of the GB PTP Edit window.

502

2.

Under the Contract tab of the GB PTP Edit window, make the following settings:

Min Sync Interval : The minimum value of Sync interval granted by the

Master Clock. In packets per second.

Max Sync Duration : The maximum value of Sync interval granted by the

Master Clock. In seconds.

Min Announce Interval : The minimum value of the Announce interval granted by the Master Clock. In packets per second.

Max Announce Duration : The maximum value of the Announce interval granted by the Master Clock. In seconds.

Min Delay_Req Interval : In packets per second.

Max Delay_Req Duration : In seconds.

SecureSync 1200 User Reference Guide

APPENDIX

Max Slaves : The maximum number of slaves to be served. The 1204-32 module can serve up to 4000 slaves (unicast contracts).

5.2.7

Miscellaneous Option Cards

This section contains technical information and SecureSync Web UI procedures pertaining to option cards that do not fall into other categories, e.g. cards that serve as signal relays.

5.2.7.1

STL Option Module [1204-3E]

Satelles Satellite Time and Location (STL) signal is broadcast on Iridium satellites and offers a spoofing-resilient encrypted signal that is 1000x stronger than GNSS-based timing signals. Hence, it is difficult to jam, and it can be received indoors.

STL is a subscription-based service. Please contact Spectracom for details.

A SecureSync equipped with the STL 1204-3E option card can be operated with or without GPS, depending on your application, i.e. STL can be utilized as a backup, or as the only external timing source.

Note: Devices are shipped with the STL subscription deactivated. It is necessary to contact customer service to activate the subscription: [email protected]

US: +1 585 321 5800; France: +33 (0)1 64 53 3980.

For subscription renewal information, see

"Renewing Your STL Subscription" on page 510

Hardware Installation

1.

If your STL option card was purchased together with a SecureSync unit, the card will be pre-installed in the unit. Proceed to Step 3.

2.

If you purchased your STL option card separately, you will need to install the card into the SecureSyncunit. For instructions, see the hard copy of the Option Card

Installation Guide that shipped with the unit, or see the Field Installation instructions in the user manual.

Note: The -3E card can be installed in any free card slot.

SecureSync 1200 User Reference Guide 503

APPENDIX

3.

Install the SecureSync unit in its assigned location e.g., in a server rack.

4.

Install the supplied STL satellite antenna: The antenna is designed for indoor use.

The ideal location for the antenna is near the ceiling of the room in which your

SecureSync unit is located, or near an outside wall. In general, a higher location is preferable over a lower location. Do not cover the antenna with electronic equipment or other metal objects.

Note: The supplied antenna cable is 2.4 m (96") long. Longer cables are available upon request. The antenna does not require a separate power supply.

5.

Connect the antenna cable to the SecureSync unit via the SMA connector on the option card -3E rear plate. The SecureSync can be in a powered off or a powered on state during antenna installation.

Figure 5-57: Model 1204-3E option card rear plate

If the unit is ON, verify that the BURST lamp is blinking.

If the unit is OFF, turn it on, and wait until the BURST lamp is blinking.

If the BURST lamp is not blinking after the subscription has been activated , the

STL receiver is not receiving an STL signal. Check the antenna cable and its connections, and the antenna location. Move the antenna to another location (higher or closer to an outside wall).

R e a r P l a t e L E D s :

BURST : Indicates the incoming STL burst rate. A high burst rate (desired) is indicated by the LED flashing quickly.

504 SecureSync 1200 User Reference Guide

PPS : Indicates that the STL receiver is sending out a PPS signal to SecureSync. One (1) pulse per second means that the receiver is locked. NOTE: It can take approximately 10 minutes or longer until the receiver is locked. This depends on the burst rate (see

"Burst Rate" on page 510 .)

Both LEDs have equivalent indicators in the Web UI STL 0 status window:

APPENDIX

6.

Proceed with the SW configuration of the STL settings, as described below.

Note: The RJ-45 MAINT.

connector will not be needed for the STL configuration. Use this connector only if so requested by Spectracom

Service personnel.

Configuring STL Settings

Note: If you do not yet have a subscription key, you will need to obtain one before continuing with installation. Please contact Orolia customer service: [email protected]

US: +1 585 321 5800; France: +33 (0)1 64 53 3980

SecureSync 1200 User Reference Guide 505

APPENDIX

Note: During the initial installation of a unit equipped with an STL card, the exact geographic position needs to be entered into the Web UI (see below). Should the unit be relocated at a later point in time, the position must be changed accordingly.

The STL option card 1204- 3E is configured via the SecureSync Web UI. See

"The

SecureSync Web UI" on page 18

for basic SecureSync setup and initial login information.

To configure STL settings:

1.

Log into the Web UI, and navigate to INTERFACES > OPTION CARDS: STL 0 . The

STL 0 status window will be displayed.

2.

In the STL 0 status window, click on the Edit button to open the STL 0 setup window.

506

In the STL 0 setup window, you can configure the following parameters:

Subscription Key : [ required ] Enter the key obtained from customer service in order to activate STL access.

SecureSync 1200 User Reference Guide

APPENDIX

Latitude, Longitude, Altitude : [decimal degrees, meters] Actual geographic position of SecureSync's STL antenna. For help determining your actual position, see

"Determining Your Position" on page 209

.

Geolocation Mode : Static Known Position / Static Unknown Position

[ default ] / Pseudo Static / Dynamic : This parameter refers to how the STL receiver handles position estimation. The default setting is recommended for most applications.

Sensitivity Level : [ default = 40] This value determines the sensitivity of the

STL receiver towards the STL signal bursts transmitted by the satellites. The lower the number, the more responsive the receiver will be to acknowledge the bursts. The default value is optimized for an indoor antenna. A higher value can be used for outdoor antenna installations (not typical). A value lower than (40) is not recommended.

3.

Assign the STL 0 reference a reference priority by navigating to MANAGEMENT >

OTHER: Reference Priority .

4.

In the Configure Reference Priorities panel, click the + icon in the upper right corner. The Add Reference window will open.

5.

Select a Priority Level : a.

If STL is to be used as a backup to GPS: Select a Priority Level of 2 .

b.

If STL is the only reference: Select a Priority Level of 1 .

For Time and PPS , select STL 0 . Click Submit.

6.

Verify your settings in the Reference Priority table, and ensure that the new reference is Enabled .

Reviewing the STL Status

Validity Status

To check or monitor the validity of the STL reference:

SecureSync 1200 User Reference Guide 507

APPENDIX

1.

Navigate to INTERFACES > REFERENCES .

2.

In the References status panel, under STL 0 , check the status indicator light:

Detailed Status

To obtain detailed STL status information:

1.

Navigate to INTERFACES > REFERENCES: STL 0 . The STL 0 status panel will be displayed.

508 SecureSync 1200 User Reference Guide

APPENDIX

2.

In the STL 0 status panel, click the INFO button. The STL 0 status window will open:

Besides STL system data, the window also displays STL validity and the subscription status.

For a description of the other parameters, see

"Configuring STL Settings" on page 505 .

Subscription status reminder banner : Lists your current subscription state.

Validity – TIME : Should always be green; if red, the -3E card is not installed correctly, or there is a defect; – PPS : If green, indicates the STL receiver is sending a PPS signal to

SecureSync.

Subscription Start Date, End Date : Day the STL subscription began and will end.

Application Version, System Version : Receiver software versions.

Serial Number : Receiver serial number.

SecureSync 1200 User Reference Guide 509

APPENDIX

IP address [button]: Maintenance port – opens a separate browser window indicating the

IP address of the Maintenance port (if a cable is plugged into the MAINT. port).

NOTE : This functionality is only required if Spectracom Service personnel request access to the STL receiver directly.

Strong Burst : Indicates color-coded burst rate. For more information see

"Burst Rate" below .

Latitude, Longitude, Altitude : Position data, as entered under

"Configuring STL Settings" on page 505 .

Geolocation Mode : Position estimation setting, as entered under

"Configuring STL Settings" on page 505 .

Sensitivity Level : STL receiver sensitivity setting, as entered under

"Configuring STL Settings" on page 505 .

Renewing Your STL Subscription

Contact customer service to obtain a new subscription key: US: +1 585 321 5800; France:

+33 (0)1 64 53 3980.

In the WebUI, navigate to INTERFACES > OPTION CARDS: STL0 > EDIT to access to

STL status panel. Enter your new subscription key.and click submit.

If your location information is different from your End User Agreement, please contact customer service.

Confirm that your start date, end date, and subscription state have updated in the STL reference panel.

Burst Rate

Satellites transmit the STL time and location data in bursts. The number of bursts per minute that the receiver detects is the burst rate , but only strong bursts have a quality high enough to be usable. Note that the burst rate changes over time due to the movement of the satellites and other factors.

The current strong burst rate is shown in the STL 0 status window (described above) and offers a good indication on the reception quality. Typically, a number of received strong bursts per minute is greater than 60, the location has sufficient STL service for the receiver to converge and provide a timing solution.

510 SecureSync 1200 User Reference Guide

APPENDIX

Strong

Bursts

80+ Excellent, minimal signal attenuation

35-55 Good, some signal attenuation

15-30 Moderate, strong signal attenuation

5-15

0

Conditions

Marginal, major signal attenuation

Poor, severe signal attenuation

Typically experienced ...

Receiver lock status

… outdoors

… indoors near windows

Short time to convergence

Short time to convergence

… indoors far from windows

Longer time to convergence

… deep indoors

… very deep indoors

Significantly longer time to convergence

No convergence

Troubleshooting

No action required

No action required

Wait a couple of minutes for better satellite geometry; relocate antenna

Wait several minutes for better satellite geometry; relocate antenna

Verify that STL service is enabled in your area; wait several minuts for better satellite geometry; relocate antenna

Note: The values shown above are only guidelines: Due to the dynamic nature of satellite signal characteristics over time, a specific burst threshold value does not guarantee a good receiver performance.

Specifications

The specifications of the STL Option Module 1204-3E are:

Inputs : One STL antenna input, one Ethernet maintenance input

Antenna input connector : SMA

Maintenance connector : RJ45

Frequency band : 1626 MHz

Timing synchronization accuracy to UTC : ±500 ns (specified); ±200 ns (typical)

Coverage : Global

Time-to-first-fix (Timing) : Several seconds (the PPS pulse will become available once the positioning fix has been obtained)

Jamming resilience : Signal is 30 to 40 dB stronger than GPS signal

Spoofing resilience : Encrypted signal

SecureSync 1200 User Reference Guide 511

APPENDIX

Maximum number of cards : 1

Ordering information :

STL module: 1204-3E

STL subscription (1 year): STL-SS-1Y

Figure 5-58: Model 1204-3E option card rear plate

5.2.7.2

Alarm Relay Out [1204-0F]

The Model 1204-0F Alarm Relay Option Card provides three (3) configurable relay outputs for the SecureSync platform.

Alarm Relay Out [1204-0F]: Specifications

Inputs/Outputs : (3) three contact relay connections (NC, common, NO)

Signal Type and Connector : Terminal block

Contacts switch under max. load of 30 VDC, 2A

Contacts rated to switch: 220 VDC

Nominal Switch Capacity : 30 V, 2A

Maximum switch voltage : 220 VDC

Maximum switch power : 60 W

Maximum switch current : 2A

Breakdown voltage : 1000 VDC between contacts

Switch time : 4ms, max.

Maximum Number of Cards : 1

Ordering Information : 1204-0F: Relay Outputs Module

512 SecureSync 1200 User Reference Guide

APPENDIX

Figure 5-59: Model 1204-0F option card rear plate

Terminal block pin-out, alarm relay out

PIN SIGNAL

7

8

5

6

3

4

1

2

GND

Relay 0 NO

Relay 0 NC

Relay 0 COMMON

Relay 1 NO

Relay 1 NC

Relay 1 COMMON

Relay 2 NO

9 Relay 2 NC

10 Relay 2 COMMON

Operation of the Alarm Relay Card

SecureSync 1200 User Reference Guide 513

APPENDIX

514

Figure 5-60: Contact closure relay pinouts

1.

All relay contacts are labeled as in their de-energized state (power removed or alarm asserted).

2.

The "normal" state of the relays (no alarms asserted) is relays energized.

3.

The applicable relay(s) (Minor or Major, as configured in the browser) is /are de-energized when a Minor or Major alarm is asserted.

4.

Both the Minor and Major alarms are active (relays de-energized and in their alarm state) when input power is removed from SecureSync.

5.

For information on how to configure the relays as either a Minor alarm relay or a

Major alarm relay, see

"Alarm Relay Output: Edit Window" on page 516

.

Each of the three available relays on this option card can be configured to be either a Minor or a Major alarm relay. The three relays are dry contact closures that can either open or

SecureSync 1200 User Reference Guide

APPENDIX complete a circuit, depending on whether the relay is energized/de- energized and whether the custom alarm circuit is connected to the NO or NC contacts.

To use this option card to provide an audible indication of a Minor or Major alarm being asserted, SecureSync does not pass or generate an audible tone. It is just the switch that allows the tone to be generated. Or for a visible alarm indication, the three relays can allow

DC voltage to be routed to the light, when an alarm is asserted.

The best way to think of each of the alarm relays is that they are simply a light switch on the wall. When the switch is off (relay is in one position) the light/buzzer is off. But if you toggle the switch (relay) to the other position (either a Minor or Major alarm is alarm is asserted), the light/buzzer comes on. When a Minor or Major Alarm is asserted, the applicable relay(s) switches states. This can then allow a custom circuit to be able to sound an alarm or to illuminate a light, as desired.

The nominal switch capacity is 30V, 2A (maximums: voltage = 220 VDC, power = 60W, current = 2A). So you can connect any desired audible//visible device or component to this relay that can operate within this rating (Spectracom doesn't make any specific recommendations on what visible or audible alarms to use in conjunction with this Option Card).

Further below is a diagram of ways that a light or buzzer can be connected to any of the three relays on this Option Card.

Note that any necessary wiring, the light/buzzer and the power source (labeled in the diagram above as “DC Power Supply”) for the light/buzzer is supplied by the customer.

“Relay 1”, “Relay 2” and “Relay 3” represent the three available relays. The three tables on the left provide the pin-outs for each of the relay contact closures.

Alarm Relay Output: Viewing Signal State

To quickly view the signal state of all three alarm outputs, see:

"Viewing an Input/Output

Signal State" on page 356 .

Each alarm output will be in one of these 3 states:

SecureSync 1200 User Reference Guide 515

APPENDIX

NEVER OUTPUTS

OUTPUTS ON MINOR ALARM

OUTPUTS ON MAJOR ALARM

Alarm Relay Output: Edit Window

To configure the Alarm Relay Output, go to its Edit window. For instructions, see:

"Configuring Option Card Inputs/Outputs" on page 354

.

The Web UI list entry for this card is: Relay Output . The name of the output is: Alarm Output [number].

Note: SecureSync starts numbering I/O ports with 0 (only 1PPS and

10 MHz outputs start at 1, because of the built-in outputs).

The Edit window allows the configuration of the following settings:

Alarm Type :

None : Will not output for an alarm.

Minor : Will output on a minor alarm.

Major : Will output on a major alarm.

Alarm Relay Output: Status Window

To view the current settings of an Alarm Relay Output, go to its Status window. For instructions, see:

"Viewing Input/Output Configuration Settings" on page 353

.

The Web UI list entry for this card is: Relay Output . The name of the output is: Alarm Output [number] .

Note: SecureSync starts numbering I/O ports with 0 (only 1PPS and

10 MHz outputs start at 1, because of the built-in outputs).

516 SecureSync 1200 User Reference Guide

APPENDIX

The Status window displays the following settings:

Alarm Type :

None : Will not output for an alarm.

Minor : Will output on a minor alarm.

Major : Will output on a major alarm.

5.2.7.3

Revertive Selector Card [1204-2E]

The Revertive Selector Option Card provides automatic failover capability, using one option card slot for a single output signal.

Operating Principle

The output follows the selected input. Signals can be 1PPS, 10 MHz, 5MHz or 1MHz.

Input “A” is selected if present and valid. If input “A” disappears, or if power to host

SecureSync is interrupted, input “B” is presented at output “OUT”.

As soon as input “A” becomes valid again, the output switches back to use “A” as source.

At power-up or module reset, there is a timed delay before input “A” is presented. This allows reference at input “A” to stabilize before being used.

Model 1204-2E Specifications

Inputs/Outputs :

(2) Inputs – Unselected input terminated with 50 Ω

(1) Output

Connectors : 3 BNC

Signal Type : User selected (jumper switch):

>1MHz

1MHz to 100 Hz

1PPS

SecureSync 1200 User Reference Guide 517

APPENDIX

Signal Level :

Sine Wave, 0.5 V to 30 V p-p

TTL (50 Ω)

Default Power-on Switch State :

Initially, input “B” ; until a valid signal on input "A" is detected, causing the switch state to change to "A" .

Maximum Number of Cards : 6

Ordering Information : 1204-2E: Revertive Selector Option Module

Figure 5-61: Model 1204-2E option card rear plate

518

Figure 5-62: Location of jumper switches

SecureSync 1200 User Reference Guide

APPENDIX

5.2.7.4

Event Broadcast [1204-23]

The Event Broadcast Module (RS-232) provides a BNC connection for an Event Trigger

Input and a RS-232 connector for an ASCII message output.

When the defined signal edge is detected on the Event Input BNC Connector, an ASCII message is created containing the current time.

ASCII messages are stored in a Message Buffer . The message buffer can store

512 entries before overflowing. Messages may be lost if the buffer overflows.

Messages can be output in one of two ways:

If the Mode is set to Broadcast , messages in the Message Buffer will be output immediately through the RS-232 Output port. If another event is captured while a message is being sent, it will be queued in the buffer until the first message completes, then the next message will be sent.

If the Mode is set to Request , messages in the Message Buffer are only sent when the Request Character is received.

The output format used is selected among a small group of formats with the capability to output data at 5ns resolution. Event Broadcast Output formats are detailed in

"Event

Broadcast Time Code Formats" on page 526 .

Event Broadcast [1204-23]: Specifications

Inputs/Outputs : (1) Event Trigger Input, (1) Event Broadcast Output

Signal Type and Connector :

Connector J1 – (RS-232 Output) RS-232 DB9F

Connector J2 – (Event Input) TTL BNC

Event Resolution : 5ns

Minimum Time Between Events : 20 ns

Message Buffer Size : 512 messages

Ordering Information : 1204-23: Event Broadcast

SecureSync 1200 User Reference Guide 519

APPENDIX

Figure 5-63: Model 1204-23 option card rear plate

Output Port: Pin Assignments

8

9

6

7

Table 5-26: Output connector DB-9: pin-out

Pin Number Signal Name Function

Top row of 5 pins

3

4

1

2

5

NC No Connection

SERIAL_OUT_TX RS-232 Transmit data

SERIAL_OUT_RX RS-232 Receive data

NC No connection

GND Ground

Bottom row of 4 pins

NC

NC

NC

NC

No connection

No connection

No connection

No connection

Viewing the State of Event Broadcast and Event Input

To view the Status of Event Broadcast and Event Input, see

"Viewing an Input/Output Signal State" on page 356

.

Event Broadcast Output: Edit Window

To configure the Event Broadcast Output , go to its Edit window. For instructions, see:

"Configuring Option Card Inputs/Outputs" on page 354

.

The Web UI list entry for this card is: Event Broadcast .

Note: SecureSync starts numbering I/O ports with 0 (only 1PPS and

10 MHz outputs start at 1, because of the built-in outputs).

520 SecureSync 1200 User Reference Guide

APPENDIX

The Edit window allows the configuration of the following settings:

Signature Control : Signature Control controls when messages will be broadcast in response to events on the Event Input (J2) port when events are enabled and the card is in “broadcast” mode. (Events are still queued even if they are not broadcast, and are transmitted once the signature control conditions permit.) For more information on Signature Control, see

"Signature Control" on page 147

.

Format : Selects the format of the message to be outputted. Refer to

"Event Broadcast Time Code Formats" on page 526

for a description of all of the available formats.

The Event Broadcast card only supports two formats (Event Broadcast Format 0 and Event Broadcast Format 1), and only supports the output of one message per event. If format is set to “None”, no messages will be queued in the Message Buffer.

Output Mode : This field determines when the output data will be provided. Available Mode selections are as follows:

Broadcast —Event Messages are automatically broadcast when they are created by an event. If a new event happens while an older message is being broadcast, the new message will be queued in a “First-in, First-out” manner.

When the message has finished, the next message out of the queue will be broadcast.

Request —Event Messages are only broadcast in response to a Request Character. New messages will be queued in a “First-in, First-out” manner.

Request character : This field defines the character that SecureSync needs to receive in order for a message to be provided when in “Request” mode. This field will only appear if the Output Mode is set as “Request Broadcast.”

SecureSync 1200 User Reference Guide 521

APPENDIX

Timescale —Used to select the time base for the incoming ASCII time code data. The entered Timescale is used by the system to convert the time in the incoming ASCII data stream to UTC time for use by the System Time. The available choices are:

UTC —Coordinated Universal Time ("temps universel coordonné"), also referred to as ZULU time

TAI —Temps Atomique International

GPS —The raw GPS time as transmitted by the GNSS satellites (as of 5-

March-2021, this is 18 seconds ahead of UTC time)

A local clock set up through the Time Management Page—This option will appear under the name of the local clock you have set up. Refer to

"The Time

Management Screen" on page 150

for more information on configuring and reading the System Clock. Local timescale allows a Local Clock to apply a time offset for Time Zone and DST correction.

Note: The Timescale of the input (as configured in the ASCII time source) must be set correctly, especially if other input references are enabled. Failure to configure the Timescale of the input correctly could result in time jumps occurring in the System Time when input reference changes occur.

These time jumps could affect NTP and normal operation of the system.

Baud Rate : Determines the speed that the output port will operate at.

Data Bits : Defines the number of Data Bits for the output port.

Parity : Configures the parity checking of the output port.

Stop Bits : Defines the number of Stop Bits for the output.

Event Broadcast Output: Status Window

To view the current settings of the Event Broadcast Output , go to its Status window. For instructions, see:

"Viewing Input/Output Configuration Settings" on page 353 .

The Web UI list entry for this card is: Event Broadcast .

Note: SecureSync starts numbering I/O ports with 0 (only 1PPS and

10 MHz outputs start at 1, because of the built-in outputs).

522 SecureSync 1200 User Reference Guide

APPENDIX

The Status window displays the following settings:

Signature Control : Signature Control controls when messages will be broadcast in response to events on the Event Input (J2) port when events are enabled and the card is in “broadcast” mode. (Events are still queued even if they are not broadcast, and are transmitted once the signature control conditions permit.) For more information on Signature Control, see

"Signature Control" on page 147

.

Format : The format of the message to be output. Refer to

"Event Broadcast Time

Code Formats" on page 526

for a description of all of the available formats.

The Event Broadcast card only supports two formats (Event Broadcast Format 0 and Event Broadcast Format 1), and only supports the output of one message per event. If format is set to “None”, no messages will be queued in the Message Buffer.

Output Mode : When the output data will be provided. Available Mode selections are as follows:

Broadcast —Event Messages are automatically broadcast when they are created by an event. If a new event happens while an older message is being broadcast, the new message will be queued in a “First-in, First-out” manner.

When the message has finished, the next message out of the queue will be broadcast.

Request —Event Messages are only broadcast in response to a Request Character. New messages will be queued in a “First-in, First-out” manner.

Timescale : The time base for the incoming time code data. The entered Timescale is used by the system to convert the time in the incoming data stream to UTC time for use by the System Time. The available choices are:

UTC—Coordinated Universal Time ("temps universel coordonné"), also referred to as ZULU time

TAI—Temps Atomique International

SecureSync 1200 User Reference Guide 523

APPENDIX

GPS—The raw GPS time as transmitted by the GNSS satellites (as of 5-

March-2021, this is 18 seconds ahead of UTC time).

A local clock set up through the Time Management Page—This option will appear under the name of the local clock you have set up. Refer to

"The Time

Management Screen" on page 150

for more information on configuring and reading the System Time. Local timescale allows a Local Clock to apply a time offset for Time Zone and DST correction.

Note: The Timescale of the input (as configured in the time source) must be set correctly, especially if other input references are enabled. Failure to configure the Timescale of the ASCII input correctly could result in time jumps occurring in the System Time when input reference changes occur.

These time jumps could affect NTP and normal operation of the system.

Request character : This field defines the character that SecureSync needs to receive in order for a message to be provided when in “Request” mode. This field will only appear if the Output Mode is set as “Request Broadcast.”

Baud Rate : The speed that the output port will operate at.

Data Bits : The number of Data Bits for the output port.

Parity : The parity checking of the output port.

Stop Bits : The number of Stop Bits for the output.

Event Broadcast Input: Edit Window

To configure the Event Broadcast Input (also referred to as ‘ Reference ’), go to its Edit window. For instructions, see:

"Configuring Option Card Inputs/Outputs" on page 354 .

The Web UI list entry for this card is: Event Broadcast .

Note: SecureSync starts numbering I/O ports with 0 (only 1PPS and

10 MHz outputs start at 1, because of the built-in outputs).

524 SecureSync 1200 User Reference Guide

APPENDIX

The Status window displays the following settings:

Event Capture : Enables the processing of events on the Event Input port J2. When set to “Disabled”, no event messages will be queued. When set to “Enabled”, event messages will be triggered (if a valid Format is selected).

Event Active Edge : Selects the signal edge used for triggering events on Event

Input port J2.

Event Broadcast Input: Status Window

To view the current settings of the Event Broadcast Input , (also referred to as ‘ Reference ’), go to its Status window. For instructions, see:

"Viewing Input/Output Configuration Settings" on page 353

.

The Web UI list entry for this card is: Event Broadcast .

Note: SecureSync starts numbering I/O ports with 0 (only 1PPS and

10 MHz outputs start at 1, because of the built-in outputs).

The Status window displays the following settings:

Event Capture : The processing of events on the Event Input port J2. When set to

“Disabled”, no event messages will be queued. When set to “Enabled”, event messages will be triggered (if a valid Format is selected).

Event Active Edge : The signal edge used for triggering events on Event Input port

J2.

SecureSync 1200 User Reference Guide 525

APPENDIX

Latest Event Message : The last message sent. This can be cleared with the Clear button.

Event Broadcast Time Code Formats

The following ASCII- based time code formats are available with the Event Broadcast option card (see

"Event Broadcast [1204-23]" on page 519

):

Event Broadcast Format 0

E x a m p l e m e s s a g e :

SSSSSSSSSS.XXXXXXXXX<CR><LF>

Where:

SSSSSSSSSS 10-digit Seconds Time (references from

January 1 st

, 1970)

.

Decimal Point Separator

XXXXXXXXX 9-digit Sub-Seconds Time (5 ns resolution)

CR

LF

Carriage Return

Line Feed

Event Broadcast Format 1

E x a m p l e m e s s a g e

YYYY DDD HH:MM:SS.XXXXXXXXX<CR><LF>

Where:

YYYY

DDD

Year

Space Separator

Day of Year (001-366)

Space Separator

526 SecureSync 1200 User Reference Guide

:

HH

:

MM

Hour of the Day (00-23)

Colon Separator

Minutes of the Hour (00-59)

Colon Separator

.

SS Seconds (00-59), (00-60 for leap second)

Period Separator

XXXXXXXXX 9-digit Sub-Seconds Time (5 ns resolution)

CR Carriage Return

LF Line Feed

5.2.7.5

Bi-Directional Communication, RS-485 [1204-0B]

Inputs/Outputs : Bi-directional Communication Port

Signal Type and Connector : Balanced RS-485 (3.8 mm terminal block)

Maximum Number of Cards : 1

Ordering Information : 1204-0B: RS-485 Communications Module

Figure 5-64: Model 1204-0B option card rear plate

1

2

3

Table 5-27: Model 1204-0B: RS-485 pin-out

Pin Assignments

Pin No.

Signal

GND

RS-485 IN+

RS-485 IN-

APPENDIX

SecureSync 1200 User Reference Guide 527

APPENDIX

8

9

10

6

7

4

5

Pin No.

Pin Assignments

Signal

NC

NC

NC

GND

RS485 OUT+

RS485 OUT-

GND

Once an address has been assigned, the communication port can be operated as input or output (via CLI).

Communication Input/Output: Edit Window

To configure the Communication port’s settings, go to its Edit window. For instructions, see:

"Configuring Option Card Inputs/Outputs" on page 354 .

The Web UI list entry for this card is: RS-485 Comm .

The name of the Input/Output is: RS-485 Comm [number] .

Note: SecureSync starts numbering I/O ports with 0 (only 1PPS and

10 MHz outputs start at 1, because of the built-in outputs).

528

The Edit window allows the configuration of the following settings:

SecureSync 1200 User Reference Guide

APPENDIX

RS-485 Address : [0-31]

Communication Input/Output: Status Window

To view the address of an RS-485 communication input/output, go to its Status window.

For instructions, see:

"Viewing Input/Output Configuration Settings" on page 353 .

The Web UI list entry for this card is: RS-485 Comm .

The name of the Input/Output is: RS-485 Comm [number] .

Note: SecureSync starts numbering I/O ports with 0 (only 1PPS and

10 MHz outputs start at 1, because of the built-in outputs).

The Status window displays the following settings:

RS-485 Address : [0-31]

5.3

Command-Line Interface

A terminal emulation program is used to emulate a video terminal, so as to access

SecureSync's CLI (Command- Line Interface) remotely via a serial cable. This may be required if no other means of remotely accessing SecureSync are available, for example if

Ethernet ports are used otherwise or have been disabled (e.g., for security reasons).

SecureSync 1200 User Reference Guide 529

APPENDIX

5.3.1

Setting up a Terminal Emulator

If no other means are available to access SecureSync, a terminal emulation program can be used to carry out certain configuration changes by accessing SecureSync's CLI (commandline interface) via a serial port connection. An application example for this scenario is to enable a network port so that the SecureSync Web UI can be used. While it is also possible to retrieve selected logs, a terminal emulator does not replace the SecureSync Web UI.

Orolia does not distribute or support its own terminal emulator, and newer Microsoft operating systems no longer include HyperTerminal. However, there are several third-party open-source programs available, such as TeraTerm

® or PuTTY

®

. The example below illustrates the use of TeraTerm. The setup procedure is similar when using other terminal emulation programs.

Required tools and parts:

I.

A standard, one-to-one pinned RS-232 serial cable; this cable has one male and one female DB-9 connector. Do NOT use a Null Modem cable. If you do not have a standard RS-232 cable at hand, follow the pin-out configuration described below when building a cable. It is required to wire at least pins number 2, 3, and 5.

530

Figure 5-65: Serial port pin-out

II.

Personal Computer with terminal emulator program installed.

Procedure:

1.

Connect the personal computer to the front panel serial connectorUSB interface, using the serial cable.

SecureSync 1200 User Reference Guide

2.

Configure your terminal emulation program, using the following settings:

Port : COM(#)

Bits per second : 9600

Data bits : 8

Parity : None

Stop bits : 1

Flow control : None

APPENDIX

3.

Depending on which network protocol you are using (SSH, Telnet), you will need to enter authentication upon establishment of the connection either in a separate authentication window, or the Terminal window: The default user name is spadmin , and the password admin123

.

4.

Using the Terminal window, you can now submit commands; see

"CLI Commands" below

for a list of commands.

5.3.2

CLI Commands

SecureSync features a suite of command-line interface (CLI) commands that can be used to configure parameters and retrieve status information or log files via a remote connection, using the telnet or ssh

(if enabled) protocol.

This section includes a list of some of the supported commands.

SecureSync 1200 User Reference Guide 531

APPENDIX

Notes:

a.

The command “ helpcli ” will provide a list of all available commands and their syntax ( Note : Typing “ help ” will output bash shell help only and will not provide useful information).

b.

You can scroll up or scroll down through the output by using the Page Up/Page down keys, or the arrow keys.

c.

Type “ q ” (lower-case) to quit.

d.

Pressing the up/down keys scrolls through previously typed commands.

e.

Commands need to be typed in all lower-case letters.

f.

Where eth0 is the base network port and eth1

(and higher) are used with the optional Gigabit Ethernet module for multiple network interfaces.

g.

User accounts with “user” group permissions can perform “ get ” commands but cannot perform any “ set ” commands or change/reset passwords. Only user accounts with “admin” group permissions can perform “ set ” commands or change/reset password. Refer to

"Adding/Deleting/Changing User Accounts" on page 248

for user account setup information.

Command clean cleanhalt clearlogs clearstats dateget dateset defcert dhcp4get dhcp4set dns4get dns4set dhcp6get dhcp6set

Description

Restores SecureSync configuration, logs, and stats to factory defaults and reboots

Restores SecureSync configuration to factory defaults and halts

Clears all logs

Clears all statistical data (NTP, and oscillator/disciplining)

Displays current date (for example, 15 APR 2015)

Used to set the current date

Used to create a new Spectracom self-signed SSL certificate for HTTPS in case of expiration of the original certificate

Displays whether DHCP is enabled

Used to enable or disable DHCP

Displays the configured DNS servers

Used to configure the DNS servers

Displays whether DHCPv6 is enabled

Used to enable or disable DHCPv6

532 SecureSync 1200 User Reference Guide

APPENDIX

Command Description hostget hostset hotstart ip4get ip4set ip6add ip6del ip6get iptables licenses list loadconf doyget doyset

Used to obtain the current Day of Year

Used to set the current Day of Year gpsdop Displays GNSS receiver positional accuracy estimates gpsdserviceportget Displays the GPSD service port gpsdserviceportset Sets the GPSD service port gpsinfo Applicable to SAASM-equipped SecureSync units only gpsloc gpsmdl

Displays GNSS latitude, longitude and antenna height

Displays the GNSS Manufacturer and Model gpsreset gpssat gw4get gw4set gw6get gw6set halt helpcli

Resets the GNSS Position stored in the unit.

Displays GNSS satellites tracked and maximum signal strength being received

Displays the default IPv4 gateway

Used to configure the IPv4 gateway addresses

Displays the default IPv6 gateway address

Used to configure the IPv6 gateway address

Used to Halt the system for shutdown

Provides list of available commands and syntax

Displays the DNS hostname

Sets the DNS hostname

Initiate a hot start operation on the SAASM GPS receiver

Displays IPv4 Ethernet port information (IP address net mask and gateway)

Used to set IPv4 Ethernet port information (IP address net mask and gateway)

Used to add IPv6 Ethernet port information (IP address net mask and gateway)

Used to delete IPv6 IP address

Used to obtain the IPv6 IP address

See

"Network Services" on page 63

for more information.

Displays configured licenses installed (if any)

Outputs a list of commands

Restore a saved configuration and reboot

SecureSync 1200 User Reference Guide 533

APPENDIX

Command localget locallist localset manifest model net netnum net4 net6 options oscget portget portset portstate ppsctrl priorset radius setretry radius getretry radius server list radius server add radius server del reboot reftable release4 release6

Description

Used to obtain the configured local clock

Used to display local clocks

Used to configure local clocks

See a list of all files

Displays the Serial Number of the unit

Displays network settings

Displays the number of general-purpose network interfaces

Displays IPv4 network settings

Displays IPv6 network settings

Displays configured options installed (if any)

Displays the installed system oscillator

Display whether network port is enabled (for example, "portget ETH2")

Enable or disable a network port:

"portset x on" where "x" is the port number (for example, "ETH2")

"portset X off"

[NOTE: Available since Web UI Revision no. 5.1.2]

Display the current state for a network port

Enable/disable individual 1PPS output signals

Sets the priority of an entry in the reference priority table

<value> Sets how many radius login retries will be attempted

<value> Gets the number of radius login retry attempts

Lists radius servers

<host> <port> <key> <timeout>

Adds radius server

<id> Deletes radius server number <id>

Used to warm-boot the unit without having to disconnect or reconnect power

Displays reference priority table

Used with DHCP to release the IPv4 address

Used with DHCPv6 to release the IPv6 address

534 SecureSync 1200 User Reference Guide

APPENDIX

Command renew4 renew6 resetpw routes4 routes6 rt4add rt4del rt4get rt6add rt6del rt6get saveconf savelog scaleget scaleset sendtrap sendtrap all services servget servset slaacget slaacset stateset status swupgrade syncstate testevent

Description

Used with DHCP to renew the assigned IPv4 address

Used with DHCPv6 to renew the assigned IPv6 address

Resets the administrator account (spadmin) password back to the default value

“ admin123 ”

Displays the current IPv4 routing table(s)

Displays the current IPv6 routing table(s)

Adds an IPv4 static route

Deletes an IPv4 static route

Displays the configured IPv4 static routes

Adds an IPv6 static route

Deletes an IPv6 static route

Displays the configured IPv6 static routes

Generate archive of current configuration

Generate archive of all log files

Displays configured system timescale

Used to configure the system timescale

Triggers one type of a possible set of alarms.

Sends one instance of all alarms

Displays the state of services (enabled/disabled)

Displays the state of individual services

Enable or disable specific services

Displays whether SLAAC is enabled

Used to enable or disable SLAAC

Enable or disable an entry in the reference priority table. index = 0...15. state = 0

(disable), 1 (enable)

Displays information about the oscillator disciplining

Performs system upgrade using the update bundle provided

Display timing system synchronization state

Generates SNMP events in the enterprise MIB

SecureSync 1200 User Reference Guide 535

APPENDIX

Command tfomget timeget timeset unrestrict version yearget yearset zeroize

Description

Displays current estimated system time error (TFOM – Time Figure of Merit)

Displays current system time (time is displayed in the configured timescale –

See scaleget command to retrieve the configured timescale)

Used to manually set the current time (hours, minutes in seconds); time is entered based on the configured timescale – See scaleget command to retrieve the configured timescale

Used for clearing access control restrictions to SecureSync

Displays the installed main SecureSync and timing system software versions

Displays the current year

Used to set the current year

Applicable to SAASM-equipped SecureSync units only

5.4

Time Code Data Formats

This section describes the different time code data format selections available for use with

SecureSync option cards that accept ASCII data streams as inputs or outputs via their RS-

485 and RS-232 interfaces.

Supported are formats like NMEA, BBC, Spectracom, GSSIP, and Endrun.

5.4.1

NMEA GGA Message

The GGA Format provides essential fix data which includes 3D location and accuracy data.

E x a m p l e m e s s a g e :

$GPGGA,123519.00,4807.038,N,01131.000,E,1,08,0.9,545.4,M,-164.0,M,,,,*47

Note: Not all fields below are available on all products in all applications.

NOTE : The GGA format does not support precision timing and 1PPS functionality; the

Web UI may permit the selection of Message or PPS Pin as PPS Source , but the NMEA

536 SecureSync 1200 User Reference Guide

APPENDIX

GGA Message will not use either. If this data is required for your application, use the ZDA

Message format instead (see

"NMEA ZDA Message" on the next page ).

Where:

GGA

123519.00

4807.038,N

01131.000, E

1

08

0.9

545.4,M

-164.0,M

(empty field)

*47

Global Positioning System Fix Data

Fix taken at 12:35:19 UTC

Latitude 48 deg 07.038' N

Longitude 11 deg 31.000' E

Fix quality:

0 = Invalid

1 = GNSS fix (SPS)

2 = DGPS fix

3 = PPS fix

4 = Real Time Kinematic

6 = estimated (dead reckoning) (2.3 feature)

7 = Manual input mode

8 = Simulation mode

Number of satellites being tracked

Horizontal dilution of position

Altitude, Meters, above mean sea level (geoid)

Height of geoid (mean sea level) above WGS84 ellipsoid

(Field not provided in this setup)

Checksum data, always begins with *

5.4.2

NMEA RMC Message

NMEA Message Format RMC, (Recommended Minimum) provides fix information, speed over ground and Magnetic Variance information.

E x a m p l e m e s s a g e :

$GPRMC,123519.00,A,4807.038,N,01131.000,E,,,230394,,,A*6A

Where:

RMC Recommended Minimum Sentence C

SecureSync 1200 User Reference Guide 537

APPENDIX

123519.00

Fix taken at 12:35:19 UTC

A Status A=active or V=Void.

4807.038,N Latitude 48 deg 07.038' N

01131.000,E Longitude 11 deg 31.000' E

(Field not provided in this setup) (empty field)

(empty field)

230394

(Field not provided in this setup)

Date - 23rd of March 1994

(Field not provided in this setup) (empty field)

(empty field)

A

(Field not provided in this setup)

*6A

Mode Indicator: A=Autonomous, D=Differential, E=Estimated, F=Float RTK, M=Manual input, N=No fix, P=Precise, R=Real time kinematic, S=Simulator

Checksum data, always begins with *

5.4.3

NMEA ZDA Message

The Format ZDA Data message provides Date and Time information.

E x a m p l e m e s s a g e :

$GPZDA,HHMMSS.00,DD,MM,YYYY,XX,YY*CC

Where:

HHMMSS.00

DD,MM,YYYY

XX

YY

*CC

HrMinSec(UTC)

Day, Month, Year

Local zone hours -13…13

Local zone minutes 0…59

Checksum

538 SecureSync 1200 User Reference Guide

APPENDIX

5.4.4

Spectracom Format 0

Format 0 includes a time synchronization status character, day of year, time reflecting

Time Zone Offset and DST corrections when enabled. Format 0 also includes the

DST/Standard Time indicator, and the Time Zone Offset value. Format 0 data structure is shown below:

E x a m p l e m e s s a g e :

CR LF I ^ ^ DDD ^ HH:MM:SS ^ DTZ=XX CR LF

Where:

DDD

HH

:

MM

I

^

CR

LF

SS

D

TZ

XX

Carriage Return

Line Feed

Time Sync Status (space, ?, *)

Space separator

Day of Year (001-366)

Hours (00-23)

Colon separator

Minutes (00-59)

Seconds (00- 60)

Daylight Saving Time indicator (S,I,D,O)

Time Zone

Time Zone offset (00-23)

The leading edge of the first character ( CR ) marks the on-time point of the data stream.

The time synchronization status character ( I ) is defined as described below:

? When the receiver is unable to track any satellites and the time synchronization lamp is red.

* When the receiver time is derived from the battery backed clock or set manually through the

Setup Port Interface.

The Daylight Saving Time indicator ( D ) is defined as:

SecureSync 1200 User Reference Guide 539

APPENDIX

I

S During periods of Standard time for the selected DST schedule.

During the 24-hour period preceding the change into DST.

D During periods of Daylight Saving Time for the selected DST schedule.

O During the 24-hour period preceding the change out of DST.

E x a m p l e :

271 12:45:36 DTZ=08

The example data stream provides the following information:

Sync Status

Date

Time

D

Time synchronized to GNSS

Day 271

12:45:36 Pacific Daylight Time

DST, Time Zone 08 = Pacific Time

5.4.5

Spectracom Format 1

Format 1 converts the received day of year data (001-366) to a date consisting of day of week, month, and day of the month. Format 1 also contains a time synchronization status character, year, and time reflecting time zone offset and DST correction when enabled.

Available Formats 1 and 1S are very similar to each other. Most external systems utilizing

Data Format 1 will look for a single-digit day of the month for day 1 through day 9, with a space in front of each digit ( ^1, ^2, ^3 … 10, 11… ), whereas other systems need to see a two digit day of the month for all days 1 through 9 with a leading 0 instead of a space (01, 02,

03… 10, 11…).

If your device requires the two digit day of the month for days 1 through 9 (i.e. 01, 02 etc.), select Format 1.

If your device requires the single digit day of the month for days 1 through 9 (i.e. ^1,

^2, etc.), select Format 1S instead. Refer to

"Spectracom Format 1S" on page 542

for information on Format 1S.

F o r m a t 1 d a t a s t r u c t u r e :

CR LF I ^ WWW ^ DDMMMYY ^ HH:MM:SS CR LF

540 SecureSync 1200 User Reference Guide

Where:

:

HH

MM

SS

I

^

CR

LF

Carriage Return

Line Feed

Time Sync Status (space, ?, *)

Space separator

WWW Day of Week (SUN, MON, TUE, WED, THU, FRI, SAT)

DD Numerical Day of Month (01-31)

MMM

YY

Month (JAN, FEB, MAR, APR, MAY, JUN, JUL, AUG, SEP, OCT, NOV, DEC)

Year without century (99, 00, 01, etc.)

Hours (00-23)

Colon separator

Minutes (00-59)

Seconds (00-60)

The leading edge of the first character (

CR

) marks the on-time point of the data stream.

The time synchronization status character (

I

) is defined as described below:

? When the receiver is unable to track any satellites and the time synchronization lamp is red.

* When the receiver time is derived from the battery backed clock or set manually through the

Setup Port Interface.

E x a m p l e :

FRI 20APR01 12:45:36

The example data stream provides the following information:

Sync

Status

Date

Time

The clock is not time synchronized to GNSS. Time is derived from the battery backed clock or set manually

Friday, April 23, 2015

12:45:36

APPENDIX

SecureSync 1200 User Reference Guide 541

APPENDIX

5.4.6

Spectracom Format 1S

Format 1S (Space) is very similar to Format 1, with the exception of a space being the first character of Days 1 through 9 of each month (instead of the leading “0” which is present in

Format 1).

Most external systems utilizing Data Format 1 will look for a single digit day of the month for day 1 through day 9, with a space in front of each digit (^1, ^2, ^3 … 10, 11…) whereas other systems need to see a two digit day of the month for all days 1 through 9 with a leading 0 instead of a space (01, 02, 03… 10, 11…).

If your device requires the single digit day of the month for days 1 through 9 (i.e. 1, 2, etc.), select Format 1S.

If your device requires the two digit day of the month for days 1 through 9 (i.e. 01,

02, etc.), select Format 1 instead. Refer to

"Spectracom Format 1" on page 540

for information on Format 1.

E x a m p l e m e s s a g e :

CR LF I ^ WWW ^ DDMMMYY ^ HH:MM:SS CR LF

Where:

:

HH

MM

SS

I

^

CR

LF

Carriage Return

Line Feed

Time Sync Status (space, ?, *)

Space separator

WWW Day of Week (SUN, MON, TUE, WED, THU, FRI, SAT)

DD Numerical Day of Month (1-31)

MMM

YY

Month (JAN, FEB, MAR, APR, MAY, JUN, JUL, AUG, SEP, OCT, NOV, DEC)

Year without century (99, 00, 01, etc.)

Hours (00-23)

Colon separator

Minutes (00-59)

Seconds (00-60)

The leading edge of the first character (

CR

) marks the on-time point of the data stream.

542 SecureSync 1200 User Reference Guide

APPENDIX

The time synchronization status character (

I

) is defined as described below:

? When the receiver is unable to track any satellites and the time synchronization lamp is red.

* When the receiver time is derived from the battery backed clock or set manually through the

Setup Port Interface.

E x a m p l e :

FRI 20APR15 12:45:36

The example data stream provides the following information:

Sync

Status

Date

Time

The clock is not time synchronized to GNSS. Time is derived from the battery backed clock or set manually.

Friday April, 23, 2015

12:45:36

5.4.7

Spectracom Format 2

This format provides a time data stream with millisecond resolution. The Format 2 data stream consists of indicators for time synchronization status, time quality, leap second and

Daylight Saving Time. Time data reflects UTC time and is in the 24-hour format. Format 2 data structure is shown below:

Note: Format 2 cannot be configured for a Time Zone Offset or with automatic Daylight Saving Time adjustment. Attempting to configure a Local clock using Data Format 2 with either a Time Zone Offset or automatic

DST rule will result in an error message.

E x a m p l e m e s s a g e :

CR LF IQYY ^ DDD ^ HH:MM:SS.SSS ^ LD

Where:

SecureSync 1200 User Reference Guide 543

APPENDIX

L

D

.

SSS

:

MM

:

SS

YY

^

DDD

HH

I

Q

CR

LF

Carriage Return

Line Feed

Time Sync Status (space, ?, *)

Quality Indicator (space, A, B, C, D)

Year without century (99, 00, 01, etc.)

Space separator

Day of Year (001-366)

Hours (00-23 UTC time)

Colon separator

Minutes (00-59)

Colon separator

(00-60)

Decimal separator

Milliseconds (000-999)

Leap Second indicator (space, L)

Daylight Saving Time Indicator (S,I,D,O)

The leading edge of the first character ( CR ) marks the on-time point of the data stream.

The time synchronization status character (

I

) is defined as described below:

? When the receiver is unable to track any satellites and the time synchronization lamp is red.

* When the receiver time is derived from the battery backed clock or set manually through the

Setup Port Interface.

The quality indicator ( Q ) provides an inaccuracy estimate of the output data stream. When the receiver is unable to track any GNSS satellites, a timer is started.

"Quality indicators" on the facing page

lists the quality indicators and the corresponding error estimates based upon the GNSS receiver 1PPS stability, and the time elapsed tracking no satellites. The

Tracking Zero Satellites timer and the quality indicator reset when the receiver reacquires a satellite.

544 SecureSync 1200 User Reference Guide

APPENDIX

Quality Time (hours) TXCO Error (milliseconds)

OCXO Error

(milliseconds)

Rubidium Error

(microseconds)

B

C

Space Lock

A <10

D

<100

<500

>500

<1

<10

<100

<500

>500

<0.01

<0.72

<7.2

<36

>36

<0.3

<1.8

<18

<90

>90

Table 5-28: Quality indicators

The leap second indicator (L) is defined as:

(Space) When a leap second correction is not scheduled for the end of the month.

L When a leap second correction is scheduled for the end of the month.

The Daylight Saving Time indicator (D) is defined as:

S During periods of Standard time for the selected DST schedule.

I During the 24-hour period preceding the change into DST.

D During periods of Daylight Saving Time for the selected DST schedule.

O During the 24-hour period preceding the change out of DST.

E x a m p l e :

?A15 271 12:45:36.123 S

The example data stream provides the following information:

Sync

Status

Date

Time

The clock has lost GNSS time sync. The inaccuracy code of “A” indicates the expected time error is <10 milliseconds.

Day 271 of year 2015.

12:45:36 UTC time, Standard time is in effect.

SecureSync 1200 User Reference Guide 545

APPENDIX

5.4.8

Spectracom Format 3

Format 3 provides a format identifier, time synchronization status character, year, month, day, time with time zone and DST corrections, time difference from UTC, Standard time/DST indicator, leap second indicator and on-time marker. The Format 3 data structure is shown below:

E x a m p l e m e s s a g e :

FFFFI^YYYYMMDD^HHMMSS±HHMMD L # CR LF

Where:

MM

DD

HH

MM

I

FFFF Format Identifier (0003)

Time Sync Status (Space, ?, *)

^ Space separator

YYYY Year (1999, 2000, 2001, etc.)

Month Number (01-12)

Day of the Month (01-31)

Hours (00-23)

Minutes (00-59)

L

#

CR

LF

SS

±

Seconds (00-60)

Positive or Negative UTC offset (+,-) Time Difference from UTC

HHMM UTC Time Difference Hours Minutes (00:00-23:00)

D Daylight Saving Time Indicator (S,I,D,O)

Leap Second Indicator (space, L)

On time point

Carriage Return

Line Feed

The time synchronization status character ( I ) is defined as described below:

? When the receiver is unable to track any satellites and the time synchronization lamp is red.

* When the receiver time is derived from the battery backed clock or set manually through the

Setup Port Interface.

546 SecureSync 1200 User Reference Guide

APPENDIX

The time difference from UTC, ±HHMM, is selected when the Serial Com or Remote port is configured. A time difference of -0500 represents Eastern Time. UTC is represented by

+0000.

The Daylight Saving Time indicator ( D ) is defined as:

S During periods of Standard time for the selected DST schedule.

I During the 24-hour period preceding the change into DST.

D During periods of Daylight Saving Time for the selected DST schedule.

O During the 24-hour period preceding the change out of DST.

The leap second indicator ( L ) is defined as:

(Space) When a leap second correction is not scheduled for the end of the month.

L When a leap second correction is scheduled for the end of the month.

E x a m p l e :

0003 20150415 124536-0500D #

The example data stream provides the following information:

Data Format 3

Sync Status Day 271 of year 2015.

Date

Time

April 15, 2015.

12:45:36 EDT (Eastern Daylight Time). The time difference is 5 hours behind UTC.

Leap Second No leap second is scheduled for this month.

5.4.9

Spectracom Format 4

Format 4 provides a format indicator, time synchronization status character, modified

Julian date, time reflecting UTC with 0.1 millisecond resolution and a leap second indicator.

Format 4 data structure is shown below:

E x a m p l e :

FFFFIMJDXX^HHMMSS.SSSS^L CR LF

SecureSync 1200 User Reference Guide 547

APPENDIX

Where:

I

FFFF

MJDXX

^

HH

MM

SS.SSSS

L

CR

LF

Format Identifier (0004)

Time Sync Status (Space, ?, *)

Modified Julian Date

Space separator

Hours (00-23 UTC time)

Minutes (00-59)

Seconds (00.0000-60.0000)

Leap Second Indicator (space, L)

Carriage Return

Line Feed

The start bit of the first character marks the on-time point of the data stream.

The time synchronization status character (

I

) is defined as described below:

? When the receiver is unable to track any satellites and the time synchronization lamp is red.

* When the receiver time is derived from the battery backed clock or set manually through the

Setup Port Interface.

The leap second indicator ( L ) is defined as:

(Space) When a leap second correction is not scheduled for the end of the month.

L When a leap second correction is scheduled for the end of the month.

E x a m p l e :

0004 50085 124536.1942 L

The example data stream provides the following information:

Data format

Sync Status

Modified Julian Date

4

Time synchronized to GNSS.

50085

548 SecureSync 1200 User Reference Guide

APPENDIX

Time

Leap Second

12:45:36.1942 UTC

A leap second is scheduled at the end of the month.

5.4.10

Spectracom Format 7

This format provides a time data stream with millisecond resolution. The Format 7 data stream consists of indicators for time synchronization status, leap second and Daylight Saving Time. Time data reflects UTC time and is in the 24-hour format. Format 7 data structure is shown below:

Note: Format 7 cannot be configured for a Time Zone Offset or with automatic Daylight Saving Time adjustment. Attempting to configure a Local clock using Data Format 7 with either a Time Zone Offset or automatic

DST rule will result in an error message.

E x a m p l e m e s s a g e :

CR LF I^YY^DDD^HH:MM:SS.SSSL^D CR LF

Where:

^

DDD

:

HH

CR

LF

I

YY

.

MM

SS

Carriage Return

Line Feed

Time Sync Status (space, ?, *)

Year without century (99, 00, 01, etc.)

Space separator

Day of Year (001-366)

Hours (00-23 UTC time)

Colon separator

Minutes (00-59)

Seconds (00-60)

Decimal Separator

SecureSync 1200 User Reference Guide 549

APPENDIX

SSS

L

D

Milliseconds (000-999)

Leap Second Indicator (space, L)

Daylight Saving Time Indicator (S,I,D,O)

The leading edge of the first character ( CR ) marks the on-time point of the data stream.

The time synchronization status character (

I

) is defined as described below:

? When the receiver is unable to track any satellites and the time synchronization lamp is red.

* When the receiver time is derived from the battery backed clock or set manually through the

Setup Port Interface.

The leap second indicator ( L ) is defined as:

(Space) When a leap second correction is not scheduled for the end of the month.

L When a leap second correction is scheduled for the end of the month.

The Daylight Saving Time indicator (D) is defined as:

I

S During periods of Standard time for the selected DST schedule.

During the 24-hour period preceding the change into DST.

D During periods of Daylight Saving Time for the selected DST schedule.

O During the 24-hour period preceding the change out of DST.

E x a m p l e :

? 15 271 12:45:36.123 S

The example data stream provides the following information:

Sync Status

Date

Time

The clock has lost GNSS time sync.

Day 271 of year 2015.

12:45:36 UTC time, Standard time is in effect.

5.4.11

Spectracom Format 8

Format 8 includes a time synchronization status character, the four digit year, day of year, time reflecting Time Zone Offset and DST corrections when enabled. Format 8 also

550 SecureSync 1200 User Reference Guide

APPENDIX includes the DST/Standard Time indicator, and the Time Zone Offset value. Format 8 data structure is shown below:

E x a m p l e :

CR LF I ^ ^YYYY^ DDD ^ HH:MM:SS ^ D+XX CR LF or

CR LF I ^ ^YYYY^ DDD ^ HH:MM:SS ^ D-XX CR LF

Where:

MM

SS

D

XX

^

DDD

:

HH

CR

LF

I

YYYY

Carriage Return

Line Feed

Time Sync Status (space, ?, *)

Four digit year indication

Space separator

Day of Year (001-366)

Hours (00-23)

Colon separator

Minutes (00-59)

Seconds (00-60)

Daylight Saving Time indicator (S,I,D,O)

Time Zone Switch Setting (±00…12)

The leading edge of the first character ( CR ) marks the on-time point of the data stream.

Time sync status character ( I ) is described below:

(Space) When SecureSync is synchronized to UTC source.

* When SecureSync time is set manually.

?

When SecureSync has not achieved or has lost synchronization to UTC source.

The time and date can be set to either local time or UTC time, depending upon the configuration of the output port.

SecureSync 1200 User Reference Guide 551

APPENDIX

5.4.12

Spectracom Format 9

Format 9 provides Day-of-Year and Time information.

E x a m p l e m e s s a g e :

<SOH>DDD:HH:MM:SSQ<CR><LF>

Where:

SOH Start of header (ASCII Character 1)

DDD Day of Year (001-366)

: Colon Separator

HH Hours (00-23)

MM Minutes (00-59)

SS Seconds (00-59) (00-60 for leap second)

Q

Q

Time Sync Status [as INPUT] space = SYNC

‘.’ = SYNC

‘*’=NOT IN SYNC

‘#’ = NOT IN SYNC

“?” = NOT IN SYNC

Time Sync Status [as OUTPUT] space = Time error is less than time quality flag 1's threshold (TFOM < or = 3)

“.” = Time error has exceeded time quality flag 1's threshold (TFOM = 4)

“*” = Time error has exceeded time quality flag 2's threshold (TFOM = 5)

“#” = Time error has exceeded time quality flag 3's threshold (TFOM = 6)

“?” = Time error has exceeded time quality flag 4's threshold OR a reference source is unavailable (TFOM >=7)

CR Carriage Return (ASCII Character 13)

LF Line Feed (ASCII Character 10)

The leading edge of the first character (

CR

) marks the on-time point of the data stream.

5.4.12.1

Format 9S

Format 9S is a variation of ASCII Format 9 that uses Sysplex compatible fields indicating sychronization status:

552 SecureSync 1200 User Reference Guide

APPENDIX

FL_SYNC_SYS_REF_NONE ('X')

FL_SYNC_SYS_REF_YES (' ')

FL_SYNC_SYS_REF_LOST ('F')

5.4.13

Spectracom Epsilon Formats

Never been in sync

In sync with a reference

Out of sync, lost reference

5.4.13.1

Spectracom Epsilon TOD 1

This message corresponds to the TOD 1 format provided by EPSILON 2S/3S Series products on RS232/422 ports.

The structure of this format is as follows:

<space>DD/MM/YYYY<space>HH:MM:SST(CR)(LF)

Length=23 bytes

Where:

:

MM

:

SS

T

(CR)

(LF)

<space>

DD

</>

MM

</>

YYYY

<space>

HH separator

2-digit Day of month separator

2-digit Month separator

4-digit Year separator

2-digit Hour separator

2-digit Minutes separator

2-digit Seconds

1-digit Timescale ( 'N' None, 'G' GPS, 'U' UTC, 'A' TAI, 'L' Local, 'M' Manual)

Carriage Return (ASCII Character 13 0x0D)

Line Feed (ASCII Character 10 0x0A)

SecureSync 1200 User Reference Guide 553

APPENDIX

5.4.13.2 Spectracom Epsilon TOD 3

This message corresponds to the TOD 3 format provided by EPSILON 2S/3S Series products on RS232/422 ports.

The structure of this format is as follows:

<space>DOY/YYYY<space>HH:MM:SS<space>T(CR)(LF)

Length=22 bytes

Where:

:

MM

:

SS

T

(CR)

(LF)

<space>

DOY

</>

YYYY

</>

YYYY

<space>

HH separator

3-digit Day of year separator

4-digit Year separator

4-digit Year separator

2-digit Hour separator

2-digit Minutes separator

2-digit Seconds

1-digit Timescale ( 'N' None, 'G' GPS, 'U' UTC, 'A' TAI, 'L' Local, 'M' Manual)

Carriage Return (ASCII Character 13 0x0D)

Line Feed (ASCII Character 10 0x0A)

5.4.14

BBC Message Formats

5.4.14.1

Format BBC-01

This format is based on string ASCII characters, and is sent once per second. It provides year, month, day, day of week, day of month, hours, minutes, and seconds.

Number of characters: 24 (including CRLF and '.')

554 SecureSync 1200 User Reference Guide

APPENDIX

E x a m p l e m e s s a g e :

T:ye:mo:da:dw:ho:mi:sc

Where: dw ho mi sc

T ye mo da

Indicates the synchronous moment for the time setting.

Year (00-99)

Month (01-12)

Day of month (01-31)

Day of week (01=Monday to 7=Sunday)

Hours (00-23)

Minutes (00-59)

Seconds (00-59)

5.4.14.2 Format BBC-02

This is a hexadecimal frame/message sent twice per second. The message should be sent such that the final “99” occurs at 0 msec and 500 msec.

Number of bytes: 26

Format:

START Year Month Day Hour Min Sec.

AA AA 07 DA 06 16 13 59 01

Millisecond

02 BA

Time

Zone

Daylight

Leapsecond

Sign

Leapsecond

Month

80 00 00 00 00

GPS Second GPS to UTC Offset Check-sum END

09 3A 7E 12 FE 99 99

Leapsecond

Zone

00

GPS

Week

1A 2A

SecureSync 1200 User Reference Guide 555

APPENDIX

Where:

Leap Second Sign:

01=Positive

FF=Negative

00=No leap second

Leap Second Month:

00=None scheduled

03=March

06=June

09=September

0C=December

Leap Second Zone:

0=Out of zone

1=Within zone

Zone is 15 minutes before to 15 minutes after a leap second.

GPS Week:

Up to FFFF

GPS Second:

Second of week 000000 up to 093A7F (604799 decimal)

GPS to UTC offset:

2’s complement binary signed integer, seconds

Checksum:

Sum of all bytes up to and including the checksum (sum includes the AAAA start identifier but excludes the 9999 end identifier)

556 SecureSync 1200 User Reference Guide

APPENDIX

5.4.14.3 Format BBC-03 PSTN

The third format is a string ASCII characters and is sent on a received character.

The message should be advanced by an appropriate number such that the stop bit of each

< CR > occurs at the start of the next second. For example, at 300 baud, 8 data bits, 1 stop bit, and no parity, each byte takes 10/300 s=33 ms, so the < CR > byte should be advanced by 33 ms in order for the < CR >’s stop bit to line up with the start of the next second.

Time information is available in UTC format or UK TOD format.

‘t’ command

Input format: t<CR>

Output format:

Current Second Second + 1 Second + 2 Second + 3

<CR> HHMMSS<CR> HHMMSS<CR> HHMMSS<CR>

Number of characters: 7 (including CR)

Each HHMMSS filed refers to the time at the start of the next second. The data transmitted by SecureSync is timed so that the stop bit of each < CR > ends at the start of the next second.

‘d’ command

SecureSync transmits the date on request.

Input format: d<CR>

Output format: YYMMDD<CR>

Number of output characters: 7 (including CR)

‘s’ command

SecureSync transmits the status information on request.

Input format: s<CR>

Output Format: status

Number of output characters: 1

Where returned, values for status are:

SecureSync 1200 User Reference Guide 557

APPENDIX

G

= System Good

D

= Failure of SecureSync internal diagnostics

T

= SecureSync does not have correct time

‘l’ command

The loopback command will cause SecureSyncto echo the next character received back to the caller. This may be used by a caller’s equipment to calculate the round trip delay across the PSTN connection in order to apply a correction to the received time data.

Input format: l<CR>

Output format: (Next character received)

‘hu’ command

The hang up command will cause SecureSync to drop the line immediately and terminate the call.

Input format: hu<CR>

5.4.14.4 Format BBC-04

This format is a string of ASCII characters and is sent once per second.

Number of characters: 18 (including CRLF)

E x a m p l e m e s s a g e :

T:ho:mi:sc:dw:da:mo:ye:lp:cs<CR><LF> ho mi sc dw

Where:

T Indicates the synchronous moment for the time setting.

Hours (00-23)

Minutes (00-59)

Seconds (00-59)

Day of week (01=Monday to 7=Sunday)

558 SecureSync 1200 User Reference Guide

APPENDIX da mo ye lp cs

Day of month (01-31)

Month (01-12)

Year (00-99)

0 (for 60s, no leap) or 1 (for 61s, leap)

Checksum. This is calculated from the start of the message, including start identifier and excluding CRLF. It is created by adding all the 1s.

If the sum is even, 0 is returned. If the sum is odd, 1 is returned. This is mathematically the same as sequentially running an XOR on each bit of each byte.

Standard Serial configuration is:

RS-232 format

9600 baud

8 data bits

1 stop bit

No parity

5.4.14.5 Format BBC-05 (NMEA RMC Message)

The NMEA Message Format RMC, (Recommended Minimum) provides fix information, speed over ground and Magnetic Variance information. Note that this RMC Message is not

100% identical to the official NMEA RMC MESSAGE (that corresponds to the 3.01 NMEA

0183 standard and is another time code format supported by SecureSync.)

The BBC RMC message (BBC-05) corresponds to Version 2 of the NMEA 0183 standard, following the description below:

E x a m p l e m e s s a g e :

$GPRMC,123519,A,4807.038,N,01131.000,E,022.4,084.4,230394,003.1,W*6A

Where:

RMC Recommended Minimum sentence C

SecureSync 1200 User Reference Guide 559

APPENDIX

123519

A

Fix taken at 12:35:19 UTC

Status: A=active or V=Void.

4807.038,N Latitude 48 deg 07.038' N

01131.000,E Longitude 11 deg 31.000' E

22.4

84.4

230394

003.1,W

*6A

Speed over the ground in knots

Track angle in degrees True

Date—23rd of March 1994

Magnetic Variation

The checksum data, always begins with *

5.4.15

GSSIP Message Format

The GSSIP 1 format includes 3  ICD-GPS-153C messages which are used to support emulation of a SAASM GPS used in a SINCGARS interface. The messages are the Buffer Box

(253), Time Transfer (5101), and the Current Status (5040).

The ICD-GPS-153C protocol defines the format of these messages. The Current Status and Time Transfer are sent once per second (1Hz). The Buffer Box is sent once every 6 seconds (1/6 Hz).

The purpose of these three messages is to emulate a SINCGARS interface connection to a

SAASM GPS. SecureSync generates these messages emulating the Time and 1PPS transfer behavior of the SINCGARS interface. An external device compatible with the

SINCGARS interface can attach to an ASCII Output from SecureSync and receive time and 1PPS as if communicating with and ICD-GPS-153C compatible SAASM GPS.

These commands are emulated only and contain only time information; position and velocity information is zeroed out. No controlled data is included in the messages, hence no

SAASM GPS receiver is required.

The ASCII Output supports two configurations for supporting SINCGARS:

A configuration of Time Transfer as Message Format1 and Current Status as Format2 causes the SINCGARS protocol to be emulated and the machine state to be initializated.

1 GSSIP = GPS STANDARD SERIAL INTERFACE PROTOCOL

560 SecureSync 1200 User Reference Guide

APPENDIX

Format1 : Time Transfer (5101)

Format2 : Current Status (5040)

Format3 : Buffer Box (253)

A configuration of Current Status as Message Format1 and Time Transfer as Format2 results in broadcasting of the messages Current Status (1Hz), Time Transfer (1Hz), and Buffer

Box (1/6Hz) at their default rates.

Format1 : Current Status (5040)

Format2 : Time Transfer (5101)

Format3 : Buffer Box (253)

5.4.16

EndRun Formats

The following formats provide compatibility with EndRun technology.

5.4.16.1

EndRun Time Format

E x a m p l e m e s s a g e :

T YYYY DDD HH:MM:SS zZZ m<CR><LF>

Where:

:

HH

MM

SS

T Time Figure of Merit character (TFOM), limited to the range 6 to 9:

9 indicates error >±10 milliseconds, or unsynchronized condition

8 indicates error <±10 milliseconds

7 indicates error <±1 millisecond

6 indicates error <±100 microseconds

YYYY Year

DDD Day of Year (001-366)

Hour of the day (00-23)

Colon Separator

Minutes of the hour

Seconds (00-59), (00-60 for leap second)

SecureSync 1200 User Reference Guide 561

APPENDIX z

ZZ m

CR

LF

The sign of the offset to UTC, + implies time is ahead of UTC

The magnitude of the offset to UTC in units of half-hours.

If ZZ = 0, then z = +

Time mode character, is one of:

G = GPS

L = Local

U = UTC

T = TAI

Carriage Return

Line Feed

5.4.16.2 EndRunX (Extended) Time Format

The EndRunX format is identical to the EndRun format, with the addition of two fields: the current leap second settings and the future leap second settings.

T h e f o l l o w i n g e x a m p l e m e s s a g e s t r i n g i s s e n t o n c e e a c h s e c o n d :

T YYYY DDD HH:MM:SS zZZ m CC FF<CR><LF>

Where:

:

HH

MM

SS z

T Time Figure of Merit character (TFOM), limited to the range 6 to 9:

9 indicates error >±10 milliseconds, or unsynchronized condition

8 indicates error <±10 milliseconds

7 indicates error <±1 millisecond

6 indicates error <±100 microseconds

YYYY Year

DDD Day of Year (001-366)

Hour of the day (00-23)

Colon Separator

Minutes of the hour

Seconds (00-59), (00-60 for leap second)

The sign of the offset to UTC, + implies time is ahead of UTC

562 SecureSync 1200 User Reference Guide

APPENDIX

ZZ m

CC

FF

CR

LF

The magnitude of the offset to UTC in units of half-hours.

If ZZ = 0, then z = +

Time mode character, is one of:

G = GPS

L = Local

U = UTC

T = TAI

The current leap seconds

The future leap seconds, which will show a leap second pending

24 hours in advance

Carriage Return

Line Feed

5.5

IRIG Standards and Specifications

5.5.1

About the IRIG Output Resolution

The IRIG output signals are generated from SecureSync's System Time, which can be synced to one or more external input references (such as GPS, IRIG, PTP, etc). The accuracy of the System time to true UTC time is dependent upon what the selected external reference is (with GPS typically being the most accurate reference for the system to sync with).

IRIG AM synchronization of a device to its IRIG source is typically measured in the tens of microseconds, while synchronization using a IRIG DCLS signal can typically provide around

100 nanoseconds or so (plus the cable delays between SecureSync and the other device, as well as the processing delays of the other system itself).

IRIG AM functionality is available through an option card.

Note that all IRIG outputs has its own available ‘offset’ capability, which is configurable via

SecureSync’s Web UI, to help account for cabling and processing delays of the device each output is connected with.

5.5.2

IRIG Carrier Frequencies

Each IRIG code specifies a carrier frequency that is modulated to encode date and time, as well as control bits to time-stamp events. Initially, IRIG applications were primarily military and government associated. Today, IRIG is commonly used to synchronize voice loggers,

SecureSync 1200 User Reference Guide 563

APPENDIX recall recorders, and sequential event loggers found in emergency dispatch centers and power utilities.

Table 5-29: Available IRIG output signals

Format Encoding Modulation Carrier Coded Expressions Bit rate

Time Frame

Interval

IRIG-A A000 DCLS N/A

IRIG-A

BCD

TOY

, CF and SBS 0.1 sec

IRIG-A A001

IRIG-A A002

IRIG-A A003

IRIG-A A004

IRIG-A A005

IRIG-A A006

IRIG-A A007

IRIG-A A130

IRIG-A A131

IRIG-A A132

IRIG-A A133

IRIG-A A134

IRIG-A A135

IRIG-A A136

DCLS

DCLS

DCLS

DCLS

DCLS

DCLS

DCLS

AM

AM

AM

AM

AM

AM

AM

N/A

N/A

N/A

N/A

N/A

N/A

BCD

TOY

, CF

BCD

TOY

BCD

TOY

, SBS

BCD

TOY

, BCD

YEAR

, CF and SBS

BCD

TOY

, BCD

YEAR

, and

CF

BCD

TOY

, BCD

YEAR

N/A BCD

TOY

, BCD

YEAR

, and

SBS

10 kHz BCD

TOY

, CF and SBS

10 kHz BCD

TOY

, CF

10 kHz BCD

TOY

10 kHz BCD

TOY

, SBS

10 kHz BCD

TOY

, BCD

YEAR

, CF and SBS

10 kHz BCD

TOY

, BCD

YEAR

, and

CF

10 kHz BCD

TOY

, BCD

YEAR

1000 pps

1000 pps

1000 pps

1000 pps

1000 pps

1000 pps

1000 pps

1000 pps

1000 pps

1000 pps

1000 pps

1000 pps

1000 pps

1000 pps

1000 pps

0.1 sec

0.1 sec

0.1 sec

0.1 sec

0.1 sec

0.1 sec

0.1 sec

0.1 sec

0.1 sec

0.1 sec

0.1 sec

0.1 sec

0.1 sec

0.1 sec

564 SecureSync 1200 User Reference Guide

Format Encoding Modulation Carrier

IRIG-A A137 AM

IRIG-B B000

IRIG-B B001

IRIG-B B002

IRIG-B B003

IRIG-B B004

IRIG-B B005

IRIG-B B006

IRIG-B B007

IRIG-B B120

IRIG-B B121

IRIG-B B122

IRIG-B B123

IRIG-B B124

IRIG-B B125

IRIG-B B126

IRIG-B B127

IRIG-E E000

IRIG-E E001

IRIG-E E002

IRIG-E E003

DCLS

DCLS

DCLS

AM

AM

AM

AM

AM

DCLS

DCLS

DCLS

DCLS

DCLS

AM

AM

AM

DCLS

DCLS

DCLS

DCLS

Coded Expressions

N/A

N/A

N/A

N/A

1 kHz

1 kHz

1 kHz

1 kHz

1 kHz

10 kHz BCD

TOY

, BCD

YEAR

, and

SBS

IRIG-B

N/A

N/A

N/A

N/A

N/A

N/A

N/A

N/A

1 kHz

BCD

TOY

, CF and SBS

BCD

TOY

, CF

BCD

TOY

BCD

TOY

, SBS

BCD

TOY

, BCD

YEAR

, CF and SBS

BCD

TOY

, BCD

YEAR

, and

CF

BCD

TOY

, BCD

YEAR

BCD

TOY

, BCD

YEAR

, and

SBS

BCD

TOY

, CF and SBS

BCD

TOY

, CF

BCD

TOY

BCD

TOY

, SBS

BCD

TOY

, BCD

YEAR

, CF and SBS

BCD

TOY

, BCD

YEAR

, and

CF

1 kHz

1 kHz

BCD

TOY

, BCD

YEAR

BCD

TOY

, BCD

YEAR

, and

SBS

IRIG-E

BCD

TOY

, CF and SBS

BCD

TOY

, CF

BCD

TOY

BCD

TOY

, SBS

Bit rate

1000 pps

Time Frame

Interval

0.1 sec

100 pps 1 sec

100 pps 1 sec

100 pps 1 sec

100 pps 1 sec

100 pps 1 sec

100 pps 1 sec

100 pps 1 sec

100 pps 1 sec

100 pps 1 sec

100 pps 1 sec

100 pps 1 sec

100 pps 1 sec

100 pps 1 sec

100 pps 1 sec

100 pps 1 sec

100 pps 1 sec

10 pps 1 sec

10 pps 1 sec

10 pps 1 sec

10 pps 1 sec

APPENDIX

SecureSync 1200 User Reference Guide 565

APPENDIX

Format Encoding Modulation Carrier

IRIG-E E004 DCLS

IRIG-E E005

IRIG-E E006

IRIG-E E007

IRIG-E E110

IRIG-E E111

IRIG-E E112

IRIG-E E113

IRIG-E E114

IRIG-E E115

IRIG-E E116

IRIG-E E117

IRIG-E E120

IRIG-E E121

IRIG-E E122

IRIG-E E123

IRIG-E E124

IRIG-E E125

IRIG-E E126

IRIG-E E127

DCLS

DCLS

DCLS

AM

AM

AM

AM

AM

AM

AM

AM

AM

AM

AM

AM

AM

AM

AM

AM

Coded Expressions

N/A

N/A

BCD

TOY

, BCD

YEAR

, CF and SBS

BCD

TOY

, BCD

YEAR

, and

CF

N/A

N/A

BCD

TOY

, BCD

YEAR

BCD

TOY

, BCD

YEAR

, and

SBS

100 Hz BCD

TOY

, CF and SBS

100 Hz BCD

TOY

, CF

100 Hz BCD

TOY

100 Hz BCD

TOY

, SBS

100 Hz BCD

TOY

, BCD

YEAR

, CF and SBS

100 Hz BCD

TOY

, BCD

YEAR

, and

CF

100 Hz BCD

TOY

, BCD

YEAR

100 Hz BCD

TOY

, BCD

YEAR

, and

SBS

100 Hz BCD

TOY

, CF and SBS

1kHz BCD

TOY

, CF

1kHz

1kHz

BCD

TOY

BCD

TOY

, SBS

1kHz BCD

TOY

, BCD

YEAR

, CF and SBS

1kHz BCD

TOY

, BCD

YEAR

, and

CF

1kHz

1kHz

BCD

TOY

, BCD

YEAR

BCD

TOY

, BCD

YEAR

, and

SBS

IRIG-G

Bit rate

Time Frame

Interval

10 pps 1 sec

10 pps 1 sec

10 pps 1 sec

10 pps 1 sec

10 pps 1 sec

10 pps 1 sec

10 pps 1 sec

10 pps 1 sec

10 pps 1 sec

10 pps 1 sec

10 pps 1 sec

10 pps 1 sec

10 pps 1 sec

10 pps 10 sec

10 pps 10 sec

10 pps 10 sec

10 pps 10 sec

10 pps 10 sec

10 pps 10 sec

10 pps 10 sec

566 SecureSync 1200 User Reference Guide

APPENDIX

Format Encoding Modulation Carrier

IRIG-G G001 DCLS N/A

Coded Expressions

BCD

TOY

, CF

IRIG-G G002

IRIG-G G005

IRIG-G G006

IRIG-G G141

IRIG-G G142

IRIG-G G145

IRIG-G G146

DCLS

DCLS

DCLS

AM

AM

AM

AM

N/A

N/A

N/A

BCD

TOY

BCD

TOY

, BCD

YEAR

, and

CF

BCD

TOY

, BCD

YEAR

100 kHz BCD

TOY

, CF

100 kHz BCD

TOY

100 kHz BCD

TOY

, BCD

YEAR

, and

CF

100 kHz BCD

TOY

, BCD

YEAR

Bit rate

Time Frame

Interval

10000 pps

10000 pps

10000 pps

10000 pps

10000 pps

10000 pps

10000 pps

10000 pps

10 msec

10 msec

10 msec

10 msec

10 msec

10 msec

10 msec

10 msec

1 pps

1 pps

1 sec

1 sec

100 pps 1 sec

IRIG-H H002

IRIG-H H122

N/A NASA-

36

NASA-

36

N/A

DCLS

AM

AM

DCLS

N/A

1KHz

BCD

TOY

BCD

TOY

1msec UNKNOWN

10 msec UNKNOWN 100 pps 1 sec

The Spectracom IRIG formats use the control functions for BCD year information and a

Time Sync Status bit and in format E the control functions are used for straight binary seconds (SBS). Refer to individual IRIG Time Code description figures and text. IRIG Standard 200-98 format B had 27 control bits and format E had 45 bits for control functions.

These control bits could be used for any use and there was no defined function. Spectracom used the control function element at index count 55 as the TIME SYNC STATUS and the sub-frame after position identifiers P6 and P7 as the year info and for format E the sub-frame after P8 and P9 for the straight binary seconds (SBS). The position of the BCD year information does not conform to the newer IRIG Standard 200-04. IRIG Standard

200-04 incorporated the year information after P5 and reduced the allocated control bits to 18 for format B and 36 for format E.

SecureSync 1200 User Reference Guide 567

APPENDIX

Note: DCLS is DC Level Shifted output, pulse width modulated with a position identifier having a positive pulse width equal to 0.8 of the reciprocal of the bit rate, a binary one (1) having a positive pulse width equal to 0.5 of the reciprocal of the bit rate and a binary zero (0) having a positive pulse width equal to 0.2 of the reciprocal of the bite rate.

SecureSync can provide IRIG A, IRIG B, IRIG E and IRIG G code in amplitude modulated

(AM) or pulse width coded (TTL) formats. A signature control feature may be enabled for any IRIG output. Signature control removes the modulation code when a Time Sync Alarm is asserted.

5.5.3

IRIG B Output

The IRIG B Time Code description follows.

568

Figure 5-66: IRIG B time code description

SecureSync 1200 User Reference Guide

APPENDIX

The IRIG B code contains the Binary Coded Decimal (BCD) time of year, Control Function

(CF) field and the Straight Binary Seconds time of day. The following figure illustrates the

IRIG B data structure. The BCD time of year provides the day of the year, 1-366, and the time of day including seconds. The hour of the day is expressed in 24 hour format. The

SBS time is the number of seconds elapsed since midnight. The Control Function field contains year information and a time synchronization status bit.

1.

Time frame: 1.0 seconds.

2.

Code digit weighting:

A.

Binary Coded Decimal time-of-year.

Code word - 30 binary digits.

Seconds, minutes hours, and days.

Recycles yearly.

B.

Straight Binary Seconds time-of-day.

Code word - 17 binary digits.

Seconds only, recycles daily.

3.

Code word structure:

BCD : Word seconds digits begin at index count 1. Binary coded elements occur between position identifier elements P0 and P5 (7 for seconds, 7 for minutes, 6 for hours, and 10 for days) until the code word is complete. An index marker occurs between decimal digits in each group to provide separation for visual resolution. Least significant digit occurs first.

CF : IRIG formats reserve a set of elements known as Control Functions (CF) for the encoding of various control, identification, or other special purpose functions. IRIG B has 27 Control Functions located between elements 50 and

78. The SecureSync uses the Control Functions to encode year information and time synchronization status.

The table below lists the Control Function Field and the function of each element.

Element 55 is the time synchronization status bit. Element 55 is a Binary 1 when the unit is in sync, and a Binary 0 when it is not.

Year information consists of the last two digits of the current year (i.e. 97, 98, 99 etc.). Elements 60 through 63 contain the binary equivalent of year units. Elements

65 through 68 contain the binary equivalent of tens of years. In keeping with IRIG

SecureSync 1200 User Reference Guide 569

APPENDIX formats, the least significant bit occurs first. All unused Control Functions are filled with a space (Binary 0).

SBS : Word begins at index count 80. Seventeen Straight Binary Coded elements occur with a position identifier between the 9th and 10th binary coded elements.

Least significant digit occurs first.

Pulse rates:

Element rate: 100 per second.

Position identifier rate: 10 per second.

Reference marker rate: 1 per second.

Element identification: The "on time" reference point for all elements is the pulse leading edge.

Index marker (Binary 0 or uncoded element): 2 millisecond duration.

Code digit (Binary 1): 5 millisecond duration.

Position identifier: 8 millisecond duration.

Reference marker, 1 per second. The reference marker appears as two consecutive position identifiers. The second position identifier marks the on-time point for the succeeding code word.

Resolution:

Pulse width coded signal: 10 milliseconds.

Amplitude modulated signal: 1 millisecond.

Carrier frequency: 1kHz when modulated.

Table 5-30: IRIG B control function field

C.F. Element # Digit # Function

54

55

56

50

51

52

53

5

6

7

3

4

1

2

Space

Space

Space

Space

Space

Time Sync Status

Space

570 SecureSync 1200 User Reference Guide

APPENDIX

C.F. Element # Digit #

69

70

71

72

65

66

67

68

61

62

63

64

57

58

59

60

73

74

75

76

77

78

Function

22

23

24

25

26

27

11

12

13

14

8

9

Space

Space

PID P6 Position Identifier

10 Years Units Y1

Years Units Y2

Years Units Y4

Years Units Y8

Space

15

16

17

18

Years Tens Y10

Years Tens Y20

Years Tens Y40

Years Tens Y80

PID P7 Position Identifier

19 Space

20

21

Space

Space

Space

Space

Space

Space

Space

Space

5.5.3.1

FAA IRIG B Code Description

SecureSync can be configured to provide IRIG timing, reflecting UTC or local time, with or without daylight saving time corrections. Below is a detailed description of the FAA modified IRIG B code . The FAA modified the IRIG B code by including satellite lock status and time error flags in the Control Function Field. The error flags provide an inaccuracy estimate based on the time elapsed since loss of GPS lock. In addition, the Straight Binary

SecureSync 1200 User Reference Guide 571

APPENDIX

Seconds (SBS) data was removed from the data stream. The SBS time is the number of seconds elapsed since midnight.

FAA IRIG B OUTPUT

The FAA IRIG B code contains the Binary Coded Decimal (BCD) time of year and a Control

Function (CF) field containing satellite lock status and time error flags. With the exception of the position identifiers, all remaining code elements are set to a binary 0. Figure A-1 illustrates the FAA IRIG B data structure. The BCD time of year provides the day of the year,

001-366, and the time of day including seconds. The hour of the day is expressed in 24hour format.

FAA IRIG B General Description

1.

Time frame: 1.0 seconds

2.

Pulse rates:

A.

Element rate: 100 per second

B.

Position identifier rate: 10 per second

C.

Reference marker rate: 1 per second

3.

Element identification: The "on time" reference point for all elements is the pulse leading edge.

A.

Index marker (Binary 0 or uncoded element): 2 millisecond duration

B.

Code digit (Binary 1): 5 millisecond duration

C.

Position identifier: 8 millisecond duration

D.

Reference marker, 1 per second. The reference marker appears as two consecutive position identifiers. The second position identifier marks the on-time point for the succeeding code word.

4.

Resolution: 10 milliseconds

5.

Code word structure:

BCD: Word seconds digits begin at index count 1. Binary coded elements occur between position identifier elements P0 and P5 (7 for seconds, 7 for minutes, 6 for hours, and 10 for days) until the code word is complete. An index marker occurs between decimal digits in each group to provide separation for visual resolution. Least significant digit occurs first.

572 SecureSync 1200 User Reference Guide

APPENDIX

CF: IRIG formats reserve a set of elements known as Control Functions (CF) for the encoding of various control, identification, or other special purpose functions. IRIG B has 27 Control Functions located between elements 50 and

78. The FAA IRIG B code uses five of the Control Function elements to encode satellite lock status and time error flags. For a description of the status and error flag implementation, refer to the table and the paragraphs below.

Element 53 (530 ms) is the time sync status bit. Element 53 is a Binary 1 when the receiver locked to GPS, and a Binary 0 when the receiver is not locked to

GPS.

Element 55 (550 ms) is the ±1.0 millisecond error flag. Element 55 is set to Binary 1 when the expected time error is within +/- 1.0 millisecond, and a Binary 0 during all other conditions of operation.

Element 56 (560 ms) is the ±5.0 millisecond error flag. Element 56 is set to

Binary 1 when the expected time error is within +/- 5.0 milliseconds. and a Binary 0 during all other conditions of operation.

Element 57 (570 ms) is the ±50 millisecond error flag. Element 57 is set to Binary 1 when the expected time error is within +/- 50 milliseconds, and a Binary

0 during all other conditions of operation.

Element 58 (580 ms) is the ±500 millisecond error flag. Element 58 is set to

Binary 1 when the expected time error is within ±500 milliseconds, and a Binary 0 during all other conditions of operation.

Table 5-31: FAA Time Error Indicators

Time Since Loss of Lock

N/A

< 00:16:40

00:16:41 to 01:23:39

01:23:40 to 13:53:19

13:53:20 to 5 days

18:53:19

>5 days 18:53:20

N/A

Status/Error

Locked Error < 2 μ s

Unlocked Error < 1ms

Unlocked Error < 5ms 0

Unlocked Error < 50 ms 0

1

0

0 Unlocked Error < 500 ms

Unlocked Error

Unknown

Power On

0

0

Lock Indicator

±1ms ±5ms ±50 ms ±500 ms

0

0

0

1

0

0

0

1

0

0

0

0

0

0

0

1

0

0

0

0

0

0

0

0

0

1

0

0

SecureSync 1200 User Reference Guide 573

APPENDIX

574

Figure 5-67: FAA modified IRIG B

Notes

The beginning of each 1.0 second time frame is identified by two consecutive 8.0 ms elements (P

0 and P

8

). The leading edge of the second 8.0 ms element (P

R

) is the "on time" reference point for the succeeding time code. 10 pps position identifiers P

0

, P

1

, ..... P

8

(8.0

ms duration) occur 10 ms before 10 pps "on time" and refer to the leading edge of the succeeding element.

The time code word and the control functions presented during the time frame are pulsewidth coded. The binary "zero" and index markers have a duration of 2.0 ms, and the binary "one" has a duration of 5.0 ms. The leading edge is the 100 pps "on time" reference point for all elements.

The binary coded decimal (BCD) time-of-year code word consists of 30 digits beginning at index count 1. The binary coded subword elements occur between position identifiers P

0 and P

5

(7 for seconds; 7 for minutes; 6 for hours; 10 for days) until the code word is complete. An index marker occurs between the decimal digits in each subword to provide separation for visual resolution. The least significant digit occurs first. The BCD code recycles yearly.

Twenty-seven control functions occur between position identifiers P

5 and P

8

. FAA uses this field to communicate satellite lock status and time error and indicators. The first flag element is at 530 ms which indicates satellite lock. The ±1ms error flag occurs at 550 ms.

The ±5ms error flag occurs at 560 ms. The ±50 ms error flag occurs at 570 ms. The

±500 ms error flag occurs at 580 ms.

SecureSync 1200 User Reference Guide

APPENDIX

The straight binary (SB) time-of-day code word normally found between position identifiers P

8 and P

0 is eliminated for FAA IRIG B. All elements between position identifiers P and P

0 are set to Binary 0.

8

5.5.4

IRIG E Output

The IRIG E code contains the Binary Coded Decimal (BCD) time of year and Control Functions. The figure IRIG E Time Code Description illustrates the IRIG E data structure. The

BCD time of year provides the day of year, 1-366, and time of day to tens of seconds. The hour of the day is expressed in 24 hour format. The Control Function field includes a time synchronization status bit, year information and SBS time of day.

Time frame : 10 seconds.

Code Digit Weighting :

Binary Coded Decimal time of year.

Code world - 26 binary digits.

Tens of seconds, minutes, hours, and days.

Recycles yearly.

Code Word Structure : BCD word tens of seconds digits begin at index count 6. Binary coded elements occur between position identifier elements P0 and P5 (3 for seconds, 7 for minutes, 6 for hours, and 10 for days) until the code word is complete.

An index marker occurs between decimal digits in each group to provide separation for visual resolution. Least significant digit occurs first.

Control Functions : IRIG formats reserve a set of elements known as Control Functions (CF) for the encoding of various control, identification, or other special purpose functions. IRIG E has 45 Control Functions located between elements 50 and 98.

The SecureSync uses the Control Function field to encode year data, time synchronization status, and SBS time data. Table B-2 lists the Control Function Field and each element's function.

Element 55 is the time synchronization status bit. Element 55 is a Binary 1 when the front panel time synchronization lamp is green, and a Binary 0 when the lamp is red.

Year information consists of the last two digits of the current year (i.e. 98, 99, etc.). Elements 60 through 63 contain the binary equivalent of year units. Elements 65 through 68

SecureSync 1200 User Reference Guide 575

APPENDIX contain the binary equivalent of tens of years. In keeping with IRIG formats, the least significant bit occurs first.

Elements 80 through 97 are encoded with the Straight Binary Seconds (SBS) time data.

The SBS time data is incremented in 10-second steps and recycles every 24 hours.

Pulse rates:

Element rate: 10 per second.

Position identifier rate: 1 per second.

Reference marker rate: 1 per 10 seconds.

Element identification: The "on time" reference point for all elements is the pulse leading edge.

Index marker (Binary 0 or uncoded element): 20 millisecond duration.

Code digit (Binary 1): 50 millisecond duration.

Position identifier: 80 millisecond duration.

Reference marker: 80 millisecond duration, 1 per 10 seconds. The reference marker appears as two consecutive position identifiers. The second position identifier or reference marker is the on-time point for the succeeding code word.

576

Figure 5-68: IRIG E time code description

SecureSync 1200 User Reference Guide

APPENDIX

Additional information

The beginning of each 10 second time frame is identified by two consecutive 80 ms elements (P

0 and P

R

). The leading edge of the second 80 ms element (P

R

) is the "on time" reference point for the succeeding time code. 1PPS position identifiers P

0

, P

1

… P

9

(80 ms duration) occur 0.1 s before 1PPS "on time" and refer to the leading edge of the succeeding element.

The time code word and the control functions presented during the time frame are pulsewidth coded. The binary "zero" and index markers have a duration of 20 ms, and the binary

"one" has a duration of 50 ms. The leading edge is the 10 pps "on time" reference point for all elements.

The binary coded decimal (BCD) time-of-year code word consists of 26 digits beginning at index count 6. The binary coded subword elements occur between position identifiers P

0 and P

5

(3 for seconds; 7 for minutes; 6 for hours; 10 for days) until the code word is complete. An index marker occurs between the decimal digits in each subword to provide separation for visual resolution. The least significant digit occurs first. The BCD code recycles yearly.

Forty-five control functions occur between position identifiers P

5 and P

0

. Any control function element for combination of control function elements can be programmed to read a binary "one" during any specified number of time frames. Each control element is identified on the Control Function Field Table.

Table 5-32: IRIG E control function field

BIT No. CF ELEMENT No.

FUNCTION

54

55

56

57

50

51

52

53

58

59

7

8

5

6

3

4

1

2

9

PID P6

SPACE

SPACE

SPACE

SPACE

SPACE

TIME SYNC_STATUS

SPACE

SPACE

SPACE

POSITION IDENTIFIER

SecureSync 1200 User Reference Guide 577

APPENDIX

BIT No. CF ELEMENT No.

80

81

82

83

76

77

78

79

84

85

86

87

72

73

74

75

68

69

70

71

64

65

66

67

60

61

62

63

32

33

34

35

28

29

30

31

25

26

27

PID P8

21

22

23

24

18

PID P7

19

20

14

15

16

17

10

11

12

13

FUNCTION

YEAR UNITS Y1

YEAR UNITS Y2

YEAR UNITS Y4

YEAR UNITS Y8

SPACE

YEAR TENS Y10

YEAR TENS Y20

YEAR TENS Y40

YEAR TENS Y80

POSITION IDENTIFIER

SPACE

SPACE

SPACE

SPACE

SPACE

SPACE

SPACE

SPACE

SPACE

POSITION IDENTIFIER

SBS 20

SBS 21

SBS 22

SBS 23

SBS 24

SBS 25

SBS 26

SBS 27

578 SecureSync 1200 User Reference Guide

APPENDIX

BIT No. CF ELEMENT No.

92

93

94

95

88

89

90

91

96

97

98

99

36

PID P9

37

38

39

40

41

42

43

44

45

PID P0

FUNCTION

SBS 28

POSITION IDENTIFIER

SBS 29

SBS 210

SBS 211

SBS 212

SBS 213

SBS 214

SBS 215

SBS 216

SPACE

POSITION IDENTIFIER

5.5.5

IRIG Output Accuracy Specifications

The IRIG outputs of the Spectracom Option Cards 1204-15, -1E, -22, and 1204-05, -27 deliver signals with the following 1PPS accuracy:

IRIC DCLS

Signal Category

Measured

Accuracy

IRIG A

IRIG B

IRIG G

IRIG NASA

IRIG E

30 ns

30 ns

30 ns

30 ns

30 ns

SecureSync 1200 User Reference Guide 579

APPENDIX

IRIG AM

Signal Category

Measured

Accuracy

IRIG A

IRIG B

IRIG G

IRIG NASA

IRIG E

200 ns

800 ns

200 ns

800 ns

1.5

μ s

5.6

Technical Support

To request technical support for your SecureSync unit, please go to the

"Timing

Support" page

of the Orolia website, where you can not only submit a support request, but also find additional technical documentation.

Phone support is available during regular office hours under the telephone numbers listed below.

To speed up the diagnosis of your SecureSync, please send us: the current product configuration (see

"Option Card Identification" on page 14

to find out which option cards are installed in your unit), and the events log (see

"Saving and Downloading Logs" on page 315

).

Thank you for your cooperation.

5.6.1

Regional Contact

Orolia operates globally and has offices in several locations around the world. Our main offices are listed below:

Country

France

USA

Location

Les Ulis

West Henrietta, NY

+33 (0)1 6453 3980

+1.585.321.5800

Phone

580 SecureSync 1200 User Reference Guide

APPENDIX

Table 5-33: Orolia contact information

Additional regional contact information can be found on the lia website.

Contact Us page

of the Oro-

5.7

Return Shipments

Please contact Orolia Technical Support before returning any equipment to Orolia. Technical Support must provide you with a Return Material Authorization Number (RMA#) prior to shipment.

When contacting Technical Support, please be prepared to provide your equipment serial number(s) and a description of the failure symptoms or issues you would like resolved.

Freight to Orolia is to be prepaid by the customer.

Note: Should there be a need to return equipment to Orolia, it must be shipped in its original packing material. Save all packaging material for this purpose.

5.8

License Notices

5.8.1

NTPv4.2.8p12

Copyright Notice jpg "Clone me," says Dolly sheepishly.

Last update: 2-Jan-2017 11:58 UTC

_______________________________________________________

The following copyright notice applies to all files collectively called the Network Time Protocol Version 4 Distribution. Unless specifically declared otherwise in an individual file, this entire notice applies as if the text was explicitly included in the file.

***********************************************************************

* Copyright (c) University of Delaware 1992-2015 

Permission to use, copy, modify, and distribute this software and its documentation for any purpose with or without fee is hereby granted, provided that the above copyright notice

SecureSync 1200 User Reference Guide 581

APPENDIX appears in all copies and that both the copyright notice and this permission notice appear in supporting documentation, and that the name University of Delaware not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. The University of Delaware makes no representations about the suitability this software for any purpose. It is provided "as is" without express or implied warranty.

***********************************************************************

Content starting in 2011 from Harlan Stenn, Danny Mayer, and Martin Burnicki is:

Copyright (c) Network Time Foundation 2011-2017

All Rights Reserved

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1.

Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

2.

Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

THIS SOFTWARE IS PROVIDED BY THE AUTHORS "AS IS" AND ANY EXPRESS OR

IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED

WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE

LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR

CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT

OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR

BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,

WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR

OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF

ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

***********************************************************************

The following individuals contributed in part to the Network Time  Protocol Distribution Version 4 and are acknowledged as authors of this work.

1.

Takao Abe <takao_abe(at)xurb.jp> Clock driver for JJY receivers

2.

Mark Andrews <mark_andrews(at)isc.org> Leitch atomic clock controller

3.

Bernd Altmeier <altmeier(at)atlsoft.de> hopf Elektronik serial line and PCI-bus devices

582 SecureSync 1200 User Reference Guide

APPENDIX

4.

Viraj Bais <vbais(at)mailman1.intel.com> and Clayton Kirkwood <kirkwood(at)striderfm.intel.com> port to WindowsNT 3.5

5.

Michael Barone <michael,barone(at)lmco.com> GPSVME fixes

6.

Karl Berry <karl(at)owl.HQ.ileaf.com> syslog to file option

7.

Greg Brackley <greg.brackley(at)bigfoot.com> Major rework of WINNT port. Clean up recvbuf and iosignal code into separate modules.

8.

Marc Brett <Marc.Brett(at)westgeo.com> Magnavox GPS clock driver

9.

Piete Brooks <Piete.Brooks(at)cl.cam.ac.uk> MSF clock driver, Trimble PARSE support

10.

Nelson B Bolyard <nelson(at)bolyard.me> update and complete broadcast and crypto features in sntp

11.

Jean-Francois Boudreault <Jean-Francois.Boudreault(at)viagenie.qc.ca> IPv6 support

12.

Reg Clemens <reg(at)dwf.com> Oncore driver (Current maintainer)

13.

Steve Clift <clift(at)ml.csiro.au> OMEGA clock driver

14.

Casey Crellin <casey(at)csc.co.za> vxWorks (Tornado) port and help with target configuration

15.

Sven Dietrich <sven_dietrich(at)trimble.com> Palisade reference clock driver, NT adj. residuals, integrated Greg's Winnt port.

16.

John A. Dundas III <dundas(at)salt.jpl.nasa.gov> Apple A/UX port

17.

Torsten Duwe <duwe(at)immd4.informatik.uni-erlangen.de> Linux port

18.

Dennis Ferguson <dennis(at)mrbill.canet.ca> foundation code for NTP Version 2 as specified in RFC-1119

19.

John Hay <jhay(at)icomtek.csir.co.za> IPv6 support and testing

20.

Dave Hart <davehart(at)davehart.com> General maintenance, Windows port interpolation rewrite

21.

Claas Hilbrecht <neoclock4x(at)linum.com> NeoClock4X clock driver

22.

Glenn Hollinger <glenn(at)herald.usask.ca> GOES clock driver

23.

Mike Iglesias <iglesias(at)uci.edu> DEC Alpha port

24.

Jim Jagielski <jim(at)jagubox.gsfc.nasa.gov> A/UX port

25.

Jeff Johnson <jbj(at)chatham.usdesign.com> massive prototyping overhaul

SecureSync 1200 User Reference Guide 583

APPENDIX

26.

Hans Lambermont <Hans.Lambermont(at)nl.origin-it.com> or <H.Lambermont

(at)chello.nl> ntpsweep

27.

Poul-Henning Kamp <phk(at)FreeBSD.ORG> Oncore driver (Original author)

28.

Frank Kardel <kardel (at) ntp (dot) org> PARSE <GENERIC> (driver 14 reference clocks), STREAMS modules for PARSE, support scripts, syslog cleanup, dynamic interface handling

29.

Johannes Maximilian Kuehn <kuehn(at)ntp.org> Rewrote sntp to comply with

NTPv4 specification, ntpq saveconfig

30.

William L. Jones <jones(at)hermes.chpc.utexas.edu> RS/6000 AIX modifications,

HPUX modifications

31.

Dave Katz <dkatz(at)cisco.com> RS/6000 AIX port

32.

Craig Leres <leres(at)ee.lbl.gov> 4.4BSD port, ppsclock, Magnavox GPS clock driver

33.

George Lindholm <lindholm(at)ucs.ubc.ca> SunOS 5.1 port

34.

Louis A. Mamakos <louie(at)ni.umd.edu> MD5-based authentication

35.

Lars H. Mathiesen <thorinn(at)diku.dk> adaptation of foundation code for Version 3 as specified in RFC-1305

36.

Danny Mayer <mayer(at)ntp.org>Network I/O, Windows Port, Code Maintenance

37.

David L. Mills <mills(at)udel.edu> Version 4 foundation, precision kernel; clock drivers: 1, 3, 4, 6, 7, 11, 13, 18, 19, 22, 36

38.

Wolfgang Moeller <moeller(at)gwdgv1.dnet.gwdg.de> VMS port

39.

Jeffrey Mogul <mogul(at)pa.dec.com> ntptrace utility

40.

Tom Moore <tmoore(at)fievel.daytonoh.ncr.com> i386 svr4 port

41.

Kamal A Mostafa <kamal(at)whence.com> SCO OpenServer port

42.

Derek Mulcahy <derek(at)toybox.demon.co.uk> and Damon Hart-Davis <d(at)hd.org> ARCRON MSF clock driver

43.

Rob Neal <neal(at)ntp.org> Bancomm refclock and config/parse code maintenance

44.

Rainer Pruy <Rainer.Pruy(at)informatik.uni-erlangen.de> monitoring/trap scripts, statistics file handling

45.

Dirce Richards <dirce(at)zk3.dec.com> Digital UNIX V4.0 port

46.

Wilfredo Sánchez <wsanchez(at)apple.com> added support for NetInfo

47.

Nick Sayer <mrapple(at)quack.kfu.com> SunOS streams modules

584 SecureSync 1200 User Reference Guide

APPENDIX

48.

Jack Sasportas <jack(at)innovativeinternet.com> Saved a Lot of space on the stuff in the html/pic/ subdirectory

49.

Ray Schnitzler <schnitz(at)unipress.com> Unixware1 port

50.

Michael Shields <shields(at)tembel.org> USNO clock driver

51.

Jeff Steinman <jss(at)pebbles.jpl.nasa.gov> Datum PTS clock driver

52.

Harlan Stenn <harlan(at)pfcs.com> GNU automake/autoconfigure makeover, various other bits (see the ChangeLog)

53.

Kenneth Stone <ken(at)sdd.hp.com> HP-UX port

54.

Ajit Thyagarajan <ajit(at)ee.udel.edu>IP multicast/anycast support

55.

Tomoaki TSURUOKA <tsuruoka(at)nc.fukuoka-u.ac.jp>TRAK clock driver

56.

Brian Utterback <brian.utterback(at)oracle.com> General codebase, Solaris issues

57.

Loganaden Velvindron <loganaden(at)gmail.com> Sandboxing (libseccomp) support

58.

Paul A Vixie <vixie(at)vix.com> TrueTime GPS driver, generic TrueTime clock driver

59.

Ulrich Windl <Ulrich.Windl(at)rz.uni-regensburg.de> corrected and validated HTML documents according to the HTML DTD

5.8.2

OpenSSH

This file is part of the OpenSSH software.

The licences which components of this software fall under are as follows. First, we will summarize and say that all components are under a BSD licence, or a licence more free than that.

OpenSSH contains no GPL code.

1) Copyright (c) 1995 Tatu Ylonen <ylo(at)cs.hut.fi>, Espoo, Finland

All rights reserved

As far as I am concerned, the code I have written for this software can be used freely for any purpose.

Any derived versions of this software must be clearly marked as such, and if the derived work is incompatible with the protocol description in the RFC file, it must be called by a name other than

"ssh" or "Secure Shell".

However, I am not implying to give any licenses to any patents or copyrights held by third parties, and the software includes parts that are not under my direct control. As far as I know, all included source code is used in accordance with the relevant license agreements and can be used freely for any purpose (the GNU license being the most restrictive); see below for details. [However, none of that term is relevant at this point in time. All of these restrictively licenced software components which he talks about have been removed from OpenSSH, i.e.,

SecureSync 1200 User Reference Guide 585

APPENDIX

RSA is no longer included, found in the OpenSSL library

IDEA is no longer included, its use is deprecated

DES is now external, in the OpenSSL library

GMP is no longer used, and instead we call BN code from OpenSSL

Zlib is now external, in a library

The make-ssh-known-hosts script is no longer included

TSS has been removed

MD5 is now external, in the OpenSSL library

RC4 support has been replaced with ARC4 support from OpenSSL

Blowfish is now external, in the OpenSSL library

Note that any information and cryptographic algorithms used in this software are publicly available on the Internet and at any major bookstore, scientific library, and patent office worldwide. More information can be found e.g. at "http://www.cs.hut.fi/crypto".

The legal status of this program is some combination of all these permissions and restrictions. Use only at your own responsibility. You will be responsible for any legal consequences yourself; I am not making any claims whether possessing or using this is legal or not in your country, and I am not taking any responsibility on your behalf.

NO WARRANTY

BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE

PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE

STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE

PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED,

INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND

FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND

PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE,

YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.

IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY

COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE

PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY

GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR

INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA

BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A

FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH

HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

2) The 32-bit CRC implementation in crc32.c is due to Gary S. Brown. Comments in the file indicate it may be used for any purpose without restrictions: COPYRIGHT (C) 1986 Gary S. Brown. You may use this program, or code or tables extracted from it, as desired without restriction.

586 SecureSync 1200 User Reference Guide

APPENDIX

3) The 32- bit CRC compensation attack detector in deattack.c was contributed by CORE SDI S.A.

under a BSD-style license. Cryptographic attack detector for ssh - source code Copyright (c) 1998

CORE SDI S.A., Buenos Aires, Argentina.

All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that this copyright notice is retained.

THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES ARE

DISCLAIMED. IN NO EVENT SHALL CORE SDI S.A. BE LIABLE FOR ANY DIRECT, INDIRECT,

INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES RESULTING FROM THE

USE OR MISUSE OF THIS SOFTWARE.

Ariel Futoransky <futo(at)core-sdi.com><http://www.core-sdi.com>

4) ssh-keygen was contributed by David Mazieres under a BSD-style license. Copyright 1995, 1996 by David Mazieres <dm(at)lcs.mit.edu>.

Modification and redistribution in source and binary forms is permitted provided that due credit is given to the author and the OpenBSD project by leaving this copyright notice intact.

5) The Rijndael implementation by Vincent Rijmen, Antoon Bosselaers and Paulo Barreto is in the public domain and distributed with the following license: (@)version 3.0 (December 2000) Optimised

ANSI C code for the Rijndael cipher (now AES) @author Vincent Rijmen vincent.rijmen

(at)esat.kuleuven.ac.be

@author Antoon Bosselaers antoon.bosselaers(at)esat.kuleuven.ac.be

@author Paulo Barreto <paulo.barreto(at)terra.com.br>

This code is hereby placed in the public domain.

THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS OR IMPLIED

WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF

MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT

SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,

PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR

BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER

IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING

IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

SUCH DAMAGE.

6) One component of the ssh source code is under a 4-clause BSD license, held by the University of

California, since we pulled these parts from original Berkeley code. The Regents of the University of

California have declared that term 3 is no longer enforceable on their source code, but we retain that license as is.Copyright (c) 1983, 1990, 1992, 1993, 1995 The Regents of the University of California.

All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

3. All advertising materials mentioning features or use of this software must display the following acknowledgement: This product includes software developed by the University of California, Berkeley and its contributors.

SecureSync 1200 User Reference Guide 587

APPENDIX

4. Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS "AS IS" AND ANY

EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED

WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE

DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY

DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES

(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON

ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING

NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,

EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

7) Remaining components of the software are provided under a standard 2-term BSD license with the following names as copyright holders:

Markus Friedl, Theo de Raadt, Niels Provos, Dug Song, Aaron Campbell, Damien Miller, Kevin Steves,

Daniel Kouril, Per Allansson

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR IMPLIED

WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF

MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT

SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,

EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,

PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR

BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER

IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING

IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

SUCH DAMAGE.

5.8.3

OpenSSL

LICENSE ISSUES

==============

The OpenSSL toolkit stays under a dual license, i.e. both the conditions of the OpenSSL License and the original SSLeay license apply to the toolkit. See below for the actual license texts. Actually both licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL please contact openssl-core(at)openssl.org.

OpenSSL License

====================================================================

Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.

588 SecureSync 1200 User Reference Guide

APPENDIX

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

3. All advertising materials mentioning features or use of this software must display the following acknowledgment: "This product includes software developed by the OpenSSL Project for use in the

OpenSSL Toolkit. (http://www.openssl.org/)"

4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact openssl-core(at)openssl.org.

5. Products derived from this software may not be called "OpenSSL" nor may "OpenSSL" appear in their names without prior written permission of the OpenSSL Project.

6. Redistributions of any form whatsoever must retain the following acknowledgment:

"This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit

(http://www.openssl.org/)"

THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT "AS IS" AND ANY EXPRESSED OR

IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF

MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT

SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,

INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT

LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR

PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF

LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR

OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF

THE POSSIBILITY OF SUCH DAMAGE.

====================================================================

This product includes cryptographic software written by Eric Young (eay (at)cryptsoft.com). This product includes software written by Tim Hudson ( tjh(at)cryptsoft.com

).

Original SSLeay License

-----------------------

/* Copyright (C) 1995-1998 Eric Young ( eay(at)cryptsoft.com

) All rights reserved.

This package is an SSL implementation written by Eric Young (eay(at)cryptsoft.com).

The implementation was written so as to conform with Netscapes SSL.

This library is free for commercial and non-commercial use as long as the following conditions are aheared to. The following conditions apply to all code found in this distribution, be it the RC4, RSA, lhash, DES, etc., code; not just the SSL code. The SSL documentation included with this distribution is covered by the same copyright terms except that the holder is Tim Hudson (tjh(at)cryptsoft.com).

Copyright remains Eric Young's, and as such any Copyright notices in the code are not to be removed. If this package is used in a product, Eric Young should be given attribution as the author of the parts of the library used. This can be in the form of a textual message at program startup or in documentation (online or textual) provided with the package.

SecureSync 1200 User Reference Guide 589

APPENDIX

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

3. All advertising materials mentioning features or use of this software must display the following acknowledgement: "This product includes cryptographic software written by Eric Young ( eay

(at)cryptsoft.com

)" The word 'cryptographic' can be left out if the routines from the library being used are not cryptographic related :-).

4. If you include any Windows specific code (or a derivative thereof) from the apps directory (application code) you must include an acknowledgement: "This product includes software written by Tim

Hudson (tjh(at)cryptsoft.com)"

THIS SOFTWARE IS PROVIDED BY ERIC YOUNG "AS IS" AND ANY EXPRESS OR IMPLIED

WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF

MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT

SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,

PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR

BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER

IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING

IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

SUCH DAMAGE.

The license and distribution terms for any publically available version or derivative of this code cannot be changed. i.e. this code cannot simply be copied and put under another distribution license [including the GNU Public License.]

---- Part 1: CMU/UCD copyright notice: (BSD like) -----

Copyright 1989, 1991, 1992 by Carnegie Mellon University

Derivative Work - 1996, 1998-2000

Copyright 1996, 1998-2000 The Regents of the University of California

All Rights Reserved

Permission to use, copy, modify and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appears in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of CMU and The Regents of the University of California not be used in advertising or publicity pertaining to distribution of the software without specific written permission.

CMU AND THE REGENTS OF THE UNIVERSITY OF CALIFORNIA DISCLAIM ALL WARRANTIES WITH

REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY

AND FITNESS. IN NO EVENT SHALL CMU OR THE REGENTS OF THE UNIVERSITY OF CALIFORNIA

BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES

WHATSOEVER RESULTING FROM THE LOSS OF USE, DATA OR PROFITS, WHETHER IN AN

ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN

CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

590 SecureSync 1200 User Reference Guide

APPENDIX

---- Part 2: Networks Associates Technology, Inc copyright notice (BSD) -----

Copyright (c) 2001-2003, Networks Associates Technology, Inc

All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

Neither the name of the Networks Associates Technology, Inc nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND

ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED

WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE

DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE

FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR

SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED

AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT

(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS

SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

---- Part 3: Cambridge Broadband Ltd. copyright notice (BSD) -----

Portions of this code are copyright (c) 2001-2003, Cambridge Broadband Ltd. All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. The name of Cambridge Broadband Ltd. may not be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDER "AS IS" AND ANY EXPRESS OR

IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF

MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT

SHALL THE COPYRIGHT HOLDER BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,

EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,

PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR

BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER

IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING

IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

SUCH DAMAGE.

---- Part 4: Sun Microsystems, Inc. copyright notice (BSD) -----

SecureSync 1200 User Reference Guide 591

APPENDIX

Copyright © 2003 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, California 95054, U.S.A.

All rights reserved.

Use is subject to license terms below.

This distribution may include materials developed by third parties. Sun, Sun Microsystems, the Sun logo and Solaris are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. Neither the name of the Sun Microsystems, Inc. nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND

ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED

WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE

DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE

FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR

SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED

AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT

(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS

SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

---- Part 5: Sparta, Inc copyright notice (BSD) -----

Copyright (c) 2003-2004, Sparta, Inc. All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. Neither the name of the Networks Associates Technology, Inc nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND

ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED

WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE

DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE

FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR

SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED

AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT

(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS

SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE

This open software is available for at least three  years, to give any third party, for a charge no more than your  cost of physically performing source distribution, a complete  machine- readable copy of

592 SecureSync 1200 User Reference Guide

APPENDIX the corresponding source code, to be  distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange.

5.9

List of Tables

Table 1-1: Front panel status indications

Table 1-2: Ethernet status indicator lights

Table 1-3: Option cards identification

Table 1-4: Option cards listed by their ID number

Table 1-5: Option card connectors

Table 1-6: 1PPS output accuracies

Table 1-7: 10 MHz output — oscillator types and accuracies

Table 1-8: 10 MHz output — oscillator stability

Table 2-1: Safety symbols used in this document, or on the product

Table 2-2: Subnet mask values

Table 2-3: Default IP addresses

Table 2-4: System Time Message format

Table 2-5: System Time Message field descriptions

Table 2-6: Signature control output-presence states

Table 3-1: Reference priority titles

Table 3-2: Receiver dynamics, ~modes, ~ dynamics, ~ types

Table 3-3: Estimate