Orolia SecureSync 2400 Time and Frequency Synchronization System Product Manual

Add to my manuals
589 Pages

advertisement

Orolia SecureSync 2400 Time and Frequency Synchronization System Product Manual | Manualzz

SecureSync

2400

MODEL

User Manual

Document Part No.: 2400-5000-0050

Revision: 2

Date: 15-February-2021

orolia.com

© 2021 Orolia. All rights reserved.

The information in this document has been carefully reviewed and is believed to be accurate and up-todate. Orolia assumes no responsibility for any errors or omissions that may be contained in this document, and makes no commitment to keep current the information in this manual, or to notify any person or organization of updates. This User Manual is subject to change without notice. For the most current version of this documentation, please see our web site at orolia.com

.

Orolia reserves the right to make changes to the product described in this document at any time and without notice. Any software that may be provided with the product described in this document is furnished under a license agreement or nondisclosure agreement. The software may be used or copied only in accordance with the terms of those agreements.

End-user customers of Orolia products may, without the need for a written license from Orolia, reproduce and modify any Orolia product documentation accompanying such products, for distribution within their organization in order to use the products.

Orolia authorized partners, systems integrators, government contractors, and other similarly- situated third-party installers may, without the need for a written license from Orolia, reproduce Orolia product documentation (including media type changes) and create derivative works thereof in the form of compilations, for distribution to their end-users.

Except as described above, no part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or any means electronic or mechanical, including photocopying and recording for any purpose without the written permission of Orolia.

Other products and companies referred to herein are trademarks or registered trademarks of their respective companies or mark holders.

Orolia USA, Inc.

• 45 Becker Road, Suite A, West Henrietta, NY 14586 USA

• 3, Avenue du Canada, 91974 Les Ulis, France

The industry-leading Spectracom products you depend on are now brought to you by Orolia, the global leader in Resilient Positioning, Navigation and Timing Solutions.

Do you have questions or comments regarding this User Manual?

è E-mail: [email protected]

Warranty Information

See the website: http://www.orolia.com/support/spectracom/warranty-information for a copy of

Orolia's Limited Warranty policy.

SecureSync 2400 User Manual I

Blank page.

II SecureSync 2400 User Manual

CHAPTER 1

Product Description

1.1 Getting Started

1.2 SecureSync Introduction

1.2.1 SecureSync's Inputs and Outputs

1.3 SecureSync Front Panel

1.3.1 Status LEDs

1.3.1.1 Blinking Intervals

1.3.1.2 LED Lighting Patterns

1.3.1.3 Legend, individual LEDs

1.3.2 Front Panel Keypad, and Display

1.3.2.1 Using the Keypad

1.3.2.2 Using the Front Panel Display

1.4 Unit Rear Panel

1.5 Option Cards

1.5.1 Option Cards Overview

1.5.2 Option Card Identification

1.5.2.1 Option Card Identification by ID/Part Number

1.5.3 Option Card Connectors

1.6 Specifications

1.6.1 Input Power

1.6.2 GNSS Receiver

1.6.3 10 MHz Output

1.6.3.1 10 MHz Output — Oscillator Phase Noise (dBc/Hz)

1.6.4 Multi I/O

1.6.5 DCLS Output

1.6.5.1 1PPS Output

1.6.6 10/100/1000 Ethernet Port (RJ45)

1.6.7 10/100/1000 Ethernet Port (SFP)

1.6.8 RS-232 Serial Port (Rear Panel)

1.6.9 USB Serial Port (Front Panel)

11

13

15

18

19

21

22

23

23

24

25

25

27

27

28

28

28

28

6

6

7

4

5

5

3

4

1

2

2

3

SecureSync 2400 User Manual • TABLE OF CONTENTS III

IV

1.6.10 Protocols Supported

1.6.11 Mechanical and Environmental Specifications

1.7 The SecureSync Web UI

1.7.1 The Web UI HOME Screen

1.7.2 The INTERFACES Menu

1.7.3 The Configuration MANAGEMENT Menu

1.7.4 The TOOLS Menu

1.8 Regulatory Compliance

CHAPTER 2

SETUP

2.1 Installation Overview

2.1.1 Main Installation Steps

2.2 Unpacking and Inventory

2.3 Required Tools and Parts

2.3.1 Required GNSS Antenna Components

2.4 SAFETY

2.5 Mounting the Unit

2.5.1 Rack Mounting (Ears)

2.6 Connecting the GNSS Input

2.7 Connecting Network Cables

2.8 Connecting Inputs and Outputs

2.9 Connecting Supply Power

2.9.1 Using AC Input Power

2.9.2 Hotswap Power Supply

2.10 Powering Up the Unit

2.11 Zero Configuration Setup

2.11.1 Using Zeroconf

2.12 Setting up an IP Address

2.12.1 Dynamic vs. Static IP Address

2.12.2 Assigning a Static IP Address

2.12.2.1 Setting Up an IP Address via the Front Panel

2.12.2.2 Setting Up a Static IP Address via a DHCP Network

2.12.2.3 Setting Up an IP Address via the Serial Port

35

41

42

43

44

45

45

45

46

36

36

37

38

38

39

47

48

49

49

50

51

51

53

54

28

29

30

30

31

31

32

33

SecureSync 2400 User Manual • TABLE OF CONTENTS

2.12.2.4 Setting up a Static IP Address via Ethernet Cable

2.12.3 Subnet Mask Values

2.13 Accessing the Web UI

2.14 Configure Network Settings

2.14.1 General Network Settings

2.14.2 Network Ports

2.14.3 Network Services

2.14.4 Static Routes

2.14.5 Access Rules

2.14.6 HTTPS

2.14.6.1 Accessing the HTTPS Setup Window

2.14.6.2 About HTTPS

2.14.6.3 Supported Certificate Formats

2.14.6.4 Creating an HTTPS Certificate Request

2.14.6.5 Adding HTTPS Subject Alternative Names

2.14.6.6 Requesting an HTTPS Certificate

2.14.6.7 Uploading an X.509 PEM Certificate Text

2.14.6.8 Uploading an HTTPS Certificate File

2.14.7 SSH

2.14.8 SNMP

2.14.8.1 SNMP V1/V2c

2.14.8.2 SNMP V3

2.14.8.3 SNMP Traps

2.14.9 VLAN Support

2.14.10 System Time Message

2.14.10.1 System Time Message Format

2.15 Configure NTP

2.15.1 Checklist NTP Configuration

2.15.2 The NTP Setup Screen

2.15.3 Dis-/Enabling NTP

2.15.4 Viewing NTP Clients

2.15.5 Restoring the Default NTP Configuration

2.15.6 NTP Output Timescale

2.15.7 NTP Reference Configuration

2.15.7.1 The NTP Stratum Model

2.15.7.2 Configuring "NTP Stratum 1" Operation

SecureSync 2400 User Manual • TABLE OF CONTENTS

55

55

56

65

67

67

68

71

72

74

75

76

83

87

89

91

93

94

95

58

59

60

62

62

64

65

96

96

97

99

99

100

101

102

102

103

V

VI

2.15.7.3 Configuring "NTP Stratum Synchronization"

2.15.8 NTP Servers and Peers

2.15.8.1 The NTP Servers and NTP Peers Panels

2.15.8.2 NTP Servers: Adding, Configuring, Removing

2.15.8.3 NTP Peers: Adding, Configuring, Removing

2.15.9 NTP Authentication

2.15.9.1 NTP: Symmetric Keys (MD5)

2.15.10 NTP Access Restrictions

2.15.11 Enabling/Disabling NTP Broadcasting

2.15.12 NTP over Anycast

2.15.12.1 Configuring NTP over Anycast (General Settings)

2.15.12.2 Configuring NTP over Anycast (OSPF IPv4)

2.15.12.3 Configuring NTP over Anycast (OSPF IPv6)

2.15.12.4 Configuring NTP over Anycast (BGP)

2.15.12.5 Configuring Anycast via NTP Expert Mode

2.15.12.6 Testing NTP over Anycast

2.15.13 NTP Orphan Mode

2.15.14 Host Disciplining

2.15.15 NTP Expert Mode

2.15.16 Orolia Technical Support for NTP

2.16 Configuring PTP

2.16.1 The PTP Screen

2.16.1.1 The PTP Settings Panel

2.16.1.2 The PTP Statistics Panel

2.16.2 Enabling/Disabling PTP

2.16.3 General Configuration Notes

2.17 GPSD Setup

2.18 Configurable Connectors

2.18.1 BNC DCLS OUT

2.18.2 DB15 Multi I/O

2.18.3 Assigning Signals

2.18.4 Network Ports

2.19 Configuring Input References

2.19.1 How to Configure an Input Reference

2.19.2 Configure a 1PPS Input

2.19.3 Configure an ASCII Input

134

136

136

136

138

140

140

140

141

142

129

130

131

133

134

134

104

105

106

107

109

111

118

119

120

121

122

125

125

126

126

129

111

114

116

117

SecureSync 2400 User Manual • TABLE OF CONTENTS

2.19.4 Configure a HaveQuick Input

2.19.5 Configuring an IRIG Input

2.20 Configuring Outputs

2.20.1 How to Configure an Output

2.20.2 Configuring a 1PPS Output

2.20.3 Configuring the 10 MHz Output

2.20.4 Configure an ASCII Output

2.20.5 Configuring a GPIO Output

2.20.6 Configuring a HaveQuick Output

2.20.7 Configuring an IRIG Output

2.20.8 The Outputs Screen

2.20.9 The 1PPS and 10 MHz Outputs

2.21 The Option Cards Screen

2.22 Signature Control

CHAPTER 3

Managing Time

3.1 The Time Management Screen

3.2 System Time

3.2.1 System Time

3.2.1.1 Configuring the System Time

3.2.1.2 Timescales

3.2.1.3 Manually Setting the Time

3.2.1.4 Using Battery Backed Time on Startup

3.2.2 Timescale Offset(s)

3.2.2.1 Configuring a Timescale Offset

3.2.3 Leap Seconds

3.2.3.1 Reasons for a Leap Second Correction

3.2.3.2 Leap Second Alert Notification

3.2.3.3 Leap Second Correction Sequence

3.2.3.4 Configuring a Leap Second

3.2.4 Local Clock(s), DST

3.2.4.1 Adding a Local Clock

3.2.4.2 DST Examples

3.2.4.3 DST and UTC, GMT

SecureSync 2400 User Manual • TABLE OF CONTENTS

145

146

148

148

149

150

151

153

154

156

159

159

160

161

165

166

167

168

175

176

176

177

178

178

179

168

169

171

173

175

179

181

182

VII

VIII

3.3 Managing References

3.3.1 Input Reference Priorities

3.3.1.1 Configuring Input Reference Priorities

3.3.1.2 The "Local System" Reference

3.3.1.3 The "User/User" Reference

3.3.1.4 Reference Priorities: EXAMPLES

3.3.2 Reference Qualification and Validation

3.3.2.1 Reference Monitoring: Phase

3.3.2.2 BroadShield

3.3.3 The GNSS Reference

3.3.3.1 Reviewing the GNSS Reference Status

3.3.3.2 Determining Your GNSS Receiver Model

3.3.3.3 Selecting a GNSS Receiver Mode

3.3.3.4 Setting GNSS Receiver Dynamics

3.3.3.5 Performing a GNSS Receiver Survey

3.3.3.6 GNSS Receiver Offset

3.3.3.7 Resetting the GNSS Receiver

3.3.3.8 Deleting the GNSS Receiver Position

3.3.3.9 Manually Setting the GNSS Position

3.3.3.10 GNSS Constellations

3.4 Holdover Mode

3.5 Managing the Oscillator

3.5.1 Oscillator Types

3.5.2 Configuring the Oscillator

3.5.2.1 Time Figure of Merit (TFOM)

3.5.3 Monitoring the Oscillator

3.5.4 Oscillator Logs

CHAPTER 4

System Administration

4.1 Powering Up/Shutting Down

4.1.1 Powering Up the Unit

4.1.2 Shutting Down the Unit

4.1.3 Issuing the HALT Command Before Removing Power

4.1.4 Rebooting the System

4.2 Notifications

4.2.1 Configuring Notifications

237

238

238

238

239

240

241

242

224

228

229

230

231

233

235

183

183

184

187

188

191

194

194

195

203

215

216

217

219

221

204

208

209

212

214

SecureSync 2400 User Manual • TABLE OF CONTENTS

4.2.2 Notification Event Types

4.2.2.1 Timing Tab: Events

4.2.2.2 GPS Tab: Events

4.2.2.3 System Tab: Events

4.2.3 Configuring GPS Notification Alarm Thresholds

4.2.4 Setting Up SNMP Notifications

4.2.5 Setting Up Email Notifications

4.3 Managing Users and Security

4.3.1 Managing User Accounts

4.3.1.1 Types of Accounts

4.3.1.2 About "user" Account Permissions

4.3.1.3 Rules for Usernames

4.3.1.4 Adding/Deleting/Changing User Accounts

4.3.2 Managing Passwords

4.3.2.1 Configuring Password Policies

4.3.2.2 The Administrator Password

4.3.2.3 Lost Password

4.3.3 Web UI Timeout

4.3.4 LDAP Authentication

4.3.5 RADIUS Authentication

4.3.5.1 Enabling/Disabling RADIUS

4.3.5.2 Adding/Removing a RADIUS Server

4.3.6 TACACS+ Authentication

4.3.6.1 Enabling/Disabling TACACS+

4.3.6.2 Adding/Removing a TACACS+ Server

4.3.7 HTTPS Security Levels

4.4 Miscellanous Typical Configuration Tasks

4.4.1 REST API Configuration

4.4.2 Configuring the Front Panel

4.4.2.1 To change the time display on the front panel:

4.4.2.2 To lock or unlock the front panel:

4.4.3 Creating a Login Banner

4.4.4 Show Clock

4.4.5 Product Registration

4.4.6 Synchronizing Network PCs

4.5 Quality Management

SecureSync 2400 User Manual • TABLE OF CONTENTS

250

250

250

250

252

252

255

255

256

257

259

260

267

267

268

271

271

272

273

244

244

244

245

245

247

247

274

274

274

275

275

275

277

278

278

279

IX

X

4.5.1 System Monitoring

4.5.1.1 Status Monitoring via Front Panel

4.5.1.2 Status Monitoring via the Web UI

4.5.1.3 Status Monitoring of Input References

4.5.1.4 Reference Monitoring: Phase

4.5.1.5 Ethernet Monitoring

4.5.1.6 Outputs Status Monitoring

4.5.1.7 Monitoring the Oscillator

4.5.1.8 Monitoring the Status of Option Cards

4.5.1.9 NTP Status Monitoring

4.5.1.10 Temperature Management

4.5.2 Logs

4.5.2.1 Types of Logs

4.5.2.2 The Logs Screen

4.5.2.3 Displaying Individual Logs

4.5.2.4 Saving and Downloading Logs

4.5.2.5 Setting up a Remote Log Server

4.5.2.6 Clearing All Logs

4.6 Updates and Licenses

4.6.1 Software Updates

4.6.2 Applying a License File

4.7 Backing-up and Restoring Configuration Files

4.7.1 Accessing the System Configuration Screen

4.7.2 Saving the System Configuration Files

4.7.3 Uploading Configuration Files

4.7.4 Restoring the System Configuration

4.7.5 Restoring the Factory Defaults

4.7.6 Resetting the Unit to Factory Configuration

4.7.6.1 Resetting All Configurations to their Factory Defaults

4.7.7 Default and Recommended Configurations

APPENDIX

Appendix

5.1 Troubleshooting

5.1.1 Minor and Major Alarms

5.1.2 Troubleshooting: System Configuration

5.1.2.1 System Troubleshooting: Browser Support

325

326

326

326

327

313

313

315

316

316

318

319

320

320

321

321

322

279

279

280

283

284

286

286

289

292

294

299

303

304

308

310

310

311

313

SecureSync 2400 User Manual • TABLE OF CONTENTS

5.1.3 Troubleshooting – Unable to Open Web UI

5.1.4 Troubleshooting via Web UI Status Page

5.1.5 Troubleshooting GNSS Reception

5.1.6 Troubleshooting – Outputs

5.1.7 Troubleshooting the Serial Port

5.1.8 Troubleshooting the Cooling Fan

5.1.9 Troubleshooting – Network PCs Cannot Sync

5.1.10 Troubleshooting Software Update

5.2 Option Cards

5.2.1 Accessing Option Cards Settings via the Web UI

5.2.1.1 Web UI Navigation: Option Cards

5.2.1.2 Viewing Input/Output Configuration Settings

5.2.1.3 Configuring Option Card Inputs/Outputs

5.2.1.4 Viewing an Input/Output Signal State

5.2.1.5 Verifying the Validity of an Input Signal

5.2.2 Option Card Field Installation Instructions

5.2.2.1 Field Installation: Introduction

5.2.2.2 Outline of the Installation Procedure

5.2.2.3 Safety

5.2.2.4 [1]: Unpacking

5.2.2.5 [2]: Saving Refererence Priority Configuration

5.2.2.6 [3]: Determining the Installation Procedure

5.2.2.7 [4]: Slot 1 & 2 Installation

5.2.2.8 [5]: Bottom Slot Installation

5.2.2.9 [6]: Top Slot Installation, Bottom Slot Empty

5.2.2.10 [7]: Top Slot Installation, Bottom Slot Occupied

5.2.2.11 [8]: Frequency Output Cards: Wiring

5.2.2.12 [9]: Verifying HW Detection and SW Update

5.2.2.13 [10]: Restoring Reference Priority Configuration

5.2.3 Time and Frequency Option Cards

5.2.3.1 1PPS Out [1204-18, -19, -21, -2B]

5.2.3.2 1PPS In/Out [1204-28]

5.2.3.3 1PPS In/Out, 10 MHz In [1204-01, -03]

5.2.3.4 Frequency Out [1204-08, -1C, -26]

5.2.3.5 Programmable Frequency Out [1204-13, -2F, -30]

5.2.3.6 Programmable Square Wave Out [1204-17]

5.2.3.7 Simulcast (CTCSS/Data Clock) [1204-14]

5.2.4 Telecom Option Cards

SecureSync 2400 User Manual • TABLE OF CONTENTS

346

347

349

351

352

353

339

339

340

340

341

342

344

353

354

358

363

370

373

378

381

390

333

333

333

334

336

337

338

339

327

327

329

330

331

331

332

332

XI

XII

5.2.4.1 T1/E1 Out [1204-09, -0A, -4C, -53]

5.2.5 Time Code Option Cards

5.2.5.1 IRIG Out [1204-15, -1E, -22]

5.2.5.2 IRIG In/Out [1204-05, -27]

5.2.5.3 STANAG Out [1204-11, -25]

5.2.5.4 STANAG In [1204-1D, -24]

5.2.5.5 HAVE QUICK Out [1204-10, -1B]

5.2.5.6 HAVE QUICK In/Out [1204-29]

5.2.5.7 ASCII Time Code In/Out [1204-02, -04]

5.2.6 Network Interface Option Cards

5.2.6.1 NTP and Networking [4A, 49]

5.2.6.2 PTP Grandmaster [1204-32]

5.2.7 Miscellaneous Option Cards

5.2.7.1 STL Option Module [1204-3E]

5.2.7.2 Alarm Relay Out [1204-0F]

5.2.7.3 NENA-Compliant Option Card [-1F]

5.2.7.4 Revertive Selector Card [1204-2E]

5.2.7.5 Event Broadcast [1204-23]

5.3 Command-Line Interface

5.3.1 Setting up a Terminal Emulator

5.3.2 CLI Commands

5.4 Time Code Data Formats

5.4.1 NMEA GGA Message

5.4.2 NMEA RMC Message

5.4.3 NMEA ZDA Message

5.4.4 Spectracom Format 0

5.4.5 Spectracom Format 1

5.4.6 Spectracom Format 1S

5.4.7 Spectracom Format 2

5.4.8 Spectracom Format 3

5.4.9 Spectracom Format 4

5.4.10 Spectracom Format 7

5.4.11 Spectracom Format 8

5.4.12 Spectracom Format 9

5.4.12.1 Format 9S

5.4.13 Spectracom Epsilon Formats

5.4.13.1 Spectracom Epsilon TOD 1

390

397

397

403

418

425

433

439

445

458

458

462

478

479

487

492

503

505

513

513

514

519

519

520

521

522

523

525

526

529

530

532

533

535

535

536

536

SecureSync 2400 User Manual • TABLE OF CONTENTS

5.4.13.2 Spectracom Epsilon TOD 3

5.4.14 BBC Message Formats

5.4.14.1 Format BBC-01

5.4.14.2 Format BBC-02

5.4.14.3 Format BBC-03 PSTN

5.4.14.4 Format BBC-04

5.4.14.5 Format BBC-05 (NMEA RMC Message)

5.4.15 GSSIP Message Format

5.4.16 EndRun Formats

5.4.16.1 EndRun Time Format

5.4.16.2 EndRunX (Extended) Time Format

5.5 IRIG Standards and Specifications

5.5.1 About the IRIG Output Resolution

5.5.2 IRIG Carrier Frequencies

5.5.3 IRIG B Output

5.5.3.1 FAA IRIG B Code Description

5.5.4 IRIG E Output

5.5.5 IRIG Output Accuracy Specifications

5.6 Technical Support

5.6.1 Regional Contact

5.7 Return Shipments

5.8 List of Tables

5.9 List of Images

5.10 Document Revision History

INDEX

546

546

546

551

554

558

562

563

563

564

564

566

568

537

537

537

538

540

541

542

543

544

544

545

SecureSync 2400 User Manual • TABLE OF CONTENTS XIII

BLANK PAGE.

XIV SecureSync 2400 User Manual • TABLE OF CONTENTS

Product Description

The Chapter presents an overview of the SecureSync 2400

Time and Frequency Synchronization System, its capabilities, main technical features and specifications.

The following topics are included in this Chapter:

1.1 Getting Started

1.2 SecureSync Introduction

1.3 SecureSync Front Panel

1.4 Unit Rear Panel

1.5 Option Cards

1.6 Specifications

1.7 The SecureSync Web UI

1.8 Regulatory Compliance

11

13

22

30

33

2

2

3

CHAPTER 1 • SecureSync 2400 User Manual 1

1.1  Getting Started

1.1

Getting Started

2

Welcome to the SecureSync User Reference Guide.

Where to start:

First-time users :

"SecureSync Introduction" below

.

Users with some knowledge of Time and Frequency Servers:

"Installation Overview" on page 36 .

If your unit is up and running and you want to change a setting :

"Managing Time" on page 165 , or

"System Administration" on page 237 .

1.2

SecureSync Introduction

SecureSync 2400 Time and Frequency Synchronization System ® is the latest-version, security-hardened 1-rack unit network appliance designed to meet rigorous network security standards and best practices. It ensures accurate timing through multiple references, tamper-proof management, and extensive logging. Robust network protocols are used to allow for easy but secure configuration. Features can be enabled or disabled based on your network policies. Installation is aided by DHCP (IPv4), AUTOCONF (IPv6), and a frontpanel keypad and OLED display.

The unit supports multi- constellation GNSS input (SAASM GPS receivers, supporting

L1/L2, available for authorized users and required for the US DoD are available), IRIG input and other input references. The unit is powered by AC on an IEC60320 connector.

SecureSync combines Orolia’s precision master clock technology and secure network-centric approach with a compact modular hardware design to bring you a powerful time and frequency reference system at the lowest cost of ownership. Military and commercial applications alike will benefit from its extreme reliability, security, and flexibility for synchronizing critical operations.

CHAPTER 1 • SecureSync 2400 User Manual Rev. 2

1.3  SecureSync Front Panel

An important advantage of SecureSync is its unique rugged and flexible modular chassis that can be configured for your specific needs. Built-in time and frequency functions are extended with up to six input/output modules.

You can choose from a variety of configurable option cards, each with an assortment of input/output timing signal types and quantity, including additional 1PPS, 10 MHz, timecode

(IRIG, ASCII, HAVE QUICK), other frequencies (5MHz, 2.048 MHz, 1.544 MHz, 1MHz), Precision Timing Protocol (PTP) input/output, multi-Gigabit Ethernet (10/100/1000Base-T), telecom T1/E1 data rates and multi-network NTP, allowing SecureSync to be customized for your exact requirements.

A variety of internal oscillators is available, depending on your requirements for holdover capability and phase noise.

Note: Some of the features described are not available on all SecureSync variants.

1.2.1

SecureSync's Inputs and Outputs

SecureSync provides multiple outputs for use in networked devices and other synchronized devices. A 10 MHz frequency reference provides a precise, disciplined signal for control systems and transmitters. A 1-Pulse-Per-Second (1PPS) output acts as a precise metronome, counting off seconds of System Time in the selected timescale (such as UTC,

TAI or GPS); this BNC connector can also be configured to produce IRIG, HaveQuick, or

GPO signals. A multi-I/O 15 pin connector provides default IRIG, ATC, and HaveQuick

Inputs, as well as IRIG, IRIG AM, HaveQuick, and ATC Outputs. These options can all be configured to suit your application (see

"Configurable Connectors" on page 136

).

SecureSync's outputs are driven by its inputs – most notably, Global Navigation Satellite

System (GNSS), or IRIG signal generators and other available input references. GNSSequipped SecureSyncs can track up to 72 GNSS satellites simultaneously and synchronize to the satellite’s atomic clocks. This enables SecureSync-equipped computer networks to synchronize anywhere on the planet.

1.3

SecureSync Front Panel

The front panel of a SecureSync unit consists of: an LED time display seven illuminated status LED menu buttons a front panel control keypad an OLED information display menu

CHAPTER 1 • SecureSync 2400 User Manual Rev. 2 3

1.3  SecureSync Front Panel micro-B USB serial console intake for temperature-controlled cooling fans

The OLED information display is configurable using the front panel controls. The micro

USB serial interface and the front panel controls provide a means to configure the unit’s network settings and perform other functions without requiring access to the Web UI.

SecureSync units with the SAASM GPS receiver option module installed also have an encryption key fill connector and key zeroize pin switch on the left-hand side of the front panel.

1.3.1

Figure 1-1: SecureSync front panel layout

Status LEDs

SecureSync's front panel status LEDs provide a real-time status overview: Seven (7) LEDs indicate the unit's current operating state.

4

Figure 1-2: Front panel LEDs

1.3.1.1

Blinking Intervals

The status LEDs can communicate four different operating states:

"OFF"

"ON"

CHAPTER 1 • SecureSync 2400 User Manual Rev. 2

1.3  SecureSync Front Panel

"FAST" : blinking interval @ 2Hz

"SLOW HEARTBEAT" : sinus-shaped interval @ 1Hz

1.3.1.2

LED Lighting Patterns

The table below indicates LED status light patterns for common SecureSync operating statuses.

Table 1-1: Common light patterns

Start-up

Software upgrade/reboot

ON OFF OFF OFF OFF OFF

HEARTBEAT PATTERN IN ORDER,

BECOMING SOLID LEFT TO RIGHT TO REPRESENT PROGRESS

OFF

1.3.1.3

Legend, individual LEDs

Table 1-2: Legend for Status LEDs

Icon Light

OFF No power

Meaning

ON Powered

OFF No GNSS reception (0 satellites)

HEARTBEAT GNSS acquisition in process (≥ 1 satellite(s), or 1PPS OK, or Time OK

FAST

ON

OFF

FAST

Antenna short circuit

GNSS is available as reference (1PPS and Time OK)

No valid references

Using non-primary reference

ON

OFF

ON

FAST

Using primary reference

Unit is in Holdover (valid)

In Sync (valid)

Not In Sync (Holdover period exceeded, or oscillator damaged)

CHAPTER 1 • SecureSync 2400 User Manual Rev. 2 5

1.3  SecureSync Front Panel

Icon

OFF

Light

ON

OFF

ON

OFF

FAST

Meaning

No output signal(s) detected/all outputs are disabled

At least one enabled output

Both ETH0 and ETH1 invalid

At least one Ethernet connection valid

Unit OK

At least one active alarm, see Web UI

LED Patterns during Boot Sequence

For the first five seconds after power-up all LEDs will be OFF. Then the Power LED will be blinking before it will be lit permanently.

Responding to Alarms

If you are in front of your units, the fastest way to determine the origin of alarms is to press the button that is flashing; this will automatically bring up the menu of the category with a difficulty. See

"Front Panel Keypad, and Display" below

for more information.

1.3.2

Front Panel Keypad, and Display

To simplify operation and to allow local access to SecureSync, a keypad and an OLED information display menu are provided on the front panel of the unit.

The front panel keypad, information display menu, and status LED menu buttons can be used to configure basic network settings and obtain status information. For more complex functionality, users should refer to the Web UI or Command Line Interface (CLI).

1.3.2.1

Using the Keypad

6

The functions of the five keys are:

◀ ▶ ▲ ▼ arrow keys : Navigate to a menu option (will be highlighted); move the focus on the screen; switch between submenus

CHAPTER 1 • SecureSync 2400 User Manual Rev. 2

1.3  SecureSync Front Panel

▲ ▼ arrow keys : Scroll through parameter values in edit displays; move the focus on the screen

✓ ENTER key: Select a menu option, or confirm a selection when editing the seven main menus.

menu buttons : Press these buttons to navigate to each of

1.3.2.2

Using the Front Panel Display

There are seven main menu screens on the SecureSync front information display.

Figure 1-3: Status LED menu buttons

1.

Your front panel screen will timeout and darken after two minutes of inactivity. If your screen is dark, press any menu or keypad button to wake.

2.

Press a menu button to enter that menu on the front panel display.

3.

After entering a menu, the cursor will automatically begin on the submenu selection that you last visited.

4.

Use the left and right buttons to switch between submenus if necessary.

5.

To enter into a submenu body, press the down button. You will only be able to highlight fields that can be changed.

6.

If the field has arrows on either side of your selection, use the directional arrow keys;

OR:

7.

If the line is highlighted, press the ENTER button to change a value, and use the directional keys to obtain the desired setting.

8.

Once your editing is done, press the ENTER button.

9.

Press ENTER again to confirm your choice in the confirmation menu that will appear on the right side of the screen.

CHAPTER 1 • SecureSync 2400 User Manual Rev. 2 7

8

1.3  SecureSync Front Panel

The main menu options and their functions are as follows:

Power Menu:

Management halt the unit (see

"Issuing the HALT Command Before Removing Power" on page 239

) reboot the unit (see

"Rebooting the System" on page 240

) restore the factory defaults (see

"Resetting the Unit to Factory Configuration" on page 321 )

Monitoring view the temperature status: Board Temp, CPU Temp, and OSC (oscillator)

Temp view the Fan(s) Speed

System view model number view serial number view software version view licenses view a rolling ribbon of option cards installed

GNSS Antenna Menu:

Constellations

CHAPTER 1 • SecureSync 2400 User Manual Rev. 2

1.3  SecureSync Front Panel view the status for GPS, GLONASS, BeiDou, Galileo, QNSS, and SBAS turn reception OFF or ON to any satellite system by selecting the status

Settings view or change receiver position mode view or set position view or change delay

Monitoring view the following information: antenna status

PPS validity time validity state view for each satellite system: chart of all visible satellites

Inputs Menu:

Settings view reference table enable or disable references (see

"Configuring Input Reference Priorities" on page 184

Monitoring

CHAPTER 1 • SecureSync 2400 User Manual Rev. 2 9

1.3  SecureSync Front Panel view each input reference view reference state, time, validity, and phase error

Time Menu: 

Settings: change the current time display

Monitoring: view the oscillator type, disciplining state, and TFOM value

Outputs Menu:

Settings view list of outputs available see outputs format enable or disable outputs (see

"Signature Control" on page 161

)

Network Menu:

Settings: Scroll to each ETH connection to view information or perform actions (see

"Setting Up an IP Address via the Front Panel" on page 51 ):

enable or disable DHCP view or set IP address view or change gateway view MAC address

10 CHAPTER 1 • SecureSync 2400 User Manual Rev. 2

1.4  Unit Rear Panel

Monitoring: View a graph for each ETH connection (highlight eth0 or eth1 and toggle left and right)

Alerts Menu:

Status show current major or minor alarms and descriptions

Monitoring

Test monitor memory usage monitor CPU usage monitor disk usage confirm that the buttons on your front panel are working (highlight Press

VALID to start testing buttons and push the ✓ ENTER key).

1.4

Unit Rear Panel

CHAPTER 1 • SecureSync 2400 User Manual Rev. 2 11

1.4  Unit Rear Panel

The SecureSync rear panel accommodates the connectors for all input and output references.

GPS/GNSS antenna connector (SMA)

10 MHz output (BNC female connector)

Multi I/O (sub HD15 connector)

1PPS out , configurable DCLS Output (BNC female connector)

ETH0 1GB Ethernet (RJ45 connector)

ETH1 Ethernet (SFP connector)

Serial console (RJ45 connector)

Two or six slots for option cards

AC power input connection

12

Figure 1-4: Standard rear panel

Optional input/output connectors depend on the installed option cards.

The ANTENNA connector is an SMA connector for the GNSS input from your GNSS antenna via a coax cable.

The 10 MHz BNC connector provides a 10 MHz sine-wave output signal.

The HD15 multi I/O connector provides 6 different configurable channels. These channels can be set to provide various outputs and inputs, such as 1PPS, HaveQuick,

IRIG, ATC, and GPIO.

The DCLS OUT BNC connector can be set to produce 1PPS, IRIG output,

HaveQuick output, or GPIO output. The default 1PPS signal offers a once-persecond square wave output signal, and can be configured to have either its rising or falling edge to coincide with the system’s on-time point.

The Ethernet RJ45 (Eth0) and SFP (Eth1) connectors provide an interface to the network for NTP synchronization and to obtain access to the SecureSync product

CHAPTER 1 • SecureSync 2400 User Manual Rev. 2

1.5  Option Cards

Web UI for system management. Eth0 has two small indicator lamps, “Good Link”

(green LED), and “Activity” (orange LED). The “Good Link” light indicates a connection to the network is present. The “Activity” light will illuminate when network traffic is detected.

Table 1-3: Ethernet status indicator lights

LED State Meaning

Orange

On

Off

Green On

Off

LAN Activity detected

No LAN traffic detected

LAN Link established, 10 or 100 Mbps

No link established

The rear Serial Console accepts commands to locally configure the unit via CLI.

The AC Power connector is the input for the AC power (does not include an

ON/OFF switch).

Typically, option cards will be installed at the factory. Should you purchase an extra option card at a later point, you will need to undergo field installation (for technically proficient service personnel only). Your local Sales Office will gladly assist you with the optimal option cards selection for your application.

1.5

Option Cards

Option Cards are circuit boards that can be installed into a SecureSync unit in order to add input and output functionality . Installation is normally done in the factory when the unit is built. Many cards, however, can be retrofitted in the field by qualified customer personnel

(see

"Option Card Field Installation Instructions" on page 339 ).

SecureSync has the capacity to hold either two or six option cards, depending on whether or not an extension board is installed in your unit. If you are not sure whether or not you have an extension board, identify the part number of your unit:

In the Web UI, navigate to TOOLS > Upgrade/Backup . In the System Configuration panel, your product number is listed under Model. OR;

On the front panel display, press the POWER button, and navigate over to the

System submenu. Your part number is listed under Model Number.

CHAPTER 1 • SecureSync 2400 User Manual Rev. 2 13

1.5  Option Cards

If your product number begins with the numbers 240 2 , then your unit does not contain an extension board and has a two-option card capacity. If your product number begins with the numbers 240 6 , then your unit contains an extension board, and can house up to six option cards. For more information, contact your Orolia sales personnel.

Caution: NEVER install an option card from the back of the unit, ALWAYS from the top. It is therefore necessary to remove the top cover of the main chassis (housing).

Input and outputs can be categorized by:

Communication direction :

Input

Output

Signal type :

Frequency: 1/5/10/[programmable] MHz

Wave form (square, sinus)

1PPS

TTS

CTCSS

Signal protocol :

ASCII time code

IRIG

STANAG

Have Quick

E1/T1 data

Telecom timing, etc.

Ethernet (NTP, PTP)

Time code I/O

Alarm out, etc.

Functionality :

Networking card (incl. NTP, PTP)

Time code I/O

14 CHAPTER 1 • SecureSync 2400 User Manual Rev. 2

1.5  Option Cards

1.5.1

Alarm output

Special functionality e.g., revertive selector, bidirectional communication

Connector type :

BNC

DB-9/25

Terminal block

RJ-12/45

SFP

ST fiber optic

To visually identify an option card installed in your unit, or to obtain an overview which option cards are available for SecureSync, see

"Option Cards Overview" below

.

To obtain detailed information on a specific option card, using its ID number, see

"Option

Card Identification" on page 18

.

To locate option card topics in this manual by their heading or functionality, see

"Option

Cards" on page 333 . This Chapter also includes information on

field installation and Web

UI functionality.

To visually identify a connector type, see

"Option Card Connectors" on page 21

.

Option Cards Overview

The table below lists all SecureSync option cards available at the time of publication of this document, sorted by their function .

The table column (see table below) Web UI Name refers to the names under which the cards installed in a SecureSync unit are listed in the INTERFACES > OPTION CARDS drop-down menu.

Detailed specifications and configuration assistance for every card can be found in the

APPENDIX. To quickly access the APPENDIX topic for your option card(s), you may use the hyperlinks in table

"Option cards listed by their ID number" on page 19 .

Note: * Every option card has a unique 2-digit ID number located on its cover plate, and in the center column of the table below. The complete Orolia Part Number for option cards is 1204-xx (e.g., 120418 ).

CHAPTER 1 • SecureSync 2400 User Manual Rev. 2 15

1.5  Option Cards

Table 1-4: Option cards identification

Function Web UI Name Illustration

Time and Frequency Cards

Quad 1PPS out (TTL)

1PPS Out BNC

Quad 1PPS out (10 V)

1PPS Out 10V

Quad 1PPS out (RS-

485)

Quad 1PPS out (fiber optic)

1in/3out

1PPS (TTL

[BNC])

5MHz out

1PPS Out, RS-

485

1PPS Out, Fiber

1PPS/Frequency

RS-485

5MHz Out

10 MHz out 10 MHz Out

1MHz out 1MHz Out

Progr.

frequ. out

(Sine

Wave)

Progr.

frequ out

(TTL)

Prog frequ out (RS-

485)

Square

Wave out

Prog Freq Out,

Sine

Prog Freq Out,

TTL

Prog Freq Out,

RS-485

Square Wave

Out, BNC

1PPS in/out

+ frequ. in

1PPS/Frequency

BNC

1PPS in/out

+ frequ. in

1PPS/Frequency

RS-485

2B

28

0

1PPS (1x)

08

0

1C

0

26

0

13

0

ID* Inputs

18

0

19

0

21

0

Outputs Conn.'s

1PPS, TTL

(4x)

1PPS, 10 V

(4x)

1PPS, RS-

485 (4x)

1PPS, F/O

(4x)

1PPS (3x)

BNC

(4x)

BNC

(4x)

Terminal block, 10pin

ST Fiber optic

(4x)

BNC

(4x)

5MHz (3x) BNC (3x)

10 MHz (3x) BNC (3x)

1MHz (3x) BNC (3x) progr. clock, sine (4x)

BNC

(4x)

2F 0 progr. clock,

TTL/sq. (4x)

BNC

(4x)

30

17

0

0

01

Var. frequ. +

1PPS

03

10 MHz +

1PPS progr. clock,

RS-485 (4x) square wave, TTL

(4x)

Terminal block, 10pin

BNC

(4x)

1PPS (TTL) BNC (3x)

1PPS Terminal block, 10pin

16 CHAPTER 1 • SecureSync 2400 User Manual Rev. 2

1.5  Option Cards

Function

CTCSS,

Data Sync/Clock

Web UI Name

Simulcast

Telecom Timing Cards

E1/T1 data,

75 Ω

E1/T1 Out BNC

E1/T1 data,

100/120 Ω

E1/T1 Out Terminal

E1/T1 data,

75 Ω

E1/T1 Out BNC

E1/T1 data,

100/120 Ω

E1/T1 Out Terminal

Time Code Cards

ASCII Time

Code RS-

232

ASCII Time

Code RS-

485

IRIG BNC

ASCII Timecode

RS-232

ASCII Timecode

RS-485

IRIG In/Out BNC

IRIG Fiber

Optic

IRIG In/Out,

Fiber

IRIG out,

BNC

IRIG out, fiber optic

IRIG Out BNC

IRIG Out, Fiber

IRIG out,

RS-485

STANAG input

IRIG Out, RS-485

STANAG In

Illustration ID*

14

0

Inputs Outputs Conn.'s data clock,

CTCSS frequ., 1PPS,

1 alarm (3x)

RJ-12 &

DB-9

09

0

0A

53

4C

0

0

0

1.544/2.048

MHz (1x) unbal. E1/T1

(2x)

1.544/2.048

MHz (1x) unbal. E1/T1

(2x) unbal. E1/T1

(4x)

BNC (3x)

Terminal block, 10pin

BNC

(4x) unbal. E1/T1

(4x)

Terminal block, 10pin

02

1

04

05

27

15

1E

22

1D

1

1

1

0

0

0

2x

RS-232 (1x) DB-9

(2x)

1

2

Terminal block, 10pin

BNC (3x)

2

4

4

4

1x

ST Fiber optic

(3x)

BNC

(4x)

ST Fiber optic

(4x)

Terminal block, 10pin

DB-25

(1x)

CHAPTER 1 • SecureSync 2400 User Manual Rev. 2 17

1.5  Option Cards

Function Web UI Name

STANAG in, isol.

STANAG In, Isolated

STANAG out

STANAG out, isol.

STANAG Out

STANAG Out,

Isolated

HAVE

QUICK out

BNC

HAVE

QUICK out

RS-485

HAVE

QUICK

HAVE QUICK

Out, BNC

HAVE QUICK

Out, RS-485

HAVE QUICK

Networking Cards

1Gb PTP:

Master only

Gb PTP

Illustration

Quad 1 Gb

NTP Server

Quad 1 Gb

Dual 1 Gb

NTP Server

Dual 1 Gb

Communication and Specialty Cards

STL (Satellite Time and Location)

Event in,

Broadcast out

Revertive

Selector

("Failover")

Alarm

Relay Out

STL

Event Broadcast n/a

Relay Output

ID*

24

2x

Inputs

11

0

25

0

10

0

1B

29

0

1

1x

Outputs Conn.'s

DB-25

(1x)

2x STANAG,

1x 1PPS

DB-25

(1x)

2x STANAG,

1x 1PPS

DB-25

(1x)

4 (TTL) BNC

(4x)

4

3

Terminal block, 10pin

BNC

(4x)

32

0

4A

0

49

0

3E

Satellite, Eth.

(Maintenance)

0

1PPS (1x

BNC), SFP

(1x)

4

BNC (1x),

SFP (1x)

2

SFP ports

SFP ports

SMA,

RJ45

23 BNC: Event trigger

2E

Frequ. or 1

PPS: (2x)

0F 0

DB-9: Event broadcast

Frequ. or

1PPS(1x)

DB-9 +

BNC (1x each)

BNC (3x)

Relay Out

(3x)

Terminal block, 10pin

1.5.2

Option Card Identification

There are several ways to identify which option card(s) are installed in your SecureSync unit:

18 CHAPTER 1 • SecureSync 2400 User Manual Rev. 2

1.5  Option Cards a.

Using the Web UI, navigate to the INTERFACES > OPTION CARDS drop-down menu, and compare the list displayed in your UI with the table

"Option cards identification" on page 16 .

b.

If you have physical access to your SecureSync unit, inspect its rear panel, and compare the 2-digit ID number printed in the lower left-hand corner on each option card with the table below.

1.5.2.1

Option Card Identification by ID/Part Number

If you are looking for information specific to a particular option card, the table below can help you find this information in this User Manual.

Note: * Every option card has a 2-digit identification ( ID ) number that can be found in the corner of its cover plate, and in the table below. The ID number is comprised of the two center digits of your option card's Orolia Part Number: 1204-0 18 0-0600.

Figure 1-5: Option Card ID number

The table lists all option cards available at the publication date of this documentation, sorted by their ID number . Locate the option card ID number on its cover plate, and follow the corresponding hyperlink in the right-hand column.

Table 1-5: Option cards listed by their ID number

Card

ID*

Card Name Name in UI

01

02

03

04

05

1PPS/freq input (TTL levels) module

ASCII Time Code module (RS-

232)

1PPS/freq input (RS-485 levels) module

ASCII Time Code module (RS-

485)

IRIG module, BNC (1 input, 2 outputs)

See ...

1PPS/Frequency

BNC

ASCII Timecode

RS-232

1PPS/Frequency

RS-485

ASCII Timecode

RS-485

IRIG In/Out BNC

"1PPS In/Out, 10 MHz In [1204-01, -

03]" on page 363

"ASCII Time Code In/Out [1204-

02, -04]" on page 445

"1PPS In/Out, 10 MHz In [1204-01, -

03]" on page 363

"ASCII Time Code In/Out [1204-

02, -04]" on page 445

"IRIG In/Out [1204-05, -27]" on page 403

CHAPTER 1 • SecureSync 2400 User Manual Rev. 2 19

1.5  Option Cards

Card

ID*

08

09

0A

0F

Card Name

5 MHz output module (3 outputs)

T1-1.544 (75 Ω) or E1-2.048

(75 Ω) module

T1-1.544 (100 Ω) or E1-2.048

(120 Ω) module

Alarm module

10

11

13

14

15

17

18

19

1B

1C

1D

1E

1F

21

22

HaveQuick output module

(TTL)

STANAG output module

IRIG module, Fiber Optic (4 outputs)

NENA Card

Quad 1 PPS output module

(RS-485 [terminal block])

IRIG module, RS-485 (4 outputs)

Name in UI

5 MHz Out

E1/T1 Out BNC

E1/T1 Out Terminal

Relay Output

HAVE QUICK

Out, BNC

STANAG Out

Programmable Frequency

Output module (Sine Wave)

Prog Freq Out,

Sine

CTCSS, Data Sync/Clock module ("Simulcast")

Simulcast

IRIG module, BNC (4 outputs) IRIG Out BNC

Square Wave (TTL) output module

Quad 1 PPS output module

(TTL)

Quad 1 PPS output module (10

V)

Sq Wv Out, BNC

1PPS Out BNC

1PPS Out 10V

HaveQuick output module (RS-

485)

HAVE QUICK

Out, RS-485

10 MHz Out 10 MHz output module (3 outputs)

STANAG input module STANAG In

IRIG Out, Fiber

NENA

1PPS Out, RS-

485

IRIG Out, RS-

485

See ...

"Frequency Out [1204-08, -1C, -

26]" on page 370

"T1/E1 Out [1204-09, -0A, -4C, -

53]" on page 390

"T1/E1 Out [1204-09, -0A, -4C, -

53]" on page 390

"Alarm Relay Out [1204-0F]" on page 487

"HAVE QUICK Out [1204-10, -1B]" on page 433

"STANAG Out [1204-11, -25]" on page 418

"Programmable Frequency Out

[1204-13, -2F, -30]" on page 373

"Simulcast (CTCSS/Data Clock)

[1204-14]" on page 381

"IRIG Out [1204-15, -1E, -22]" on page 397

"Programmable Square Wave Out

[1204-17]" on page 378

"1PPS Out [1204-18, -19, -21, -2B]" on page 354

"1PPS Out [1204-18, -19, -21, -2B]" on page 354

"HAVE QUICK Out [1204-10, -1B]" on page 433

"Frequency Out [1204-08, -1C, -

26]" on page 370

"STANAG In [1204-1D, -24]" on page 425

"IRIG Out [1204-15, -1E, -22]" on page 397

"NENA-Compliant Option Card [-

1F]" on page 492

"1PPS Out [1204-18, -19, -21, -2B]" on page 354

"IRIG Out [1204-15, -1E, -22]" on page 397

20 CHAPTER 1 • SecureSync 2400 User Manual Rev. 2

1.5  Option Cards

Card

ID*

Card Name Name in UI See ...

23

24

25

26

27

28

29

2A

2B

2E

2F

30

32

3E

4A Quad 1 Gb NTP Server

53

Event Broadcast module

STANAG isolated input module

STANAG isolated output module

1 MHz output module (3 outputs)

IRIG module, Fiber Optic (1 input, 1 outputs)

1-in/3-out 1 PPS module (TTL

[BNC])

1-in/3-out HaveQuick module

(TTL [BNC])

Quad 1 PPS output module

(Fiber Optic)

Revertive Selector module

("Failover")

Programmable Frequency

Output module (TTL)

Programmable Frequency

Output module (RS-485)

1Gb PTP module

STL input module

4C Differential Terminal Block 4

Port E1/T1 module

Single-ended BNC 4 port

E1/T1 module

Event Broadcast

STANAG In, Isolated

STANAG Out,

Isolated

1MHz Out

IRIG In/Out,

Fiber

1PPS/Frequency

RS-485

HAVE QUICK

1-in/3-out 1 PPS module (Fiber

Optic)

1PPS In/Out,

Fiber

1PPS Out, Fiber n/a

Prog Freq Out,

TTL

Prog Freq Out,

RS-485

Gb PTP

STL

Quad 1GBE

E1/T1 Out Quad

Terminal

E1/T1 Out Quad

BNC

"Event Broadcast [1204-23]" on page 505

"STANAG In [1204-1D, -24]" on page 425

"STANAG Out [1204-11, -25]" on page 418

"Frequency Out [1204-08, -1C, -

26]" on page 370

"IRIG In/Out [1204-05, -27]" on page 403

"1PPS In/Out [1204-28]" on page 358

"HAVE QUICK In/Out [1204-29]" on page 439

"1PPS In/Out [1204-28]" on page 358

"1PPS Out [1204-18, -19, -21, -2B]" on page 354

"Revertive Selector Card [1204-

2E]" on page 503

"Programmable Frequency Out

[1204-13, -2F, -30]" on page 373

"Programmable Frequency Out

[1204-13, -2F, -30]" on page 373

"PTP Grandmaster [1204-32]" on page 462

"STL Option Module [1204-3E]" on page 479

"NTP and Networking [4A, 49]" on page 458

"T1/E1 Out [1204-09, -0A, -4C, -

53]" on page 390

"T1/E1 Out [1204-09, -0A, -4C, -

53]" on page 390

1.5.3

Option Card Connectors

The table below lists the connector types used in SecureSync option cards.

CHAPTER 1 • SecureSync 2400 User Manual Rev. 2 21

1.6 Specifications

Table 1-6: Option card connectors

BNC

Connector Illustration Electr. Signals

Differential TTL xV, sine wave, programm.

square wave, AM sine wave, DCLS

ST Fiber Optic AM sine wave, DCLS

Timing signals

1PPS, frequency,

IRIG, HAVE QUICK,

PTP

IRIG, 1PPS

Terminal Block

[Recommended mating connector:

Phoenix Contact, part no. 182 7787]

DB-9

DB-25

RJ-12

RJ-45

SFP

SMA

RS-485

RS-232, RS-485

Differential TTL xV, RS-485

RS-485

1PPS, frequency,

ASCII time code,

IRIG, HAVEQUICK,

Alarm, T1/E1

ASCII time code,

GPS NMEA, data clocks,

CTCSS frequency,

1PPS, Alarm signal

STANAG data clock, CTCSS frequency,

1PPS, Alarm

PTP timing signal Gb-Ethernet

Ethernet

RF, differential TTL xV, sine wave, programm. square wave, AM sine wave, DCLS

NTP timing signal,

PTP timing signal

1PPS, frequency

1.6

Specifications

The specifications listed below apply to the SecureSync standard model, i.e. not including any option cards, and are based on “normal” operation, with SecureSync synchronized to valid Time and 1PPS input references (in the case of GNSS input, this is with the GNSS receiver operating in Stationary mode). 

Specifications for the available option cards are provided in their corresponding topics; see

"Option Cards Overview" on page 15

.

22 CHAPTER 1 • SecureSync 2400 User Manual Rev. 2

1.6 Specifications

1.6.1

Input Power

AC power source :

100 to 240 V

AC

, 50/60 Hz, ±10 %

Maximum power draw :

TCXO/OCXO oscillator installed: 40 W normal (50 W start-up)

Rubidium (Rb) oscillator installed: 50 W normal (80 W start-up)

Low-Phase Noise (LPN) Rubidium oscillator installed: 52 W normal (85 W start-up)

Backup Battery : SecureSync has an internal battery to support the Real Time Clock. The battery is a small recharging lithium coin cell that is not customer-replaceable. This battery will keep approximate time and date in a shutdown state over ~135 days before requiring recharge. After full drain, the battery will require ~5 days to fully recharge. Minimum battery life is ~30+ years.

Hotswap Power Supply : Some SecureSync models have hot-swappable power supplies and can ensure power redundancy in case of failure. Both power sleds have the same specifications as the standard AC Power Supply (see above). For information on safe operation, see

"Hotswap Power Supply" on page 46

.

1.6.2

GNSS Receiver

Model : u-blox M8T

Compatible signals :

GPS L1 C/A Code transmissions at 1575.42 MHz

GLONASS L1 0F transmissions centered at 1602.0 MHz

Galileo E1 B/C transmissions at 1575.42 MHz

BeiDou B1 transmissions centered at 1561.098 MHz

QZSS L1-SAIF transmissions at 1575.42 MHz

Satellites tracked : Up to 72 simultaneously

Update rate : up to 2Hz (concurrent)

Acquisition time : Typically < 27 seconds from cold start

Antenna requirements : Active antenna module, +5V, powered by SecureSync, 16 dB gain minimum

Antenna connector : SMA (SMA to N-type conversion cable included in anxillary kit)

CHAPTER 1 • SecureSync 2400 User Manual Rev. 2 23

1.6 Specifications

1.6.3

10 MHz Output

Signal : 10 MHz sine wave

Signal Level : +13 dBm ±2dB into 50 Ω

Harmonics : ˗ 40 dBc minimum

Spurious : ˗ 70 dBc minimum TCXO

Connector : BNC female

Signature Control : This configurable feature removes the output signal whenever a major alarm condition or loss of time synchronization condition is present. The output will be restored once the fault condition is corrected.

Accuracy rating depends on the oscillator selected during the ordering process.

Table 1-7: 10 MHz output — oscillator types and accuracies

Oscillator Type Accuracy

Low-phase noise Rubidium

Rubidium

Low-phase noise OCXO

OCXO

TCXO

1x10

-12 typical 24-hour average locked to GPS

1x10

-11 per day (5x10

-11 per month) typical aging unlocked

1x10

-12 typical 24-hour average locked to GPS

1x10

-11 per day (5x10

-11 per month) typical aging unlocked

1x10

-12 typical 24-hour average locked to GPS

2x10

-10 per day typical aging unlocked

2x10

-12 typical 24-hour average locked to GPS

1x10

-9 per day typical aging unlocked

1x10

-11 typical 24-hour average locked to GPS

1x10

-8 per day typical aging unlocked

Note: Oscillator accuracies are stated as fractional frequency (i.e. the relative frequency departure of a frequency source), and as such are dimensionless.

See also

"Configuring the Oscillator" on page 230

.

24 CHAPTER 1 • SecureSync 2400 User Manual Rev. 2

1.6 Specifications

Table 1-8: 10 MHz output — oscillator stability

Oscillator Type

Low-phase noise

Rubidium

Rubidium

Medium-Term Stability

(without GPS after 2 weeks of

GPS lock)

Short-Term Stability (Allan

1 sec.

5x10

-11 variance)

10 sec.

100 sec.

2x10

-11

5x10

-12

Temperature

Stability (p ˗ p)

1x10

-10

5x10

-11

/month (3x10

-11

/month typical)

5x10 -11 /month (3x10 -11 /month typical)

2x10

-10

/day

2x10

5x10

-11

-11

2x10

2x10

-12

-11

2x10

1x10

-12

-11

1x10

1x10

-10

-9

Low-phase noise

OCXO

OCXO

TCXO

5x10

-10

/day

1x10

-8

/day

5x10

-10

2x10

-9

5x10

-11

1x10

-9

1x10

-11

3x10

-10

5x10

-9

1x10

-6

1.6.3.1

10 MHz Output — Oscillator Phase Noise (dBc/Hz)

Oscillator Type

Low-phase noise Rubidium

Rubidium

Low-phase noise OCXO

OCXO

TCXO

@ 1Hz

˗ 100

˗ 80

˗ 100

˗ 95

./.

@ 10 Hz

˗ 128

˗ 98

˗ 128

˗ 123

./.

@ 100 Hz

˗ 148

˗ 120

˗ 148

˗ 140

˗ 110

@ 1KHz

˗ 153

˗ 140

˗ 153

˗ 145

˗ 135

@ 10 KHz

˗ 155

˗ 140

˗ 155

˗ 150

˗ 140

1.6.4

Multi I/O

The Multi I/O HD15-pin connector can be configured to provide different signals. For more information, see

"Configurable Connectors" on page 136 .

Connector : 15 pin D-Sub (HD15) female

Available signals : RS232, (2) RS485, IRIG AM OUT, DCLS in, DCLS out

Possible Outputs: 1PPS, ASCII Time Code, IRIG (DCLS), IRIG AM, HAVEQUICK,

GPIO

Possible Inputs ("References"): 1PPS, ASCII Time Code, HAVEQUICK, IRIG (DCLS)

Pinout :

CHAPTER 1 • SecureSync 2400 User Manual Rev. 2 25

1.6 Specifications

26

Figure 1-6: Multi I/O connector, viewed in mating direction on front of unit

Table 1-9: Multi I/O connector signal pinout

Pin

13

14

15

9

10

11

12

7

8

5

6

3

4

1

2

DCLS IN

GND

(First signal) RS485 A, non-inverting

(Second signal) RS485 A, non-inverting

RS232 TX OUT

DCLS OUT

GND

GND

GND

GND

IRIG AM OUT

GND

(First signal) RS485 B, inverting

(Second signal) RS485 B, inverting

RS232 RX IN

Signal

CHAPTER 1 • SecureSync 2400 User Manual Rev. 2

1.6 Specifications

Table 1-10: Multi I/O signal defaults

Pins

6 & 7

1 & 2

15 & 10

5 & 10

3, 8, 13

DCLS OUT

DCLS IN

RS232 IN

RS232 OUT

RS485 (1)

Channel

4, 9, 14

11 & 12

RS485 (2)

IRIG AM OUT

Default Signal

IRIG OUT

IRIG IN

ATC IN

ATC OUT

HAVEQUICK

OUT

HAVEQUICK IN

IRIG OUT (AM

ONLY)

1.6.5

DCLS Output

The rear panel DCLS OUT BNC female connector defaults to a 1PPS Output (see below), but can be configured to produce different output signals: IRIG Output, HaveQuick Output, and GPIO Output. For more information, see

"Configurable Connectors" on page 136

.

1.6.5.1

1PPS Output

Signal : One pulse-per-second square wave (ext. reference connected to GNSS receiver)

Signal level : TTL compatible, 4.3 V minimum, base-to-peak into 50 Ω

Pulse width : Configurable pulse width (200 ms by default)

Pulse width range : 20 ns to 900 ms

Rise time : <10 ns

Accuracy : Positive edge within ±50 ns of UTC when locked to a valid, traceable input reference

Connector : BNC female

Table 1-11: 1PPS output accuracies

Oscillator Type

Accuracy to UTC

(1 sigma locked to GPS)

Rubidium

OCXO

TCXO

±25 ns

±50 ns

±50 ns

Holdover (constant temp. after 2 weeks of GPS lock)

After 4 hours After 24 hours

0.2

μ s

1 μ s

12 μ s

1 μ

25 s

μ

450 s

μ s

CHAPTER 1 • SecureSync 2400 User Manual Rev. 2 27

1.6 Specifications

1.6.6

10/100/1000 Ethernet Port (RJ45)

ETH0

Function : 10/100/1000 Base-T, auto-sensing LAN connection for NTP/SNTP and remote management and configuration, monitoring, diagnostics and upgrade

Connector : RJ45, Network IEEE 802.3

1.6.7

10/100/1000 Ethernet Port (SFP)

ETH1

Function : 10/100/1000 (speed depends on connection) Base-T, auto-sensing LAN connection for NTP/SNTP and remote management and configuration, monitoring, diagnostics and upgrade

Connector : Ethernet via SFP

1.6.8

RS-232 Serial Port (Rear Panel)

Function : Accepts commands to locally configure the IP network parameters via CLI for initial unit configuration.

Connector : RJ45

Character structure : ASCII, 115200 baud, 1 start, 8 data, 1 stop, no parity

1.6.9

USB Serial Port (Front Panel)

Function : Accepts commands to locally configure the IP network parameters via CLI for initial unit configuration.

Connector : micro-B USB (requires installed driver; if your driver does not automatically install, visit:

https://www.ftdichip.com/Drivers/VCP.htm

)

Character structure : ASCII, 115200 baud, 1 start, 8 data, 1 stop, no parity

1.6.10

Protocols Supported

NTP : NTP Version 4. Provides MD5, Stratum 1 through 15 (RFC 5905).

Clients supported : The number of users supported depends on the class of network and the subnet mask for the network. A gateway greatly increases the number of users.

TCP/IP application protocols for browser-based configuration and monitoring: HTTP,

HTTPS

SFTP : For remote upload of system logs and (RFC 959)

Syslog : Provides remote log storage (RFCs 3164 and 5424)

SNMP : Supports v1, v2c, and v3

28 CHAPTER 1 • SecureSync 2400 User Manual Rev. 2

1.6 Specifications

Telnet/SSH : For limited remote configuration

Security features : Up to 32-character password, Telnet Disable, FTP Disable, Secure

SNMP, SNMP Disable, HTTPS/HTTP Disable, SCP, SSH, SFTP.

Authentication : LDAP v2 and v3, RADIUS, MD5 Passwords, TACAS+.

1.6.11

Mechanical and Environmental Specifications

Dimensions :

Designed for EIA 19” rack mount:

Housing w/o connectors and brackets:

16.75” W x 1.72” H [1U] x 14.33” D actual

(425 mm W x 44 mm H x 364 mm D)

Weight :

6.0 lbs (2.72 kg)

Temperature :

Operating:

–20°C to +65°C (55°C with Rubidium oscillator option)

Storage:

–40°C to +85°C

Humidity :

10% - 95% relative humidity, non-condensing @ 40°C

Altitude :

Operating:

100-240 V

AC

: up to 13120 ft (3999 m)

Storage range: up to 45000 ft (13716 m)

Shock and Vibration :

Operating:

ETSI EN 300 019-2-3 Class 3.2; IEC 60721-3-3 Class 3m12

Storage:

ETSI EN 300 019-2-3 Class 3.2; IEC 60721-3-3 Class 3m12

MIL-STD-810:

501.6, 502.6, 503.6, 507.6, 500.6, 516.7, 514.7

CHAPTER 1 • SecureSync 2400 User Manual Rev. 2 29

1.7  The SecureSync Web UI

1.7

The SecureSync Web UI

SecureSync has an integrated web user interface (referred to as "Web UI" throughout this documentation) that can be accessed from a computer over a network connection, using a standard web browser. The Web UI is the most complete way to configure the unit, and for status monitoring during everyday operation.

Note: If you prefer, an integrated Command- Line Interpreter interface

(CLI) allows the use of a subset of commands. See

"Command-Line Interface" on page 513 .

1.7.1

The Web UI HOME Screen

Note: Screens displayed in this manual are for illustrative purposes. Actual screens may vary depending upon the configuration of your product.

The HOME screen of the SecureSync web user interface ("Web UI") provides comprehensive status information at a glance, including: vital system information current status of the references key performance /accuracy data major log events .

The HOME  screen can be accessed from anywhere in the Web UI, using the HOME button in the Primary Navigation Bar :

The Primary Navigation Bar provides access to all menus:

HOME : Return to the HOME screen (see above)

INTERFACES : Access the configuration pages for …

… references (e.g., GNSS, NTP)

… outputs (e.g. 10 MHz, PPS, NTP) and

… installed input/output option cards.

MANAGEMENT : Access the NETWORK setup screens, and OTHER setup screens e.g., to configure Reference Priorities, System Time, and the Oscillator.

TOOLS : Opens a drop-down menu for access to the system maintenance screens and system logs.

30 CHAPTER 1 • SecureSync 2400 User Manual Rev. 2

1.7  The SecureSync Web UI

HELP : Provides Spectracom Service Contact Information and high-level system configurations you may be required to furnish when contacting Orolia Service.

1.7.2

The INTERFACES Menu

The INTERFACES menu on the Main screen provides access to SecureSync's:

External REFERENCES e.g., the GNSS reference input

Detected OUTPUTS, such as 10 MHz and 1PPS

Installed OPTION CARDS.

Clicking on any of the line items will open a status screen, providing real-time information on the selected interface e.g., availability, performance data and events history.

To configure settings for the selected interface, click the GEAR icons or buttons provided on most of the status screens. Icons like the INFO symbol provide access to more detailed status information and history data.

Note: Many of the interfaces can be accessed through different menu items e.g., an optional output will be available under the OPTION CARDS menu and the OUTPUTS menu.

The headings of each of the INTERFACES drop-down menus ( white on orange ) open overview status screens for the respective menu items.

1.7.3

The Configuration MANAGEMENT Menu

The MANAGEMENT menu on the Web UI's Main screen provides access to SecureSync's configuration screens and settings.

On the left side, under NETWORK , the following standard setup screens can be found:

CHAPTER 1 • SecureSync 2400 User Manual Rev. 2 31

1.7  The SecureSync Web UI

Pin Layout

Network Setup

HTTPS Setup

SSH Setup

SNMP Setup

NTP Setup

PTP Setup

Under OTHER , you can access non-network related screens:

Authentication : Manage user accounts, Security Policy, LDAP Setup, RADIUS setup, Login Preference and Remote Servers. Change My Password is also available.

Reference Priority : Define the order of priority for timing inputs.

Notifications : Configure the notifications triggered by SecureSync’s events. A notification can be a combination of a mask alarm and/or SNMP Trap and/or email.

Time Management : Manage the Local Clock, UTC Offset, DST Definition and Leap

Second information.

Log Configuration : Manage the system logs.

Disciplining : Manage oscillator disciplining.

Change My Password : Configure the admin password.

1.7.4

The TOOLS Menu

The TOOLS menu on the Web UI's Main screen provides access to:

The System Upgrade screen

System and network monitoring screens

Miscellaneous system administration screens

Log screens

32 CHAPTER 1 • SecureSync 2400 User Manual Rev. 2

1.8  Regulatory Compliance

1.8

Regulatory Compliance

This product has been found to be in conformance with the following regulatory publications.

FCC

This equipment has been tested and found to comply with the limits for a Class A digital device , pursuant to Part 15 of the FCC Rules .

These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment . This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the user documentation, may cause harmful interference to radio communications.

Operation of this equipment in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his/her own expense.

Note: This is a Class A product. In a domestic environment this product may cause radio interference in which case the user may be required to take adequate measures.

Safety

This product has been tested and meets the requirements specified in:

IEC 62368-1:2014

EN 62368-1:2014 +A11:2017

UL 62368-1:2014

CAN/CSA-C22.2 NO. 62368-1-14

EMC Compliance

This product has been tested and meets the following standards:

EN 55032:AC:2016

ICES-003 Issue 6: Class A

FCC CFR 47 PART 15 SubPart B: 2020

EN55035:2017: Class A

AS/NZS CISPR 32:2015/AMDI1.2019

Radio Spectrum Efficiency: EN 301 489-1 V2.2.3 (2019-11) and EN 301 489-17

V3.2.2 (2019-12)

CHAPTER 1 • SecureSync 2400 User Manual Rev. 2 33

1.8  Regulatory Compliance

European Directives

This product has been tested and complies with the following:

2014/30/EU Electromagnetic Compatibility (EMC)

2014/35 EU Low Voltage (LVD)

2011/65/EU with amendments EU 2015/863 on the Restriction of Hazardous Substance (RoHS3)

2014/53/EU Radio Equipment Directive (RED)

Environmental Compliance

WEEE (Waste Electrical and Electronic Equipment)

REACH (Registration, Evaluation, Authorization and Restriction of Chemicals)

34 CHAPTER 1 • SecureSync 2400 User Manual Rev. 2

SETUP

The following topics are included in this Chapter:

2.1 Installation Overview

2.2 Unpacking and Inventory

2.3 Required Tools and Parts

2.4 SAFETY

2.5 Mounting the Unit

2.6 Connecting the GNSS Input

2.7 Connecting Network Cables

2.8 Connecting Inputs and Outputs

2.9 Connecting Supply Power

2.10 Powering Up the Unit

2.11 Zero Configuration Setup

2.12 Setting up an IP Address

2.13 Accessing the Web UI

2.14 Configure Network Settings

2.15 Configure NTP

2.16 Configuring PTP

2.17 GPSD Setup

2.18 Configurable Connectors

2.19 Configuring Input References

2.20 Configuring Outputs

2.21 The Option Cards Screen

2.22 Signature Control

44

45

45

47

48

49

56

58

36

37

38

39

41

43

96

129

134

136

140

148

160

161

CHAPTER 2 • SecureSync 2400 User Manual 35

2.1  Installation Overview

2.1

2.1.1

Installation Overview

This section provides an outline of the steps that need to be performed prior to putting

SecureSync into service. This includes:

Installation : Hardware setup, mechanical installation, physical connections.

Setup : Establish basic access to the unit, so as to allow the use of the web user interface ("Web UI").

Configuration : Access the Web UI, configure the network, input and output references, protocols (e.g., NTP), other settings.

The following factors determine which steps need to be taken: a.

Your existing infrastructure and how you plan on integrating SecureSync into it (for example, integrating it into an existing Ethernet network, or setting-up a standalone installation.) b.

How you would like to setup basic network configuration parameters:

Using the unit's front panel keypad and information display

Using a PC connected to SecureSync via serial cable

Using a PC connected to SecureSync via network cable.

You can connect your PC to SecureSync either…

…directly by means of a dedicated Ethernet cable, or

…indirectly, using your existing Ethernet network (using a network hub).

c.

The option cards configuration of your unit: Is your SecureSync equipped with any option cards, such as additional input references, or additional signal distribution cards? If so, they need to be configured separately via the SecureSync Web UI, once the network configuration is complete.

Main Installation Steps

The following list is a recommendation. Deviations are possible, depending on the actual application and system configuration.

1.

Read the Safety instructions:

"SAFETY" on page 39

.

2.

Unpack the unit, and take inventory:

"Unpacking and Inventory" on the facing page

.

3.

Obtain required tools and parts:

"Required Tools and Parts" on page 38 .

4.

Mount the unit: .

"Mounting the Unit" on page 41 .

36 CHAPTER 2 • SecureSync 2400 User Manual Rev. 2

2.2  Unpacking and Inventory

5.

Connect Input References such as your GNSS antenna, and network cable(s):

"Connecting the GNSS Input" on page 43 , and

"Connecting Network Cables" on page 44 .

6.

Connect your power supply/-ies:

"Connecting Supply Power" on page 45

.

7.

Power up the unit:

"Powering Up the Unit" on page 238 .

8.

Setup basic network connectivity.… i.

…via front panel keypad and information display:

"Setting Up an IP Address via the Front Panel" on page 51

ii.

…or via serial port, using a PC with a CLI:

"Setting Up an IP Address via the

Serial Port" on page 54

iii.

…or via Ethernet, using a PC with a web browser, and the SecureSync Web UI:

"Accessing the Web UI" on page 56

.

9.

Register your product:

"Product Registration" on page 278

.

2.2

Unpacking and Inventory

Caution: Electronic equipment is sensitive to Electrostatic Discharge

(ESD). Observe ESD precautions and safeguards when handling the unit.

Unpack the equipment and inspect it for damage. If any equipment has been damaged in transit, or you experience any problems during installation and configuration of your Orolia product, please contact Orolia (see

"Technical Support" on page 563 ).

Note: Retain original packaging for use in return shipments if necessary.

The following items are included with your shipment:

SecureSync unit

QuickStart Guide (printed version)

Ancillary items (except for rack mounting items, the contents of this kit may vary based on equipment configuration and/or regional requirements)

Purchased optional equipment (note that option cards listed on the purchase order will be pre-installed in the unit). See

"Option Card Identification" on page 18

and

"Option Cards Overview" on page 15

.

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2 37

2.3  Required Tools and Parts

2.3

Required Tools and Parts

Depending on your application and system configuration, the following tools and parts may be required:

Phillips screwdrivers to install the rack-mount ears, and to mount the unit in a 19"rack

Ethernet cables (see

"Connecting Network Cables" on page 44 ).

2.3.1

Required GNSS Antenna Components

Should you plan on using a GNSS reference with your SecureSync, you will also need the following items (sold separately):

Antenna cable with SMA connector, or conversion cable

Note: The SMA-to-N-type conversion cable included in the ancillary kit is approved for pull weight of up to 60 lbs. If you are using a heavier cable, you will need to apply appropriate strain relief.

GNSS antenna with mounting bracket

GNSS antenna surge suppressor (recommended)

GNSS antenna inline amplifier (optional for short cable lengths)

For antenna installation guidelines, see the separate documentation shipped with the antenna components.

38 CHAPTER 2 • SecureSync 2400 User Manual Rev. 2

2.4  SAFETY

2.4

SAFETY

Safety: Symbols Used

Table 2-1: Safety symbols used in this document, or on the product

Symbol Signal word Definition

DANGER!

Potentially dangerous situation which may lead to personal injury or death! Follow the instructions closely.

Caution, risk of electric shock.

CAUTION!

CAUTION!

NOTE

Potential equipment damage or destruction!

Follow the instructions closely.

Tips and other useful or important information.

ESD

Analog Ground

Recycle

Risk of Electrostatic Discharge! Avoid potential equipment damage by following ESD Best Practices.

Shows where the protective ground terminal is connected inside the instrument. Never remove or loosen this screw!

Recycle the mentioned components at their end of life.

Follow local laws.

SAFETY: Before You Begin Installation

This product has been designed and built in accordance with state-of-the-art standards and the recognized safety rules. Nevertheless, its use may constitute a risk to the operator or installation/maintenance personnel, if the product is used under conditions that must be deemed unsafe, or for purposes other than the product's designated use, which is described in the introductory technical chapters of this guide.

DANGER!

If the equipment is used in a manner not specified by the manufacturer, the protection provided by the equipment may be impaired.

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2 39

2.4  SAFETY

Before you begin installing and configuring the product, carefully read the following important safety statements. Always ensure that you adhere to any and all applicable safety warnings, guidelines, or precautions during the installation, operation, and maintenance of your product.

DANGER!

— INSTALLATION OF EQUIPMENT:

Installation of this product is to be done by authorized service personnel only. This product is not to be installed by users/operators without legal authorization. Installation of the equipment must comply with local and national electrical codes.

DANGER!

— DO NOT OPEN EQUIPMENT, UNLESS AUTHORIZED:

The interior of this equipment does not have any user-serviceable parts.

Contact Orolia Technical Support if this equipment needs to be serviced.

Do not open the equipment, unless instructed to do so by Orolia Service personnel. Follow Orolia Safety instructions and observe all local electrical regulatory requirements.

DANGER!

– IF THE EQUIPMENT MUST BE OPENED:

Never remove the cover or blank option card plates while power is applied to this unit.

DANGER!

— GROUNDING:

This equipment must be EARTH GROUNDED.

This product is grounded through the power supply. There is an additional, supplementary chassis ground on the rear panel.

Never defeat the ground connector or operate the equipment in the absence of a suitably installed earth ground connection. Contact the appropriate electrical authority or an electrician if you are unsure that suitable earth grounding is available.

DANGER!

This unit might have more than one power supply connection. All connections must be removed to de-energize the unit

40 CHAPTER 2 • SecureSync 2400 User Manual Rev. 2

2.5  Mounting the Unit

Caution: Electronic equipment is sensitive to Electrostatic Discharge

(ESD). Observe all ESD precautions and safeguards when handling Orolia equipment.

SAFETY: User Responsibilities

The equipment must only be used in technically perfect condition. Check components for damage prior to installation. Also check for loose or scorched cables on other nearby equipment.

Make sure you possess the professional skills, and have received the training necessary for the type of work you are about to perform.

Do not modify the equipment.

Use only spare parts authorized by Orolia.

Always follow the instructions set out in this User Manual, or in other Orolia documentation for this product.

Observe generally applicable legal and other local mandatory regulations.

SAFETY: Other Tips

Keep these instructions at hand, near the place of use.

Keep your workplace tidy.

Apply technical common sense: If you suspect that it is unsafe to use the product, do the following:

Disconnect the supply voltage from the unit.

Clearly mark the equipment to prevent its further operation.

2.5

Mounting the Unit

SecureSync units can be operated on a desktop or in a rack in a horizontal , right-side-up position. The location needs to be well-ventilated, clean and accessible.

Caution: For safety reasons the SecureSync unit is intended to be operated in a HORIZONTAL POSITION, RIGHT-SIDE-UP.

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2 41

2.5  Mounting the Unit

The SecureSync unit will install into any EIA standard 19-inch rack. SecureSync occupies one rack unit of space for installation, however, it is recommended to leave empty space of at least one rack unit above and below the SecureSync unit to allow for best ventilation.

Rack mounting requirements:

The maximum ambient operating temperature must be observed. See

"Mechanical and Environmental Specifications" on page 29

for the operating temperature range specified for the type of oscillator installed in your SecureSync unit.

If the SecureSync unit is to be installed in a closed rack, or a rack with large amounts of other equipment, a rack cooling fan or fans should be part of the rack mount installation.

Installation of the unit in a rack should be such that the amount of air flow required for safe operation of the equipment is not compromised.

Follow the mounting directions described below to prevent uneven mechanical loading , possibly resulting in a hazardous condition.

Do not overload power supply circuits . Use only supply circuits with adequate overload protection. For power requirements, see

"Input Power" on page 23 .

Reliable grounding of rack-mounted equipment must be maintained. Particular attention must be given to supply connections other than direct connections to the branch circuit (e.g., use of power strips).

2.5.1

Rack Mounting (Ears)

The SecureSync ancillary kit contains the following parts needed for rack mounting:

2 each 2400-1000-0714 equipment rack mount ears

6 each HM20R-04R7-0010 M4 flat head Phillips screws

(optional) 2 each 2400-1000-0706 rear rack mount ears for ruggedization

The following customer supplied items are also needed:

4 each #10-32 pan head rack mount screws

1 each #2 Phillips head screwdriver

1 each 3/32" straight screwdriver

To rack mount the SecureSync unit:

1.

Attach the 2400-1000-0714 rack mount brackets to the sides of the SecureSync with the rack mounts ears facing outward, aligned with the front edge of the

SecureSync front panel. To secure, use the #2 Phillips screwdriver, and 3 each of the HM20R-04R7-0010 M4 flat head Phillips screws per side. Note: if you

42 CHAPTER 2 • SecureSync 2400 User Manual Rev. 2

2.6  Connecting the GNSS Input purchased additional rear rack mounts, you will align the holes on the mount with the screw hole closest to the keyholes slots at the rear of the chassis.

2.

Secure the rack mount brackets to the rack using the #10-32 rack mount screws and #2 Phillips head screwdriver, 2 each per side of the rack. 

2.6

Connecting the GNSS Input

Typical installations include GNSS as an external reference input. If the GNSS receiver is not installed or if the GNSS will not be used as a SecureSync reference, disregard the steps to install the GNSS antenna and associated cabling.

1.

Install a GNSS antenna, surge suppressor, antenna cabling, and GNSS preamplifier (if required). Refer to the documentation included with your GNSS antenna for information regarding GNSS antenna installation.

Note: The SMA-to-N-type conversion cable included in the ancillary kit is approved for pull weight of up to 60 lbs. If you are using a heavier cable, you will need to apply appropriate strain relief.

For additional information on GNSS antenna installation considerations, including cabling, an Orolia tech note is available

here

.

2.

Connect the GNSS cable to the rear panel antenna input jack.

Initial synchronization with GNSS input may take up to 12 minutes (approximately) when used in the default stationary GNSS operating mode. If using GNSS, verify that GNSS is the synchronization source by navigating to MANAGEMENT > OTHER: Reference Priority :

Confirm that GNSS is Enabled , and its Status for TIME and 1PPS is valid (green).

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2 43

2.7  Connecting Network Cables

2.7

Connecting Network Cables

44

SecureSync includes two BASE 10/100/1000 Ethernet ports (ETH0- RJ45, and ETH1-

SFP) for full NTP functionality, as well as a comprehensive web-based user interface

("Web UI") for configuration, monitoring and diagnostic support.

Before connecting the network cable(s), you need to decide which port(s) you want to use for which purpose (e.g., ETH0 for configuration only, etc.), and how you want to configure basic network connectivity e.g., the IP address: a.

Configure SecureSync via the unit's front panel: See

"Setting Up an IP Address via the Front Panel" on page 51

.

b.

Configure SecureSync by means of a PC connected to an existing network.

When connecting to a hub, router, or network computer, use a straightthrough wired, shielded CAT 5, Cat 5E or CAT 6 cable with RJ45 connectors (Eth0) or SFP connectors (Eth1) . Connect one end to the Ethernet port on the SecureSync rear panel, and the opposite end of the cable to a network hub or switch.

c.

Configure SecureSync by connecting a stand-alone computer directly via a dedicated network cable (standard-wired, or crossover cable):

When connecting directly to a stand-alone PC, use a network cable. Connect the cable to the NIC card of the computer.

Since no DHCP server is available in this configuration both SecureSync, and the PC must be configured with static IP addresses that are on the same subnet (10.1.100.1 and 10.1.100.2 with a subnet mask value of 255.255.255.0 on both devices, for example). For more information on configuring static IP addresses, see

"Assigning a Static IP Address" on page 51

.

On Eth0: Once the unit is up and running, verify that the green link light on the Ethernet port is illuminated. The amber “Activity” link light may periodically illuminate when network traffic is present.

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2

2.8  Connecting Inputs and Outputs

2.8

Connecting Inputs and Outputs

SecureSync can synchronize not only to an external GNSS reference signal, but also to other optional external references such as IRIG, HAVE QUICK and ASCII inputs (in addition to network based references such as NTP and/or PTP).

At the same time, SecureSync can output timing and frequency signals for the consumption by other devices via the same formats as listed above.

E X A M P L E :

With the available IRIG Input/Output option card module (Model 1204-05) installed in an option bay, IRIG time code from an IRIG generator can also be applied as an external reference input

(either in addition to, or in lieu of GNSS, NTP, user set time and other available reference inputs).

To use e.g., an external IRIG reference, connect the IRIG time source to the BNC connector “J1” on the optional IRIG Input/Output module. For additional information on optional connectivity, such as pinout tables, signal levels and other specifications, see

"Option Cards" on page 333 .

Note that some option cards offer both input and output functionality, while others offer only one or the other.

2.9

Connecting Supply Power

Depending on the equipment configuration at time of purchase, SecureSync can be powered from: an AC input

Before connecting power to the unit, be sure that you have read all safety information detailed in section

"SAFETY" on page 39

.

2.9.1

Using AC Input Power

Connect the AC power cord supplied in the SecureSync ancillary kit to the AC input on the rear panel and the AC power source outlet.

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2 45

2.9  Connecting Supply Power

Note: Important! SecureSync is earth grounded through the AC power connector. Ensure SecureSync is connected to an AC outlet that is connected to earth ground via the grounding prong (do not use a two prong to three prong adapter to apply AC power to SecureSync).

2.9.2

Hotswap Power Supply

DANGER!

Remove the connected power source BEFORE attempting to remove a power sled for replacement.

Caution: Only use Orolia-approved replacement parts. Incorrect parts may cause damage to the product.

The hot swap power supply option consists of two sleds with redundant power systems.

Each sled has identical power ratings. When both power supplies are active, the electrical draw is shared between the two sleds. If one power supply is damaged or removed, the other sled will automatically take the entire power load without any necessary configuration.

You can view or the status of the power supplies through the Web UI. The main Power light indicates whether the unit has at least one active, legitimate power supply.

The Hotswap Status Window for each sled contains a Valid indicator light, the Power

Type, Fan Enabled/Disabled, the Fan PWM and Speed, and the Temperature, Voltage, and

Current statuses for each power supply.

46

Figure 2-1: Hot Swap Power Supply installation (rear view)

To remove a power supply sled, first unplug the power input to be removed. Then, press the lever fully down and pull on the handle.

To install a power supply , insert the sled until the latch clicks and the rear panel of the supply is aligned with the rear panel of the SecureSync.

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2

2.10  Powering Up the Unit

After installing power supplies, functionality can be confirmed through the Web UI or by using the CLI command

HS_GetStatus 0

2.10

Powering Up the Unit

1.

After installing your SecureSync unit, and connecting all references and network(s), verify that power is connected, and wait for the device to boot up.

Note: SecureSync does not have a power switch. When the unit is plugged in, the power will be on (unless you have an additional condition, such as your unit has been halted).

2.

Observe that the front panel illuminates The time display will reset and then start incrementing the time.

Figure 2-2: SecureSync front panel

3.

Check the front panel status LED indicators:

The Power LED should be lit (not flashing).

The GNSS LED will be either OFF or flashing HEARTBEAT, since synchronization has not yet been achieved.

The Alarms LED light should be OFF (startup behavior) or HEARTBEAT

(acquiring fix behavior). A FAST blinking pattern would indicate the unit requires attention.

For additional information, see

"Status LEDs" on page 4

and

"Status Monitoring via Front

Panel" on page 279

.

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2 47

2.11  Zero Configuration Setup

2.11

Zero Configuration Setup

As an alternative to conventional network configuration, SecureSync can also be set up using the zero-configuration networking technology ("zeroconf").

Note: You can use Zeroconf on either Ethernet port if DHCP is enabled.

Zeroconf must be used with a DHCP server.

When using zeroconf, a TCP/IP network will be created automatically, i.e. without the need for manual configuration: Once SecureSync's ETH connector is connected to a network, you can directly access the SecureSync Web UI, using a standard web browser, without any configuration.

Zeroconf can be used to connect to the unit through the Web UI:

when you need to identify the IP address assigned to your unit through DHCP in circumstances when your unit is not connected directly to a PC when you wish to access the Web UI of your SecureSync without using the CLI commands or serial connection anytime the IP address of a unit is not known (for instance, if you have "lost" your unit on a network).

Zeroconf Requirements

Prior to using zeroconf, ensure the following requirements are met:

Your network is DHCP enabled, and DHCP is enabled on the individual ETH port you are using (this is the default setting).

The PC you will use to communicate with your unit is connected to the same network as your SecureSync.

Windows 7/8 users should install Bonjour Print Services, otherwise access to

*.local

addresses will not be possible.

Windows 10 already supports mDNS and DNS-SD, hence there is no need to install additional software.

48 CHAPTER 2 • SecureSync 2400 User Manual Rev. 2

2.12  Setting up an IP Address

2.11.1

Using Zeroconf

Connect to the Web UI of your SecureSync unit in these steps:

1.

Obtain the last 6 digits of the MAC address: e.g., "

0E 51 7B

". The MAC address can be found:

On the front panel display under the Network menu

On the serial number label on the side on the unit

Through the CLI using the ifconfig command.

2.

Connect the SecureSync to a router on your LAN via ETH0 or ETH1 connector.

3.

Connect the power supply to the SecureSync unit.

4.

On a connected computer, open your web browser and in the URL field type the following:

securesync-[xxxxxx].local/

where the [xxxxxx] of the hostname are the last six digits of the MAC address.

(If your browser doesn't recognize the information as an address, it may be necessary to add the prefix http:// or https:// )

You should now connected to the unit Web UI and can login using the factory default credentials:

Username: spadmin

Password: admin123

Once you logged into the SecureSync via zeroconf, you can retrieve the DHCP address for future use:

Navigate to MANAGEMENT: NETWORK > Network Setup . In the Ports panel, click on the information button next to each Ethernet port. The popup window will display the assigned DCHP IP address for the selected port.

See

"Setting up an IP Address" below

or

"Accessing the Web UI" on page 56

for more information.

2.12

Setting up an IP Address

In order for SecureSync to be accessible via your network, you need to assign an IP address to SecureSync, as well as a subnet mask and gateway, unless you are using an address assigned by a DHCP server.

There are several ways to setup an IP address , described below:

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2 49

2.12  Setting up an IP Address via the front panel keypad and information display remotely …

… via serial cable

… via dedicated network cable

… via a DHCP network.

Before you continue …

… please obtain the following information from your network administrator:

Available static IP address

This is the unique address assigned to the SecureSync unit by the network administrator. Make sure the chosen address is outside of the DHCP range of your DHCP server.

Subnet mask (for the network)

The subnet mask defines the number of bits taken from the IP address that are used in the network portion. The number of network bits used in the net mask can range from 8 to 30 bits.

Gateway address

The gateway (default router) address is needed if communication to the

SecureSync is made outside of the local network. By default, the gateway is disabled.

Note: Make sure you are assigning a static IP address to your SecureSync unit that is outside of the DHCP range defined for the DHCP server. Your system administrator will be able to tell you what this range is.

2.12.1

Dynamic vs. Static IP Address

On a DHCP network (Dynamic Host Configuration Protocol), SecureSync's IP address will be assigned automatically once it is connected to the DHCP server. This negotiated address and other network information are displayed on the unit front panel when the unit boots up.

If you plan on allowing your SecureSync to use this negotiated DHCP Address on a permanent basis, you can skip the following topics about setting up an IP address, and instead proceed to

"Accessing the Web UI" on page 56

, in order to complete the SecureSync configuration process.

50 CHAPTER 2 • SecureSync 2400 User Manual Rev. 2

2.12  Setting up an IP Address

Please note:

Unless you are using DNS in conjunction with DHCP (with the client configured using

SecureSync's hostname instead of IP address), Orolia recommends to disable DHCP for

SecureSync, and instead use a static IP address. Failure to do this can result in a loss of time synchronization, should the DHCP server assign a new IP address to SecureSync.

2.12.2

Assigning a Static IP Address

Orolia recommends assigning a static IP address to SecureSync, even if the unit is connected to a DHCP server.

This can be accomplished in several ways: a.

Via the keypad and information display on the front panel of the unit, see

"Setting Up an IP Address via the Front Panel" below

b.

By connecting the SecureSync to an existing DHCP network , temporarily using the assigned DHCP address, see

"Setting Up a Static IP Address via a DHCP Network" on page 53 .

c.

By connecting a Personal Computer to SecureSync via a serial cable , see

"Setting

Up an IP Address via the Serial Port" on page 54

.

d.

By connecting a Personal Computer directly to SecureSync via a dedicated Ethernet cable , see

"Setting up a Static IP Address via Ethernet Cable" on page 55 .

2.12.2.1

Setting Up an IP Address via the Front Panel

Assigning an IP address to SecureSync, using the front panel keypad and information display is a preferred way to provide network access to the unit, thus enabling you thereafter to complete the setup process via the Web UI.

Note: The following instructions apply to IPv4. To configure static addresses in IPv6, you will need to use either the CLI or the front panel.

Keypad Operation

Figure 2-3: Front panel keypad and menu buttons

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2 51

2.12  Setting up an IP Address

The functions of the keys are:

◀ ▶ ▲ ▼ arrow keys : Navigate to a menu option (will be highlighted); move the focus on the screen; switch between submenus

▲ ▼ arrow keys : Scroll through parameter values in edit displays; move the focus on the screen

✓ ENTER key: Select a menu option, or confirm a selection when editing the seven main menus.

menu buttons : Press these buttons to navigate to each of

Detailed information on the front panel display menus can be found at

"Front Panel

Keypad, and Display" on page 6

IP configuration, step-by-step instructions:

A.

Disable DHCP:

1.

Press the Network.Menu Button . Ensure that you are on the Settings submenu.

2.

Using the arrow key, press down once and press L/R to select the Ethernet interface for which DHCP is to be disabled, such as eth0 .

52

3.

Press down to highlight the current DHCP state [ ON or OFF ], and press

ENTER to change the setting.

4.

Use the arrow keys to select OFF, and press the ENTER key twice (once to enter the setting, and once to confirm when the confirmation menu appears

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2

2.12  Setting up an IP Address to the right).

B.

Enter IP Address and Subnet Mask :

1.

Select the

IPv4 Address row, press ENTER to allow changes, and use the up and down arrows to change 000.000.000.000/00 to the value of the static IP address and subnet mask/network bits to be assigned (for a list of subnet mask values refer to the table

"Subnet mask values" on page 55 ).

2.

Press the ✓ ENTER key once to enter the setting, then again to confirm the new setting in the confirmation menu.

C.

Enter the Gateway Address (if required)

1.

Highlight the gateway row. Press the ✓ key once to enter the setting.

2.

The display will change, allowing you to input an address at

000.000.000.000

. Enter the gateway address here. The address entered must correspond to the same network IP address assigned to SecureSync.

The remainder of the configuration settings can be performed via the Web UI (accessed via an external workstation with a web browser such as Firefox ® or Chrome ® ). For more information, see

"The Web UI HOME Screen" on page 30 .

2.12.2.2 Setting Up a Static IP Address via a DHCP Network

To setup a permanent static IP address, after connecting SecureSync to a DHCP network:

1.

Enter the IP address shown on the front panel information display of your

SecureSync unit into the address field of your browser (on a computer connected to the SecureSync network). If the network supports DNS, the hostname may also be entered instead (the default hostname is "Spectracom"). The start screen of the

SecureSync Web UI will be displayed.

2.

Log into the Web UI as an administrator. The factory-default user name and password are:

Username : spadmin

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2 53

2.12  Setting up an IP Address

Password : admin123

3.

Disable DHCP by navigating to MANAGEMENT > Network Setup . In the Ports panel on the right, click the GEAR icon next to the Ethernet Port you are using. In the Edit Ethernet Port Settings window, uncheck the Enable DHCPv4 field. Do

NOT click Submit or Apply yet.

4.

In the fields below the Enable DHCPv4 checkbox, enter the desired Static IP address, Netmask, and Gateway address (if required). Click Submit.

For subnet mask values, see

"Subnet Mask Values" on the facing page .

5.

Verify on the front panel information display that the settings have been accepted by SecureSync.

6.

Enter the static IP address into the address field of the browser, and again log into the Web UI in order to continue with the configuration; see:

"The Web UI HOME

Screen" on page 30 .

2.12.2.3 Setting Up an IP Address via the Serial Port

SecureSync's rear panel serial port connector is a standard DB9 female connector. Communication with the serial port can be performed using a PC with a terminal emulator program (such as PuTTY or TeraTerm) using a pinned straight-thru standard DB9M to DB9F serial cable.

SecureSync's front panel serial port connector is a standard micro-B USB female connector.

The serial ports can be used to make configuration changes (such as the network settings), retrieve operational data (e.g., GNSS receiver information) and log files, or to perform operations such as resetting the admin password.

The serial ports are account and password protected. You can login using the same user names and passwords as would be used to log into the SecureSync Web UI. Users with

“administrative rights” can perform all available commands. Users with “user” permissions only can perform “get” commands that retrieve data, but cannot perform any “set” commands or change/reset any passwords.

To configure an IP address via the serial port:

1.

Connect a serial cable to a PC running PuTTY, Tera Term, or HyperTerminal, and to your SecureSync. For detailed information on the serial port connection, see

"Setting up a Terminal Emulator" on page 513

2.

Login to SecureSync with a user account that has “admin” group rights, such as the default spadmin account (the default password is admin123

).

3.

Disable DHCP, type: dhcp4set X off

<Enter>, where

X is the Ethernet port you wish to configure (0 for Eth0, 1 for Eth1).

54 CHAPTER 2 • SecureSync 2400 User Manual Rev. 2

2.12  Setting up an IP Address

Note: For a list of CLI commands, type helpcli , or see

"CLI Commands" on page 514 .

4.

Configure the IP address and subnet mask, type: ip4set x y.y.y.y z.z.z.z

<Enter>

(where x is the desired interface (0,1), “ y.y.y.y

” is the desired IP address for

SecureSync, and “ z.z.z.z

” is the full subnet mask for the network (For a list of subnet mask values, see

"Subnet Mask Values" below .)

5.

Configure the gateway by typing gw4set x y.y.y.y

<Enter>

(where x indicates the interface routing table to add the default gateway (0,1), and

“ y.y.y.y

” is the default gateway address).

6.

Remove the serial cable, connect SecureSync to the network, and access the Web

UI, using the newly configured IP address. (For assistance, see

"Accessing the

Web UI" on the next page ).

The remainder of the configuration settings will be performed via the Web UI (accessed via an external workstation with a web browser such as Firefox ® or Chrome ® ).

2.12.2.4 Setting up a Static IP Address via Ethernet Cable

This procedure will allow you to configure SecureSync using the Web UI directly via the

Ethernet port, if you cannot or do not wish to use a DHCP network.

1.

First, disable DHCP using the front panel keypad and information display: see

"Setting Up an IP Address via the Front Panel" on page 51

.

2.

Change the workstation IP address to be on the same network as SecureSync.

3.

Connect workstation and SecureSync with an Ethernet cable.

The remainder of the configuration settings will be performed via the Web UI (accessed via an external workstation with a web browser such as Firefox ® or Chrome ® ). For more information, see

"The Web UI HOME Screen" on page 30 .

2.12.3

Subnet Mask Values

Table 2-2: Subnet mask values

Network Bits Equivalent Netmask Network Bits Equivalent Netmask

30

29

255.255.255.252

255.255.255.248

18

17

255.255.192.0

255.255.128.0

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2 55

2.13  Accessing the Web UI

Network Bits Equivalent Netmask Network Bits Equivalent Netmask

24

23

22

21

28

27

26

25

20

19

255.255.255.240

255.255.255.224

255.255.255.192

255.255.255.128

255.255.255.0

255.255.254.0

255.255.252.0

255.255.248.0

255.255.240.0

255.255.224.0

16

15

14

13

12

11

10

9

8

255.255.0.0

255.254.0.0

255.252.0.0

255.248.0.0

255.240.0.0

255.224.0.0

255.192.0.0

255.128.0.0

255.0.0.0

2.13

Accessing the Web UI

SecureSync's web user interface ("Web UI") is the recommended means to interact with the unit, since it provides access to nearly all configurable settings, and to obtain comprehensive status information without having to use the Command Line Interpreter (CLI).

You can access the Web UI either by using the automatically assigned DHCP IP address, or by using a manually set static IP address (see

"Assigning a Static IP Address" on page 51

):

1.

On a computer connected to the SecureSync network, start a web browser, and enter the IP address shown on the SecureSync front panel.

2.

When first connecting to the Web UI, a warning about security certificates may be displayed:

Select Continue...

.

56 CHAPTER 2 • SecureSync 2400 User Manual Rev. 2

2.13  Accessing the Web UI

Note: "Cookies" must be enabled. You will be notified if Cookies are disabled in your browser.

Note: HTTPS only: Depending on your browser, the certificate/security pop-up window may continue to be displayed each time you open the Web UI until you saved the certificate in your browser.

Note: Static IP address only: To prevent the security pop-up window from opening each time, a new SSL Certificate needs to be created using the assigned IP address of SecureSync during the certificate generation. See

"HTTPS" on page 65

for more information on creating a new SSL certificate.

3.

Log into the Web UI as an administrator. The factory-default administrator user name and password are:

Username : spadmin

Password : admin123

Caution: For security reasons, it is advisable to change the default credentials, see:

"Managing Passwords" on page 255 .

4.

Upon initial login, you will be asked to register your product. Orolia recommends to register SecureSync, so as to receive software updates and services notices. See also

"Product Registration" on page 278

.

Number of login attempts

The number of failed login attempts for ssh is hard-set to (4) four. This value is not configurable.

The number of failed login attempts for the Web UI (HTTP/HTTPS) is hard-set to (5) five failed login attempts, with a 60 second lock. These two values are not configurable.

To continue with the configuration, see e.g.,

"The Web UI HOME Screen" on page 30

.

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2 57

2.14  Configure Network Settings

To learn more about setting up different types of user accounts, see

"Managing User

Accounts" on page 250 .

2.14

Configure Network Settings

Before configuring the network settings, you need to setup access to SecureSync web user interface ("Web UI"). This can be done by assigning a static IP address, or using a

DHCP address. For more information, see

"Setting up an IP Address" on page 49

.

Once you have assigned the IP address, login to the Web UI. For more information, see

"Accessing the Web UI" on page 56

.

To configure network settings, or monitor your network, navigate to SecureSync's Network Setup screen.

To access the Network Setup screen:

Navigate to MANAGEMENT > Network Setup . The Network Setup screen is divided into three panels :

58

The Actions panel provides:

General Settings : Allows quick access to the primary network settings necessary to connect SecureSync to a network. See

"General Network Settings" on the facing page .

Web Interface Settings :

Web interface timeout : Determines how long a user can stay logged on. For more information, see

"Web UI Timeout" on page 259

.

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2

2.14  Configure Network Settings

Web Security Level : High security will not allow browsers to use TLS below v1.3 (to prevent known security vulnerabilities).

Access Control : Allows the configuration of access restrictions from assigned networks/nodes.

Login Banner : Allows the administrator to configure a custom banner message to be displayed on the SecureSync Web UI login page and the CLI (Note:

There is a 2000 character size limit).

SSH : This button takes you to the SSH Setup window. For details on setting up SSH, see

"SSH" on page 76 .

System Time Message : Setup a once-per-second time message to be sent to receivers via multicast. For details, see

"System Time Message" on page 94 .

VLAN : This button will reveal the VLAN Setup popup window. For more information, see

"VLAN Support" on page 93 .

HTTPS : This button takes you to the HTTPS Setup window. For details on setting up HTTPS, see

"HTTPS" on page 65

.

The Network Services panel is used to enable (ON) and disable (OFF) network services, as well as the Web UI display mode, details see:

"Network Services" on page 62 .

The Ports panel not only displays STATUS information, but is used also to set up and manage SecureSync’s network ports via three buttons:

INFO button: Displays the Ethernet port Status window for review purposes.

GEAR button: Displays the Ethernet port settings window for editing purposes.

TABLE button: Displays a window that allows adding, editing, and reviewing

Static Routes.

2.14.1

General Network Settings

To expedite network setup, SecureSync provides the General Settings window, allowing quick access to the primary network settings.

To access the General Settings window:

1.

Navigate to MANAGEMENT > Network Setup . In the Actions Panel on the left, click General Settings .

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2 59

2.14  Configure Network Settings

60

2.

Populate the fields:

Hostname : This is the server’s identity on the network or IP address.

Default IPv4 Port : Unless you specify a specific Port to be used as Default

Port, the factory default port eth0 will be used as the gateway (default gateway).

Default IPv6 Port : Unless you specify a specific Port to be used as Default

Port, the factory default port eth0 will be used as the gateway (default gateway).

The General Settings window also displays the IPv4 Address and default IPv4 Gateway.

2.14.2

Network Ports

Ports act as communication endpoints in a network. The hardware configuration of your unit will determine which ports (e.g., Eth0, Eth1, ...) are available for use.

To enable & configure, or view a network port:

1.

Navigate to MANAGEMENT > NETWORK: Network Setup .

2.

The Ports panel on the right side of the screen lists the available Ethernet ports, and their connection STATUS:

Green : CONNECTED (showing the connection speed)

Yellow : CABLE UNPLUGGED (the port is enabled but there is no cable attached)

Red : DISABLED .

Locate the port you want to configure (eth0 or eth1) and click the GEAR button to enable & configure the port, or the INFO button to view the port status.

3.

Ethernet ports are enabled by default. If the port is not already enabled, in the Edit

Ethernet Ports Settings window, click the Enable check box. The Edit Ethernet

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2

2.14  Configure Network Settings

Ports Settings window will expand to show the options needed to complete the port setup.

Fill in the fields as required:

Enable eth0 : [Checkbox]

Enable DHCPv4 : [Checkbox] Check this box to enable the delivery of IP addresses from a DHCP Server using the DHCPv4 protocol.

Static IPv4 Address : This is the default, or the unique address assigned by the network administrator.

The default subnet is: 255.255.0.0

Netmask : This is the network subnet mask assigned by the network administrator. In the form “ xxx.xxx.xxx.xxx

.” See

"Subnet Mask Values" on page 55

for a list of subnet mask values.

IPv4 Gateway : The gateway (default router) address is needed if communication to the SecureSync is made outside of the local network. By default, the gateway is disabled.

Enable IPv6 Autoconfiguration : [Checkbox]

Domain : This is the domain name to be associated with this port.

DNS Primary : This is the primary DNS address to be used for this port.

Depending on how your DHCP server is configured, this is set automatically once DHCP is enabled. Alternatively, you may configure your DHCP server to

NOT use a DNS address. When DHCP is disabled, DNS Primary is set manually, using the format "#.#.#.#" with no leading zeroes or spaces, where each

‘#’ is a decimal integer from the range [0,255].

DNS Secondary : This is the secondary DNS address to be used for this port.

Depending on how your DHCP server is configured, this is set automatically once DHCP is enabled, or your DHCP server may be configured NOT to set a

DNS address. When DHCP is disabled, DNS Secondary is set manually, using the format “#.#.#.#” with no leading zeroes or spaces, where each ‘#’ is a decimal integer from the range [0,255].

MTU : Maximum Transmission Unit. Range (for Ethernet v2): Default: 1500 bytes. Smaller packages are recommended, if encapsulation is required e.g., to meet encryption needs, which would cause the maximum package size to be exceeded. If the MTU is programmed outside of the default, SecureSync will automatically round up any entry into the nearest multiple of 64 to follow

Linux requirements.

Edit IPv6 Address : Click on this button to configure a static IPv6 address.

4.

To apply your changes, click Submit (the window will close), or Apply .

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2 61

2.14  Configure Network Settings

2.14.3

Network Services

Several standard network services can be enabled or disabled via the easily accessible Network Services Panel under MANAGEMENT > Network Setup :

The Network Services panel has ON/OFF toggle switches for the following daemons and features:

System Time Message : A once-per second Time Message sent out via Multicast; for details, see

"System Time Message" on page 94 .

Daytime Protocol, RFC-867 : A standard Internet service, featuring an ASCII daytime representation, often used for diagnostic purposes.

Time Protocol, RFC-868 : This protocol is used to provide a machine-readable, site-independent date and time.

Telnet : Remote configuration

SSH+SFTP : Secure Shell cryptographic network protocol for secure data communication and secure access to logs.

HTTPS : Hypertext Transfer Protocol Secure tcpdump : A LINUX program that can be used to monitor network traffic by inspecting tcp packets. Default = ON.

If not needed, or wanted (out of concern for potential security risks), tcpdump can be disabled permanently: Once toggled to OFF, and after executing a page reload, tcpdump will be deleted from the system: The toggle switch will be removed, and the function cannot be enabled again (even after a software upgrade).

iptables

While not accessible via the Web UI, iptables (an application allowing for customizable access restrictions) are supported.

Note that iptables is always ON, and its policies can only be accessed via the Command

Line Interface (see

"CLI Commands" on page 514

) in combination with the Sudo command. Please also note that you need to have admin user rights to run this command.

Note: A listing of recommended and default network settings can be found under

"Default and Recommended Configurations" on page 322 .

2.14.4

Static Routes

Static routes are manually configured routes used by network data traffic, rather than solely relying on routes chosen automatically by DHCP (Dynamic Host Configuration

62 CHAPTER 2 • SecureSync 2400 User Manual Rev. 2

2.14  Configure Network Settings

Protocol). With statically configured networks, static routes are in fact the only possible way to route network traffic.

To view , add , edit , or delete a static route:

1.

Navigate to the MANAGEMENT > Network Setup screen.

2.

The Ports panel displays the available Ethernet ports, and their connection status:

3.

To view all configured Static Routes for all Ethernet Ports, or delete one or more

Static Routes, click the TABLE icon in the top-right corner.

4.

To add a new Route, view or delete an existing Route for a specific Ethernet Port, locate the Port listing you want to configure, and click the TABLE button next to it.

The Static Routes window for the chosen Port will open, displaying its Routing

Table, and an Add Route panel.

In the Add Route panel, populate these fields in order to assign a Static Route to a Port:

Net Address : This is the address/subnet to route to.

Prefix : This is the subnet mask in prefix form e.g., "24". See also

"Subnet Mask Values" on page 55 .

Router Address : This is where you will go through to get there.

Click the Add Route button at the bottom of the screen.

Note: To set up a static route, the Ethernet connector must be physically connected to the network.

Note: Do not use the same route for different Ethernet ports; a route that has been used elsewhere will be rejected.

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2 63

2.14  Configure Network Settings

Note: The eth0 port is the default port for static routing. If a port is not given its own static route, all packets from that port will be sent through the default.

2.14.5

Access Rules

Network access rules restrict access to only those assigned networks or nodes defined. If no access rules are defined, access will be granted to all networks and nodes.

Note: In order to configure Access Rules, you need

ADMINISTRATOR rights.

To configure a new, or delete an existing access rule:

1.

Navigate to the MANAGEMENT > Network Setup screen.

2.

In the Actions panel on the left, click on Access Control.

3.

The Network Access Rules window displays:

64

4.

In the Allow From field, enter a valid IP address. It is not possible, however, to add direct IP addresses, but instead they must be input as blocks, i.e. you need to add

/32 at the end of an IP address to ensure that only that address is allowed.

Example: 10.2.100.29/32 will allow only 10.2.100.29

access.

I P a d d r e s s n o m e n c l a t u r e :

IPv4— 10.10.0.0/16 , where 10.10.0.0

is the IP address and 16 is the subnet mask in prefix form. See the table

"Subnet Mask Values" on page 55

for a list of subnet mask values.

IPv6— 2001:db8::/48 , representing 2001:db8:0:0:0:0:0:0 to 2001:db8:0:ffff:ffff:ffff:ffff:ffff.

5.

Click the Add button in the Action column to add the new rule.

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2

2.14  Configure Network Settings

6.

The established rule appears in the Network Access Rules window.

Click the Delete button next to an existing rule, if you want to delete it.

2.14.6

HTTPS

HTTPS stands for HyperText Transfer Protocol over SSL (Secure Socket Layer). This

TCP/IP protocol is used to transfer and display data securely by adding an encryption layer to protect the integrity and privacy of data traffic. Certificates issued by trusted authorities are used for sender/recipient authentication.

Note: In order to configure HTTPS, you need ADMINISTRATOR rights.

2.14.6.1

Accessing the HTTPS Setup Window

1.

Navigate to MANAGEMENT > NETWORK: HTTPS Setup (or, navigate to

MANAGEMENT > Network Setup , and click HTTPS in the Actions panel on the left):

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2 65

2.14  Configure Network Settings

66

The HTTPS Setup window has five tabs:

Create Certificate Request : This menu utilizes the OpenSSL library to generate certificate Requests and self-signed certificates.

Subject Alternative Name Extension : This menu is used to add alternative names to an X.509 extension of a Certificate Request.

Certificate Request : A holder for the certificate request generated under the

Create Certificate Request tab. Copy and paste this Certificate text in order to send it to your Certificate Authority.

Upload X.509 PEM Certificate : Use the window under this tab to paste your

X.509 certificate text and upload it to SecureSync.

Upload Certificate File : Use this tab to upload your certificate file returned by the Certificate Authority. For more information on format types, see

"Supported Certificate Formats" on the facing page .

Exit the HTTPS Setup window by clicking the X icon in the top right window corner, or by clicking anywhere outside the window.

Should you exit the HTTPS Setup window while filling out the certificate request parameters form before clicking the Submit button, any information you entered will be lost.

Exiting the HTTPS Setup window will not lose and Subject Alternative Names that have been entered. When switching between tabs within the HTTPS Setup window, the information you have entered will be retained.

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2

2.14  Configure Network Settings

2.14.6.2 About HTTPS

HTTPS provides secure/encrypted, web- based management and configuration of

SecureSync from a PC. In order to establish a secure HTTPS connection, an SSL certificate must be stored inside the SecureSync unit.

SecureSync uses the OpenSSL library to create certificate requests and self-signed certificates. The OpenSSL library provides the encryption algorithms used for secure HTTP

(HTTPS). The OpenSSL package also provides tools and software for creating X.509 Certificate Requests, Self Signed Certificates and Private/Public Keys. For more information on OpenSSL, please see

www.openssl.org

.

Once you created a certificate request, submit the request to an external Certificate

Authority (CA) for the creation of a third party verifiable certificate. (It is also possible to use an internal corporate Certificate Authority.)

If a Certificate Authority is not available, or while you are waiting for the certificate to be issued, you can use the default Spectracom self-signed SSL certificate that comes with the unit until it expires, or use your own self-signed certificate. The typical life span of a certificate (i.e., during which HTTPS is available for use) is about 10 years.

Note: If deleted, the HTTPS certificate cannot be restored. A new certificate will need to be generated.

Note: In a Chrome web browser, if a valid certificate is deleted or changed such that it becomes invalid, it is necessary to navigate to Chrome's Settings> More Tools> Clear browsing data> Advanced and clear the Cached images and files in the history. Otherwise Chrome's security warnings may make some data unavailable in the Web UI.

Note: If the IP Address or Common Name (Host Name) is changed, you need to regenerate the certificate, or you will receive security warnings from your web browser each time you log in.

2.14.6.3 Supported Certificate Formats

SecureSync supports X.509 PEM and DER Certificates, as well as PKCS#7 PEM and DER formatted Certificates.

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2 67

2.14  Configure Network Settings

You can create a unique X.509 self-signed Certificate, an RSA private key and X.509 certificate request using the Web UI. RSA private keys are supported because they are the most widely accepted. At this time, DSA keys are not supported.

2.14.6.4 Creating an HTTPS Certificate Request

Caution: If you plan on entering multiple Subject Alternative Names to your

HTTPS Certificate Request, you must do so before filling out the Create

Certificate Request tab to avoid losing any information. See

"Adding

HTTPS Subject Alternative Names" on page 71 .

To create an HTTPS Certificate Request:

1.

Navigate to MANAGEMENT > NETWORK: HTTPS Setup , or in the MANAGEMENT

> NETWORK Setup , Actions panel, select HTTPS :

68

2.

Click the Create Certificate Request tab (this is the default tab).

3.

Check the box Create Self Signed Certificate, in order to open up all menu items.

This checkbox serves as a security feature : Check the box only if you are certain about generating a new self-signed Certificate.

Caution: Once you click Submit , a previously generated Certificate

(or the Spectracom default Certificate) will be

overwritten

.

Note that an invalid Certificate may result in denial of access to SecureSync via the

Web UI!

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2

2.14  Configure Network Settings

4.

Fill in the available fields:

Signature Algorithm : Choose the algorithm to be used from:

MD4

SHA1

SHA256

SHA512

Private Key Pass Phrase : This is the RSA decryption key. This must be at least 4 characters long.

RSA Private Key Bit Length : 2048 bits is the default. Using a lower number may compromise security and is not recommended.

Two-Letter Country Code : This code should match the ISO-3166-1 value for the country in question.

State Or Province Name : From the address of the organization creating up the Certificate.

Locality Name : Locale of the organization creating the Certificate.

Organization Name : The name of the organization creating the Certificate.

Organization Unit Name : The applicable subdivision of the organization creating the Certificate.

Common Name (e.g. Hostname or IP) : This is the name of the host being authenticated. The Common Name field in the X.509 Certificate must match the hostname, IP address, or URL used to reach the host via HTTPS.

Email Address : This is the email address of the organization creating the Certificate.

Challenge Password : Valid response password to server challenge.

Optional Organization Name : An optional name for the organization creating the Certificate.

Self-Signed Certificate Expiration (Days) : How many days before the Certificate expires. The default is 7200.

You are required to select a signature algorithm, a private key passphrase of at least

4 characters, a private key bit length, and the Certificate expiration in days. The remaining fields are optional.

It is recommended that you consult your Certificate Authority for the required fields in an X 509-Certificate request. Orolia recommends all fields be filled out and match the information given to your Certificate Authority. For example, use all abbreviations, spellings, URLs, and company departments recognized by the Certificate

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2 69

2.14  Configure Network Settings

Authority. This helps to avoid problems the Certificate Authority might otherwise have reconciling Certificate request and company record information.

If necessary, consult your web browser vendor’s documentation and Certificate

Authority to see which key bit lengths and signature algorithms your web browser supports.

Orolia recommends that when completing the Common Name field, the user provide a static IP address, because DHCP-generated IP addresses can change. If the hostname or IP address changes, the X.509 Certificate must be regenerated.

It is recommended that the RSA Private Key Bit Length be a power of 2 or multiple of 2. The key bit length chosen is typically 1024, but can range from 512 to 4096.

Long key bit lengths of up to 4096 are not recommended because they can take several hours to generate. The most common key bit length is the value 1024.

Note: The default key bit length value is 2048.

When using a self-signed Certificate, choose values based on your company’s security policy.

5.

When the form is complete, confirm that you checked the box Create Self Signed

Certificate at the top of the window, then click Submit . Clicking the Submit button automatically generates the Certificate Request in the proper format for subsequent submission to the Certificate Authority.

Note: It may take several minutes for SecureSync to create the Certificate request and the private key (larger keys will require more time than small keys). If the unit is rebooted during this time, the Certificate will not be created.

To view the newly generated request, in the HTTPS Setup window, click the Certificate Request tab.

70 CHAPTER 2 • SecureSync 2400 User Manual Rev. 2

2.14  Configure Network Settings

When switching between tabs within the HTTPS Setup window, the information you have entered will be retained. If you exit the HTTPS Setup window before clicking Submit, the information will be lost.

2.14.6.5 Adding HTTPS Subject Alternative Names

Caution: Subject Alternative Names must be added before a new Certificate Request is generated, otherwise the Certificate Request will have to be created again to include the Subject Alternative Names. Any information entered into the Create Certificate Request tab that has not been submitted will be lost by adding, deleting, or editing Subject Alternative

Names.

It is recommended that you consult your Certificate Authority regarding questions of Subject Alternative Name usage.

To add Subject Alternative Names to an HTTPS Certificate Request:

1.

Navigate to MANAGEMENT > NETWORK: HTTPS Setup (or, navigate to

MANAGEMENT > NETWORK Setup , and click HTTPS in the Actions panel.

2.

In the Subject Alternative Name Extension tab, select the plus icon to access the

Add Subject Alternative Name popup.

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2 71

2.14  Configure Network Settings

72

3.

Fill in the available fields:

Type [DNS, IP, email, URI, RID, dirName]

Name for Directory Subject Alternative Names ( dirName ), check the Directory

Name box, and additional optional fields will be available:

Two Letter Country Code: must match ISO-3166-1 value.

Organization name: name of orgainzation creating certificate.

Organizational Unit Name: The applicable subdivision of the organization creating the certificate.

Common name: The name of the host being authenticated. The Common Name field in the X.509 Certificate must match the host name, IP address, or URL used to reach the host via HTTPS.

4.

After completing and submitting the form, view the Subject Alternative Name tab to see existing entries. Existing Subject Alternative Names can be edited or deleted from this window.

5.

After adding all the desired Subject Alternative Names, follow instructions for

"Creating an HTTPS Certificate Request" on page 68

.

2.14.6.6 Requesting an HTTPS Certificate

Before requesting an HTTPS Certificate from a third-party Certificate Authority, you need to create a Certificate Request :

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2

2.14  Configure Network Settings

1.

Navigate to MANAGEMENT > HTTPS Setup , or to MANAGEMENT > Network

Setup > Actions panel: HTTPS .

2.

In the HTTPS Setup window, under the Certificate Request Parameters tab, complete the form as described under

"Creating an HTTPS Certificate Request" on page 68 .

3.

Click Submit to generate your Certificate Request.

4.

You have now created a Certificate Request . Navigate to the Certificate Request tab to view it:

5.

Copy the generated Certificate Request from the Certificate Request window, and paste and submit it per the guidelines of your Certificate Authority. The Certificate Authority will issue a verifiable, authenticable third-party certificate.

6.

OPTIONAL: While waiting for the certificate to be issued by the Certificate Authority, you may use the certificate from the Certificate Request window as a self-signed certificate (see below).

NOTE: Preventing accidental overwriting of an existing certificate:

If you plan on using a new Certificate Request, fill out a new form under the Certificate

Request Parameters tab. Be aware, though, that the newly generated Certificate

Request will replace the Certificate Request previously generated once you submit it.

Therefore, if you wish to retain your previously generated Certificate Request for any reason, copy its text, and paste it into a separate text file. Save the file before generating a new request.

Using a Self-Signed Certificate

In the process of generating a Certificate Request, a self- signed certificate will automatically be generated simultaneously. It will be displayed under the Certificate Request

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2 73

2.14  Configure Network Settings tab.

You may use your self-signed certificate (or the default Spectracom self-signed certificate that comes with the unit) while waiting for the HTTPS certificate from the Certificate

Authority, or – if a Certificate Authority is not available – until it expires. The typical life span of a certificate is about 10 years.

NOTE: When accessing the SecureSync Web UI while using the self-signed certificate, your Windows ® web browser will ask you to confirm that you want to access this site via https with only a self-signed certificate in place. Other operating systems may vary in how they install and accept certificates. External Internet access may be required by your Certificate Authority to verify your certificate.

2.14.6.7 Uploading an X.509 PEM Certificate Text

Many Certificate Authorities simply issue a Certificate in the form of a plain text file. If your

Certificate was provided in this manner, and the Certificate is in the X.509 PEM format, follow the procedure below to upload the Certificate text by copying and pasting it into the

Web UI.

Note: Only X.509 PEM Certificates can be loaded in this manner. Certificates issued in other formats must be uploaded via the Upload Certificate tab.

Certificate Chain

It is also possible to upload a X.509 PEM Certificate Chain by pasting the text of the second certificate behind the regular CA Certificate.

Uploading X.509 PEM certificate text

To upload an X.509 PEM Certificate text to SecureSync:

1.

Navigate to MANAGEMENT > NETWORK: HTTPS Setup .

2.

Select the Upload X.509 PEM Certificate tab.

74 CHAPTER 2 • SecureSync 2400 User Manual Rev. 2

2.14  Configure Network Settings

3.

Copy the text of the Certificate that was issued to you by your Certificate Authority, and paste it into the text field.

4.

Click Submit to upload the Certificate to SecureSync.

NOTE: The text inside the text field under the Edit X.509 PEM Certificate tab is editable.

However, changes should not be made to a Certificate once it is imported; instead, a new

Certificate should be requested. An invalid Certificate may result in denial of access to the

SecureSync through the Web UI.

2.14.6.8 Uploading an HTTPS Certificate File

Once the HTTPS Certificate has been issued by your Certificate Authority, you have to upload the Certificate file to SecureSync, unless it is a X.509 PEM-format Certificate: In this case you may also upload the pasted Certificate text directly, see

"Uploading an X.509

PEM Certificate Text" on the previous page .

Note: For more information about Certificate formats, see

"Supported Certificate Formats" on page 67 .

To upload an HTTPS certificate file to SecureSync:

1.

Store the Public Keys File provided to you by the Certificate Authority in a location accessible from the computer on which you are running the Web UI.

2.

In the Web UI, navigate to MANAGEMENT > NETWORK: HTTPS Setup .

3.

Select the tab Upload Certificate File .

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2 75

2.14  Configure Network Settings

76

4.

Choose the Certificate Type for the HTTPS Certificate supplied by the Certificate

Authority from the Certification Type drop-down menu:

PEM

DER

PKCS #7 PEM

PKCS #7 DER

5.

Click the Browse… button and locate the Public Keys File provided by the Certificate Authority in its location where you stored it in step 1.

6.

Click Submit .

Note: SecureSync will automatically format the Certificate into the

X.509 PEM format.

Certificate Chain

It is possible to upload a X.509PEM Certificate Chain file. Note that there should be no character between the Certificate texts.

2.14.7

SSH

The SSH, or Secure Shell, protocol is a cryptographic network protocol, allowing secure remote login by establishing a secure channel between an SSH client and an SSH server.

SSH can also be used to run CLI commands.

SSH uses host keys to uniquely identify each SSH server. Host keys are used for server authentication and identification. A secure unit permits users to create or delete RSA or

DSA keys for the SSH2 protocol.

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2

2.14  Configure Network Settings

Note: Only SSH2 is supported due to vulnerabilities in the SSH1 protocol.

The SSH tools supported by SecureSync are:

SSH : Secure Shell

SCP : Secure Copy

SFTP : Secure File Transfer Protocol

SecureSync implements the server components of SSH, SCP, and SFTP.

For more information on OpenSSH, please refer to

www.openssh.org

.

To configure SSH:

1.

Navigate to MANAGEMENT > NETWORK: SSH Setup . The SSH Setup window will display.

The window contains two tabs:

Host Keys : SSH uses Host Keys to uniquely identify each SSH server. Host keys are used for server authentication and identification.

Public Key : This is a text field interface that allows the user to edit the public key files authorized_keys file.

Note: Should you exit the SSH Setup window (by clicking X in the top right corner of the window, or by clicking anywhere outside of the window), while filling out the Certificate Request Parameters form before clicking Submit , any information you entered will be lost.

When switching between tabs within the SSH Setup window, however, the information you have entered will be retained.

Host Keys

You may choose to delete individual RSA or DSA host keys. Should you decide to delete the RSA or DSA key, the SSH will function, but that form of server authentication will not be available. Should you delete both the RSA and DSA keys, SSH will not function. In addition, if SSH host keys are being generated at the time of deletion, the key generation processes are stopped, any keys created will be deleted, and all key bit sizes are set to 0.

You may choose to delete existing keys and request the creation of new keys, but it is often simpler to make these requests separately.

You can create individual RSA and DSA Host Public/Private Key pairs. Host keys must first be deleted before new Host Keys can be created.

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2 77

2.14  Configure Network Settings

SecureSync units have their initial host keys created at the factory. RSA host key sizes can vary between 768 and 4096 bits. The recommended key size is 1024. Though many key sizes are supported, it is recommended that users select key sizes that are powers of 2 or divisible by 2. The most popular sizes are 768, 1024, and 2048. Large key sizes of up to

4096 are supported, but may take 10 minutes or more to generate. DSA keys size support is limited to 1024 bits.

Host keys are generated in the background. Creating RSA and DSA keys, each with 1024 bits length, typically takes about 30 seconds. Keys are created in the order of RSA, DSA,

RSA. When the keys are created, you can successfully make SSH client connections. If the unit is rebooted with host key creation in progress, or the unit is booted and no host keys exist, the key generation process is restarted. The key generation process uses either the previously specified key sizes or, if a key size is undefined, the default key bit length size used is 2048. A key with a zero length or blank key size field is not created.

The SSH client utilities SSH, SCP, and SFTP allow for several modes of user authentication. SSH allows you to remotely login or transfer files by identifying your account and the target machine's IP address. As a user you can authenticate yourself by using your account password, or by using a Public Private Key Pair.

It is advisable to keep your private key secret within your workstation or network user account, and provide the SecureSync a copy of your public key. The modes of authentication supported include:

Either Public Key with Passphrase or Login Account Password

Login Account Password only

Public Key with Passphrase only

SSH using public/private key authentication is the most secure authenticating method for

SSH, SCP or SFTP sessions.

You are required to create private and public key pairs on your workstation or within a private area in your network account. These keys may be RSA or DSA and may be any key bit length as supported by the SSH client tool. These public keys are stored in a file in the

.ssh

directory named authorized_keys

. The file is to be formatted such that the key is followed by the optional comment with only one key per line.

Note: The file format, line terminations, and other EOL or EOF characters should correspond to UNIX conventions, not Windows.

Changing Key Length Values

You may change the key length of the RSA, DSA, ECDSA type host keys.

To change the key length of a host key:

78 CHAPTER 2 • SecureSync 2400 User Manual Rev. 2

2.14  Configure Network Settings

1.

Navigate to MANAGEMENT > NETWORK: SSH Setup . The SSH Setup window will open to the Host Keys tab by default.

2.

Select the Key Length value for the key type you want to change.

Key sizes that are powers of 2 or divisible by 2 are recommended. The most popular sizes are 768, 1024, and 2048. Large key sizes of up to 4096 are supported, but may take 10 minutes or more to generate. DSA keys size support is limited to 1024 bits. The key type ED25519 supports 256 bits.

3.

Check the Regenerate All Keys box.

4.

Click Submit . The new values will be saved.

Note: Changing the values and submitting them in this manner DOES NOT generate new host public/private key pairs. See

"Creating Host Public/Private Key Pairs" below

for information on how to create new host public/private key pairs.

Deleting Host Keys

You can delete individual host keys. To delete a key:

1.

Navigate to MANAGEMENT > NETWORK: SSH Setup . The window will open to the Host Keys tab by default.

2.

Select Delete in the field for the key you wish to delete, and click Submit .

Creating Host Public/Private Key Pairs

You may create individual Host Public/Private Key pairs. Host keys must first be deleted before new Host Keys can be created. To create a new set of host keys:

1.

To access the SSH setup screen, navigate to MANAGEMENT > NETWORK: SSH

Setup . The window will open to the Host Keys tab by default.

2.

Should you want to change the key length of any host key, enter the desired length in the text field corresponding to the length you wish to change.

3.

Check the Regenerate All Keys box.

4.

Click Submit .

The Key Type/Status/Action table will temporarily disappear while the SecureSync regenerates the keys. The Host keys are generated in the background. Creating

RSA and DSA keys, each with 1024 bits length, typically takes about 30 seconds.

Keys are created in the order of RSA, DSA, ECDSA, ED25519. SecureSync will generate all 4 host keys, RSA, DSA, ECDSA, and ED25519.

5.

Delete any of the keys you do not want. See

"Deleting Host Keys" above

.

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2 79

2.14  Configure Network Settings

Note: If the unit is rebooted with host key creation in progress, or the unit is booted and no host keys exist, the key generation process is restarted. The key generation process uses the previously specified key sizes.

Note: If a key size is undefined, the default key bit length size used is

2048. A key with a zero length or blank key size field will not be created.

When you delete a host key and recreate a new one, SSH client sessions will warn you that the host key has changed for this particular IP address. You must then take one of the following actions:

1.

Override the warning and accept the new Public Host Key and start a new connection. This is the default. This option allows users to login using either method.

Whichever mode works is allowed for logging in. If the Public Key is not correct or the Passphrase is not valid the user is then prompted for the login account password.

2.

Remove the old Host Public Key from their client system and accept the new Host

Public Key. This option simply skips public/private key authentication and immediately prompts the user for password over a secure encrypted session avoiding sending passwords in the clear.

3.

Load a public key into SecureSync. This public key must match the private key found in the users account and be accessible to the SSH, SCP, or SFTP client program. The user must then enter the Passphrase after authentication of the keys to provide the second factor for 2-factor authentication.

Please consult your specific SSH client’s software’s documentation.

Public Keys: Viewing, Editing, Loading

The authorized_keys file can be viewed and edited, so as to enable adding and deleting

Public Keys. The user may also retrieve the authorized_keys file from the .ssh directory

Using FTP, SCP, or SFTP.

If you want to completely control the public keys used for authentication, a correctly formatted authorized_keys file formatted as indicated in the OpenSSH web site can be loaded onto SecureSync. You can transfer a new public key file using the Web UI.

To view and edit the authorized_keys file:

1.

Navigate to MANAGEMENT > NETWORK: SSH Setup . The SSH Setup window will open to the Host Keys tab by default.

80 CHAPTER 2 • SecureSync 2400 User Manual Rev. 2

2.14  Configure Network Settings

2.

Select the Public Key tab. The authorized_keys file appears in the Public Keys

File window:

3.

Edit the authorized_keys file as desired.

4.

Click the Submit button or Apply button.

The file is to be formatted such that the key is followed by an optional comment, with only one key per line. The file format, line terminations, and other EOL or EOF characters should correspond to UNIX conventions, not Windows.

Note: If you delete ALL Public Keys, Public/Private Key authentication is disabled. If you have selected SSH authentication using the Public Key with

Passphrase option, login and file transfers will be forbidden. You must select a method allowing the use of account password authentication to enable login or file transfers using SCP or SFTP.

Editing the "authorized_key" File via CLI

Secure shell sessions using an SSH client can be performed using the admin or a userdefined account. The user may use Account Password or Public Key with Passphrase authentication. The OpenSSH tool SSH-KEYGEN may be used to create RSA and DSA keys used to identify and authenticate user login or file transfers.

The following command lines for OpenSSH SSH client tool are given as examples of how to create an SSH session.

Creating an SSH session with Password Authentication for the admin account

ssh [email protected]

[email protected]'s password: admin123

You are now presented with boot up text and/or a “>” prompt which allows the use of the

Spectracom command line interface.

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2 81

2.14  Configure Network Settings

Creating an SSH session using Public Key with Passphrase Authentication for the admin account

You must first provide the secure Orolia product a RSA public key found typically in the

OpenSSH id_rsa.pub file. Then you may attempt to create an SSH session.

ssh -i ./id_rsa [email protected]

Enter passphrase for key './id_rsa': mysecretpassphrase

Please consult the SSH client tool’s documentation for specifics on how to use the tool, select SSH protocols, and provide user private keys.

Secure File Transfer Using SCP and SFTP

SecureSync provides secure file transfer capabilities using the SSH client tools SCP and

SFTP. Authentication is performed using either Account Passwords or Public Key with

Passphrase.

Example output from OpenSSH, SCP, and SFTP client commands are shown below.

Perform an SCP file transfer to the device using Account Password authentication

scp authorized_keys [email protected]:.ssh

[email protected]'s password: admin123 publickeys 100% |***************************************************|

5 00:00

Perform an SCP file transfer to the device using Public Key with Passphrase authentication.

scp -i ./id_rsa [email protected]:.ssh

Enter passphrase for key './id_rsa': mysecretpassphrase publickeys 100% |***************************************************|

5 00:00

Perform an SFTP file transfer to the device using Account Password authentication.

sftp [email protected]

[email protected]'s password: admin123

You will be presented with the SFTP prompt allowing interactive file transfer and directory navigation.

82 CHAPTER 2 • SecureSync 2400 User Manual Rev. 2

2.14  Configure Network Settings

Perform an SFTP file transfer to the device using Public Key with Passphrase authentication

sftp -i ./id_rsa [email protected]

Enter passphrase for key './id_rsa': mysecretpassphrase

You will be presented with the SFTP prompt allowing interactive file transfer and directory navigation.

Recommended SSH Client Tools

Orolia does not make any recommendations for specific SSH clients, SCP clients, or SFTP client tools. However, there are many SSH based tools available to the user at low cost or free.

Two good, free examples of SSH tool suites are the command line based tool OpenSSH running on a Linux or OpenBSD x86 platform and the SSH tool suite PuTTY.

The OpenSSH tool suite in source code form is freely available at

www.openssh.org

though you must also provide an OpenSSL library, which can be found at

www.openssl.org

.

PuTTY can be found at:

http://www.chiark.greenend.org.uk/~sgtatham/putty/

.

SSH Timeout

The keep-SSH alive timeout is hard-set to 60 minutes (3600 seconds). This value is not configurable.

2.14.8

SNMP

SNMP (Simple Network Management Protocol) is a widely used application-layer protocol for managing and monitoring network elements. It has been defined by the Internet Architecture Board under RFC-1157 for exchanging management information between network devices, and is part of the TCP/IP protocol.

SNMP agents must be enabled and configured so that they can communicate with the network management system (NMS). The agent is also responsible for controlling the database of control variables defined in the Management Information Base (MIB).

SecureSync’s SNMP functionality supports SNMP versions V1, V2c and V3 (with SNMP

Version 3 being a secure SNMP protocol).

Once SNMP is configured it will persist through reboot, and only needs to be reconfigured after performing a "clean" update process (thus restoring the factory default condition).

Note: In order to configure SNMP, you need ADMINISTRATOR rights.

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2 83

2.14  Configure Network Settings

To access the SNMP Setup screen:

Navigate to MANAGEMENT > NETWORK: SNMP Setup . The SNMP screen will display:

84

The SNMP screen is divided into 3 panels:

1.

The Main panel , which is subdivided into 3 displays:

SNMP V1/V2 : This panel allows configuration of SNMP v1 and v2c communities (used to restrict or allow access to SNMP). This tab allows the configurations for SNMP v1 and v2c, including the protocols allowed, permissions and Community names as well as the ability to permit or deny access to portions of the network. Clicking on the “+” symbol in the top- right corner opens the SNMP V1/V2c Settings for Access

Screen. See

"SNMP V1/V2c" on page 87

.

SNMP V3 : This panel allows configuration of SNMP v3 functionality, including the user name, read/write permissions, authorization passwords as well as privilege Types and Passphrases. Clicking on the “+” symbol in the top- right corner opens the SNMP V3 Screen. See

"SNMP V3" on page 89 .

SNMP Traps : This panel allows you to define different SNMP Managers that SNMP traps can be sent to over the network. This allows for

SNMP Managers in different geographical areas to receive the same

SNMP traps that Managers in other areas also receive. Clicking the

PLUS icon in the top-right corner opens the SNMP Traps Settings

Screen. See also

"SNMP Traps" on page 91

and

"Setting Up SNMP

Notifications" on page 247

.

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2

2.14  Configure Network Settings

2.

The Actions panel , which contains the Restore Default SNMP Configuration button.

3.

The SNMP Status panel , which offers:

An SNMP ON/OFF switch.

An Authentication Error Trap ON/OFF switch.

SysObjID — The System Object ID number. This is editable in the

SNMP Status panel (see

"Configuring the SNMP Status" below ).

Contact Information —The email to contact for service. This is editable in the SNMP Status panel (see

"Configuring the SNMP Status" below ).

Location —The system location. This is editable in the SNMP Status panel (see

"Configuring the SNMP Status" below ).

Description —A simple product description. This is not editable in the

SNMP Status.

Restoring the Default SNMP Configuration

To restore the SecureSync to its default SNMP configuration:

1.

Navigate to the MANAGEMENT > NETWORK: SNMP Setup screen.

2.

In the Actions panel, click the Restore Default SNMP Configuration button.

3.

Confirm that you want to restore the default settings in the pop-up message.

Configuring the SNMP Status

The SNMP Status Settings are sysObjectID , sysContact , and sysLocation . To configure

SNMP Status Settings:

1.

Navigate to MANAGEMENT > NETWORK: SNMP Setup .

2.

In the SNMP Status panel on the left, click the GEAR icon in the top-right corner of the panel.

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2 85

2.14  Configure Network Settings

3.

The SNMP Status pop-up window will display:

86

The following settings can be configured in this window:

In the sysObjectID field, enter the SNMP system object ID.

In the sysContact field, enter the e-mail information for the system contact you wish to use.

In the sysLocation field, enter the system location of your SecureSync unit.

4.

Click Submit , or cancel by clicking the X -icon in the top-right corner.

Accessing the SNMP Support MIB Files

Spectracom’s private enterprise MIB files can be extracted via File Transfer Protocol (FTP) from SecureSync, using an FTP client such as FileZilla or any other shareware/freeware

FTP program.

Note: SecureSync 2400 Time and Frequency Synchronization System only uses SFTP to ensure increased security as of software version 1.2.0.

To obtain the MIB files from SecureSync via FTP/SFTP:

1.

Using an FTP program, log in as an administrator.

2.

Through the FTP program, locate the Spectracom MIB files in the /home/spectracom/mibs directory.

3.

FTP the files to the desired location on your PC for later transfer to the SNMP Manager.

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2

2.14  Configure Network Settings

4.

Compile the MIB files onto the SNMP Manager.

Note: When compiling the MIB files, some SNMP Manager programs may require the MIB files to be named something other than the current names for the files. The MIB file names may be changed or edited as necessary to meet the requirements of the SNMP Manager. Refer to the SNMP Manager documentation for more information on these requirements.

Note: In addition to the Spectracom MIB files, there are also some net- snmp MIB files provided. Net- snmp is the embedded SNMP agent that is used in the SecureSync and it provides traps to notify the user when it starts, restarts, or shuts down. These MIB files may also be compiled into your SNMP manager, if they are not already present.

Spectracom’s private enterprise MIB files can be requested and obtained from the

Spectracom Customer Service

[email protected]

.

department via email at

Note: By default,

[email protected]

is the address in the sysContact field of the SNMP Status panel of the SNMP Setup page.

2.14.8.1

SNMP V1/V2c

SNMP V1 is the first version of the SNMP protocol, as defined in the IETF (Internet Engineering Task Force) RFCs (Request for Comments) number 1155 and 1157. SNMP V2c is the revised protocol, but it also uses the V1 community based administration model.

Creating Communities

1.

Navigate to MANAGEMENT > NETWORK: SNMP Setup .

2.

In the SNMP V1/V2 panel click the PLUS icon in the top-right corner.

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2 87

2.14  Configure Network Settings

3.

The SNMP V1/V2c Settings for Access window will display:

4.

Enter the required information in the fields provided:

The IP Version field provides a choice of IPv4, IPV6 or both IPv4 and IPv6 (= default).

The choices offered below will change in context with the choice made in the

IP Version field.

If no value is entered in the IPv4 and/or IPv6 field, SecureSync uses the system default address.

SNMP Community names should be between 4 and 32 characters in length.

Permissions may be Read Only or Read/Write.

The Version field provides a choice of V1 or V2c.

5.

Click Submit . The created communities will appear in the SNMP V1/V2 panel:

88

Editing and Deleting Communities

To edit or delete a community you have created:

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2

2.14  Configure Network Settings

1.

Navigate to MANAGEMENT > NETWORK: SNMP Setup .

2.

Click the row of the SNMP V1/V2 panel that displays the community you wish to edit or delete. The cursor will change from an arrow icon to a pointing finger to indicate that the entry is clickable.

3.

The SNMP V1/V2c Settings for Access window will display.

Note: The options available for editing in the SNMP V1/V2c Settings for Access window will vary contextually according to the information in the entry chosen.

4.

To edit the settings, enter the new details you want to edit and click Submit . OR: To delete the entry, click Delete .

2.14.8.2 SNMP V3

SNMP V3 utilizes a user-based security model which, among other things, offer enhanced security over SNMP V1 and V2.

Creating Users

1.

Navigate to MANAGEMENT > NETWORK: SNMP Setup .

2.

In the SNMP V3 panel, click the PLUS icon in the top-right corner.

3.

The SNMP V3 Settings window will display.

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2 89

2.14  Configure Network Settings

4.

Enter the required information in the fields provided.

SNMP User Names and passwords are independent of users that are configured on the Tools/Users page.

User names are arbitrary. SNMP User Names should be between 1 and

31 characters in length.

The User Name must be the same on SecureSync and on the management station.

The Auth Type field provides a choice between MD5 and SHA.

The Auth Password must be between 8 and 32 characters in length.

The Priv Type field provides a choice between AES, DES, and No Privacy.

The Priv Passphrase must be between 8 and 32 characters in length.

The Permissions field provides a choice between Read/Write and Read

Only.

5.

Click Submit . The created user will appear in the SNMP V3 panel:

90

Editing and Deleting Users

To edit or delete a user you have created:

1.

Navigate to MANAGEMENT > NETWORK: SNMP Setup .

2.

Click the row of the SNMP V3 panel that displays the community you wish to edit or delete. The cursor will change from an arrow icon to a pointing finger to indicate that the entry is clickable.

3.

The SNMP V3 Settings window will display:

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2

2.14  Configure Network Settings

4.

Apply your changes and click Submit . OR: Click Delete to remove the User.

2.14.8.3 SNMP Traps

SNMP traps allow for automatic event notification, and as such are one way to remotely monitor SecureSync's status.

SNMP traps indicate the status change that caused the trap to be sent and may also include one or more objects, referred to as variable- bindings, or varbinds . A varbind provides a current SecureSync data object that is related to the specific trap that was sent.

For example, when a Holdover trap is sent because SecureSync either entered or exited the Holdover mode, the trap varbind will indicate that SecureSync is either currently in Holdover mode or not currently in Holdover mode.

For testing purposes, a command line interface command is provided. This command, testevent , allows one, several, or all of the traps defined in the SecureSync MIB to be generated. Refer to

"CLI Commands" on page 514

for command details.

To define SNMP Traps (Notifications):

1.

Navigate to MANAGEMENT > NETWORK: SNMP Setup .

2.

In the SNMP Traps panel, click the PLUS icon in the top-right corner.

3.

The SNMP Traps Settings window will display:

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2 91

2.14  Configure Network Settings

92

4.

Enter the required information in the fields provided. (Note that the options will vary contextually according to your Version .)

5.

The Version field provides a choice between v1 , v2c , and v3 [= default]

The Community field for the SNMP Community string.

[v1, v2c]

SNMP User names should be between 4 and 32 characters in length.

[v3]

Destination IP Version is a choice between IPv4 and IPv6.

[v1, v2c, v3]

Destination IP is destination address for the notification and password key to be sent. The default port is 162.

[v1, v2c, v3]

The UDP Port number used by SNMP Traps [default = 162].

[v1, v2c]

Engine Id must be a hexadecimal number at least 10 digits long (such as

0x123456789A). The Id originates from the MIB Browser/SNMP Manager.

[v3] 1

Auth Type provides a choice between MD5 (the default) and SHA.

[v3]

The Auth Password must be between 8 and 32 characters in length.

[v3]

The Priv Type field provides a choice between AES and DES.

[v3]

The Priv Passphrase must be between 8 and 32 characters in length.

[v3]

6.

Click the Submit button at the bottom of the window. Cancel any changes by clicking the X -icon in the top-right corner (any information entered will be lost).

1 If your SNMP manager is not providing an Engine ID, you can generate one yourself according to protocols within RFC

3411 and apply it to your network manager and trap configuration.

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2

2.14  Configure Network Settings

7.

The SNMP trap you created will appear in the SNMP Traps panel:

Each row of the SNMP Traps panel includes the version of the SNMP functionality, the User/Community name for the trap, the IP address/Hostname of the SNMP

Manager and values applicable only to SNMP v3, which include the Engine ID, the

Authorization Type, the Privilege Type.

You may define different SNMP Managers to whom SNMP traps can be sent over the network. This allows for SNMP Managers in different geographical areas to receive the same SNMP traps.

Note: Spectracom has been assigned the enterprise identifier 18837 by the IANA (Internet Assigned Numbers Authority). Spectracom’s product MIBs reside under the enterprise identifier @18837.3.

For detailed descriptions of the objects and traps supported by the SecureSync, please refer to the Spectracom SecureSync MIB files. See

"Accessing the SNMP

Support MIB Files" on page 86

.

2.14.9

VLAN Support

VLAN support in SecureSync allows you to assign a VLAN ID to a specific port to facilitate communication within your network. These VLAN interfaces have the same configuration options as the standard untagged Ethernet interfaces.

To set up VLAN interface identification tags:

1.

Navigate to MANAGEMENT > Network Setup . In the Actions panel, select VLAN .

2.

In the popup panel labeled VLAN Setup , click on the plus sign to add your VLAN interfaces. (You can also view or delete any configured VLAN tags from this panel).

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2 93

2.14  Configure Network Settings

3.

Select the parent interface [eth0-eth1], type in your VLAN ID, and click submit.

Repeat the process as necessary.

94

Your new VLAN interfaces will now be displayed in the VLAN Setup panel, listed as eth[#].

[VLAN ID].

2.14.10 System Time Message

The System Time Message is a feature used for special applications that require a onceper-second time message to be sent out by SecureSync via multicast. This time message will be transmitted before every 1PPS signal, and can be used to evaluate accuracy and jitter.

To set up and enable a System Time Message :

1.

Navigate to MANAGEMENT > Network Setup > Actions panel, and select System Time Message . The Settings window will open.

2.

Populate the fields Multicast Address , Port Number and Message ID , and click

Submit .

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2

2.14  Configure Network Settings

3.

In the Network Services panel, enable System Time Message .

2.14.10.1 System Time Message Format

This message contains the time when the next 1PPS discrete will occur. It is sent once per second prior to the 1PPS discrete.

3

4

1

2

5

Table 2-3: System Time Message format

Word Byte 3 Byte 2 Byte 1 Byte 0

Msg ID

Msg Size

Seconds nSec

EOM

Table 2-4: System Time Message field descriptions

Data

Name

Data Description Range

Message

ID

Message

Size

UID of the message; programmable

Total message size in bytes

Seconds Seconds since epoch (00:00:00 Jan

1, 1970 UTC)

Unsigned 32 bit integer

Unsigned 32 bit integer

Unsigned 32 bit integer

1

1

Resolution Units

1 n/a

Bytes

Seconds

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2 95

2.15  Configure NTP

Data

Name

NSec

Data Description

NSec within the current second

EOM End-of-message

Range

Unsigned 32 bit integer

-1 1

Resolution Units

1 nsec n/a

2.15

Configure NTP

Network Time Protocol (NTP) and Simple Network Time Protocol (SNTP) are clientserver protocols that are used to synchronize time on IP networks. NTP provides greater accuracy and better error checking capabilities than SNTP does, but requires more resources.

For many applications, it is not necessary to modify the NTP factory default configuration settings. It is possible, however, to change most of the settings in order to support specific

NTP applications which may require a non-standard configuration:

These features include MD5 authentication to block NTP access to parts of the network and to broadcast NTP data to the network’s broadcast address. NTP and SNTP are used to synchronize time on any computer equipment compatible with the Network Time Protocol. This includes Cisco routers and switches, UNIX machines, and Windows machines with suitable clients. To synchronize a single workstation, several freeware or shareware

NTP clients are available on the Internet. The software running on the PC determines whether NTP or SNTP is used.

When the NTP service is enabled, SecureSync will “listen” for NTP request messages from

NTP clients on the network. When an NTP request packet is received, SecureSync will send an NTP response time packet to the requesting client. Under typical conditions,

SecureSync can service several thousand NTP requests per second without MD5 authentication enabled, and at a somewhat lower rate with MD5 authentication enabled.

You can either enable or completely disable the NTP Service. When NTP is disabled, no

NTP time packets will be sent out to the network. When enabled, by default, the NTP Service operates in Unicast mode, i.e. the NTP Service responds to NTP requests only.

Note: In order to configure NTP, you need to access the NTP Setup screen which requires ADMINISTRATOR rights.

2.15.1

Checklist NTP Configuration

The following is a list of configuration settings you may want to consider as you setup your

NTP Service. (Not all items may apply to your application, or there may be other considerations not included in this list.)

96 CHAPTER 2 • SecureSync 2400 User Manual Rev. 2

2.15  Configure NTP

1.

Did you setup your NTP Service and have it use the right Reference(s) ?

See

"NTP Reference Configuration" on page 102 .

2.

Does your NTP Service use the right Timescale ?

See

"NTP Output Timescale" on page 101 .

3.

If required, have you setup other NTP Servers and Peers for fallback purposes?

See

"NTP Peers: Adding, Configuring, Removing" on page 109

.

2.15.2

The NTP Setup Screen

The NTP Setup screen provides access to all NTP configuration settings.

To open the NTP Setup screen, navigate to MANAGEMENT > NTP Setup . The NTP

Setup screen is divided into 5 panels:

The NTP Servers and Peers panels

… are located on the right-hand side of the NTP screen:

NTP Servers : In this display you can view the NTP Servers that SecureSync detects in your network. It is through this display that you configure external NTP references. See

"NTP Servers: Adding, Configuring, Removing" on page 107 .

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2 97

2.15  Configure NTP

NTP Peers : In this display you can view the NTP Peers that SecureSync detects in your network. It is through this display that you configure NTP Peer reference inputs. See

"NTP Peers: Adding, Configuring, Removing" on page 109 .

For more information on NTP servers, clients, and Stratums see

"NTP Servers and Peers" on page 105 .

The Actions panel

… is in the top left-hand corner of the NTP screen comprises the following buttons:

Symmetric Keys : Click here to set up your symmetric keys for MD5 authentication.

For more information on Symmetric Keys, see

"Configuring NTP Symmetric Keys" on page 111 .

Access Restrictions : Click here to view, change or delete access restrictions to the

NTP network. (See also

"NTP Access Restrictions" on page 114 .)

Fields in the NTP Access Restrictions table include:

Type

IP Version

IP

IP Mask

Auth only

Enable Query

View NTP Clients : Click here to reveal a table of all the clients your SecureSync is servicing. (See also

"Viewing NTP Clients" on the facing page .)

Information for each client includes:

Client IP

Received Packets

Mode

Version

Restriction Flags

Avg Interval

Last Interval

Restore Default NTP Configuration : Click here to restore SecureSync’s NTP settings to the factory default. Any settings you have created previously will be lost.

See

"Restoring the Default NTP Configuration" on page 100 .

The NTP Services panel

… is the second panel on the left-hand side of the NTP screen.

98 CHAPTER 2 • SecureSync 2400 User Manual Rev. 2

2.15  Configure NTP

NTP ON/OFF : This switch enables and disables NTP. See

"Dis-/Enabling NTP" below .

Note: When applying any changes NTP will usually restart automatically. Use this switch only to force a restart.

Other NTP Services that can be configured via the NTP Services panel by clicking the

GEAR icon are:

Stratum 1 (see

"NTP Reference Configuration" on page 102 )

The NTP Status Summary panel

… provides a real-time overview of your key NTP network parameters. For more information, see .

2.15.3

Dis-/Enabling NTP

If you applied NTP configuration changes e.g., added a new NTP Server, SecureSync usually will stop and re-start the NTP Service automatically once you clicked Submit. Changes made to NTP configurations will also take effect after SecureSync is either rebooted or power-cycled.

You can, however, also disable or enable the SecureSync NTP Service manually.

To disable and enable your NTP Service:

1.

Navigate to MANAGEMENT > NETWORK: NTP Setup .

2.

In the NTP Services panel, set the ON/OFF toggle switch to OFF.

3.

A notification window will confirm the status change.

4.

In the NTP Services panel, set the ON/OFF toggle switch to ON again.

Changes made will now take effect and NTP operation will be restored shortly after this operation is performed.

2.15.4

Viewing NTP Clients

To view the NTP clients being served by SecureSync:

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2 99

2.15  Configure NTP

1.

Navigate to MANAGEMENT> NETWORK: NTP Setup .

2.

In the NTP Actions panel, click View NTP Clients :

3.

The NTP Clients window will display, showing a table of the clients that are synchronizing to SecureSync via NTP:

100

You can search any of the fields for specific information in the Search field at the top of the window.

A limit of 10 entries will appear on the screen at any one time. If you have more than 10 clients, you can move through the table using the First , Previous , Next and Last navigation buttons at the bottom of the screen.

2.15.5

Restoring the Default NTP Configuration

The SecureSync default NTP configuration can be restored at any time. It comprises basic settings such as Stratum 1 operation with no other servers or peers, no broadcasting and no access restrictions. External queries or modifications are not permitted, while generally all IPv4 and IPv6 client connections are allowed.

To restore SecureSync to its default NTP configuration:

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2

2.15  Configure NTP

1.

Navigate to MANAGEMENT > NETWORK: NTP Setup .

2.

In the NTP Actions panel, click Restore Default NTP Configuration .

3.

In the dialog window that displays, click OK .

2.15.6

NTP Output Timescale

You can choose the timescale SecureSync will use for the time stamps it sends out to its

NTP clients and network nodes. This is done by setting SecureSync System Time timescale. The options are UTC, TAI and GPS. Typically, UTC is used for network synchronization.

Note that the System Time affects not only NTP output, but also all other aspects of time management e.g., time distributed via channels other than NTP, logging, and time displayed in the Web UI.

If SecureSync is operated as a Stratum 2 server, i.e. as a client to a Stratum 1 server (see

"Configuring "NTP Stratum Synchronization"" on page 104

), the other server will override SecureSync's System Timescale, should it be different.

Note: IMPORTANT: Make sure you select your desired timescale! Using the wrong timescale will inevitably result in an undesired time error in your

NTP clients.

To change the system timescale SecureSync will use for its NTP output (and other outputs):

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2 101

2.15  Configure NTP

1.

Navigate to MANAGEMENT > OTHER: Time Management :

102

2.

In the System Time panel, click the GEAR icon.

3.

In the Edit System Time window, select the System Timescale SecureSync will be in:

UTC : The network PCs will receive UTC time via NTP.

TAI : The network PCs will receive TAI time via NTP.

GPS : The network PCs will receive GPS time via NTP.

Note: When the Timescale is set to “GPS”, the GPS to UTC Offset must be set correctly. As of 15-February-2021, the offset between UTC and GPS is 18 seconds.

2.15.7

NTP Reference Configuration

SecureSync's NTP Service needs to be setup such that it utilizes the time source ("input reference") you want it to use. There are two options for an NTP Server to derive its time from: a.

The NTP Service uses SecureSync's System Time, i.e. typically the GNSS reference

(or IRIG, ASCII data input, etc.), and distributes that time over the NTP network. This is called Stratum 1 Operation , because SecureSync will be the Stratum 1 (or primary) server. This is the most common configuration.

2.15.7.1

The NTP Stratum Model

The NTP Stratum model is a representation of the hierarchy of time servers in an NTP network, where the Stratum level (0-15) indicates the device's distance to the reference

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2

2.15  Configure NTP clock.

Stratum 0 means a device is directly connected to e.g., a GPS antenna.

Stratum 0 devices cannot distribute time over a network directly, though, hence they must be linked to a Stratum 1 time server that will distribute time to Stratum 2 servers or clients, and so on. The higher the Stratum number, the more the timing accuracy and stability degrades.

The NTP protocol does not allow clients to accept time from a Stratum 15 device, hence

Stratum 15 is the lowest NTP Stratum.

A group of NTP servers at the same Stratum level ( Stratum 2 , for example) are considered NTP Peers to each other. NTP Servers at a higher Stratum level, on the other hand, are referred to as NTP Servers .

Note: Internet Time Servers should be configured as NTP Servers and not as NTP Peers.

If SecureSync has no valid Timing System Reference, NTP Server or NTP Peers, the NTP

Stratum value is automatically downgraded to Stratum 15 . This ensures that its NTP clients will no longer use this SecureSync unit as a time reference.

2.15.7.2 Configuring "NTP Stratum 1" Operation

When the Timing System references of your SecureSync are normally available (rather than being unavailable most of the time e.g., in areas with poor GNSS reception), it is advisable to use the System Time as a reference to NTP, since this provides NTP with the most accurate references. This mode is called Stratum 1 operation, since SecureSync operates as a Stratum 1 NTP server.

To configure Stratum 1 operation for SecureSync:

1.

Navigate to MANAGEMENT > NETWORK: NTP Setup :

2.

Click the GEAR icon in the NTP Services panel.

3.

The Edit NTP Services window will display. Click the Stratum 1 tab.

4.

Check all of the three options :

Enable Stratum 1 Operation

Checking this option will cause the NTP Service to use the System Time provided by the Timing System input.

Prefer Stratum 1

This option configures NTP to “weigh” the Timing System input heavier than input from other NTP servers for its selection (The Timing System inputs are normally more accurate than other NTP servers).

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2 103

2.15  Configure NTP

However, if the Timing System inputs are not normally available (such as with intermittent GNSS reception or no other inputs are available), it may be desirable NOT to prefer the Timing System over an NTP reference, in which case this box should not be checked.

Enable Stratum 1 1PPS

This option determines whether or not NTP uses the 1PPS input from the Timing System. The 1PPS input to NTP needs to correlate with its “Time” input. If the Time and PPS inputs are originating from the same source, they will be correlated. However, if the time is originating from another NTP server, but the 1PPS is being derived by the Timing System, the two inputs may not always correlate. Without this correlation, NTP performance will be degraded.

In such a scenario, it is best NOT to use the System Time’s 1PPS as a reference.

5.

Click the Submit button.

2.15.7.3 Configuring "NTP Stratum Synchronization"

NTP Stratum Synchronization refers to the concept of using a different NTP Server or

Peer as your primary reference (instead of e.g., GNSS). This will make the SecureSync you are configuring a Stratum 2 server, since the other server is Stratum 1.

To configure Stratum 2 (or greater) operation for SecureSync:

1.

Navigate to MANAGEMENT > NETWORK: NTP Setup :

2.

Click the GEAR icon in the NTP Services panel.

3.

The Edit NTP Services window will display. Click the Stratum 1 tab.

4.

Uncheck all three options:

Enable Stratum 1 Operation

Uncheck this option. When the checkbox Enable Stratum 1 is unchecked, the system will always synchronize its .time to an NTP server.

Prefer Stratum 1

Uncheck this option to prevent SecureSync's NTP service from “weighing” the Timing System input heavier than input from other NTP servers. Thus, during normal operation, the time provided by the external Stratum 1 NTP server will be used (unless its quality is determined to be low).

Note: If enabled, this function would give GPS additional

“weight” for NTP to select the GNSS input over other NTP

Servers.

104 CHAPTER 2 • SecureSync 2400 User Manual Rev. 2

2.15  Configure NTP

5.

Click the Submit button.

2.15.8

NTP Servers and Peers

SecureSync can be configured to receive time from one or more available NTP Servers

(SecureSyncs or different models). This allows for NTP Servers on a timing network to be configured as potential (fallback) input time references for SecureSync System Time synchronization. In the event that a current reference becomes unavailable, SecureSync can fallback to the other NTP Servers available on the network.

A group of NTP servers at the same Stratum level (Stratum 1 time servers, for example) are considered as NTP Peers to each other.

NTP Servers at the same Stratum level

If SecureSync is configured to obtain time from other NTP Servers at the same Stratum level (i.e., NTP Peers) but is currently using a different input reference as its selected reference, SecureSync will report to the network (via the NTP time stamps) that it is a

Stratum 1 time server. Should, however, all input references except the other NTP server

(s) become unavailable, SecureSync will then drop to a Stratum 2 time server (with System Time being derived from the NTP time packets being received from the other NTP

Peers.

Holdover

If SecureSync is synchronized to another NTP Server or reference, and that server or reference subsequently loses sync or becomes unavailable (with no other higher priority input references being present and valid), SecureSync will then go into the Holdover mode. It will remain in Holdover mode until any enabled and valid input reference becomes available again, or until the Holdover period expires, whichever occurs first.

During Holdover mode, NTP will remain at the same Stratum level it was before entering the Holdover mode and can continue to be the reference to the network. However, if no input reference becomes available before the Holdover period expires, Time Sync will be lost and shortly thereafter, NTP will report to the network that it is now at Stratum 15. A status of Stratum 15 will cause the network to ignore SecureSync as an NTP time reference.

For more information about Holdover, see

"Holdover Mode" on page 224 .

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2 105

2.15  Configure NTP

2.15.8.1

The NTP Servers and NTP Peers Panels

106

The NTP Servers and NTP Peers panels display which servers in the network are set up at higher or equal Stratums (Servers or Peers, respectively), and their configurations. These panels are also used to add, configure, or remove NTP Servers and Peers.

Note: For information on how to view NTP Clients, see "Viewing NTP Clients" on page 99

.

The NTP Servers and NTP Peers panels are part of the NTP Setup screen (see

"The NTP

Setup Screen" on page 97

), which can be accessed via MANAGEMENT > NETWORK:

NTP Setup .

Information provided in the NTP Servers and NTP Peers panels

The following columns are used to break down the status information for recognized NTP

Servers and NTP Peers .

Note: Servers will be displayed in the Status view only if they can be resolved. They will, however, always be displayed in the Setup view in order to reconfigure them, if necessary.

IP/HOST : Name and real-time status (color-coded)

REF ID : Identifies the type of Input REFerence e.g., GPS indicates the reference can use GPS for its synchronization. Below is a list of potential REF IDs reported by the SecureSync Timing System (other NTP Servers and Peers may report different references):

GPS : GNSS reference

IRIG : IRIG reference

HVQ : HAVE QUICK reference

FREQ : Frequency reference

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2

2.15  Configure NTP

PPS : External 1PPS reference

PTP : PTP reference

ATC : ASCII time code reference

USER : User provided time

LOCL : Local reference (synced to itself)

INIT : NTP on server/peer is initializing

STEP : NTP on server/peer is performing initial synchronization step and restarting

AUTH STATUS : Indicates if the selected reference is using MD5 authentication.

“None” indicates authentication not being used.

LAST : The number of seconds that have expired since this reference was last polled for its time.

POLL : The polling interval, i.e. how often SecureSync is polling this NTP reference for its time.

DELAY (ms) : The measured one-way delay between SecureSync and its selected reference.

2.15.8.2 NTP Servers: Adding, Configuring, Removing

To add, configure, or remove an NTP Server:

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2 107

2.15  Configure NTP

1.

Navigate to MANAGEMENT > NETWORK: NTP Setup .

108

2.

The NTP Setup screen appears. The NTP Servers panel displays a list of recognized NTP servers. Click the GEAR icon in the upper right-hand corner of the NTP

Servers panel.

3.

The NTP Servers window opens. Should the list be empty, no servers have been added yet. In the event that added servers are not displayed in the NTP Setup screen/NTP Servers panel, they could not be resolved. Verify the IP address. Note that System servers cannot be edited or deleted.

To ADD a new server, click the PLUS icon in the upper right-hand corner, and proceed to the next step.

Note: In order for other NTP Servers to be a valid reference,

“NTP” must be enabled as both the Time and 1PPS references in the Reference Priority table. See

"Configuring Input Reference Priorities" on page 184

.

To EDIT an existing server, click the corresponding ACTION GEAR button, and proceed to the next step.

To REMOVE a server (and its associated configurations), click the X-button next to it, then confirm by clicking OK.

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2

2.15  Configure NTP

4.

The NTP Server Edit window displays. Enter the required information:

Host : The IP address for the server to be used as host.

Min Poll Interval : Select a value from the drop down (the default is 3 (8s)).

Max Poll Interval : Select a value from the drop down (the default is 3 (8s)).

For both NTP Peers, and NTP Servers the Minimum and Maximum Poll rate for NTP packets can be configured.

Enable Burst : This tells NTP to send a burst to the remote server when the server is reachable.

Enable Iburst : The iburst function tells NTP to send a burst of queries instead of one when the remote server is not reachable for faster clock synchronization. This will occur if the connection was interrupted, or upon restart of the NTP daemon. For additional information, please refer to public NTP configuration documentation.

Mark as Preferred : Click here to make this server the preferred server. For more information, see

"Configuring "NTP Stratum 1" Operation" on page 103

.

Note: It is not normally recommended to select more than one

NTP Server in the NTP Servers table as being Preferred . Typically, only one NTP server should be selected as Preferred .

5.

Click Submit, or press Enter.

2.15.8.3 NTP Peers: Adding, Configuring, Removing

To add, configure, or remove an NTP Peer:

1.

Navigate to MANAGEMENT > NETWORK: NTP Setup .

2.

The NTP Setup screen appears. The NTP Peers panel displays a list of recognized

NTP peers.

Note: Should the list be empty, no servers have been added yet. In the event that added peers are not displayed, they could not be resolved. Verify the IP address

To EDIT the settings of an NTP Peer, click the GEAR button next to it, and proceed to Step 3 below.

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2 109

2.15  Configure NTP

To ADD a new NTP Peer, click the PLUS icon in the top right corner of the

NTP Peers panel.

To REMOVE an NTP Peer (and its associated configurations), click the X-button next to it.

3.

The NTP Peers edit window opens:

110

4.

Enter the required information into the fields:

Host : The IP address for the server to be used as host.

Min Poll Interval : Select a value from the drop down (the default is 3 (8s).

Max Poll Interval : Select a value from the drop down (the default is 3 (8s).

For both NTP Peers, and NTP Servers the Minimum and Maximum Poll rate for NTP packets can be configured.

Enable Symmetric Key : Click the checkbox to enable/disable Symmetric

Key. See also:

"Configuring NTP Symmetric Keys" on the facing page

.

Note: Before you can edit the Key field, you must set up Symmetric Keys through the Actions Panel. See

"NTP: Symmetric

Keys (MD5) " on the facing page .

Mark as Preferred : Check this box to prefer this NTP Peer over other NTP

Peers ("NTP Peer Preference"). This will result in SecureSync synchronizing more frequently with this Peer. For additional information on NTP Preferences, see

"Configuring "NTP Stratum 1" Operation" on page 103 .

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2

2.15  Configure NTP

Note: Please note that it is not advisable to mark more than one NTP Peer as Preferred , even though SecureSync will not prevent you from doing so.

5.

Click Submit, or press Enter.

2.15.9

NTP Authentication

Since NTP information is distributed across entire networks, NTP poses a security risk: Falsified NTP time stamps or other NTP-related information can be exploited by an attacker. NTP authentication keys are used to authenticate time synchronization, thus detecting a fake time source before it can do harm.

2.15.9.1

NTP: Symmetric Keys (MD5)

Symmetric Keys are an encryption means that can be used with NTP for authentication purposes.

SecureSync supports authenticated NTP packets using an MD5 authenticator. This feature does not encrypt the time packets, but attaches an authenticator, which consists of a key identifier and an MD5 message digest, to the end of each packet. This can be used to guarantee that NTP packets came from a valid NTP client or server, and that they were not tampered with during transmission. The Symmetric Keys tab allows NTP to be configured to use MD5 authentication.

Configuring NTP Symmetric Keys

To create, edit, or delete Symmetric Keys (MD5 Authentication):

1.

Navigate to MANAGEMENT > NETWORK: NTP Setup .

2.

In the Actions panel, click the Symmetric Keys button:

3.

The NTP Symmetric Keys window will display:

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2 111

2.15  Configure NTP

To CREATE a Symmetric Key , click the PLUS icon in the top-right corner, and proceed to Step 4.

To EDIT an existing key pair, click the corresponding Change button, and proceed to Step 4.

To DELETE a key pair, click the corresponding Delete button, and click OK in the dialog box to confirm and complete the procedure.

4.

The NTP Symmetric Key window will display:

112

Fill in, or edit the fields:

Trusted (checkbox)—Check this box to use MD5 authentication with trusted key ID.

Note: To use the MD5 authentication with trusted key ID, both the NTP client and the SecureSync must contain the same key

ID/key string pair, the client must be set to use one of these

MD5 pairs, and the key must be trusted.

Key ID —The key ID must be a number between 1 and 65532.

Digest Scheme —Choose one of the options from the drop-down list. The available options are:

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2

2.15  Configure NTP

MD5 (the default)

SHA1

SHA

MDC2

MDC2

RIPEMD160

MD4

Key Str —The key string must be readable ASCII and between 1 and 16 characters long.

5.

Click the Submit button: The changes will be reflected in the table of the NTP Symmetric Keys window, which is displayed after clicking the Submit button.

6.

The key(s) you have set up will now appear as options in the Symmetric Key field in both the NTP Server screen, and the NTP Peer screen.

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2 113

2.15  Configure NTP

114

NOTES:

Duplicate key IDs are not permitted. NTP requests received by that do not contain an authenticator containing a valid Key ID and MD5 message digest pair will be responded to, but no authentication will be performed. An NTP request with valid authenticators results in a valid NTP response with its own valid authenticator using the same Key ID provided in the NTP request.

You may define the trusted Symmetric Keys that must be entered on both SecureSync, and any network client with which SecureSync is to communicate. Only those keys for which the “Trusted” box has been checked will appear in the dropdown menus on the NTP

References screen.

2.15.10 NTP Access Restrictions

Next to encrypted authentication by means of Symmetric Keys, NTP supports a list-based means of access restriction, the use of which is also recommended to prevent fraudulent or inadvertent manipulation of a time server.

To configure NTP Access Restrictions:

1.

Navigate to MANAGEMENT > NETWORK: NTP Setup .

2.

In the Actions panel, click Access Restrictions :

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2

3.

The NTP Access Restrictions Status window will display:

2.15  Configure NTP

To ADD or EDIT an access restriction, click the PLUS icon or the Change button, respectively, and proceed to Step 4. below.

To DELETE an access restriction, click the corresponding Delete button, and confirm by clicking OK.

4.

The NTP Access Restrictions window will display:

Fill in the fields:

Restriction Type —Choose either Allow or Deny.

If you select “Deny”, the configured portion of the network will not have NTP access to SecureSync, but the rest of the network will have access to SecureSync. If you select “allow”, the configured portion of the network will have NTP access to SecureSync, but the rest of the network will not have access to SecureSync. By default, SecureSync allows all IPv4 and IPv6 connections.

IP Version —Choose IPv4 or IPv6

IP Address —Enter the appropriate hostname.

Subnet Mask —Enter the appropriate IP mask.

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2 115

2.15  Configure NTP

Require Authentication (checkbox)—Check this box if you want the additional security of authorized access. SecureSync to accept only authenticated requests (MD5) from this user or network segment.

Allow NTP Queries (checkbox)—Check this box if you want to allow external NTP queries into SecureSync services.

5.

Click the Submit button.

2.15.11

Enabling/Disabling NTP Broadcasting

The NTP Broadcast mode is intended for one or a few servers and many clients.

SecureSync allows the NTP service to be configured to broadcast the NTP time only to the network’s broadcast address at scheduled intervals.

NTP Broadcasting is used to limit the NTP service to only certain clients on the network.

NTP Broadcasting also reduces the amount of network traffic, but is therefore less accurate since there is no compensation for cable delays, or other delays between NTP Server and Client.

Note that NTP Broadcasting is rarely used and typically limited to special applications.

To enable NTP Broadcasting:

1.

Navigate to MANAGEMENT > NETWORK: NTP Setup .

116

2.

On the NTP Services panel, click the GEAR icon.

3.

The Edit NTP Services window will display. Check the Broadcast box.

4.

Select a Broadcast Interval . When NTP Broadcasting is selected, in addition to still responding to NTP time requests sent from network appliances, SecureSync will also send unsolicited NTP time packets to the local broadcast address at the Broadcast Interval specified by you.

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2

2.15  Configure NTP

5.

To utilize MD5 Authentication , select a Symmetric Key (see

"Configuring NTP

Symmetric Keys" on page 111

.)

6.

Click Submit, or press Enter.

To disable NTP broadcasting, simply uncheck the Broadcast box and click Submit .

2.15.12 NTP over Anycast

NTP (Network Time Protocol) is a packet network based synchronization protocol for synchronizing a client clock to a network master clock (see also

"Configure NTP" on page 96 .)

Anycast is a network routing protocol in which messages are routed to one of a group of potential receivers via a single Anycast address, thus avoiding the need to configure every client individually.

NTP over Anycast , as implemented in SecureSync, is a combination of the two concepts, allowing SecureSync to:

I.

Associate one of its network ports to an Anycast IP address, and

II.

Remove itself as an available time source if its reference is lost or degraded, and vice versa.

To learn more about NTP over Anycast, see also the respective

Spectracom Technology

Brief (PDF)

.

Please note that SecureSync utilizes the OSPF (Open Shortest Path First) and BGP

(Border Gateway Protocol).

O S P F P r o t o c o l E X A M P L E :

If an active SecureSync NTP server has removed itself as an available time source from the

Anycast-capable network, the OSPF router will send a request for replacement to the next nearest NTP server, serving under the same NTP over Anycast address.

As soon as the first SecureSync server obtains a valid reference again, it will make itself available to the OSPF router, which will then use it as a time source again, based on the principle of shortest path available.

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2 117

2.15  Configure NTP

Figure 2-4: All NTP Servers are synchronized

118

Figure 2-5: NTP Server 1 is out of sync

2.15.12.1 Configuring NTP over Anycast (General Settings)

To setup the NTP over Anycast functionality:

1.

Confirm that your existing network infrastructure is Anycast capable. Determine network specifics, such as the Anycast address and port.

2.

In the SecureSync Web UI, navigate to MANAGEMENT > Network > NTP Setup .

3.

In the Actions Panel , click NTP over Anycast .

4.

In the NTP Anycast window, select the General tab.

5.

On the General tab, select the IP Version you will be running Anycast service for.

The options are IPv4, IPv6, or both.

6.

Configure the Anycast Address to be used.

7.

Select the port to associate the Anycast service with (depending on the option card configuration of your unit, there may be only ETH0 available). If you desire IPv6 functionality, you must also select the IPv6 port address since there may be multiple IPv6 addresses on a single port.

8.

Click Submit .

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2

2.15  Configure NTP

Note: NTP over Anycast is not compatible with DHCP, as it is designed to be used with static addresses only.

Note: IMPORTANT: For Anycast to function, SecureSync must be in sync to a valid reference, or to itself.

2.15.12.2 Configuring NTP over Anycast (OSPF IPv4)

To setup the NTP over Anycast functionality, using OSPF IPv4:

1.

Confirm that your existing network infrastructure is Anycast capable, and uses

OSPF Version 2 (IPv4). Determine the OSPF area.

2.

In the SecureSync Web UI, navigate to MANAGEMENT > Network > NTP Setup .

3.

In the Actions Panel , click NTP over Anycast .

4.

In the NTP Anycast window, select the General tab.

5.

On the General tab, select IPv4 as the IP Version.

6.

Configure the Anycast Address to be used.

7.

Select the port to associate the Anycast service with (depending on the option card configuration of your unit, there may be only ETH0 available).

8.

In the NTP Anycast window, navigate to the OSPF tab.

9.

On the OSPF tab, check Enable .

10.

Setup the OSPF area.

11.

Click Submit .

12.

Select the port address to associate the Anycast service with (because there may be multiple addresses on a single port), and click Submit . If no addresses appear, an

IP address must be added to the port (see

"Network Ports" on page 60 ).

13.

Next, specify the maximum TFOM Setting (Time Figure of Merit), and the Holdover

Timeout value. These two parameters determine SecureSync's accuracy "tolerance window": A small window will cause SecureSync to deliver a more accurate time window, but also will cause it to quickly withdraw from the Anycast server pool, i.e.

declare itself an invalid reference. (For more information about TFOM, see

"Configuring the Oscillator" on page 230

.)

Navigate to Management > Disciplining , and click the GEAR icon in the top-right corner of the Status panel.

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2 119

2.15  Configure NTP

14.

Set the value Maximum TFOM for Sync to 4 (this will make SecureSync to go out of sync if the phase error is greater than 1 μ s).

15.

Set the value for Holdover Timeout to 10 s, to allow SecureSync to exit holdover quickly.

16.

Leave the Phase Error Limit at 0, and do not check any of the checkboxes (or, for more information, see

"Configuring the Oscillator" on page 230 ).

2.15.12.3 Configuring NTP over Anycast (OSPF IPv6)

To setup the NTP over Anycast functionality, using OSPF IPv6:

1.

Confirm that your existing network infrastructure is Anycast capable, and uses

OSPF Version 3 (IPv6). Determine the OSPF area.

2.

In the SecureSync Web UI, navigate to MANAGEMENT > Network > NTP Setup .

3.

In the Actions Panel , click NTP over Anycast .

4.

In the NTP Anycast window, select the General tab.

5.

On the General tab, select IPv6 as the IP Version.

6.

Select the port to associate the Anycast service with (depending on the option card configuration of your unit, there may be only ETH0 available).

7.

Select the port address to associate the Anycast service with (because there may be multiple IPv6 addresses on a single port), and click Submit . If no addresses appear, an IPv6 address must be added to the port.

8.

In the NTP Anycast window, navigate to the OSPF tab.

9.

On the OSPF6 tab, check Enable .

10.

Setup the OSPF6 area.

11.

Click Submit.

12.

Select the port address to associate the Anycast service with (because there may be multiple addresses on a single port), and click Submit. If no addresses appear, an IP address must be added to the port (see

"Network Ports" on page 60 ).

13.

Next, specify the maximum TFOM Setting (Time Figure of Merit), and the Holdover

Timeout value. These two parameters determine SecureSync's accuracy "tolerance window": A small window will cause SecureSync to deliver a more accurate time window, but also will cause it to quickly withdraw from the Anycast server pool, i.e.

declare itself an invalid reference. (For more information about TFOM, see

"Configuring the Oscillator" on page 230

.)

Navigate to Management > Disciplining , and click the GEAR icon in the top-right corner of the Status panel.

120 CHAPTER 2 • SecureSync 2400 User Manual Rev. 2

2.15  Configure NTP

14.

Set the value Maximum TFOM for Sync to 4 (this will make SecureSync to go out of sync if the phase error is greater than 1 μ s).

15.

Set the value for Holdover Timeout to 10 s, to allow SecureSync to exit holdover quickly.

16.

Leave the Phase Error Limit at 0, and do not check any of the checkboxes (or, for more information, see

"Configuring the Oscillator" on page 230 ).

2.15.12.4 Configuring NTP over Anycast (BGP)

To configure NTP over Anycast , using BGP (Border Gateway Protocol):

1.

Confirm that your existing network infrastructure is Anycast capable, and uses BGP.

Determine the network specifics, such as your Autonomous System (AS) number,

Neighbor’s address and Neighbor’s AS number.

2.

In the SecureSync Web UI, navigate to MANAGEMENT > Network > NTP Setup.

3.

In the Actions Panel , click NTP over Anycast .

4.

In the NTP Anycast window, select the General tab.

5.

On the General tab, select your desired IP Version. This selection automatically communicates with the BGP tab and displays the neighbor address field based on your needs.

6.

Select the port to associate the Anycast service with (depending on the option card configuration of your unit, there may be only ETH0 available). If you desire IPv6 functionality, you must also select the IPv6 port address since there may be multiple IPv6 addresses on a single port.

7.

In the NTP Anycast window, navigate to the BGP tab.

8.

On the BGP tab, check Enable .

9.

Input your AS number .

10.

Input the neighbor's address.

11.

Input the neighbor's AS number.

12.

Click Submit .

13.

Select the port address to associate the Anycast service with (because there may be multiple addresses on a single port), and click Submit. If no addresses appear, an IP address must be added to the port.

14.

Next, specify the maximum TFOM Setting (Time Figure of Merit), and the Holdover

Timeout value. These two parameters determine SecureSync's accuracy "tolerance window": A small window will cause SecureSync to deliver a more accurate time window, but also will cause it to quickly withdraw from the Anycast server pool, i.e.

declare itself an invalid reference. (For more information about TFOM, see

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2 121

2.15  Configure NTP

"Configuring the Oscillator" on page 230

.)

Navigate to Management > Disciplining , and click the GEAR icon in the top-right corner of the Status panel.

15.

Set the value Maximum TFOM for Sync to 4 (this will make SecureSync to go out of sync if the phase error is greater than 1 μ s).

16.

Set the value for Holdover Timeout to 10 s, to allow SecureSync to exit holdover quickly.

17.

Leave the Phase Error Limit at 0, and do not check any of the checkboxes (or, for more information, see

"Configuring the Oscillator" on page 230 ).

2.15.12.5 Configuring Anycast via NTP Expert Mode

Advanced Anycast configuration is possible via the NTP Expert Mode (see also

"NTP

Expert Mode" on page 126

), which allows you to write directly into the Anycast configuration files ( zebra.conf

; ospfd.conf

; ospf6d.conf

and bgpd.conf

).

The zebra.conf

file is required for both IPv4, and IPv6 Anycast. The ospfd.conf

file is required for IPv4 OSPF only, the ospf6d.conf

file is required for IPv6 OSPF only, and the bgpd.conf

file has multiprotocol functionality, hence it can be used for both IPv4, and

IPv6 Anycast.

Caution: Expert Mode should only be utilized by advanced users, as incorrectly altering the Anycast files can cause Anycast to stop working.

Caution: Any configurations made in Expert Mode will be lost as soon as

Expert Mode is disabled.

1.

To access Expert Mode, navigate to MANAGEMENT > NTP Setup .

2.

Enable the switch for Expert Mode in the panel NTP Services .

3.

Once it is enabled, click NTP Anycast in the Actions Panel . The Expert mode window will appear, with a separate tab for each of the three configuration files.

4.

To enable OSPF IPv4 Anycast, check Enable under the OSPF tab. To enable OSPF

IPv6 Anycast, check Enable under the OSPF6 tab. To enable BGP Anycast, check

Enable under the BGP tab. Then click Submit.

When the NTP Anycast Expert Mode window is opened, the files displayed are the configuration files in their current states. If no configuration was done outside of Expert Mode, these will be the factory default files. If Anycast configuration was already done from the

Web UI, you will be able to edit the existing Anycast setup.

122 CHAPTER 2 • SecureSync 2400 User Manual Rev. 2

2.15  Configure NTP

When editing zebra.conf

in expert mode, you should ensure that the first line under an interface line is an ip address line declaring an IPv4 address (if there is one for the interface), and that the next line is an ipv6 address line declaring an IPv6 address (if there is one for the interface). No other lines or variations in spacing should be inserted before or between these lines. No editing restrictions exist on ospfd.conf

or ospf6d.conf

files.

Example

zebra.conf

file with both IPv4, and IPv6 configured on the same port:

(Interface eth0 line, followed by IPv4 line and then IPv6 line)

*****************************************************

!

interface eth0 ip address 10.2.100.157/16 ipv6 address 2000:10:2::157/64

!

interface lo ip address 10.10.14.1/32 ipv6 address 2000:10:10::1/64

*****************************************************

Example

zebra.conf

file with IPv4, and IPv6 configured on different ports:

(Interface eth0 line, followed by only IPv4 line, because no IPv6 address is configured on that port. Interface eth1 line, followed by only IPv6 line, because no IPv4 address is configured on that port)

*****************************************************

!

interface eth0 ip address 10.2.100.157/16 interface eth1

!

ipv6 address 2000:10:2::157/64 interface lo ip address 10.10.14.1/32 ipv6 address 2000:10:10::1/64

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2 123

2.15  Configure NTP

*****************************************************

Example

zebra.conf

file showing the default file with no addresses configured:

(Interface eth0 line, with no lines following it because no addresses are configured on the port)

!

***************************************************** interface eth0

!

interface lo

*****************************************************

Example

ospfd.conf

file:

*****************************************************!

router ospf ospf router-id 10.2.100.157

network 10.2.0.0/16 area 0.0.0.0

redistribute connected distribute-list default out connected

!

access-list default permit 10.10.14.1/32 access-list default deny any

*****************************************************

Example

ospf6d.conf

file:

!

*****************************************************

!

interface eth0 router ospf6 router-id 10.2.100.157

interface eth0 area 0.0.0.0

124 CHAPTER 2 • SecureSync 2400 User Manual Rev. 2

2.15  Configure NTP

!

redistribute connected

*****************************************************

Example

bgpd.conf

file:

*****************************************************!

router bgp 12 bgp router-id 172.17.1.12

network 172.17.0.0/16

!

neighbor 172.17.1.1 remote-as 3 redistribute connected

*****************************************************

2.15.12.6 Testing NTP over Anycast

Note: A detailed Anycast test procedure is available from Spectracom upon request. Please contact

[email protected]

.

2.15.13 NTP Orphan Mode

The NTP Orphan Mode allows SecureSync to remain a valid time server to its NTP clients even if all its input references have become invalid and the Holdover period has expired.

Per default, SecureSync will automatically downgrade itself to NTP Stratum 15 , should its input references become invalid and after expiration of the Holdover period. By setting the

NTP Orphan Mode to an NTP Stratum level other than 15, SecureSync will continue to be considered a valid time server by its NTP clients.

Note, however, that the time served by SecureSync after expiration of the Holdover period can be of a low quality and therefore normally ought to be considered invalid. NTP

Orphan Mode exists as an option for timing networks that must stay intact even if the time distributed is invalid. The other use case for Orphan Mode is to allow for NTP to be utilized in an isolated timing network that is designed to normally operate without any external references.

To configure NTP Orphan Mode:

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2 125

2.15  Configure NTP

1.

Navigate to MANAGEMENT > NTP Setup .

2.

In the NTP Services panel, click the GEAR icon in the top right corner. The Edit

NTP Services window will open:

126

3.

Click the Orphan Mode tab, and select an NTP Stratum other than 15 . This will be the Stratum level SecureSync will transition to in the event its input references become invalid.

4.

Click Submit. SecureSync will automatically stop and re-start the NTP Service.

Note: Per NTP protocol definition, for an NTP Orphan Mode Timing Network to operate properly, ALL servers and clients must be set to the same

Stratum level (e.g., "5").

2.15.14 Host Disciplining

Host Disciplining allows an NTP input reference to discipline SecureSync's oscillator. This may be utilized e.g., with SecureSync units that do not have a GPS receiver because they are operated as Stratum 2 servers.

In general, units that do not have a GNSS reference will look to the time references as they are ordered in the Reference Priority to obtain their time references. If NTP is enabled and valid, it will discipline the unit's system time when it is the highest valid reference.

2.15.15 NTP Expert Mode

Advanced NTP configuration is possible via the NTP Expert Mode , which allows you to write directly into the

NTP.conf

file (the syntax is similar to the one used with CISCO routers).

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2

2.15  Configure NTP

Caution: NTP Expert Mode should only be utilized by advanced users, as incorrectly altering the NTP.conf

file can cause NTP to stop working (if

NTP is configured as an input reference, SecureSync could lose synchronization).

To access the NTP Expert Mode, navigate to MANAGEMENT > NTP Setup . The switch for the NTP Expert Mode is in the panel NTP Services .

Caution: Any configurations made in NTP Expert Mode will be lost as soon as NTP Expert Mode is disabled.

NTP utilizes the

NTP.conf

file for its configuration. Normally, configuration of this file is indirectly performed by a user via the integrated configuration pages of the SecureSync

Web UI. However, it may be desired in certain circumstances to edit this file directly, instead of using the web-based setup screens. When Expert Mode is enabled, the user has direct access to the

NTP.conf

file.

Caution: Orolia Tech Support does not support the editing of the NTP configuration files while in the Expert Mode. For additional information on editing the NTP.conf

file, please refer to

http://www.ntp.org/

.

Note: IMPORTANT: If an undesirable change is made to the

NTP.conf

file that affects the NTP operation, the

NTP.conf

file can be manually changed back as long as the previous configuration was known.

The

NTP.conf

file can be reset back to the factory default values by either using the procedure to restore all of the SecureSync factory default settings (see

"Restoring the Default NTP Configuration" on page 100

) or editing the file back to the original configuration as shown in the factory default configuration below.

Caution: If changes are made to the

NTP.conf

file while in the Expert mode, Expert mode should remain enabled from that point forward. Disabling Expert mode after changes being made to this file may result in loss of this configuration information.

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2 127

2.15  Configure NTP

Factory default

NTP.conf

file:

restrict 127.0.0.1

restrict ::1 restrict default noquery nomodify restrict -6 default noquery nomodify keys /etc/ntp/keys/ntp.keys

controlkey 65533 requestkey 65534 trustedkey 65533 65534 server 127.127.45.0 prefer minpoll 4 server 127.127.22.0 minpoll 4 fudge 127.127.22.0 stratum 0 peer 10.10.128.35 minpoll 3 maxpoll 3 autokey keysdir /etc/ntp/keys/ crypto pw admin123 randfile /dev/urandom driftfile /etc/ntp/ntp.drift

logfile /home/spectracom/log/ntp.log

statsdir /home/spectracom/log/ntpstats/ statistics loopstats peerstats clockstats filegen loopstats file loopstats type day enable filegen peerstats file peerstats type day enable filegen clockstats file clockstats type day enable

Prior to Expert mode being enabled, the Network: NTP Setup page will contain various tabs for configuring different options of the NTP Service. To prevent inadvertent changes from being made to a user-edited NTP.conf

file via the web pages, these NTP configuration tabs are removed from the web browser view as long as the Expert mode remains enabled (only the Expert Mode tab is visible in Expert Mode; all other tabs will no longer be present). Disabling the Expert mode restores these tabs to the Edit NTP Services window.

To enable the Expert Mode, and edit the NTP.conf

file:

1.

Navigate to MANAGEMENT > NETWORK: NTP Setup .

2.

In the NTP Services panel locate the Expert Mode switch:

128 CHAPTER 2 • SecureSync 2400 User Manual Rev. 2

2.16  Configuring PTP

When enabled, the NTP Service operates in Unicast mode. In Unicast mode, the

NTP Service responds to NTP requests only. The NTP Service supports a broadcast mode in which it sends a NTP time packet to the network broadcast address.

3.

Click the Expert Mode switch.

4.

Confirm by clicking OK in the dialog box.

5.

Click the GEAR icon.

6.

In the Edit NTP Services window, edit the file as desired in the text box under the

Expert Mode tab.

7.

Click the Submit button to save any changes that were made.

8.

Disable and then re-enable the NTP service using the NTP ON/OFF switch in the

NTP Services panel. SecureSync will now use the new NTP configuration per the manually edited file.

Caution: Any configurations made in NTP Expert Mode will be lost as soon as NTP Expert Mode is disabled.

2.15.16 Orolia Technical Support for NTP

Orolia does not provide technical assistance for configuring and installing NTP on Unixbased applications. Please refer to

www.ntp.org

for NTP information and FAQs. Another helpful source is the Internet newsgroup at

news://comp.protocols.time.ntp

.

Orolia can provide support for Microsoft ® Windows- based time synchronization:

https://www.orolia.com/documents/synchronizing- windows- computers

.

See

orolia.com

for additional information, or contact Orolia Technical Support.

2.16

Configuring PTP

Note: These instructions refer only to the PTP available directly through your unit via ETH0 and ETH1.

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2 129

2.16  Configuring PTP

If you have a 1204-32 Grandmaster PTP option card installed, you will need to follow separate instructions to configure that PTP functionality. See

"PTP Grandmaster [1204-32]" on page 462

Precision Time Protocol (PTP) is a time protocol that can be used to synchronize computers on an Ethernet network. SecureSync supports PTP Version 1 and 2, as specified in the IEEE 1588-2002 and IEEE 1588-2008 standard, via two (2) Ethernet ports.

SecureSync can be configured as a PTP Master Clock or as a PTP Slave Clock.

Next to PTP specifications, this topic describes the PTP menu items and settings, and outlines how to set up SecureSync as a PTP Master or Slave.

PTP Specifications

Inputs/Outputs : (2) Ports

Signal Type : Ethernet

Management : Web UI

Network Speeds : 100 Mb/s, 1Gb/s, or 10Gb/s

PTP Version supported: PTP 1 IEEE (1588-2002) and 2 (IEEE 1588-2008)

PTP Profiles supported: Default, Telecom, Enterprise

Transmission modes : Unicast, Multicast (IPv4 and Ethernet), and Hybrid [default]

Timestamping : SecureSync has PTP time stamp functionality which is set to use the UTC timescale.

2.16.1

The PTP Screen

The PTP screen provides PTP status information, and provides access to all configurable

PTP settings.

To access the PTP screen, navigate to MANAGEMENT > NETWORK: PTP Setup . The

PTP screen will open:

130

Figure 2-6: PTP setup screen

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2

2.16  Configuring PTP

For each Ethernet port (eth1-eth2) you can toggle PTP functionality ON or OFF .

You can also access the "Settings" panel and the "Statistics" panel for each port (see below).

2.16.1.1

The PTP Settings Panel

The Settings Panel provides access to the configuration settings, divided into three tabs, which are described below. Each tab allows you to Restore defaults .

Note: The Restore Defaults button in each PTP Settings panel will restore

ALL the factory defaults for ALL Ethernet ports.

Settings changed by the user will be maintained when the PTP daemon is stopped and started, and between reboots and power cycles.

Figure 2-7: Edit PTP Settings panel

Protocol tab

PTP version : [1, 2] Select Version 1 or Version 2.

Domain : [1 through 127] Sets the current PTP Domain Number, as defined in IEEE

Std 1588-2008 Section 7.1

Communication Mode : Select multicast, hybrid, or unicast mode.

A b o u t … P T P T r a n s m i s s i o n M o d e s

The PTP Card is able to transmit the PTP packets in three transmission modes:

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2 131

2.16  Configuring PTP

• Multicast Mode : PTP packets are transmitted to all PTP Clocks by means of Multicast IP addresses dedicated to the PTP protocol (224.0.1.129, 224.0.0.107). PTP packets received by the PTP Clocks are then filtered from the Domain Number, the Port Identity (Clock Identity + Port Number) of the transmitter. When the Master Clock is set in

Multicast mode, this module will deny the requests from the Slaves Clocks to run in

Unicast mode. When the Master Clock is set in Unicast mode, it doesn’t transmit any

PTP messages until a Slave has been granted to run in Unicast mode.

• Unicast Mode : This is a Point-to-Point transmission mode between two PTP

Clocks by means of the unique IP address assigned to each PTP Clock.

• Hybrid Mode : [default] This mode uses Multicast messages for Sync, Follow-Up, and Announce packets from the Master. Slaves are expected to send Delay Request messages to the Master in Unicast, and the Master responds in Unicast. No Unicast Negotiation grants are necessary.

---------------------------------------------

The Unicast mode is activated at the initiative of the Slaves. Each Slave, which wants to run in Unicast mode, shall first negotiate Unicast contracts with the Master.

Mode : Master Only or Slave Only.

Sync Rate : The rate at which Sync messages are sent, in packets per second. [1 =

1 packet/sec.; 2 = 2 packets/sec.; 0.5 = 1 packet/2 sec.]

Announce Rate : [see Sync Rate above] The rate at which Announce messages are sent, in packets per second.

Delay Req Rate : Interval between request messages sent by the slave to the master.

Best Master Clock Algorithm : [On or OFF] When set to ON, the Master will listen for traffic from other Masters and become passive if another master on the network has better credentials according to the Best Master Clock Algorithm (Section 9.3 of

IEEE 1588-2008). A passive master will not transmit any protocol messages as long as another Master is active as the Best Master on the network.

When set to OFF, the Master will act as an active master no matter whether or not other masters are present. This may be required for certain PTP profiles.

Clock Priority 1 : [0 to 255] (0 is highest priority. Default is 128 for both priority values. This is usually the priority value that a Slave is set to.) See IEEE 1588-2008, Section 8.10.1, 8.10.2.

Clock Priority 2 : [0 to 255] (same as above).

Current UTC Offset : to convert to civil time.

132 CHAPTER 2 • SecureSync 2400 User Manual Rev. 2

2.16  Configuring PTP

Network Transport : [Ethernet, IPv4/UDP] Selects the transport protocol used for

PTP packets.

Management Mechanism tab

Request Peer Information : [ON/OFF] Enable/disable management requests.

Request Peer Information Rate : [0.2 = one request every five seconds] Request rate in seconds for PTP Management messages.

Respond to Peer Information Requests : [ON/OFF] Enable/disable management responses.

Network tab

Multicast Ttl : [1 through 255] Time-to-live (packet lifespan) — Sets the TTL field for PTP packets except for Peer-to-Peer packets for which TTL is forced to 1 as specified in IEEE Std 1588-2008 Annex D.3.

Unicast Ttl : [64] Time to live for Unicast packets.

2.16.1.2

The PTP Statistics Panel

This panel provides statistics for each Ethernet port. If the PTP is set to OFF for a specific port, this screen will not display any information.

All statistics shown are based on the traffic that is detectable by SecureSync, i.e. in a

Unicast environment, SecureSync may only detect traffic that is addressed to it, based on switch configuration.

Figure 2-8: PTP Statistics Panel

PTP Node : IP address of PTP node.

Clock Identity : [e.g., "a0:36:9f:ff:fe:37:b9:5d"]

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2 133

2.17  GPSD Setup

Domain : Domain number of the selected PTP node.

Unicast : [0,1] OFF or ON (1)

Last Time : [e.g., "2016-08-12 18:19:15"] The last time a packet was received.

Average Rate : [e.g., "0.0624986091344933"] Indicates how often the selected message has been detected (in seconds e.g., "1.0" would mean once every second).

2.16.2

Enabling/Disabling PTP

To enable or disable PTP:

1.

Navigate to MANAGEMENT > NETWORK: PTP Setup .

2.

In the PTP panel, slide the toggle switch to ON or OFF for the desired Ethernet port.

3.

Configure your settings using the Edit Settings Panel.

2.16.3

General Configuration Notes

Ensure that the Ethernet port used for PTP is connected to the network. Navigate to MANAGEMENT > NETWORK: Network Setup , and verify the STATUS in the

Ports panel.

For a Master Clock : Be sure that valid time and 1PPS references are currently selected: Navigate to MANAGEMENT > OTHER: Reference Priority , and confirm

Reference Priority configuration, and Reference Status . Note that in order to operate properly as a Master Clock, SecureSync must be synchronized to a non-PTP reference. The built-in GNSS reference provides all information needed with no user intervention. Should you, however, be using a different reference, ensure that it transmits the following information.

The proper TAI or UTC time (including the current year).

The current TAI to UTC offset (required even if the reference’s time is in

TAI).

Pending leap second information at least a day in advance.

2.17

GPSD Setup

GPSD is a free, open-source package used worldwide to manage GNSS systems and devices. With GPSD support on a SecureSync, users are able to: connect to the unit over a network via TCP at the specified port using any GPSDcompatable software

134 CHAPTER 2 • SecureSync 2400 User Manual Rev. 2

2.17  GPSD Setup receive position and timing information from the GNSS receiver in a consistent format, and use the WebUI (or CLI) to configure the GPSD service and view status information.

GPSD can only be configured to track the SecureSync internal u-blox receiver (GDPS does not currently apply to the internal IMU or gyro for navigation purposes)..

To configure GPSD on the WebUI, navigate to MANAGEMENT > NETWORK > GPSD

Setup to access the GSPD Setup Screen

The GPSD Setup Screen is divided into three panels:

1.

The GPSD Service panel: allows you to toggle the service ON or OFF lists the Service Port the Gear Icon in the GPSD Service panel allows you to change the Service

Port information. If your GPSD setup changes and needs to be reconfigured within your SecureSync, this is where you can reset the service port.

2.

The Actions panel provides an option to restore the default configuration .

3.

The Receiver Status panel lists the information required by the GPSD service:

Device name

Mode, Time, Position, Track/Speed/Climb, Error Statistics, and Precision Statistics

All satellites in view and the PRN, Elevation, Azimuth, Signal Strength, and

Usage for each satellite.

GPSD via CLI commands

The following CLI commands are used to control the behavior of GPSD via the

SecureSync CLI: gpsdserviceportget – Displays the GPSD service port gpsdserviceportset – Sets the GPSD service port

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2 135

2.18  Configurable Connectors

There are two GPSD utility programs already incorporated into SecureSync;

GPSpipe and

CGPS

. Both can be used as commands within the CLI to view information currently being sent via GPSD. Both commands use CTL + C to stop.

2.18

Configurable Connectors

136

This Section covers the two software-configurable connectors on the CPU board (rear panel): the BNC DCLS OUT connector and the HD15 multi I/O connector.

When you configure an input our output via the DCLS OUT connector or the I/O connector, you will need to adjust both the pin configuration (

"Assigning Signals" on page 138

) and (for some types) the settings for that input or output via the Web UI ( "Configuring Input References" on page 140

and

"Configuring Outputs" on page 148 ).

You can find the settings for signals currently configured through these two connectors under INTERFACES > OPTION CARDS > Main . The CPU board with the standard-issue connectors is referred to as "Option Card 0" in the Web UI.

2.18.1

BNC DCLS OUT

The DCLS Out connector can be configured with the following options. See

"Assigning

Signals" on page 138

for detailed instructions.

Table 2-5: DCLS Output Options

Location

DCLS OUT BNC Connector

(rear Panel)

Available Signal Types

1PPS Output (default)

IRIG Output

HaveQuick Output

GPIO Output

Web UI Selection

PPS_OUT | DCLS_TTL

IRIG_OUT | DCLS_TTL

HQ_OUT | DCLS_TTL

GPIO_OUT | DCLS_TTL

2.18.2

DB15 Multi I/O

Note on the table below: Both RS485 connectors have optional termination on their inputs. To select this feature, choose the Web UI feature as listed below that also includes

With Termination in the listing.

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2

2.18  Configurable Connectors

Table 2-6: Multi I/O Input and Output Options

Pin Location Available Signal Types

DCLS OUT

DCLS IN

RS232 IN

Pin 6 (signal)

Pin 7 (ground)

Pin 1 (signal)

Pin 2 (ground)

1PPS Output

IRIG Output (Default)

HaveQuick Output

GPIO Output

1PPS Input

IRIG Input (Default)

HaveQuick Input

ASCII Time Code Input (Default)

RS232 OUT

RS485 (#1)

RS485 (#2)

Pin 15 (signal)

Pin 10 (ground)

Pin 5 (signal)

Pin 10 (ground)

Pin 3 (signal)

Pin 13 (signal)

Pin 8 (ground)

Pin 4 (signal)

Pin 14 (signal)

Pin 9 (ground)

IRIG AM Output Pin 11 (signal)

Pin 12 (ground)

Web UI Selection

PPS_OUT | DCLS_TTL

IRIG_OUT | DCLS_TTL

HQ_OUT | DCLS_TTL

GPIO_OUT | DCLS_TTL

PPS_IN | DCLS_TTL

IRIG_IN | DCLS_TTL

HQ_IN | DCLS_TTL

ATC_IN | RS232

ASCII Time Code Output (Default) ATC_OUT | RS232

1PPS Output

IRIG Output

HaveQuick Output (Default)

PPS_OUT | RS485

IRIG_OUT | RS485

ASCII Time Code Output

1PPS Input

IRIG Input

HaveQuick Input

ASCII Time Code Input

1PPS Output

IRIG Output

HaveQuick Output

ASCII Time Code Output

1PPS Input

IRIG Input

HaveQuick Input (Default)

HQ_OUT | RS485

ATC_OUT | RS485

PPS_IN | RS485

IRIG_IN | RS485

HQ_IN | RS485

ATC_IN | RS485

PPS_OUT | RS485

IRIG_OUT | RS485

HQ_OUT | RS485

ATC_OUT | RS485

PPS_IN | RS485

IRIG_IN | RS485

HQ_IN | RS485

ASCII Time Code Input ATC_IN | RS485

IRIG AM Output (Default, non-configurable)

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2 137

2.18  Configurable Connectors

138

Figure 2-9: Multi I/O 15-pin connector, in mating direction from front

Signal

11

12

13

14

7

8

9

10

15

5

6

3

4

1

2

Pin

DCLS IN

GND

(First signal) RS485 A, non-inverting

(Second signal) RS485 A, non-inverting

RS232 TX OUT

DCLS OUT

GND

GND

GND

GND

IRIG AM OUT

GND

(First signal) RS485 B, inverting

(Second signal) RS485 B, inverting

RS232 RX IN

2.18.3

Assigning Signals

Changing the signals on either the rear panel BNC DCLS connector, or on the Multi I/O 15pin connector requires access to the Web UI.

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2

2.18  Configurable Connectors

Configuring a new Input or Output

1.

In the SecureSync Web UI, navigate to MANAGEMENT > NETWORK: Pin Layout .

The Pin Layout screen will be displayed.

2.

View your current pin layout settings in the Layout panel. The pins are grouped together by their channels (see the

"Multi I/O 15-pin connector, in mating direction from front" on the previous page

). One pin in each channel will update the settings for the entire channel.

3.

To change a signal, you can Delete it, but you may also simply assign the new signal as described below, thus overwriting the existing Input or Output.

4.

Add a pin configuration by clicking the PLUS icon in the top-right corner. The Add

Pin popup window will display.

5.

Start with the Type Filter drop-down menu (second line in the window) and select a signal type.

6.

From the Signal drop-down menu, select a signal.

7.

From the Pins drop-down menu in line 3, select the pin set you wish to configure.

8.

Click Submit .

9.

In the Actions panel, click Apply Changes after all your configuration is done. This button will finalize your changes and force a server reboot (some timing sources may be affected by this change).

Restoring the Default I/O Configuration

SecureSync is shipped with a default I/O configuration that you can be customized.

However, if required you can restore the default configuration at any time after applying changes.

To restore the default I/O pin configuration:

A.

Navigate to the MANAGEMENT: NETWORK > Pin Layout screen.

B.

In the Actions panel on the left, click Restore Default Layout .

Reloading the Current I/O Configuration

To reload the currently used I/O configuration after adding pin layout changes, but before clicking Apply Changes :

A.

Navigate to the MANAGEMENT: NETWORK > Pin Layout screen.

B.

In the Actions panel on the left, click Reload Layout .

Saving your unique Pin Layout

Before you perform a clean upgrade or restore your unit's default settings, you can choose

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2 139

2.19  Configuring Input References to download your current pin layout settings.

(Note: The Save Layout option applies only to the pin configuration for the DCLS BNC connector and the 15-pin I/O connector. To save your entire configuration including these settings, see

"Backing-up and Restoring Configuration Files" on page 316

.)

1.

To save the current layout, navigate to the MANAGEMENT > NETWORK > Pin Layout screen.

2.

In the Actions panel, click the Save Layout button to download a file containing your current settings.

3.

Save this file in a location of your choosing and perform any necessary actions.

4.

To restore your former layout, click the Upload Layout button in the Pin Layout screen.

5.

Choose the name and location of the file saved when using the Save Layout function. Click the Upload button.

2.18.4

Network Ports

The Network Ports can be configured under MANAGEMENT > Network Setup . For more information, see

"Configure Network Settings" on page 58 .

2.19

Configuring Input References

Depending on the type of input reference, some of its settings may be user-editable. To access these settings for a given input reference, choose one of the two methods described below.

(To disable references or change the priority that your timing system will be guided by those references, visit

"Configuring Input Reference Priorities" on page 184 ).

Note: The illustrations shown below are examples. The windows displayed in your Web UI may look differently.

2.19.1

How to Configure an Input Reference

To access the user-editable settings of an Input Reference, choose one of these two methods:

Configuring the settings of an input reference, method 1:

140 CHAPTER 2 • SecureSync 2400 User Manual Rev. 2

2.19  Configuring Input References

1.

Under INTERFACES > REFERENCES , click the desired reference.

2.

The Status window for the specific reference you selected will be displayed. Click the Edit button in the bottom-left corner.

3.

The settings window for the chosen reference will be displayed. Edit the field(s) as desired.

Configuring the settings of an input reference, method 2:

1.

In the INTERFACES > REFERENCES drop-down menu, click REFERENCES (white on orange), or an input reference category (e.g., "GNSS reference").

2.

In the Status window, click the GEAR button next to the desired input reference.

3.

The settings window for the chosen reference will be displayed. Edit the field(s) as desired.

For more information, see

"Managing References" on page 183

.

The following configuration instructions apply to optional inputs on the basic unit model.

For specifics on inputs made available through option cards, see the section

"Option

Cards" on page 333 .

2.19.2

Configure a 1PPS Input

A 1PPS Input can be set up through the Multi-I/O connector (see

"Configurable Connectors" on page 136

).

To configure the settings of the PPS Input (also referred to as ‘Reference’), go to its Edit window..

The Web UI list entries for these cards are:

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2 141

2.19  Configuring Input References

1PPS In/Out

1PPS In/Out, Fiber

The connector number for the input is: J1

The Edit window allows the configuration of the following settings:

Edge : The operator can select either the rising or the falling edge as the input time reference (defines the on-time point of the signal).

Offset : It is possible to add an offset to the input signal (to account for cable delays), with a resolution of 5ns and a positive or negative value of 500 ms maximum.

2.19.3

Configure an ASCII Input

An ASCII Input is available by default configuration through the Multi-I/O connector (see

"Configurable Connectors" on page 136 ).

To configure the ASCII Input (also referred to as ‘Reference’), go to its Edit window.

142 CHAPTER 2 • SecureSync 2400 User Manual Rev. 2

2.19  Configuring Input References

The Input Edit window allows the configuration of the following settings:

Format Group : Determines the time code message format category (see also

"Time Code Data Formats" on page 519 .) Choices are:

Auto

Spectracom

NMEA

ICD-153

EndRun

Format : Once a Format Group has been selected, one or more Format fields may appear, allowing you to select one or more time code Formats . For detailed specifications and limitations on the supported time code formats, see

"Time Code Data

Formats" on page 519 .

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2 143

2.19  Configuring Input References

Note: If Auto is chosen as the format group, the format will automatically be Auto-detect. SecureSync will attempt to identify the format of the incoming ASCII message.

Offset : Provides the ability to account for ASCII input cable delays or other latencies in the ASCII input. The Offset value is entered and displayed in nanoseconds (ns).

The available Offset range is –500 to +500 ms.

Timescale : Used to select the time base for the incoming ASCII time code data. The entered Timescale is used by the system to convert the time in the incoming ASCII data stream to UTC time for use by the System Time. The available choices are:

UTC : Coordinated Universal Time ("temps universel coordonné"), also referred to as ZULU time

TAI : Temps Atomique International

GPS : The raw GPS time as transmitted by the GNSS satellites (as of 15-February-2021, this is 18 seconds ahead of UTC time)

A local clock set up through the Time Management Page: This option will appear under the name of the local clock you have set up. Refer to

"The Time

Management Screen" on page 166

for more information on how to configure and read the System Time. Local timescale allows a Local Clock to apply a time offset for Time Zone and DST correction.

The incoming input time information may be provided as local time, but System Time may be configured as UTC time, so internal computations need to be performed. With the Timescale field set to “Local”, select the name of a previously created Local Clock. The Time Zone and DST rules, as configured in the Local Clock will be applied to the front panel time display. See for more information on Local Clocks.

Note: The Timescale of the ASCII input (as configured in the ASCII time source) must be set correctly, especially if other input references are enabled. Failure to configure the Timescale of the ASCII input correctly could result in time jumps occurring in the System

Time when input reference changes occur. These time jumps could affect NTP and normal operation of the system.

PPS Source – choices are:

144 CHAPTER 2 • SecureSync 2400 User Manual Rev. 2

2.19  Configuring Input References

Message : The 1PPS on time point is extracted from the ASCII message received.

1PPS Pin : The origin of the 1PPS on-time-point is the 1PPS input connector.

Baud Rate : Determines the speed at which the input port will operate.

Data Bits : Defines the number of Data Bits for the input output.

Parity : Configures the parity checking of the input port.

Stop Bits : Defines the number of Stop Bits for the input port.

2.19.4

Configure a HaveQuick Input

A HaveQuick Input is available by default configuration through the Multi-I/O connector

(see

"Configurable Connectors" on page 136

).

To configure the settings of the HAVE QUICK Input (also referred to as ‘Reference’), go to its Edit window.

The Edit window allows the configuration of the following settings:

Format : Used to configure the formatting of the four available HAVE QUICK outputs. The available output formats are as follows:

STANAG 4246 HQ I

STANAG 4246 HQ II

STANAG 4430 STM

STANAG 4430 Ext HQ

ICD-GPS-060A BCD

ICD-GPS-060A HQ

DOD-STD-1399 BCD

Timescale : Used to select the time base for the incoming time code data. The entered Timescale is used by the system to convert the time in the incoming data stream to UTC time for use by the System Time. The available choices are:

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2 145

2.19  Configuring Input References

UTC: Coordinated Universal Time ("temps universel coordonné"), also referred to as ZULU time

TAI: Temps Atomique International

GPS: The raw GPS time as transmitted by the GNSS satellites (as of 15-February-2021, this is 18 seconds ahead of UTC time)

Offset: Provides the ability to account for HAVE QUICK cable delays or other latencies in the HAVE QUICK outputs. The Offset values are entered in nanoseconds (ns). The available Offset range is –500 to +500 ms.

2.19.5

Configuring an IRIG Input

An IRIG Input is available by default configuration through the Multi-I/O connector (see

"Configurable Connectors" on page 136 ).

Unless you have an IRIG option card, IRIG AM is not available as an input at this time.

To configure the IRIG Input (also referred to as ‘Reference’), navigate to its Edit window.

146

The Edit window allows the configuration of the following settings:

Format : Sets the formatting of the IRIG input signal, as defined by the IRIG generator time source. The available choices are:

IRIG A

IRIG B

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2

2.19  Configuring Input References

IRIG G

NASA-36

Modulation Type : Configures the type of input signal modulation. The choices are:

IRIG DCLS—A TTL (Phase) modulated signal.

Frequency : The IRIG modulation frequency. This is determined by the configuration of Format and Modulation Type. See

"IRIG Carrier Frequencies" on page 546

for details.

Coded Expression —Defines the data structure of the IRIG signal, where:

BCD = Binary Coded Decimal

TOY = Time of Year

CF = Control Field

SBS = Straight Binary Seconds

The available options will vary according to the configurations of Format and

Modulation Type.

Control Function Field : IRIG signals have an optional section in the data stream that can be used to include additional information (such as the present year, for example). This field allows the Control Field section of the IRIG output to be defined.

The available configurations are:

Fields conform to RCC 200-04 : IRIG spec 200-04 specified a location for year value, if included in this field.

Fields conform to IEEC 37.118-2005 (IEEE 1344): Control Field contains year, leap second and daylight savings time information.

Fields conform to Spectracom Format : Year is included in Control Field but not in the same location as RCC-2004 output (year is offset by one position).

Fields conform to Spectracom FAA Format : A unique IRIG output Control

Field that contains satellite lock status and time error flags.

Fields conform to NASA Formats : Variants of IRIG B

Fields confirm to Spectracom IEEE C37.118-2005 : Has been extended to support one-month leap second notification

The available options will vary according to the configurations of Format and Modulation Type.

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2 147

2.20  Configuring Outputs

Note: If the Format value is changed, the Control Field and Coded Expression change to the default values for the given Format value. The user can only change the Control Field field and Coded Expression field to allowed values for the Format field.

It is recommended that the SecureSync administrator/operator only use this if they do not know what the IRIG Input Format is, and they wish to identify the signal type, or to determine if a signal is present.

Local Clock : The incoming IRIG input time information may be provided as local time, but System Time may be configured as UTC time, so internal computations need to be performed. With the Timescale field set to “Local”, select the name of a previously created Local Clock. The Time Zone and DST rules, as configured in the

Local Clock will be applied to the front panel time display.

Offset : Provides the ability to account for IRIG cable delays or other latencies in the

IRIG input. The Offset value is entered and displayed in nanoseconds (ns). The available Offset range is -500 to +500 ms.

2.20

Configuring Outputs

Depending on the type of output interface, some of its settings may be user-editable. To access these settings for a given output, choose one of the two methods described below.

For information on disabling and enabling outputs, see

"Signature Control" on page 161

Note: The illustrations shown below are examples. The windows displayed in your Web UI may look differently.

2.20.1

How to Configure an Output

To access the user-editable settings of an Output, choose one of these two methods:

Configuring the settings of an output, method 1:

148 CHAPTER 2 • SecureSync 2400 User Manual Rev. 2

2.20  Configuring Outputs

1.

Under INTERFACES > OUTPUTS , click the desired output.

2.

The Status window for the specific reference you selected will be displayed. Click the Edit button in the bottom-left corner.

3.

The settings window for the chosen output will be displayed. Edit the field(s) as desired.

Configuring the settings of an output, method 2:

1.

In the INTERFACES > OUTPUTS drop-down menu, click OUTPUTS , or one of the output categories ( not indented to the right)

2.

In the Status window, click the GEAR button next to the desired output.

3.

The settings window for the chosen output will be displayed. Edit the field(s) as desired.

The following configuration instructions apply to optional outputs on the basic unit model.

For specifics on outputs made available through option cards, see the section

"Option

Cards" on page 333 .

2.20.2

Configuring a 1PPS Output

A 1PPS Output is available by default configuration through the BNC connector, and can also be output through the Multi- I/O connector (see

"Configurable Connectors" on page 136

).

To configure a 1PPS output:

1.

Navigate to INTERFACES: OUTPUTS , or to INTERFACES: OPTION CARDS (white on orange).

2.

In the panel on the right, click the GEAR button next to the 1PPS Output you want to edit.

3.

The 1PPS Output Edit window will display, allowing the following items to be configured:

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2 149

2.20  Configuring Outputs

150

Signature Control : Determines when the output is enabled. For more information, see

"Signature Control" on page 161

.

Offset [ns]: Allows to offset the system's 1PPS on-time point, e.g. to compensate for cable delays and other latencies [range = –500000000 to 500000000 ns =

±0.5 s]

Edge : Used to determine if the on-time point of the 1PPS output is the rising or the falling edge of the signal.

Rising

Falling

Pulse Width [ns]: Configures the Pulse Width of the 1PPS output.

[range = 20 to 900000000 ns = 0.0  μ s to 0.9 s]

[default = 200 ms]

4.

Click Submit.

2.20.3

Configuring the 10 MHz Output

A 10 MHz Output is available on the rear panel of the SecureSync 2400 Time and Frequency Synchronization System.

To configure the 10 MHz output:

1.

Navigate to INTERFACES > OUTPUTS , or to INTERFACES > OPTION CARDS

(white on orange).

2.

In the panel on the right, click the GEAR button next to the 10 MHz output that you want to edit.

3.

The 10 MHz edit window will display. Choose a value from the Signature Control field drop-down list to determine what SecureSync shall do with the output signal in the event its input reference is lost. For more information, see

"Signature Control" on page 161 .

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2

2.20  Configuring Outputs

4.

Click Submit.

2.20.4

Configure an ASCII Output

An ASCII Output is available by default and configuration through the Multi-I/O connector

(see

"Configurable Connectors" on page 136

).

To configure the ASCII Output , go to its Edit window.

The Output Edit window allows the configuration of the following settings:

Format Group – configures the message format type. Choices are:

None (no message will be output)

Spectracom

NMEA

BBC

ICD-153

EndRun

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2 151

2.20  Configuring Outputs

Once selected, the Format Group may offer a choice of Formats . For more information on supported Formats , see

"Time Code Data Formats" on page 519 .

Format 1 : Selects either the first of up to three, or the only format message to be output.

Format 2 : Selects the second consecutive format message to be outputted.

Select “None” if only one output format is desired. “None” will be the only choice available if Format 1 is “None.”

Format 3 : Selects the third consecutive format message to be outputted.

Select “None” if only one output format is desired. “None” will be the only choice available if Format 2 is “None.”

Signature Control : Signature Control controls when the selected ASCII data output format will be present; see

"Signature Control" on page 161

.

Output Mode : This field determines when the output data will be provided. The available Mode selections are as follows:

Broadcast : The format messages are automatically sent out on authorized condition (Signature control), every second a message is generated in sync with the 1PPS.

Request (On-time) : A format message is generated in sync with 1PPS after the configured request character has been received.

Request (Immediate) : A format message is generated as soon as the request character is received. As this selection does not correlate the output data to the on-time point for the message, in Data Formats that do not provide sub-second information (such as Formats 0 and 1 whereas Format 2 provides sub-second information), it should be noted that the output data can be provided immediately, but a time error could occur when using the on-time point of the message in addition to the data for timing applications.

Note: The choices available in this field are determined by the choices of Format Group and Format.

Time Scale : Used to select the time base for the incoming data. The entered Timescale is used by the system to convert the time in the incoming data stream to UTC time for use by the System Time. The available choices are:

UTC : Coordinated Universal Time ("temps universel coordonné"), also referred to as ZULU time

TAI : Temps Atomique International

152 CHAPTER 2 • SecureSync 2400 User Manual Rev. 2

2.20  Configuring Outputs

GPS : The raw GPS time as transmitted by the GNSS satellites (as of 15-February-2021, this is currently 18 seconds ahead of UTC time).

If GPS or TAI time is used, then the proper timescale offsets must be set on the

MANAGEMENT/OTHER/Time Management page. (See

"The Time Management

Screen" on page 166

for more information on how to configure and read the System Time). Local timescale allows a Local Clock to apply a time offset for Time Zone and DST correction.

A Local Clock can be set up through the Time Management page: This option will appear under the name of the local clock you have set up. See for more information. Local timescale allows a Local Clock to apply a time offset for Time Zone and DST correction.

The incoming input time information may be provided as local time, but System Time may be configured as UTC time, so internal computations need to be performed. With the Timescale field set to “Local”, select the name of a previously created Local Clock. The Time Zone and DST rules, as configured in the Local Clock will be applied to the front panel time display. See for more information on Local Clocks.

Baud Rate : Determines the speed at which the output port will operate.

Data Bits : Defines the number of Data Bits for the output port.

Parity : Configures the parity checking of the output port.

Stop Bits : Defines the number of Stop Bits for the output.

To view the current settings of the ASCII Input (also referred to as ‘Reference’), go to its

Status window. For instructions, see:

"Viewing Input/Output Configuration Settings" on page 334 .

2.20.5

Configuring a GPIO Output

A GPIO Output is available through the BNC and/or Multi-I/O connector on the rear panel

(see

"Configurable Connectors" on page 136

).

Note: The fields viewable will depend on the selection for the Output Mode.

Output Mode :

Direct Output Value: Output will be low or high, determined by the Output

Value section below.

Square Wave: Output will generate a programmable square wave determined by the configuration.

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2 153

2.20  Configuring Outputs

Output Enabled : Check this box to enable or disable the output. If Enabled, additional configurable parameters will be displayed.

Output Value : Determines the output level (Low or High).

Signature Control : Controls when the output will be present.  See also:

"Signature

Control" on page 161 .

Edge : Used to determine if the on-time point of the output is the Rising or Falling edge of the signal.

Offset : Accounts for cable delays and other latencies [nanoseconds].

Period : Sets the period of the square wave (in ns or µs scale).

The wave’s frequency will display at the top of the window once you have configured the output. The frequency is calculated based on the Period and

Period Correction settings.

Period Correction : Period correction allows for the generation of more precise frequencies at the expense of additional period jitter. Over a length of time, the true square wave period comes to:

Period + [(numerator/denominator) * 5 ns]

Pulse Width : Pulse width of the output [nanoseconds].

On-Time Point Pulse Width : The on-time point pulse width is the pulse width of the first square wave pulse aligned to the 1PPS On-Time Point.  This is only active when the alignment count is non-zero [nanoseconds].

Alignment Count(s) : The alignment counter determines how often (in seconds) the square wave will be aligned back to the 1PPS.  Setting zero will disable PPS alignment beyond the initial alignment.

Time Alignment : (Enabled/Disabled) The time alignment enable changes the function of the alignment counter to align the square wave whenever the current time’s seconds value is a multiple of the alignment count. For example: If time alignment is enabled and alignment count is set to 15 seconds, the square wave will be aligned to the 1PPS when the seconds value on the time display equals 00, 15, 30, 45.

Re-Initialize : Re-initializes square wave generation and aligns to 1PPS.

2.20.6

Configuring a HaveQuick Output

A HaveQuick Output is available by default configuration through the Multi-I/O connector and can be optionally configured through the BNC connector on the rear panel (see

"Configurable Connectors" on page 136 ).

To configure the settings of a HAVE QUICK Output , go to its Edit window.

154 CHAPTER 2 • SecureSync 2400 User Manual Rev. 2

2.20  Configuring Outputs

The Edit window allows the configuration of the following settings:

Signature Control : Signature Control is used to control when the HAVE QUICK modulation is present, see

"Signature Control" on page 161

.

Format : Used to configure the formatting of the four available HAVE QUICK outputs. The available output formats are as follows:

STANAG 4246 HQ I

STANAG 4246 HQ II

STANAG 4372 HQ IIA

STANAG 4430 Ext HQ (Extended HAVE QUICK)

STANAG 4430 STM (Standard Time Message)

ICD-GPS-060A BCD

ICD-GPS-060A HQ

DOD-STD-1399 BCD

Timescale : Used to select the time base for the incoming time code data. The entered Timescale is used by the system to convert the time in the incoming data stream to UTC time for use by the System Time. The available choices are:

UTC : Coordinated Universal Time ("temps universel coordonné"), also referred to as ZULU time

TAI : Temps Atomique International

GPS : The raw GPS time as transmitted by the GNSS satellites (as of 15-February-2021, this is 18 seconds ahead of UTC time).

A local clock set up through the Time Management Page: This option will appear under the name of the local clock you have set up. Refer to

"The Time

Management Screen" on page 166

for more information on how to configure

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2 155

2.20  Configuring Outputs and read the System Time. Local timescale allows a Local Clock to apply a time offset for Time Zone and DST correction.

The incoming input time information may be provided as local time, but System

Time may be configured as UTC time, so internal computations need to be performed. With the Timescale field set to “Local”, select the name of a previously created Local Clock. The Time Zone and DST rules, as configured in the Local Clock will be applied to the front panel time display. Refer to for more information on Local

Clocks.

Offset : Provides the ability to account for HAVE QUICK cable delays or other latencies in the HAVE QUICK outputs. The Offset values are entered in nanoseconds

(ns). The available Offset range is –500 to +500 ms.

2.20.7

Configuring an IRIG Output

IRIG DCLS Output is available through the Multi I/O connector in the default settings

(pins 6 & 7), and can also be configured on the DCLS OUT BNC connector on the front panel, as well as through the mutli I/O connector on either of the two RS485 channels

(pins 3, 13, and 8, and pins 4, 14, and 9). See

"Configurable Connectors" on page 136

for more information. None of these listed channels allow IRIG AM outputs.

IRIG AM Output is available in the default configuration through the IRIG AM Output channel (pins 11 & 12) o(n the Multi I/O connector Additional outputs of IRIG AM would require an option card..

In the default configuration:

IRIG Output 0 represents IRIG DCLS output (pins 6 & 7). This channel can only be

DCLS.

IRIG Output 1 represents the IRIG AM output (pins 11 & 12). This setting can only be configured to AM.

The numbering of outputs and inputs can change during pin layout changes (and when option cards are added).

Possible settings will be limited by the interface you are configuring.

To configure the settings of one of the two IRIG Outputs , go to its Edit window. For instructions, see:

"Configuring Option Card Inputs/Outputs" on page 336 .

Note: The choices available will change based on the type of IRIG you have chosen to configure.

156 CHAPTER 2 • SecureSync 2400 User Manual Rev. 2

2.20  Configuring Outputs

The Edit window allows the configuration of the following settings:

Signature Control : Is used to control when the IRIG modulation will be present.

This function allows the modulation to stop under certain conditions; see also

"Signature Control" on page 161

.

Format : Used to configure the desired IRIG output formatting. The available choices are:

IRIG A

IRIG B

IRIG G

IRIG E

NASA-36

Modulation : Changes the type of output signal modulation. The available choices are:

IRIG DCLS—A TTL-modulated output.

IRIG AM-–An amplitude modulated output. The amplitude of the output is determined by the value entered in the Amplitude field.

Frequency—The IRIG modulation frequency. This is determined by the configuration of Format and Modulation Type. See also

"IRIG Carrier Frequencies" on page 546

.

Coded Expression : Defines the data structure of the IRIG signal, where:

BCD = Binary Coded Decimal

TOY = Time of Year

CF = Control Field

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2 157

2.20  Configuring Outputs

SBS = Straight Binary Seconds

The available options will vary according to the values of Format and Modulation Type.

Control Function Field : IRIG signals have an optional section in the data stream that can be used to include additional information (such as the present year, for example). This field allows the Control Field section of the IRIG output to be defined.

The available configurations are:

Fields conform to RCC 200-04 : IRIG spec 200-04 specified a location for year value, if included in this field.

Fields conform to IEEC 37.118-2005 (IEEE 1344): Control Field contains year, leap second and daylight savings time information.

Fields conform to Spectracom Format : Year is included in Control Field but not in the same location as RCC-2004 output (year is offset by one position).

Fields conform to Spectracom FAA Format : A unique IRIG output Control

Field that contains satellite lock status and time error flags.

Fields conform to NASA Formats : Variants of IRIG B

Fields confirm to Spectracom IEEE C37.118-2005 : Has been extended to support one-month leap second notification

The available options will vary according to the configurations of Format and Modulation Type.

Timescale : Used to select the time base for the incoming time code data. The entered Timescale is used by the system to convert the time in the incoming data stream to UTC time for use by the System Time. The available choices are:

UTC —Coordinated Universal Time ("temps universel coordonné"), also referred to as ZULU time

TAI —Temps Atomique International

GPS —The raw GPS time as transmitted by the GNSS satellites (as of 15-

February-2021, this is 18 seconds ahead of UTC time).

A local clock set up through the Time Management Page—This option will appear under the name of the local clock you have set up. See

"Local Clock

(s), DST" on page 179

for more information. Local timescale allows a Local

Clock to apply a time offset for Time Zone and DST correction.

Amplitude : The peak-to-peak output voltage level into a 600 Ω load is adjusted by entering a digital control value in this field. The level adjustment has no effect on

TTL outputs, only on AM formats. The value of 128 will cause the Mark amplitude to be about 5V p-p of about 9V p-p into high impedance. A value of 200 results in an output amplitude into high impedance.

158 CHAPTER 2 • SecureSync 2400 User Manual Rev. 2

2.20  Configuring Outputs

Note: These are nominal values only. Actual values will vary from unit to unit. To adjust the level precisely, connect an oscilloscope to the output connector when adjusting.

Offset : Provides the ability to account for IRIG cable delays or other latencies in the

IRIG input. The Offset value is entered and displayed in nanoseconds (ns). The available Offset range is -500 to +500 ms.

For IRIG frequency and output specifications, see

"IRIG Standards and Specifications" on page 546 .

2.20.8

The Outputs Screen

SecureSync outputs deliver a time or frequency signal to a device that consumes this signal.

To access the Outputs screen in the Web UI:

1.

Navigate to INTERFACES and click on OUTPUTS (white on orange).

2.

The Outputs screen will display.

While System Status and logged Events are displayed on the left, the Outputs panel on the right lists all the outputs detected.

If you have only one output of any type, SecureSync will number that output

0. Additional outputs will be numbered 1 or above.

If you click the INFO button next to an output, a Status window will open.

If you click the GEAR button next to an output, the Configuration window will open.

2.20.9

The 1PPS and 10 MHz Outputs

The SecureSync includes one 1PPS output and one 10 MHz output. To configure these outputs, navigate to:

INTERFACES > OUTPUTS and select the 1PPS Output or 10 MHz Output you would like to see, or configure.

SecureSync’s 1PPS output is generated from the oscillator’s 10 MHz output and is aligned to the on-time point. The on-time point of the 1PPS output can be configured to be either the rising or falling edge of the 1PPS signal (by default, the rising edge is the on-time point).

There is a fixed phase relationship between the 1PPS and the 10 MHz outputs, as described below:

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2 159

2.21  The Option Cards Screen

SecureSync equipped with TCXO/OCXO/Low-Phase-Noise Rubidium oscillator : With oscillator disciplining active (one or more 1PPS references available and valid) and after the on-time point has been initially slewed into alignment with the selected reference, there will always be exactly 10 million counts of the oscillator between each 1PPS output, even while in the Holdover mode (= input references are currently unavailable) and even after input references have become available again.

SecureSync equipped with Rubidium (Rb) oscillator : With oscillator disciplining active (one or more 1PPS references available and valid), after the on-time point has been slewed into alignment with the selected reference, with the exception of 1PPS input reference changes occurring, there will always be exactly 10 million oscillator counts between each PPS output pulse.

With the Rubidium oscillator installed, when a 1PPS input reference change occurs

(such as switching from IRIG input to GNSS input, or switching from a reference being valid to no reference being present or valid—known as the Holdover mode), the oscillator counts between two 1PPS outputs may momentarily not be exactly

10 million counts. Once the reference transition has occurred, however, the counts between each PPS output pulse will return to exactly 10 million counts.

Like other types of SecureSync's signal outputs, a 1PPS output can be configured in several ways:

Signature Control allows you to determine under which conditions an output signal shall be present, i.e. what SecureSync will do about a given output when an external reference is lost. See also

"Signature Control" on the facing page .

The on-time point of the 1PPS signal: rising or falling edge

The pulse width

An offset can be entered to account for cable delays or other latencies.

2.21

The Option Cards Screen

160

This menu lists all the interfaces on the unit, including the option cards installed on your

SecureSync.

The rear panel connectors included with a standard SecureSync are all listed in this menu under "Main" and "Option Card 0".

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2

2.22  Signature Control

To navigate to the Option Card Menu in the Web UI, navigate to INTERFACES > and click on the white-on-orange menu header, OPTION CARDS.

In the Interfaces Panel, all of the factory interfaces are listed under Option Card 0, and each installed option card is shown with every available interface.

To edit the settings on an interface, click on the GEAR icon.

See

"Option Cards" on page 333

for more information on option card settings, and individual option card functionality.

2.22

Signature Control

Signature Control is a user-set parameter that controls under which output states an output will be present. This feature allows you to determine how closely you want to link an output to the status of the active input reference e.g., by deactivating it after holdover expiration. It is also offers the capability to indirectly send an input-reference-lost-alarm to a downstream recipient via the presence of the signal.

E X A M P L E S :

You can setup Signature Control such that SecureSync's built in 1PPS output becomes disabled the moment its input reference is lost (e.g., if a valid GNSS signal is lost).

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2 161

2.22  Signature Control

Or, you can setup your output signal such that remains valid while SecureSync in holdover mode, but not in free run.

II.

III.

IV.

The available options are:

I.

Output Always Enabled —The output is present, even if SecureSync is not synchronized to its references (SecureSync is free running).

II.

Output Enabled in Holdover —The output is present unless SecureSync is not synchronized to its references (SecureSync is in Holdover mode).

III.

Output Disabled in Holdover —The 1PPS output is present unless the SecureSync references are considered not qualified and invalid (the output is NOT present while

SecureSync is in Holdover mode.)

IV.

Output Always Disabled —The output is never present, even if SecureSync references are present and valid.

Table 2-7: Signature control output-presence states

Ref.

Out-of-sync, no holdover

In holdover

In-sync with external reference

I.

Configuring Signature Control for an Output

To review or configure the Signature Control setting for any output:

162 CHAPTER 2 • SecureSync 2400 User Manual Rev. 2

2.22  Signature Control

1.

Navigate to INTERFACES > OUTPUTS and click the output you want to configure.

2.

In the Outputs panel, click the GEAR button for the desired output. Ehe Edit window will open with the current Signature Control setting, and a drop-down list to change it.

Changing Signature Control via the Front Panel

The SecureSync front panel allows you to change the signature control between two states: Output Always Enabled and Output Always Disabled. For more options and control over the Signature Control setting, you must use the Web UI (see above).

On the unit front panel:

1.

Press the Outputs button.

2.

Select the output you wish to configure.

3.

Use the arrow keys to select ON (enabled) or OFF (disabled). Press the enter key.

4.

In the confirmation menu on the right hand side of the screen, press the enter key again.

CHAPTER 2 • SecureSync 2400 User Manual Rev. 2 163

2.22  Signature Control

BLANK PAGE.

164 CHAPTER 2 • SecureSync 2400 User Manual Rev. 2

Managing Time

In this document, the notion of Managing Time refers not only to the concept of SecureSync's System Time, but also to reference configuration, as well as distribution of time and frequency.

The following topics are included in this Chapter:

3.1 The Time Management Screen

3.2 System Time

3.3 Managing References

3.4 Holdover Mode

3.5 Managing the Oscillator

166

167

183

224

228

CHAPTER 3 • SecureSync 2400 User Manual 165

3.1  The Time Management Screen

3.1

The Time Management Screen

The Time Management screen is the point of entry for all System Time -related settings that are user-configurable.

To access the Time Management screen:

1.

Navigate to MANAGEMENT > OTHER: Time Management .

2.

The Time Management screen opens. It is divided into 4 panels:

166

System Time panel

The System Time panel displays the time scale and the year, and allows access to the Edit

System Time window via the GEAR icon in the top-right corner. This window is used to select the time scale, and to manually set a user- time, if so required.

See

"System Time" on page 168 .

Offsets panel

The Timescales UTC , TAI , and the GPS -supplied time are offset by several seconds, e.g. to accommodate leap seconds. The GPS offset may change over time, and can be managed via the GEAR icon in the top-right corner of this panel.

Leap Second Info panel

From time to time, a leap second is applied to UTC, in order to adjust UTC to the actual position of the sun. Via the Leap Second Info panel, leap second corrections can be applied to

CHAPTER 3 • SecureSync 2400 User Manual Rev. 2

3.2  System Time

SecureSync’s time keeping. It is also possible to enter the exact day and time when the leap second is to be applied, and to delete a leap second.

See also:

"Leap Seconds" on page 176

Local Clocks panel

You can create multiple different Local Clocks, as needed. The names of all Local Clocks that have already been created are displayed in the Local Clocks panel.

See also

"Local Clock(s), DST" on page 179 .

3.2

System Time

The time that SecureSync maintains is referred to as the System Time . The System Time is used to supply time to all of the available time-of-day outputs (such as NTP time stamps, time stamps in the log entries, ASCII data outputs, etc.).

By default, the System Time is synchronized to SecureSync’s input references (such as

GNSS, IRIG, ASCII data, NTP, PTP, etc.).

If a UTC-based time is not required, however, it is also possible to manually set the System

Time to a desired time/date, or to use the unit's battery backed time (Real Time Clock) as

System Time (with an external 1PPS reference).

The flow chart below illustrates how SecureSync obtains the highest available and valid reference, depending on whether an external source is chosen as reference, or an internal

( User[x] , or Local System ).

CHAPTER 3 • SecureSync 2400 User Manual Rev. 2 167

3.2  System Time

Figure 3-1: How the System Time is derived

Note: User hand-set times can only be set in UTC (not Local time).

3.2.1

System Time

Several System Time parameters can be customized:

The System Timescale can be changed.

A user-defined time can be setup for e.g., for simulation purposes, or if no external reference is available.

The battery-backed RTC time can be used as System Time, until an external reference become available.

3.2.1.1

Configuring the System Time

To configure the System Time:

1.

Navigate to MANAGEMENT > OTHER: Time Management .

168

2.

In the System Time panel located in the top-left corner of the Time Management screen, click the GEAR icon.

3.

The Edit System Time pop-up window will display.

In the System Timescale field select a timescale from the drop-down list.

The options are:

CHAPTER 3 • SecureSync 2400 User Manual Rev. 2

3.2  System Time

UTC : Coordinated Universal Time (Temps Universel Coordonné); your local time zone determines the difference between UTC and local time.

Note that UTC is not a time zone, but a time standard, i.e. it is not used anywhere in the world as the official local time, whereas GMT (Greenwich Mean Time) is a time zone that is used in several European and

African countries as the official local time.

TAI : International Atomic Time (Temps Atomique International).

The TAI time scale is based on the SI second and is not adjusted for leap seconds. As of 15- February- 2021, TAI is ahead of UTC by 37 seconds. TAI is always ahead of GPS by 19 seconds.

GPS : The Global Positioning System time is the timescale maintained by the GPS satellites.

Global Positioning System time is the time scale maintained by the GPS satellites. The time signal is provided by atomic clocks in the GPS ground control stations. The UTC–GPS offset as of 15-February-2021 is 18 seconds.

For more information on Timescales, see

"Timescales" below .

4.

If you want to override the system time with a manually set User Time , check the

Manual Time Set checkbox. For information, see

"Manually Setting the Time" on page 171 .

5.

Click Submit to update the System Time and close the window.

3.2.1.2

Timescales

The System Time can be configured to operate in one of several timescales , such as UTC,

GPS and TAI (Temps Atomique International) . These timescales are based on international time standards, and are offset from each other by varying numbers of seconds.

When configuring SecureSync, in most cases, UTC will be the desired timescale to select.

Note: UTC timescale is also referred to as “ZULU” time. GPS timescale is the raw GPS time as transmitted by the GNSS satellites (in 2018 the GPS time is currently 18 seconds ahead of UTC time. UTC timescale observes leap seconds while GPS timescale does not).

CHAPTER 3 • SecureSync 2400 User Manual Rev. 2 169

3.2  System Time

Note: The TAI timescale also does not observe leap seconds. The TAI timescale is fixed to always be 19 seconds ahead of GPS time. As of 15-February-

2021 TAI time is 37 seconds ahead of UTC.

SecureSync's System timescale is configured via the MANAGEMENT > OTHER: Time

Management screen, see

"System Time" on page 168 .

Input timescales

Some of the inputs may not necessarily provide time to SecureSync in the same timescale selected in the System Time’s timescale field. These inputs have internal conversions that allow the timescale for the inputs to also be independently defined, so that they don’t have to be provided in the same timescale. For example, the System timescale can be configured as “UTC”, but the IRIG input data stream can provide SecureSync with “local” time, with no time jumps occurring when the reference is selected.

If an output reference is using the GPS or TAI timescale, and the System Time is set to

“UTC”, then the GPS Offset box in the Edit GPS Offset window must be populated with the proper timescale offset value in order for the time on the output reference to be correct. Some references (like GNSS) provide the timescale offset to the system. In the event that the input reference being used does not provide this information, it must be set in through the Offsets panel of the Time Management page.

Since the GPS and TAI offsets have a fixed relationship, only the GPS offset can be set. If only the TAI offset is known, subtract 19 from it to get the GPS offset.

Note: If the System Time is set to the UTC timescale, and all output references either use the UTC or “local” timescale, then it is not necessary to set the GPS and TAI timescale Offsets.

Caution: It is imperative to configure any input reference’s timescales appropriately. Otherwise, a System Time error may occur!

Output timescales

Some of the available SecureSync outputs (such as the ASCII data module’s outputs, etc.) won’t necessarily output in the same timescale selected in the System Time’s timescale field. These outputs have internal conversions that allow the timescale for the outputs to also be independently defined, so that they don’t have to be provided in the same timescale.

170 CHAPTER 3 • SecureSync 2400 User Manual Rev. 2

3.2  System Time

Other SecureSync outputs will be provided in the same timescale that is selected in the

System timescale field. The NTP output for network synchronization and the time stamps included in all log entries will be in the same timescale as the configured System timescale.

For example, if “GPS” is selected as the System timescale, the log entries and the time distributed to the network will all be in GPS time (time broadcasted directly from the GNSS constellation).

3.2.1.3

Manually Setting the Time

For some applications, it may not be necessary to synchronize SecureSync to a UTC-based reference. Or, a GPS reference is not available yet (e.g., because the antenna is not yet installed), but the system has to be setup and tested.

In such cases, the System Time can be hand-set, and then used as a User [x] -set System

Time. For more information on when to use this functionality, see

"The "User/User" Reference" on page 188 .

Note: If synchronization to UTC is NOT required, it is advisable to set a time in the past or future, so as to avoid users inadvertently considering the distributed time to be genuine.

Caution: Note that this mode of operation is intended for special use cases e.g., autonomous systems, where legally traceable time is not required:

This time will be inaccurate/not traceable, since it is not tied to any reference.

To hand-set the System Time, and configure this time to be a valid reference:

1.

Navigate to MANAGEMENT > OTHER: Time Management .

2.

In the System Time panel on the left, click the GEAR icon.

3.

Select Manual Time Set . Set your time & date, as needed:

System Time [DATE; TIME]: If you do not select Set Year Only , this box will show the current time in the format:

Year-Month-Day Hour:Minute:Second

. To set the time manually, click anywhere in the System Time field. A drop-down calendar with time-setting sliders will appear:

CHAPTER 3 • SecureSync 2400 User Manual Rev. 2 171

3.2  System Time

172

The time in the System Time field will default to the current date and time.

To set the time, use the sliders. The time will display between the calendar and the sliders, and also next to the chosen date in the field directly above the calendar. To close the calendar, click anywhere in the Edit System Time window.

NOTE: Except for testing purposes, you should not choose a date other than the current day.

Set Year Only : Some legacy time formats (e.g., IRIG) do not support years.

Checking this box will open a data entry field to manually set the year. Orolia recommends not to utilize this feature, unless the IRIG format you are using does not provide a YEAR field.

Synchronize to Battery Backed Time on Startup : See

"Using Battery

Backed Time on Startup" on the facing page

.

4.

Click Submit at the precise moment desired.

5.

Navigate to MANAGEMENT > OTHER: Reference Priority .

6.

In order for the User time to be a considered a valid reference, verify that the Reference Priority table includes an "Enabled" User [x] Time, and 1PPS reference (" User-

/User "). For more information, see

"Input Reference Priorities" on page 183

and

"The "User/User" Reference" on page 188

.

7.

Move (drag & drop) the User time to the top of table, and disable all other references.

8.

Let Holdover expire. (Set it to a very short duration, if desired: i.

Navigate to MANGAGEMENT > OTHER: Disciplining .

ii.

In the Status panel, click the GEAR icon.

CHAPTER 3 • SecureSync 2400 User Manual Rev. 2

3.2  System Time iii.

In the Oscillator Settings window, set the Holdover Timeout .)

9.

Check on the HOME  screen that User 0 is displayed, with a green STATUS. Note that the Disciplining State will remain yellow , once Holdover has expired, since the system time is not synchronized to a reference.

It is also possible to manually set the time via the front panel. Doing so is subject to the same difficulties as above and should be avoided if possible. Should it become necessary to manually set the time via the front panel:

1.

Press the TIMING menu button on the front panel.

2.

In the SETTINGS submenu, use the navigation keys to highlight the time. Set the desired time and press ENTER (the center confirmation button).

3.

Press ENTER again in the confirmation menu to the right to confirm your manual clock.

4.

Follow the intructions above to change your reference priority to retain your settings.

Note: Contrary to the User reference discussed above, the Local System reference can be used for Time, or 1PPS (but not both). For more information, see

"The "Local System" Reference" on page 187 .

3.2.1.4

Using Battery Backed Time on Startup

Upon system startup, by default SecureSync will not declare synchronization until one of the external references becomes available and valid.

This functionality can be overridden by enabling the Synchronize to Battery Backed

Time on Startup , thus allowing the battery backed time to be used as System Time upon system startup. The Battery Backed Time is also referred to as the time maintained by the integrated Real Time Clock ( RTC )

This will result in SecureSync providing a System Time before one of the external references becomes available and valid. This will happen automatically, i.e. without user intervention. As soon an external reference will become available, its time will take precedence over the battery backed time: The System Clock will adjust the System Time for any time difference.

Note: The Battery Backed Time is also referred to as the time maintained by the integrated Real-Time Clock (RTC).

CHAPTER 3 • SecureSync 2400 User Manual Rev. 2 173

3.2  System Time

Use Cases

Using the Battery Backed Time on Startup is typically used in these cases: a.

If the synchronization state is to be reached as quickly as possible, even if this means the time distributed initially will most likely be less accurate than an external time reference.

b.

A system is intended to operate autonomously (i.e. without any external references) and the hand-set time entered manually during commissioning of the system is sufficiently accurate the system needs to be able to completely recover from a temporary power loss, or similar, without human intervention.

c.

A system is used for simulation or testing purposes, and UTC traceability is not required.

The Accuracy of the Battery Backed Time …

… depends on the accuracy of the hand-set time if the time is set manually in an autonomous system. In a non- autonomous system (i.e, when using external reference (s))

SecureSync's System Clock will regularly update the battery-backed time.

Another factor impacting the accuracy of the battery- backed time is how long a

SecureSync unit is powered off: Any significant amount of time will cause the batterybacked RTC to drift, i.e. the battery-backed time will become increasingly inaccurate.

The battery used for the RTC is designed to last for the lifetime of the product.

Distributing battery-backed time over NTP

When distributing a hand-set, battery backed time via NTP, please set the time relatively close to UTC, so as to prevent NTP synchronization problems when transitioning from the hand-set time to a UTC-based external input reference. See also

"Input Reference Priorities" on page 183 .

To use the battery-backed time as the synchronized time at start-up:

1.

Navigate to MANAGEMENT > OTHER: Time Management .

2.

In the System Time panel click the GEAR icon.

174 CHAPTER 3 • SecureSync 2400 User Manual Rev. 2

3.2  System Time

3.

The Edit System Time window will display. Select the checkbox Synchronize to

Battery Backed Time on Startup :

4.

Click the Submit button.

3.2.2

Timescale Offset(s)

Timescale offsets account for fixed differences between timescales, in seconds. Timescale offsets may change because of leap seconds, see

"Leap Seconds" on the next page .

3.2.2.1

Configuring a Timescale Offset

To configure a timescale offset to the System Time:

1.

Navigate to MANAGEMENT > OTHER: Time Management .

2.

In the Offsets panel on the left, click the GEAR icon in the top-right corner.

3.

The Edit GPS Offset window will display. Enter the desired GPS Offset in seconds, and click Submit.

CHAPTER 3 • SecureSync 2400 User Manual Rev. 2 175

3.2  System Time

176

Note: Since the GPS Offset and the TAI Offset have a fixed relationship, only the GPS Offset can be set. If only the TAI offset is known, subtract 19 from it, in order to obtain the GPS offset.

Note that the data stream of GPS and several other external references includes information about a pending Leap Second, and as such automatically corrects for a Leap Second.

Nevertheless, it is advisable to perform some testing in advance to ensure all system components will adjust flawlessly. For more information, see

"Leap Seconds" below

.

3.2.3

Leap Seconds

3.2.3.1

Reasons for a Leap Second Correction

A Leap Second is an intercalary 1 one-second adjustment that keeps broadcast standards for time of day close to mean solar time. Leap Seconds are required to synchronize time standards with civil calendars, thus keeping UTC time in sync with the earth’s rotation.

Leap seconds can be introduced in UTC at the end of the months of December or June.

The INTERNATIONAL EARTH ROTATION AND REFERENCE SYSTEMS SERVICE

(IERS) publishes a bulletin every six months, either to announce a time step in UTC, or to confirm that there will be no time step at the next possible date. A Leap Second may be either added or removed, but in the past, the Leap Seconds have always been added because the earth’s rotation is slowing down.

Historically, Leap Seconds have been inserted about every 18 months. However, the

Earth's rotation rate is unpredictable in the long term, so it is not possible to predict the need for them more than six months in advance.

Note: Leap Seconds only apply to the UTC and Local timescales. Leap

Seconds do NOT affect the GPS and TAI timescales.  However, a Leap

Second event will change the GPS to UTC, and TAI to UTC time offsets. 

When a Leap Second occurs, SecureSync will automatically change these offsets by the proper amount, no matter which timescale is currently being used by the system.

As of 2018 the GPS to UTC Offset is 18 seconds. The last Leap Second occurred on

December 31, 2016.

SecureSync can be alerted of impending Leap Seconds by any of the following methods:

1 Intercalary: (of a day or a month) inserted in the calendar to harmonize it with the solar year, e.g., February 29 in leap years.

CHAPTER 3 • SecureSync 2400 User Manual Rev. 2

3.2  System Time

GNSS Receiver (if available as an input reference): The GNSS satellite system transmits information regarding a Leap Second adjustment at a specific Time and Date an arbitrary number of months in advance.

Input references other than GNSS : Some of the other available input references

(e.g., IRIG, ASCII, NTP) can also contain pending Leap Second notification in their data streams (see chapter below).

Manual user input : SecureSync can be manually configured with the date/time of the next pending Leap Second. On this date/time, the System Time will automatically correct for the Leap Second (unless the System Time’s timescale is configured as either GPS or TAI).

3.2.3.2

Leap Second Alert Notification

SecureSync will announce a pending Leap Second adjustment by the following methods:

ASCII Data Formats 2 and 7 (among other formats) from the ASCII Data option modules contain a Leap Second indicator. During the entire calendar month preceding a Leap Second adjustment, these Formats indicate that at the end of the current month a Leap Second Adjustment will be made by using the character ‘L’ rather than a ‘_ ‘ [space] in the data stream. Note that this does not indicate the direction of the adjustment as adding or removing seconds. These formats always assume that the Leap Second will be added, not removed.

NTP Packets contain two Leap Indicator Bits. In the 24 hours preceding a Leap

Second Adjustment, the Leap Indicator Bits (2 bits) which normally are 00b for sync are 01b (1) for Add a Leap Second and 10b (2) for Remove a Leap Second. The bit pattern 11b (3) indicates out of sync and in this condition NTP does NOT indicate

Leap Seconds. The Sync state indicates Leap Seconds by indicating sync can be

00b, 01b, or 10b.

PTP Packets provide leap indication with a 12-hour notification window.

Some IRIG formats provide leap second notification indicators.

Note: It is the responsibility of the client software utilizing either the Data

Formats or NTP time stamps to correct for a Leap Second occurrence.

SecureSync will make the correction at the right time. However, because computers and other systems may not utilize the time every second, the

Leap Second correction may be delayed until the next scheduled interval, unless the software properly handles the advance notice of a pending Leap

Second and applies the correction at the right time.

CHAPTER 3 • SecureSync 2400 User Manual Rev. 2 177

3.2  System Time

3.2.3.3

Leap Second Correction Sequence

The following is the time sequence pattern in seconds that SecureSync will output at UTC midnight on the scheduled day (Note: This is NOT local time midnight; the local time at which the adjustment is made will depend on which Time Zone you are located in).

A.

Sequence of seconds output when adding a second ("positive Leap Second"):

56, 57, 58, 59, 60 , 0, 1, 2, 3 …

B.

Sequence of seconds output when subtracting a second ("negative Leap

Second"):

56, 57, 58, 0 , 1, 2, 3, 4 …

3.2.3.4

Configuring a Leap Second

To manually correct the System Time for a leap second:

1.

Navigate to MANAGEMENT> OTHER: Time Management . The Time Management screen will be displayed. In the lower left-hand corner, the Leap Second

Information panel will show if a leap second if pending. This panel will be empty, unless: a.

A leap second is pending, and SecureSync has obtained this information automatically from the GPS data stream.

b.

A leap second had been configured previously by a user via the Edit Leap

Second window.

2.

To access the Edit Leap Second information window, click the GEAR icon in the

Leap Second Information panel.

3.

The Edit Leap Second window will display:

178 CHAPTER 3 • SecureSync 2400 User Manual Rev. 2

3.2  System Time

4.

In the Leap Second Offset field enter the desired GPS Offset.

5.

In the Date and Time field, enter the date that the desired leap second should occur.

6.

Click Submit .

To delete a leap second correction, click the Delete button.

Note: The Delete button in the Edit Leap Second window will only be visible if a leap second has been set beforehand.

3.2.4

Local Clock(s), DST

The Local Clock feature allows for maintaining one or several local times. These times will reflect a time offset, thereby accounting for Time Zone, and DST (Daylight Savings Time) correction.

3.2.4.1

Adding a Local Clock

To add a Local Clock:

1.

Navigate to MANAGEMENT > OTHER: Time Management .

2.

Click the PLUS icon in the Local Clocks panel in the Time Management screen.

3.

The Local Clock pop-up window will display.

CHAPTER 3 • SecureSync 2400 User Manual Rev. 2 179

3.2  System Time

4.

Enter a Name for your local clock.

The name must be between 1 and 64 characters long; spaces are allowed.

The name can be any meaningful name that helps you know your point of reference (for example: “NewYork”, “Paris” or “EasternHQ”, etc.).

This name will be used as cross-reference drop-down in the applicable Input or Output port configuration. Please note the following limitations apply to this option:

Note: Acceptable characters for the name include: A-Z, a-z, 0-

9, (-+_) and space.

5.

In the UTC Offset field, choose a UTC Offset from the drop-down list.

All of the UTC Offset drop-down selections are configured as UTC plus or minus a set number of hours.

Examples for the US: For Eastern , choose UTC–05:00; for Central , choose

UTC-06:00; for Mountain , choose UTC-07:00; and for Pacific , choose UTC-

08:00.

If you wish to use DST (Daylight Savings Time ["Summer Time"]) rules, click the Use DST Rules box. Otherwise the time for the local clock will always be standard time.

DST options will appear in the Local Clock window:

180 CHAPTER 3 • SecureSync 2400 User Manual Rev. 2

3.2  System Time

6.

Set DST Rules by Region : Check this box to apply regional DST rules. A regions drop-down menu with the following options will display:

EU (Europe): For locations complying with the European DST Rule. This rule differs from all other rules because the DST changes occur based on UTC time, not local time (all time zones in Europe change for DST at precisely the same time relative to UTC, rather than offset by local time zone).

US-Canada : For locations complying with the USA’s DST Rule (as it was changed to back in 2006, where the “DST into” date is the Second Sunday of

March and the “DST out” date is the first Sunday of November).

Australia .

Note: If a pre-configured rule DST rule happens to be changed in the future (like the change to the US DST rule in 2006), this option allows the DST rules to be edited without the need to perform a software upgrade for a new DST rule to be defined.

Select this drop-down and enter the DST parameters for the new rule.

7.

DST Start Date and DST End Date : This option is provided for locations that do not follow any of the pre-configured DST rules. Click anywhere in either field to open a calendar, allowing you to enter any custom day & time rule.

8.

Offset : In seconds. Use this field to manually define your local clock’s DST offset e.g., 3600 seconds for a one hour offset.

9.

DST Reference : When configuring a Local Clock that is synchronized to an input reference (e.g., IRIG input), SecureSync needs to know the timescale of the input time

(Local Timescale, or UTC Timescale), in order to provide proper internal conversion from one Timescale to another.

Select Local or UTC , depending on the Timescale of the Input reference this Local

Clock is being used with.

Additional Local Clocks may need to be created if multiple input Timescales are being submitted.

10.

Click Submit . Your local clock will appear in the Local Clocks panel.

3.2.4.2

DST Examples

The following two examples illustrate the configuration of Daylight Savings Time (DST) for a Local Clock:

CHAPTER 3 • SecureSync 2400 User Manual Rev. 2 181

3.2  System Time

E x a m p l e 1 :

To create a Local Clock to UTC+1 with no DST rule:

1.  Navigate to

Clock .

MANAGEMENT > Time Management: Local Clocks > (+): Local

2.  In the Local Clock Name field, assign a meaningful name to the new Local Clock.

3.  From the UTC Offset pull down menu, select “UTC +01:00”.

4.  Confirm that the Use DST Rules checkbox is not selected.

5.  Review the changes made and click the Submit button.

The unit will display the status of the change.

E x a m p l e 2 :

To create a Local Clock for a SecureSync installed in the Eastern Time Zone of the US, and desiring the Local Clock to automatically adjust for DST (using the post 2006 DST rules for the

US).

1. In the window:

MANAGEMENT > Time Management: Local Clocks > (+): Local Clock

2. Navigate to

Clock .

MANAGEMENT > Time Management: Local Clocks > (+): Local

3. From the UTC Offset pull-down menu, select “UTC -05:00”.

4. Select the Use DST Rules checkbox.

5. Select the Set DST Rules by Region checkbox.

6. From the DST Region drop-down list, select “US-Canada.”

7. Review the changes made and click the Submit button.

The unit will display the status of the change.

3.2.4.3

DST and UTC, GMT

Neither UTC, nor GMT ever change to Daylight Savings Time (DST). However, some of the countries that use GMT switch to a different time zone offset during their DST period. The

United Kingdom is not on GMT all year, but uses British Summer Time (BST), which is one hour ahead of GMT, during the summer months.

182 CHAPTER 3 • SecureSync 2400 User Manual Rev. 2

3.3  Managing References

Additional information about regional time zones and DST can be found on the following web sites:

http://www.worldtimeserver.com/

,

http://webexhibits.org/daylightsaving/b.html

.

3.3

Managing References

3.3.1

Input Reference Priorities

SecureSync can be synchronized to different time and frequency sources that are referred to as Input References , or just References .

References can be a GNSS receiver, or other sources delivered into your SecureSync unit via dedicated (mostly optional) inputs. It is also possible to enter a system time manually, which SecureSync then can synchronize to.

In order for SecureSync to declare synchronization, it needs both a valid 1PPS , and Time reference.

The concept of Reference Priority allows the ranking of multiple references for redundancy. This allows SecureSync to gracefully fall back upon a lower ranking 1PPS or Time reference without transitioning into Holdover, in case a reference becomes unavailable or invalid. The priority order you assign to your available references typically is a function of their accuracy and reliability.

Note: The References shown on your screen may look different from the illustration below, depending on your SecureSync 2400 Time and Frequency Synchronization System model and hardware configuration.

CHAPTER 3 • SecureSync 2400 User Manual Rev. 2 183

3.3  Managing References

Each available type of Time and 1PPS input reference is assigned a human-readable name or “title” that is used in the Reference Priority table, indicating the type of reference. The reference titles are listed in the following table:

Table 3-1: Reference priority titles

Title

ASCII Timecode

External 1PPS input

Frequency

GNSS

PTP

IRIG

Local System

NTP

User

HAVEQUICK

Reference

ASCII serial timecode input

External 1PPS input

External Frequency input

GNSS input

PTP input

IRIG timecode input

Built-in clock OR internal 1PPS generation

NTP input

Host (time is manually set by the user)

HAVEQUICK input

The number displayed indicates the number of feature inputs of that type presently installed in the SecureSync– starting with “0” representing the first feature input. For example:

IRIG 0 = 1 st

IRIG input instance

Frequency 1 = 2nd frequency input instance

NTP 2 = 3rd NTP input instance

The columns of the Reference Priority table are defined as follows:

Priority —Defines the order or priority for each index (row). The range is 1 to 16, with 1 being the highest priority and 16 being the lowest priority. The highest priority reference that is available and valid is the reference that is selected.

Time —The reference selected to provide the necessary “Time” reference.

1PPS —The reference selected to provide the necessary “1PPS” reference.

Enabled —The reference is enabled.

Delete —Removes the Index (row) from the Reference Priority table.

3.3.1.1

Configuring Input Reference Priorities

SecureSync can use numerous external time sources, referred to as "references". As external time sources may be subject to different degrees of accuracy and reliability, you

184 CHAPTER 3 • SecureSync 2400 User Manual Rev. 2

3.3  Managing References can determine in which order (= priority) SecureSync calls upon its external time and 1PPS references.

For additional information, see also

"Input Reference Priorities" on page 183 .

Accessing the Reference Priority Screen

To access the Reference Priority Setup screen:

1.

Navigate to MANAGEMENT > OTHER: Reference Priority .

OR:

1.

On the HOME screen, click the GEAR icon in the Reference Status panel:

2.

The Configure Reference Priorities screen will display.

The Reference Priority screen is divided into 3 areas: a.

The Actions panel, which provides a single action:

Restore Factory Defaults b.

The Configure Reference Priorities panel, which displays the priority of

SecureSync’s references in a table form.

In this panel you can:

Add and configure new references

Delete references

Enable/disable references

Note: It is also possible to disable and enable References via the front panel display. Navigate to Inputs Menu > Settings and select the reference you would like to enable or disable using the ENTER key. You will then be able to edit the STATE to either on or off. To confirm you choice, press the ENTER key Press ENTER again in the confirmation menu.

Reorder the priority of SecureSync’s references

CHAPTER 3 • SecureSync 2400 User Manual Rev. 2 185

3.3  Managing References c.

The Reference Status panel

The Reference Status panel provides a real time indicator of the status of the SecureSync’s references. It is the same as the Reference Status panel on the HOME screen of the Web UI.

Adding an Entry to the Reference Status Table

To add a new entry to the Reference Status table:

1.

Navigate to the Configure Reference Priorities screen via MANAGEMENT >

OTHER: Reference Priority .

2.

Click the PLUS icon in the top right-hand corner of the Configure Reference Priorities table.

3.

The Add Reference window will display:

186

4.

In the Add Reference window, enter:

Priority Level : Assign a priority to the new reference.

Time : Select the time reference.

PPS : Select the PPS reference.

Enabled : Check this box to enable the new reference.

5.

Click Apply or Submit . ( Submit will close the window.)

Deleting a Reference Entry

To delete an entry from the Reference Status table:

1.

Navigate to the Configure Reference Priorities screen via MANAGEMENT >

OTHER: Reference Priority .

2.

In the Configure Reference Priorities table click the Delete button on the righthand side of the entry you wish to delete.

3.

In the pop-up window that opens click OK to confirm.

CHAPTER 3 • SecureSync 2400 User Manual Rev. 2

3.3  Managing References

Reordering Reference Entries

To reorder the priority of a reference entry:

1.

Navigate to the Configure Reference Priorities screen via MANAGEMENT >

OTHER: Reference Priority .

2.

Click and hold on the item whose priority you wish to reorder.

3.

Drag the item up or down to the desired place.

4.

Click Submit.

Resetting Reference Priorities to Factory Defaults

To reset all references in the Reference Priority table to their factory default priorities:

1.

Navigate to the Configure Reference Priorities screen via MANAGEMENT >

OTHER: Reference Priority menu.

2.

In the Actions panel, click the Restore Factory Defaults button.

3.3.1.2

The "Local System" Reference

The Local System reference is a "Self" reference, i.e. SecureSync uses itself as an input reference for Time, or as a 1PPS reference. The Local System is a unique input reference

CHAPTER 3 • SecureSync 2400 User Manual Rev. 2 187

3.3  Managing References in that it can be used as either the Time reference, or the 1PPS reference, but never both .

Note: For SecureSync to operate as a Local System reference, you must have either a valid external Time reference, or a valid external 1PPS reference.

When the Time reference is configured as Local System , SecureSync's System

Time is considered a valid reference, as long as the external 1PPS input reference is valid.

Vice versa, when the 1PPS reference is configured as Local System , SecureSync's built-in oscillator is considered a valid reference, as long as the external Time reference is valid.

Use case "Local System Time"

The Local System reference when used for Time allows SecureSync to operate using its current Time-of-Day (ToD) for Time, while synchronized to an external 1PPS reference.

While you may intentionally offset the time in this scenario, the second will be precisely aligned to the external 1PPS reference. Therefore, this use case qualifies as a legitimate, traceable time source.

Instead of an offset time, Local System can also be used as a backup Time reference (e.g.,

Priority "2"): Should the external Time reference become invalid, the Local System Time will become the valid backup reference, disciplined by the external 1PPS reference:

SecureSync will transition to the Local System Time, without going into Holdover.

Use case "Local System 1PPS"

The Local System reference can also be used for 1PPS : This allows SecureSync to operate using an external ToD for time, while generating 1PPS from its own internal oscillator.

In this rare use case the 1PPS is NOT aligned to any standard, therefore the time may drift, and must be considered untraceable.

3.3.1.3

The "User/User" Reference

While it is normally not required, it is possible for you as the "User" to override the System

Time (even if it is synchronized to a valid reference) with a manually set time, steered by an undisciplined oscillator, and use this manually set Time as an output reference. This concept is referred to as the User/User reference, because both the Time, and the 1PPS reference are not linked to any UTC-based external reference, but hand-set by you.

188 CHAPTER 3 • SecureSync 2400 User Manual Rev. 2

3.3  Managing References

Caution: Since the User/User reference is not traceable to a valid reference, it does not qualify as a legitimate time source. Operating

SecureSync with a manually set User time bears the risk of inadvertently outputting an illegitimate System Time thought to be a valid reference time.

Use cases for the "User/User" reference

The User/User reference is provided for the following use cases: a.

No external references are available (yet), but you need a reference for testing or setup purposes. This may be the case e.g., while waiting for a GNSS antenna to be installed.

b.

No external references are required e.g., if SecureSync is used solely to synchronize computers on a network, with no need for traceable UTC-based timing.

c.

To utilize a backup reference as soon as possible after a power cycle or reboot of

SecureSync, while waiting for the primary reference (e.g., GNSS) to become valid.

To this end, in the Edit System Time window, the checkbox Synchronize to Battery Backed Time on Startup must be checked, AND the User/User reference is assigned a reference priority number other than "1". Note that a Time jump and/or

1PPS jump are likely to happen once the primary reference becomes valid.

Combining a User Time reference with a non-User 1PPS reference or vice versa is not a typical use case. Use the Local System reference instead, see

"The "Local System"

Reference" on page 187

.

Built-in safety barrier

In order to "validate" (=

green

status lights) the User/User reference, the hand-set time must be manually submitted every time after SecureSync reboots or resets, or after the

Holdover period has expired: In the Edit System Time window, the checkbox Manual

Time Set must be checked. The System Time displayed in the field below will become valid the moment the Submit button is clicked.

CHAPTER 3 • SecureSync 2400 User Manual Rev. 2 189

3.3  Managing References

190

See also below, " How long will the User/User reference be valid?

": The notion of limiting the validity of the User/User reference also serves as a safety feature.

How long will the User/User reference be valid?

Since the User/User reference does not qualify as a legitimate, traceable time, it becomes invalid once SecureSync is reset, or power-cycles, or after the Holdover Time expires

(whichever occurs first). It then needs to be set manually and submitted again ( Edit System Time > Manual Time Set ).

The only workaround for this is

"Using Battery Backed Time on Startup" on page 173

.

This will allow SecureSync to apply the User/User reference after a power-cycle without manual intervention.

How to setup the User/User Reference

See

"Manually Setting the Time" on page 171

.

Using the "User" Reference with Other References

If the User/User reference is used in conjunction with other, external references (such as

GNSS or IRIG), the System Time should be set as accurately as possible:

Otherwise, the large time correction that needs to be bridged when switching from a lost reference to a valid reference, or from a valid reference to a higher-priority reference that has become available again, will cause NTP to exit synchronization. If the difference is under 1 second, NTP will remain in sync and will "slew" (over a period of time) to the new reference time.

CHAPTER 3 • SecureSync 2400 User Manual Rev. 2

3.3  Managing References

3.3.1.4

Reference Priorities: EXAMPLES

Example 1 – GNSS as primary reference, IRIG as backup:

In this use case, the objective is to use:

GNSS as the primary Time, and 1PPS reference

IRIG as the backup Time, and 1PPS reference.

Step-by-step procedure:

1.

Move the reference which has “GPS 0” in the Time column and “GPS 0” in the

1PPS column to the top of the table, with a Priority value of 1. Click the Enabled checkbox.

2.

Move the reference which has “GPS 0” in the Time column and “GPS 0” in the

1PPS column to the top of the table, with a Priority value of 1. Click the Enabled checkbox.

3.

Move the reference which has “GPS 0” in the Time column and “GPS 0” in the

1PPS column to the top of the table, with a Priority value of 1. Click the Enabled checkbox.

Since both of these references are default references, no additional references need to be added to the Reference Priority table.

Example 2 – IRIG as primary reference, NTP input as backup

In this use case, the objective is to use:

IRIG as the primary reference input

Another NTP server as backup reference

Step-by-step procedure:

1.

Move the reference which has “IRIG 0” in both the Time column and “IRIG 0” in the

1PPS column to the top of the table, with a Priority value of 1. Click the Enabled checkbox.

2.

Move the reference which has “NTP” in the Time column and “NTP” in the 1PPS column to the second place in the table, with a Priority value of 2. Click the

Enabled checkbox.

3.

For all other references, uncheck the Enabled checkbox, so that they are all disabled.

Since both of these references are default references, no additional references need to be added to the Reference Priority table.

CHAPTER 3 • SecureSync 2400 User Manual Rev. 2 191

3.3  Managing References

Example 3 – NTP input as the only available input (“NTP Stratum 2 operation”)

In this use case, the objective is to have NTP provided by another NTP server as the only available reference input, i.e. the unit to be configured is operated as a Stratum 2 server.

For more information, see

"Configuring "NTP Stratum Synchronization"" on page 104

.

Step-by-step procedure:

1.

Move the reference which has “NTP” in the Time column and “NTP” in the 1PPS column to the top of the table, with a Priority value of 1. Click the Enabled checkbox.

2.

For all other references, uncheck the Enabled checkbox, so that they are all disabled.

3.

Configure the NTP Service as described under

"Configuring "NTP Stratum Synchronization"" on page 104

.

Note: When selecting NTP as an input reference, do not select another reference (such as GNSS, IRIG, etc.) to work with NTP as a reference. NTP should always be selected as both the Time and 1PPS input when it is desired to use NTP as an input reference.

Example 4 – Time set manually by the User. Other references may or may not be available

Note: In order for a manually set time to be considered valid and used to synchronize SecureSync, a “User” needs to be created and enabled in the

Reference Priority table.

"The "User/User" Reference" on page 188 .

In this use case, the objective is to use a hand-set time, in combination with SecureSync's oscillator as a 1PPS source as valid references.

Step-by-step procedure:

1.

If necessary (see NOTE above), create a “User.”

2.

Move the reference which has “User 0” in the Time column and “User 0” in the

1PPS column to the top of the table, with a Priority value of 1. Click the Enabled checkbox.

192 CHAPTER 3 • SecureSync 2400 User Manual Rev. 2

3.3  Managing References

3.

For all other references, uncheck the Enabled checkbox, so that they are all disabled.

If the objective is to use a manually set time as a

GNSS or IRIG): backup to other references (such as

1.

Move the "User/User" reference to a place in the table that has a priority lower than the references the "User/User" reference will be backing up. Make sure the

Enabled checkbox is selected.

2.

With “User/User” enabled, if no other higher priority references are enabled or available (or if the higher priority references have since been lost), you can now manually set the System time to the desired value ( MANAGEMENT > OTHER: Time Management > System Time > Manual Time Set ). See

"System Time" on page 168

for more information. SecureSync will go into synchronization using this set time once you click the Submit button.

Note: You will need to repeat this procedure each time SecureSync is power-cycled (with no other references available), unless you enabled the feature Synchronize to Battery Backed Time on Startup.

Example 5—Time at power-up ("Local System Time") to be considered

"Valid". GNSS input to serve as 1PPS reference

The objective of this use case is to allow SecureSync to use itself as a valid reference. This is referred to as “Local System” time.

In order for this to happen, SecureSync requires an external Time, or 1PPS reference. In other words, "Local System" cannot be both Time, and 1PPS. This makes "Local System" a legitimate, traceable reference.

Therefore the "Local System" does not have to be manually set ("validated") by the User after SecureSync was power cycled (as would be the case with a “User/User” reference).

Since “Local System” cannot be both Time , and 1PPS input together, in this example the

GNSS input will be set as the 1PPS reference (other use cases may require using different references, e.g. IRIG.)

As there is no default entry for “Local System” and “GPS”, a new entry needs to be added to the Reference Priorities table in order to use this combination of references.

Step-by-step procedure:

1.

Add a reference to the Reference Priority by clicking the PLUS icon. Use the following settings, then click Submit :

CHAPTER 3 • SecureSync 2400 User Manual Rev. 2 193

3.3  Managing References

In the Priority Level text box, enter 1 . This will give this reference the highest priority.

In the Time field, select “Local System”.

In the PPS field, select “GPS”.

Check the Enabled checkbox.

2.

Confirm that the first reference in the Reference Priority table has “Local System” as the Time input and "GNSS" as the 1PPS input.

3.

After a power cycle or reboot, as soon as GNSS is declared valid, the System Time will automatically be used as-is, with no manual intervention required.

3.3.2

Reference Qualification and Validation

3.3.2.1

Reference Monitoring: Phase

The quality of input references can be assessed by comparing their phase offsets against the current system reference, and against each other. This is called Reference Monitoring .

Reference Monitoring helps to understand and predict system behavior, and is an interference mitigation tool. It can also be used to manually re-organize reference priorities e.g., by assigning a lower reference priority to a noisy reference or a reference with a significant phase offset, or to automatically failover to a different reference if certain quality thresholds are no longer met.

SecureSync allows Reference Monitoring by comparing the phase data of references against the System Ontime Point. The phase values shown are the filtered phase differences between each input reference 1PPS, and the internal disciplined 1PPS.

The data is plotted in a graph in real-time. The plot also allows you to display historic data, zoom in on any data range or on a specific reference. A data set can be exported, or deleted.

To monitor the quality of references, navigate to TOOLS > SYSTEM: Reference Monitor . The Reference Monitor screen will display:

194 CHAPTER 3 • SecureSync 2400 User Manual Rev. 2

3.3  Managing References

On the left side of the screen, Status information is displayed for the System and the

References. Note that the Reference Status panel also displays the latest PHASE

OFFSET reading (1) for active references against the System Ontime Point. The reading is updated every 30 seconds.

This Reference Phase Offset Data is plotted over time (abscissa) in the Reference Monitor panel in the center of the screen. Use the check boxes in the References panel (2) to select the reference(s) for which you want to plot the phase offset data. Use the handles

(3) to zoom in on a time window.

The scale of the axis of ordinate (4) is determined by the largest amplitude of any of the references displayed in the current time window. Use the checkboxes in the References panel on the right to remove references from the graph, or add them to it.

3.3.2.2

BroadShield

What is BroadShield?

BroadShield is an optional software module for SecureSync that is capable of detecting the presence of GPS jamming or spoofing in real time.

How BroadShield Works

BroadShield monitors the GPS signal frequency band by applying proprietary error detection algorithms. If a threshold signal monitoring value level is exceeded, SecureSync will emit a Major Alarm and – depending on your system configuration – invalidate the GPS reference causing SecureSync to either transition into Holdover mode (see

"Holdover Mode" on page 224

), or go out of sync.

CHAPTER 3 • SecureSync 2400 User Manual Rev. 2 195

3.3  Managing References

Even if you decide to turn off SecureSync's Auto Sync Control feature, which allows

BroadShield to disable the GNSS reference, BroadShield will still add value to your overall system capability by telling you (a) if your GNSS receiver is being spoofed, and (b) in the event of a signal loss due to jamming, why the signal is lost.

Also, if a normally strong GNSS signal becomes weakened, BroadShield's algorithms are capable of discerning a jamming event from natural events causing the signal to weaken.

Note: For an effective jamming detection, and – to some extent – spoofing detection, a good antenna placement with optimal sky view resulting in a high signal-to-noise ratio is essential. A strong signal is required to discern between normal signal fluctuations and a non-natural divergence of signal strength.

BroadShield Requirements

In order for BroadShield to work on your SecureSync system, the following requirements must be met:

1.

The optional BroadShield software license needs to be enabled by applying the

OPT-BSH BroadShield license key. For more information, contact your local Spectracom Sales Office. To determine if BroadShield has been activated on your

SecureSync unit, navigate to TOOLS: SYSTEM > Upgrade/Backup . The center panel System Configuration will list the Options installed in your unit.

Activating the BroadShield License

If you have purchased the BroadShield license key and now want to activate it, please follow the instructions under

"Applying a License File" on page 315 .

To confirm that BroadShield has been activated on your SecureSync unit, navigate to

TOOLS: SYSTEM > Upgrade/Backup . The center panel System Configuration will list the Options installed in your unit.

Enabling/Disabling the BroadShield Service

The Broadshield service can be run in two operating modes:

BroadShield only : In the event jamming or spoofing is detected, SecureSync will emit a Major Alarm, however it will continue to consider the GNSS reference as valid, i.e. it will NOT go out of sync.

Auto Sync Control : In the event jamming or spoofing is detected, SecureSync will emit a Major Alarm AND it will go into Holdover mode.

To configure these settings:

1.

Navigate to MANAGEMENT > Broadshield .

2.

In the BroadShield Service panel on the left, configure the desired setting:

196 CHAPTER 3 • SecureSync 2400 User Manual Rev. 2

3.3  Managing References

Note: Turning BroadShield OFF and Auto Sync Control ON is an invalid setting and will cause a " Failed to connect to the unit...

" error.

3.

In the BroadShield Web UI on the right, navigate to SETTINGS > ALGORITHMS , and ensure that Jamming and/or Spoofing detection are enabled.

Configuring BroadShield

To configure BroadShield:

1.

Navigate to MANAGEMENT > Broadshield . (If you cannot see the

Broadshield  screen, this license is not present.) The embedded Broadshield Web UI will open.

2.

Click SETTINGS to open the following sub-menus:

BROADSIGHT

BroadSight is a service that allows collection of data from multiple BroadShield units and provides a dashboard view of the data.

Note: BroadSight for SecureSync is currently not supported.

CHAPTER 3 • SecureSync 2400 User Manual Rev. 2 197

3.3  Managing References

HOME BASE

198

By setting the HOME BASE position you allow BroadShield to use this location as a reference position for spoofing detection: Should BroadShield detect that the geographic position reported by SecureSync's GPS receiver seems to move beyond the set Alarm

Threshold (even though SecureSync does not move), an alarm will be triggered.

The standard use case is to make your GNSS 1 Position your HOME BASE:

1.

Should the position fields be populated (other than the Alarm Threshold ), click

CLEAR LOCATION (this will prevent BroadShield from issuing an alarm once you

SAVEd the new position.)

2.

Click USE in the GNSS 1 Position box to apply the settings.

3.

The default Alarm Threshold is 50 m, i.e. any detected position shift beyond a 50m circle around the HOME BASE position will cause an alarm. You can change this setting to adjust the sensitivity.

4.

Click SAVE to accept the entered values.

A less common use case may be that you want to pre-set the unit's position for later use e.g., if the SecureSync unit will be deployed in a different location: Set a position manually by entering lat / long (format: xx.xxxxxx degrees) and alt . Note, however, that this may cause a spoofing alarm, since BroadShield detects a difference between the HOME BASE position and the GNSS position.

CHAPTER 3 • SecureSync 2400 User Manual Rev. 2

3.3  Managing References

ALGORITHMS

This menu option allows you to disaable/enable Jamming or Spoofing.

Spoofing refers to impersonating the live-sky GNSS signal, thus "deceiving" the GNSS receiver, while Jamming refers to interference of the signal, i.e. making the live-sky GNSS signal unusable. Per default, both are Enabled.

ABOUT

The About menu displays Version and Build Date of the BroadShield software. Periodic updates are released with SecureSync system software updates, as they become available.

Monitoring BroadShield

You can use the BroadShield Web UI to monitor the jamming/spoofing status, or the

SecureSync Web UI. In the latter case, you will be informed of a Major Alarm, as described below:

BroadShield Alarm

If BroadShield detects a jamming or spoofing event, SecureSync will emit a BroadShield

Critical, Major Alarm (see illustration below). SecureSync will go into Holdover ( yellow

HOLD status light) and – depending on the BroadShield Service setting (see

"Enabling/Disabling the BroadShield Service" on page 196 ) and your SecureSync settings

– will either remain in sync ( green SYNC status light), i.e. it will continue to output time and frequency signals considered valid, or it will go out of sync ( red SYNC light).

CHAPTER 3 • SecureSync 2400 User Manual Rev. 2 199

3.3  Managing References

You can also configure a notification alarm, see

"Enabling/Disabling the BroadShield Service" on page 196 .

BroadShield Web UI Monitoring

The BroadShield Web UI will also display real time signal status information, or a map status.

Note: If at any time you receive an error message Failed to connect to the unit , the SecureSync Web UI may have timed out (see

"Web UI Timeout" on page 259 ). Refresh your browser page to log back in.

To open the BroadShield user interface:

1.

Navigate to MANAGEMENT > Broadshield.

2.

The embedded Broadshield Web UI will open, displaying the Dashboard and providing access to the following panels:

DASHBOARD

The Dashboard panel displays up to 7 days of history data, and a real-time amplitude frequency spectrum. The headline background color indicates the current jamming/spoofing status: red = jamming or spoofing detected; green = no alarms at this time

200

Top graph

The Dashboard top graph displays the past signal level over time, divided into a Normal and a Critical signal level (separated by a red line). A blue line in the Critical zone indicates

CHAPTER 3 • SecureSync 2400 User Manual Rev. 2

3.3  Managing References a potential jamming incident, while a green line indicates that SecureSync may be subject to a spoofing attack.

You can change the time scale by clicking on any of the labels between 1 HOUR and

7 DAY .

Note: A SecureSync reboot will reset all history data (it can still be retrieved via LOGS.)

Bottom graph

The bottom graph labeled Spectrum visualizes the current signal over the GPS frequency band. Unusual amplitude spikes indicate a potential threat. If your system is equipped with more than one GNSS receivers, a green and an orange graph will indicate the signal level for additional receivers.

GNSS 1 Status

Note: The BroadShield GNSS1 reference refers to the SecureSync GNSS 0 reference.

Status information

GPS Time : Time and Day as provided by SecureSync's GNSS receiver.

Position : The position as determined by SecureSync's GNSS receiver.

Satellites Used : The number of satellites currently received by SecureSync. This number includes all satellites currently received for all enabled constellations (see

"Selecting GNSS Constellations" on page 221

). Note that BroadShield uses only

GPS signals for jamming/spoofing detection.

CHAPTER 3 • SecureSync 2400 User Manual Rev. 2 201

3.3  Managing References

Average C/No : Average signal to noise ratio. An average C/No value higher than

30 can be considered "good".

Skyplot graph

The center of the skyplot represents the antenna position. The skyplot shows all GPS satellites currently being tracked and – if enabled (under INTERFACES: REFERENCES >

GNSS Reference: GNSS 0 > Edit button > Selected Constellations ) – will also display all GLONASS satellites (numbered 65 and higher). Note, however, that GLONASS satellites will not be used by BroadShield. Galileo and Beidou satellites will not be displayed.

Note: Even though SecureSync may be configured to track multiple GNSS constellations (see

"Selecting GNSS Constellations" on page 221

),

BroadShield only uses GPS.

Signal-to-noise bar graph

This graph visualizes the signal-to-noise ratio for up to 20 received satellites in real time.

The satellites are numbered by their NMEA ID's (as in the skyplot mentioned above).

MAP

202

The map displays your current position, as reported by the GPS receiver. Should the displayed position differ from the actual antenna position, the GPS signal is likely spoofed.

Note that the map data is not part of the BroadShield software, but is downloaded from the

Internet. Hence, this feature is only available if your SecureSync unit is connected to the

Internet.

CHAPTER 3 • SecureSync 2400 User Manual Rev. 2

3.3  Managing References

LOGS

To clear all current logs stored on SecureSync, click CLEAR LOGS .

To start a new log session, click NEW LOG SESSION .

To download current logs, click DOWNLOAD LOGS .

Broadshield Notifications

You can setup Notifications to be sent if BroadShield detects or clears an alarm:

Navigate to MANAGEMENT: OTHER > Notifications , and under the GPS tab, locate the two BroadShield line items. For further information on how to configure Notifications, see

"Notifications" on page 241

.

3.3.3

The GNSS Reference

With most applications, SecureSync will be setup such that it utilizes a GNSS signal as the primary (if not the only) timing reference.

SecureSync's GNSS receiver utilizes the signal provided by the GNSS antenna.

The GNSS receiver analyzes the incoming GNSS data stream and supplies the GNSS time and 1PPS (Pulse-Per-Second) signal to SecureSync's timing system. The timing system uses the data to control the System Time and discipline the oscillator.

While SecureSync’s default GNSS receiver configuration will likely be adequate for most applications, it is advisable that you review the options and change settings as needed, particularly if you are experiencing poor signal reception.

CHAPTER 3 • SecureSync 2400 User Manual Rev. 2 203

3.3  Managing References

204

To access the GNSS Receiver settings:

1.

Navigate to INTERFACES > REFERENCES: GNSS 0 .

Note: Typically, there will be only one GNSS reference, numbered

"0".

2.

The GNSS 0 status window will open. To open the configuration window, click Edit in the bottom-left corner.

OR:

1.

Navigate to INTERFACES > REFERENCES: GNSS Reference .

2.

Click on the INFO button, or the GEAR button to configure the GNSS settings, or review GNSS reference status information.

3.3.3.1

Reviewing the GNSS Reference Status

To view the current status of your GNSS reference:

1.

Navigate to INTERFACES > REFERENCES: GNSS Reference .

2.

Click the INFO button next to GNSS 0 . The GNSS 0 status window will display; it contains two tabs, explained in detail below: Main [= default], and Satellite Data .

The "Main" tab

CHAPTER 3 • SecureSync 2400 User Manual Rev. 2

3.3  Managing References

Under the Main tab, the following information will display:

Note: Detailed information on the different parameters can be found in the subsequent GNSS topics.

CHAPTER 3 • SecureSync 2400 User Manual Rev. 2 205

3.3  Managing References

Manufacturer/Model : The manufacturer and/or model of the GNSS receiver in your SecureSync unit.

Validity : Status indicator lights for TIME and 1PPS signals: “ On ” ( green ) indicates a valid signal, “ Off ” ( red ) indicates that no valid signal is available. A yellow 1PPS light indicates that the monitored 1PPS value fell below a quality threshold and the unit is in flywheel mode.

Receiver Mode:

Single Satellite : Used in areas with poor GNSS reception.

Standard : Default operating mode for the GNSS receiver.

Mobile : For non-stationary applications.

Receiver Dynamics : (u-blox receivers only); see

"Setting GNSS Receiver Dynamics" on page 212 .

Survey Progress : Real-time status:

ACQUIRING (x Satellites)— red

SURVEYING (x %)— yellow ; remains at 1% if no satellites are in view

COMPLETE — green

Number of Tracked Satellites : The number of satellites currently being tracked.

Offset : As set by the user, in nanoseconds.

Antenna Sense :

OK ( green )

Open : Check the antenna for the presence of an open.

Short : Check the antenna for the presence of a short circuit.

Position : SecureSync’s geographic position by:

Latitude : In degrees, minutes, seconds

Longitude : In degrees, minutes, seconds

Altitude : In meters MSL (Mean Sea Level)

Receiver Constellation : GPS/GLONASS/Galileo/BeiDou/SBAS/QZSS

Client A-GPS Status : A-GPS is ENABLED and running, or DISABLED

Client A-GPS Data : External A-GPS data is AVAILABLE, or UNAVAILABLE

Server A-GNSS Status : The Rinex Server feature is ENABLED and running, or

DISABLED

Server A-GNSS Data : A-GPS data is AVAILABLE and can be downloaded by clients, or it is UNAVAILABLE

206 CHAPTER 3 • SecureSync 2400 User Manual Rev. 2

3.3  Managing References

E

J

G

R

I

C

Identified Satellite Signal Strengths : Bar graphs for all satellites detected. Color indicates signal strength.

With your mouse pointer, hover over a bar graph to display tool tip information about satellite constellation, satellite number, and signal strength.

Letter Symbol GNSS Constellation

GPS

GLONASS

Galileo

QZSS

BeiDou

IRNSS

The "Satellite Data" tab

Under the Satellite Data tab, there are two graphs:

Number of Satellites over Time : A graphical track of how many satellites were being tracked over time.

SNR over Time : A graphical track of maximum SNR, and minimum SNR.

CHAPTER 3 • SecureSync 2400 User Manual Rev. 2 207

3.3  Managing References

In both graphs, to see a legend of the graphical data, and time-specific status data, click inside the graph, choosing the desired point in time. If necessary, increase the time resolution by dragging the time sliders. A pop-up window will display the legend for that graph, and the status information for the selected time.

3.3.3.2

Determining Your GNSS Receiver Model

Note: All SecureSync models are currently shipped with a u- blox M8T

Receiver.

To determine which GNSS receiver model is installed in a SecureSync unit:

1.

Navigate to TOOLS > SYSTEM: Upgrade/Backup .

2.

In the System Configuration panel, locate the line item GNSS Receiver :

208

GNSS Receiver Models

Orolia strives to equip SecureSync with current technology. Depending on the production date of your SecureSync unit, one of the following GNSS receiver models will be installed in your unit (if any):

CHAPTER 3 • SecureSync 2400 User Manual Rev. 2

3.3  Managing References

u-blox

®

M8T

Production dates : Since 2016

Constellations : GPS, Galileo, GLONASS, BeiDou, QZSS

Other characteristics:

Client A-GPS option: Yes

Server A-GNSS option: Yes

Resurvey : Automatic, after being moved and rebooted — can be changed, see

"Setting GNSS Receiver Dynamics" on page 212 .

Multi-GNSS reception: Yes, within these permissible settings:

GPS Galileo GLONASS Beidou

X X – –

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

Note: The augmentation systems SBAS and QZSS can be enabled only if GPS operation is configured.

3.3.3.3

Selecting a GNSS Receiver Mode

When connected to a GNSS antenna that receives a GNSS signal, SecureSync can use

GNSS as an input reference. The factory default configuration allows GNSS satellites to be received/tracked with no additional user intervention required.

However, there are several user-configurable GNSS settings:

CHAPTER 3 • SecureSync 2400 User Manual Rev. 2 209

3.3  Managing References

The Receiver Mode function allows the GNSS receiver to operate in either a stationary mode (“ Standard ” or “ Single Satellite ” modes), or in a mobile mode environment e.g., in a vehicle, ship or aircraft.

Offset [ns]: to account for antenna cable delays and other latencies

Receiver dynamics : to optimize performance for land, sea or air operation

The ability to delete the stored GNSS position information (latitude, longitude and antenna height).

The option to determine when a resurvey is to be performed (supported only by newer GNSS receivers).

The option to select your constellation types

To configure the GNSS Receiver Mode for your SecureSync unit:

1.

Navigate to INTERFACES > REFERENCES : GNSS 0 . The GNSS 0 Status panel will open.

2.

Select Edit in the bottom-left corner. The GNSS 0 configuration window will open:

210

3.

Select the desired Receiver Mode, and click Submit .

GNSS Receiver Modes

The receiver modes are:

Standard GNSS Receiver Mode

The default GNSS receiver mode is the Standard Mode : It is the most accurate, and hence the preferred GNSS receiver mode.

The Standard Mode can be used only for stationary applications , i.e. the SecureSync unit will not be moved. Also, it must be able to track initially at last four satellites in order to complete the survey. (Once the survey is completed, less than four satellites will provide a valid

Time and 1PPS.)

In the Standard Mode the GNSS survey will initially be performed, once at least four GNSS satellites become available. The GNSS survey is used to determine the exact position and time; it takes 2000 seconds (33 minutes) to complete a survey. During the survey, the

CHAPTER 3 • SecureSync 2400 User Manual Rev. 2

3.3  Managing References

GNSS receiver must continue to track at least four satellites, otherwise the GNSS survey will not complete.

Upon completion of the GNSS survey the GNSS receiver will lock-in the calculated GNSS position and will enter Standard Mode . Once in Standard Mode , the GNSS survey will only be performed again if: the unit is halted or rebooted (see

"Performing a GNSS Receiver Survey" on page 214

).

the equipment will be relocated to another location and the receiver detects this

(applies to most Trimble receivers) you manually delete the GNSS position, see

"Deleting the GNSS Receiver Position" on page 217 .

In the event that SecureSync cannot complete a GNSS survey within 24 hours (e.g., the survey progress does not go beyond 99%), see

"Single Satellite GNSS Receiver Mode" below .

Single Satellite GNSS Receiver Mode

The Single Satellite Mode is designed for use cases in which it is not possible for the

GNSS receiver to track at least four GNSS satellites for at least 33 minutes continuously in a 12-hour time window so as to complete the GNSS survey, i.e. obtain a 3-D fix. In such cases, SecureSync cannot operate in Standard Mode . This occurs frequently in areas with limited view of the sky (e.g., "urban canyons").

In Single Satellite Mode, the GNSS receiver will be considered a valid input reference as long as: a.

the receiver was able to complete a survey during a time window with good satellite reception, OR you have manually entered a valid position for your antenna location

(instructions can be found under

"Manually Setting the GNSS Position" on page 219

and

"Determining Your Position" on page 220 .)

b.

the GNSS receiver continues to track at least one qualified satellite .

Note that SecureSync is designed to provide the most accurate time in Standard Mode , hence the Single Satellite Mode should only be used if the GNSS receiver could not complete a survey. Note also that Single Satellite Mode can only be used if the SecureSync unit remains stationary at all times.

Mobile GNSS Receiver Mode

In Mobile Mode no surveys will be carried out since the position status is updated in near real-time. SecureSync will go into synchronization shortly after beginning to track satellites.

CHAPTER 3 • SecureSync 2400 User Manual Rev. 2 211

3.3  Managing References

The Mobile Mode should only be selected if your SecureSync unit will NOT remain stationary at all times, i.e. instead of being operated in a building, it is installed in a mobile platform (such as a vehicle, ship, plane, etc.).

Note: With SecureSync's GNSS receiver configured in Mobile Mode , the specified accuracies of SecureSync will be degraded to less than three times that of Standard Mode .

Standard Mode accuracy of the receiver is less than 50 ns to GPS/UTC (1 sigma), hence Mobile Mode is less accurate than 150 ns to GPS/UTC time (1 sigma).

3.3.3.4

Setting GNSS Receiver Dynamics

Receiver Dynamics further refine the reception characteristics for the individual receiver modes and determine if the receiver will automatically resurvey after a reboot.

Note: This option only applies to u-blox M8T receivers receivers (RES-SMT-

GG and SAASM GPS do NOT support this.)

Caution: If you select a setting that does NOT resurvey, and subsequently relocate your unit (antenna) by more than 100 m, u-blox M8T receivers will

NOT detect the new position, and hence provide an incorrect time.

For more information about the GNSS Survey , see

"Performing a GNSS Receiver Survey" on page 214 .

For more information on Receiver Modes , see

"Selecting a GNSS Receiver Mode" on page 209 .

To change/review the GNSS Receiver Dynamics:

1.

Navigate to INTERFACES > REFERENCES: GNSS 0 .

2.

Under the Main tab of the GNSS 0 status window, the line item Receiver Dynamics will indicate the current setting.

3.

To change the setting, click Edit in the bottom-left corner. The GNSS 0 configuration window will display:

212 CHAPTER 3 • SecureSync 2400 User Manual Rev. 2

3.3  Managing References

4.

Select a setting and click Submit.

Available GNSS Receiver Dynamics Settings

The following Receiver Dynamics settings are available:

Land (Resurvey) : [default]

When used with the Mobile Receiver Mode, the receiver is adjusted for typical dynamic land-based applications.

When used with the Standard Receiver Mode, this setting also will automatically initiate a resurvey after SecureSync reboots, in order to account for a possible relocation.

Sea : The receiver dynamics will be optimized for mobile motion patterns typical with marine applications, resulting in greater timing accuracy, and avoiding premature loss of synchronization.

Air : The receiver dynamics will be optimized for acceleration forces typically experienced in civil aviation applications.

Stationary (No Resurvey) : In Standard Mode, the receiver is set to a non-dynamic value for stationary applications.

There will be no automatic resurvey after a reboot. Should a unit be relocated, you need to delete its position, thus initiating a new survey.

The following table illustrates the interdependence between Receiver Dynamics, Receiver

Mode (see

"Selecting a GNSS Receiver Mode" on page 209 ) and receiver type:

Table 3-2: Receiver dynamics, ~modes, ~ dynamics, ~ types

Receiver Dynamics

Receiver Mode

Land

(Resurvey)

Sea Air

Single Satellite

Standard irrelevant irrelevant irrelevant

Stationary

(No Resurvey) irrelevant

Mobile (with u-blox receivers)

CHAPTER 3 • SecureSync 2400 User Manual Rev. 2 213

3.3  Managing References

Notes:

The u-blox M8T receiver now uses Land to indicate it will RESURVEY on reboot, and Stationary to indicate it will not resurvey after reboot.

3.3.3.5

Performing a GNSS Receiver Survey

Note: This topic only applies to

stationary applications

– in Mobile receiver mode NO surveys will be carried out since the position is updated continuously.

When SecureSync's integrated GNSS receiver performs a survey, it tries to determine or verify its geographic position with high accuracy. An accurate geographic position is required to calculate a precise system time from the GNSS reference.

During a GNSS survey, the position will be iteratively recalculated while gradually increasing the position accuracy. A survey can take up to 33 minutes, but typically SecureSync will synchronize earlier, i.e. offer a valid Time and 1PPS reference, once it has obtained a sufficiently accurate preliminary position.

Note: If a system has been moved, in Standard receiver mode and Land

Dynamics , receivers will automatically re-survey on reboot. In Standard mode and Stationary Dynamics , the unit will survey only once, and will not re-survey on reboot.

Verifying GNSS Survey Progress

To see if SecureSync's GNSS receiver is performing a survey and if so, verify its progress:

1.

Navigate to INTERFACES > REFERENCES: GNSS 0 .

2.

The survey status (ACQUIRING, COMPLETE, or progress in percent) is displayed under the line item Survey Progress.

214 CHAPTER 3 • SecureSync 2400 User Manual Rev. 2

3.3  Managing References

Note: Once a survey has been initiated, the Survey Progress may not be displayed right away until the receiver has completed its initialization process.

3.3.3.6

GNSS Receiver Offset

The Offset setting in the GNSS configuration window ( INTERFACES > GNSS 0 > " Edit ") allows you to enter an offset to the GNSS time and 1PPS reference in order to account for antenna cable delays or other latencies (entered and displayed in nanoseconds).

By setting the correct Offset value, you can offset the system’s on-time point by the Offset value to compensate for the antenna and in-line amplifier delays. Under typical conditions, the expected cable and amplifier delays are negligible. You can calculate the delay based on the manufacture’s specifications.

The offset range is ±½ seconds (i.e. ±500 ms, or ±500 000 000 ns). The default value is

0 nanoseconds, and the resolution is 1 nanosecond.

Configuring a GNSS receiver offset

To configure the GNSS receiver offset:

1.

Navigate to Interfaces > References: GNSS Reference

2.

Click on the GEAR button next to the GNSS Reference. The GNSS 0 window will open:

CHAPTER 3 • SecureSync 2400 User Manual Rev. 2 215

3.3  Managing References

216

3.

Locate the Offset field, and enter the desired value.

4.

Click Submit.

Calculating cable delay

The following formula can be used to calculate antenna cable delay:

D = ( L * C ) / V

Where:

D = Cable delay in nanoseconds

L = Cable length in feet

C = Constant derived from velocity of light: 1.016

V = Nominal velocity of propagation expressed as decimal, i.e. %66 = 0.66 Value is provided by cable manufacturer.

When using Orolia LMR-400 or equivalent coaxial cable, this formula equates to approximately 1.2 nanoseconds of delay per every foot of cable. To calculate the Offset value

(cable delay), multiply the length of the entire cable run by “1.2” and then enter this value into the Offset field.

E x a m p l e s o f c a b l e d e l a y s :

L M R - 4 0 0 ( o r

100 feet of cable = 120 nanoseconds of cable delay

200 feet of cable = 240 nanoseconds of cable delay e q u i v a l e n t ) c o a x

300 feet of cable = 360 nanoseconds of cable delay

3.3.3.7

Resetting the GNSS Receiver

The Reset Receiver command causes the GNSS receiver to execute a cold start: All data will be erased from the volatile receiver memory. Only non-volatile memory is preserved.

CHAPTER 3 • SecureSync 2400 User Manual Rev. 2

3.3  Managing References

Caution: Resetting the GNSS receiver may become necessary in the rare event of internal communication issues, and is typically ONLY required if

Orolia Technical Support advises you to execute this command.

Note that resetting the GNSS receiver is not the same as

"Deleting the GNSS Receiver

Position" below .

To reset the GNSS Receiver:

1.

Navigate to Interfaces > References: GNSS Reference

2.

Click on the GEAR button next to the GNSS Reference. The GNSS 0 window opens:

3.

Locate the Reset Receiver box, check it, and click Submit.

3.3.3.8

Deleting the GNSS Receiver Position

The SecureSync timing system requires the exact geographic position in order to calculate the exact system time from the GNSS signal.

The Delete Position command deletes the GNSS antenna position data that is stored in the non-volatile memory of the GNSS receiver.

The deletion of the position data will automatically initiate a new GNSS self survey , provided: a GNSS antenna is connected to SecureSync the GNSS receiver can track at least four satellites continuously and the GNSS receiver it is configured to operate in Standard Mode .

The objective of the GNSS Survey is to re-discover the current antenna position.

Note: A self survey will take at least 2000 seconds (33 minutes).

CHAPTER 3 • SecureSync 2400 User Manual Rev. 2 217

3.3  Managing References

Relocating SecureSync

The Delete Position command may need to be used if a SecureSync system is physically moved, and it did not self-initiate a new survey automatically. Note that neglecting to delete the old position data and discover the new position data will cause SecureSync not to go into synchronization state.

Sanitization

The Delete Position command must also be used when sanitizing a SecureSync unit

(ensuring that no trace of position data remains on the unit).

Deleting the GNSS position

To delete the GNSS position:

1.

Disconnect the GNSS antenna from the SecureSync unit (this is required only when sanitizing the unit).

2.

Navigate to Interfaces > References: GNSS Reference . 

3.

Click on the GEAR button next to the GNSS Reference (typically, there is only one reference, numbered "0"). The GNSS 0 window will open:

218

Locate the Delete Position box, check it, and click Submit.

4.

SecureSync will initiate a GNSS self survey.

Note: In Mobile Receiver Mode it is NOT possible to delete the position and start the GNSS survey. This feature is only available in Standard Mode and in Single Satellite Mode . In Single Satellite Mode a GNSS survey may take up to 24 hours.

CHAPTER 3 • SecureSync 2400 User Manual Rev. 2

3.3  Managing References

3.3.3.9

Manually Setting the GNSS Position

Note: This topic applies only to mode, or Single Satellite mode.

stationary applications

, i.e. to Standard

The exact geographic position (location and elevation) of the antenna your SecureSync unit—and thus its onboard GNSS receiver—is a major factor for SecureSync to calculate an accurate System Time from the GNSS reference.

Note: The elevation (altitude) should be set in accordance with the World

Geodetic System 1984 ( WGS 84 ), not Mean Sea Level (MSL).

Normally, the onboard GNSS receiver will track and adjust the antenna position during the so- called GNSS self survey , which is performed during initial commissioning of a

SecureSync unit, or when rebooting a unit after it had been powered down for some time

("cold start").

Depending on where your GNSS antenna is installed and thus, how good the reception is, the self survey may be adequate for most applications.

Setting a Manual Position , however, i.e. manually applying your current geographic position data (Latitude, Longitude, and Altitude) may be necessary if your GNSS receiver could not complete its survey due to poor reception.

In some cases, setting the position manually may also help to reduce the amount of time needed for the initial position "fix", i.e. for SecureSync to synchronize with the satellites in view.

Note that this position will also be used if Apply A-GPS Data is checked.

To manually set your position:

1.

Determine your geographic position. For more information, see

"Determining Your

Position" on the next page

.

2.

Navigate to INTERFACES > REFERENCES: GNSS 0 . In the GNSS 0 status window, click Edit in the lower left corner. The GNSS 0 window will open:

CHAPTER 3 • SecureSync 2400 User Manual Rev. 2 219

3.3  Managing References

220

3.

Under Manual Position Set accurately enter latitude , longitude (both in decimal degrees), and altitude (in meters [ WGS 84 ]) of your GNSS antenna, SecureSync can use this data during the satellite tracking/adjustment process, which typically leads to a quicker "fix". It is recommended to enter the position as accurately as possible.

Determining Your Position

To determine your GNSS position, using Google Maps™:

1.

On your computer, open

Google Maps

.

2.

In Google Maps, locate your building, and the location of your antenna.

3.

Right-click on the location. Select What's here?

At the bottom, you will see a card with the coordinates.

4.

Take note of your decimal position (e.g., 43.083191, -77.589718).

Note: Should you prefer to determine your position in a different way, and as a result, have your latitude & longitude data in degrees/minutes/ seconds, you need to convert this data to the decimal format e.g., by using a conversion tool, such as Earth Point

www.earthpoint.us

, or

https://www.fcc.gov/media/radio/dmsdecimal

:

CHAPTER 3 • SecureSync 2400 User Manual Rev. 2

3.3  Managing References

5.

Determine your altitude : To find the elevation of your location, search online for a

Google Maps elevation finder tool. Do not forget to add the height above ground for your antenna.

If a more exact altitude is desired, the use of a topographical map is recommended. Applying the

WGS 84

standard will likely yield the most accurate elevation.

3.3.3.10 GNSS Constellations

SecureSync allows you to select which GNSS constellations can be tracked. For example, you can determine if you want GLONASS satellites to be tracked (besides GPS).

Selecting GNSS Constellations

our SecureSync is capable of tracking multiple GNSS constellations simultaneously.

To verify if satellite signals for the selected GNSS constellations are currently received, see

"Determining Which GNSS Satellites Are Received" on page 223 .

Configuring GNSS Constellations

To configure which GNSS constellations SecureSync's GNSS receiver shall track:

1.

Navigate to INTERFACES > REFERENCES: GNSS Reference .

2.

Click the GEAR button next to GNSS 0 . The GNSS 0 window will open:

CHAPTER 3 • SecureSync 2400 User Manual Rev. 2 221

3.3  Managing References

222

3.

Under Selected Constellations , review which constellations are currently tracked, and apply your changes. Note the following:

The u-blox M8T receiver is capable of receiving multiple GNSS constellations simultaneously; the table below shows which combinations are possible:

GPS Galileo GLONASS BeiDou

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

X

Note: The augmentation systems SBAS and QZSS can be enabled only if GPS operation is enabled.

CHAPTER 3 • SecureSync 2400 User Manual Rev. 2

3.3  Managing References

Note: Should you select more than 3 + QZSS constellations, you will receive a Constellation Error once you click Submit

( ConstError ).

About QZSS

QZSS is disabled by default. In order to receive QZSS signals, you must either be located in the Japan region, or use a GNSS simulator (such as Orolia GSG-5 or -6 Series).

QZSS is not considered a standalone constellation and while SecureSync allows you to enable QZSS by itself, it is recommended to use it in combination with GPS.

Determining Which GNSS Satellites Are Received

To see which GNSS satellites your SecureSync is currently receiving:

1.

Navigate to INTERFACES > REFERENCES: GNSS 0 .

2.

The GNSS 0 status window will open:

3.

Under Identified Satellite Signal Strengths hover with your cursor over the bars:

The letter in the tooltip window displayed for each signal bar indicates which

CHAPTER 3 • SecureSync 2400 User Manual Rev. 2 223

3.4  Holdover Mode constellation the satellite belongs to:

Letter symbol GNSS Constellation

G

R

GPS

GLONASS

C

I

E

J

Galileo

QZSS

BeiDou

IRNSS

The number next to the letter indicates the satellite number. The number below indicates the signal strength (C/N o

).

3.4

Holdover Mode

224

When input references have been supplying input to SecureSync and input from all the references has been lost, SecureSync will not immediately declare loss of time synchronization, but first will go into Holdover mode. While the unit is in Holdover mode, the time outputs are derived from the internal 10 MHz oscillator incrementing the System

Time, but the oscillator is not disciplined/steered by the external reference e.g., GNSS.

Because of the stability of the internal oscillator, accurate time can still be derived even after all the primary references are no longer valid or present. The more stable the oscillator is without an external reference, the longer this holdover period can be and have it still maintain very accurate outputs. The benefit of Holdover is that time synchronization

CHAPTER 3 • SecureSync 2400 User Manual Rev. 2

3.4  Holdover Mode and the availability of the time outputs is not immediately lost when input references are no longer available.

While SecureSync is in Holdover, the only difference is the Holdover and associated Minor alarm are asserted. There are no changes to NTP or any of the other outputs, i.e. while in

Holdover mode, NTP inside SecureSync continues to be at the same Stratum level it was at before going into Holdover mode (such as Stratum 1 when synced to GPS). Should the

Holdover period expire, however, or the unit is rebooted, the NTP Stratum will go to 16, preventing any clients from being able to sync with SecureSync until GPS or another reference has been restored.

How long will the unit remain in Holdover mode?

SecureSync will remain in Holdover mode until either: a.

Any enabled and valid input reference becomes available again: If one or more references return and are declared valid before the Holdover period has expired (even momentarily, i.e. for at least one second), SecureSync exits the Holdover mode and returns to its fully synchronized state.

b.

The Holdover Timeout period expires. In this case, SecureSync will declare loss of synchronization.

Note that Holdover mode does not persist through reboots or power cycles. If a reboot or power cycle occurs while SecureSync is in Holdover mode, it will power-up and remain in a

“ not synchronized ” state until at least one valid Time and 1PPS input reference becomes available again. While in this state, NTP will be Stratum 15 and outputs will not be usable. If the input references are restored and then lost or declared not valid again, SecureSync will then go back into Holdover mode.

What is "Holdover Timeout"?

Holdover Timeout is the user-configurable allowable time period in which SecureSync remains in Holdover mode before it declares loss of synchronization. Holdover Timeout can be adjusted according to application-specific requirements and preferences. See below for recommendations on how long (short) the Holdover Timeout should be.

How to configure Holdover Timeout

To set the Holdover Timeout value:

Navigate to MANAGEMENT > OTHER: Disciplining , and click the GEAR icon in the

Status panel:

CHAPTER 3 • SecureSync 2400 User Manual Rev. 2 225

3.4  Holdover Mode

226

For more information on the TFOM value and Phase Error Limit, see

"Configuring the Oscillator" on page 230 .

Note: Changes made to the Holdover Timeout always take effect immediately. If SecureSync is in Holdover and the Holdover timeout is changed to a value that is less than the current time period that SecureSync has been in Holdover Mode, the unit will immediately declare loss of synchronization.

What is the recommended setting for the Holdover Timeout period?

The factory default Holdover period is 2 hours (7200 seconds) . The value can be increased to up to 5 years. During this time period, SecureSync will be useable by its NTP clients (or other consumers) after GNSS reception has been lost.

The length of time is really based on the type of oscillator installed in a unit, and what the typical accuracy requirements are for the NTP clients. The longer it can run in Holdover mode before it expires, the longer it can continue being a central time source for all of its clients. But the longer SecureSync runs in Holdover, the larger the offset to true UTC time will become, because the undisciplined oscillator will drift over time:

The better the type of oscillator installed, the more stable it is while in Holdover and therefore, the less its time will drift away from true UTC time. This results in more accurate timing, over extended durations upon the loss of GPS input. For instance, a Rubidium

CHAPTER 3 • SecureSync 2400 User Manual Rev. 2

3.4  Holdover Mode oscillator will maintain significantly better time over a longer Holdover duration than a

TCXO oscillator (TCXOs are considerably less stable than a Rb oscillator).

Oscillator Phase Drift

The chart below provides typical stability performance for the oscillator types that can be found in SecureSync units. These numbers are based on the oscillator being locked to a reference for two weeks, but then loses GPS reception for an extended period of time, while the ambient temperature remains stable.

This data can help you determine how long of a Holdover period can be tolerated, based on how much time drift may occur after GPS input is lost. The larger the time error that can be tolerated by SecureSync clients, based on the oscillator installed, the larger the Holdover timeout period can be set to.

Table 3-3: Estimated Phase Drifts

1PPS Phase Drift in Holdover

(no reference available)

TCXO OCXO

After 4 hours

After 24 hours

Low Phase Noise

OCXO

12 µs 1µs

450

µs

0.5 µs

25 µs 10 µs

Rubidium

0.2 µs

1µs

Low Phase Noise

Rubidium

0.2 µs

1µs

To find out which type of oscillator is installed in your SecureSync, navigate to

MANAGEMENT > OTHER: Disciplining , and look for the line item Oscillator Type in the

Status panel.

Typical Holdover lengths

The length of the allowed Holdover Timeout period is displayed and configured in seconds.

The table below provides example conversions for typically desired Holdover periods.

Table 3-4: Typical Holdover lengths in seconds

Desired Holdover Length Holdover Length (in seconds) to be entered

2 hours

24 hours

7 days

30 days

1 year

7200 seconds (default value)

86 400

604 800

2 419 200

29 030 400

CHAPTER 3 • SecureSync 2400 User Manual Rev. 2 227

3.5  Managing the Oscillator

Note: Due to Leap Seconds that are periodically inserted into the UTC and

Local timescales, it is not normally recommended to exceed 30 days of Holdover without an external reference that can supply Leap Second information being applied (such as GNSS).

Configuring a Holdover value exceeding 30 days could result in a one-second time error in the UTC or Local timescales until an external reference (GNSS or IRIG input) is restored or a manually configured Leap Second is asserted by a user (leap seconds do not affect the

GPS and TAI time scales).

If no external references (such as GNSS or IRIG) are available when a Leap Second is scheduled to occur, manual Leap Seconds can also be applied to the UTC or Local time base; see

"Leap Seconds" on page 176

.

If the Holdover Timeout has expired, do I need to reset the clock once GPS becomes available again?

No, the Holdover timer is automatically reset as soon as at least one reference has been restored/returned for at least one second. If GPS is restored and then lost again moments later, the Holdover timer starts again with its full value. If its set to one week in this case, it then gets another week of Holdover operation before NTP goes to Stratum 16 (if GPS remained unavailable for the entire week).

Holdover mode and the User/User reference

If the only available input reference is a manually set User time, and SecureSync is subsequently rebooted or power cycled, time sync will be lost when SecureSync powers backup. The time will need to be set manually again in order for SecureSync to return to its fully synchronized state. See

"The "User/User" Reference" on page 188

and

"Manually Setting the Time" on page 171

for more information.

3.5

Managing the Oscillator

The purpose of the built-in oscillator is to provide SecureSync with an accurate and very stable internal frequency source. This allows SecureSync to go into a holdover mode in the event that external time or frequency references are lost or become invalid. However, the oscillator can also be used as a legitimate 1PPS reference during normal operation, in conjunction with an external time reference (for more information, see

"Configuring Input

Reference Priorities" on page 184

.)

228 CHAPTER 3 • SecureSync 2400 User Manual Rev. 2

3.5  Managing the Oscillator

SecureSync’s internal oscillator is normally disciplined to an input reference (such as GNSS,

IRIG input, 1PPS input, etc.) in order to provide the highest degree of oscillator accuracy and to account for oscillator drift. While disciplining (with a 1PPS input reference input present and valid), the oscillator’s output frequency is monitored and based on the measured frequency, the oscillator is steered to maintain a very accurate 10 MHz output. If no valid 1PPS input references are present (or input references are present but not considered valid), the oscillator will be in Freerun mode instead.

The Oscillators Settings page provides the user with some control of the disciplining process. This page is also used to configure the length of time SecureSync is allowed to remain in the Holdover mode when all references are lost.

3.5.1

Oscillator Types

SecureSync units are available with different types of internal oscillators:

TCXO (Temperature-Compensated Crystal Oscillator) one of two different types of OCXO (Oven-Controlled Crystal Oscillator) oscillators, or one of two different types of Rb (Rubidium) oscillators.

The two different types of OCXO oscillators are a precision OCXO oscillator and a high-precision (low phase noise) OCXO oscillator. The two different types of Rubidium oscillators are a precision Rubidium oscillator and a low-phase noise Rubidium oscillator. All of these internal oscillators are self-calibrating and can be disciplined to a 1PPS input reference for maximum accuracy.

To determine which oscillator is installed in your SecureSync unit, navigate to

MANAGEMENT > OTHER: Disciplining . The first entry in the Status panel on the left indicates the type of oscillator:

Because of its high degree of stability, the Rubidium oscillator provides the greatest ability to extend the hold-over period when input references are not present. Extending the hold-over period allows the unit to provide very accurate and useable time stamps and a 10

MHz output for a longer period of time once time synchronization has been lost.

CHAPTER 3 • SecureSync 2400 User Manual Rev. 2 229

3.5  Managing the Oscillator

Note: Oscillators are installed at the factory, in accordance with order specifications; an oscillator cannot be swapped/retrofitted later in the product life cycle (with the exception of repairs).

The Rubidium oscillator is atomic in nature but requires no MSDS (Material Safety Data

Sheet).

Note: External Oscillator : It is possible for an external oscillator to be locked to SecureSync's 10 MHz output via an external PLL, with the lock state of the external PLL monitored by SecureSync. Contact Orolia for more information.

3.5.2

Configuring the Oscillator

SecureSync is equipped with an internal oscillator. To configure the oscillator settings:

1.

Navigate to MANAGEMENT > OTHER: Disciplining .

2.

Click the GEAR icon at the top of the Status panel. The Oscillators Settings window will display:

230

3.

Populate the fields:

Maximum TFOM for Sync : When TFOM (Time Figure of Merit, see also

"Time Figure of Merit (TFOM)" on the facing page ) is greater than Max

TFOM, disciplining will still be attempted against the selected reference to improve the TFOM. If the condition persists, the system will transition to

CHAPTER 3 • SecureSync 2400 User Manual Rev. 2

3.5  Managing the Oscillator holdover, and eventually out of sync. When disciplining is performed such that

TFOM is no longer greater than max TFOM, the system will transition back into sync.

Holdover Timeout(s) : The default is 7200 s (= 2 hours).

For more information on holdover timeouts, see

"Typical Holdover lengths in seconds" on page 227 . For additional information on holdover, see

"What is

"Holdover Timeout"?" on page 225 .

Phase Error Limit : [Default=0 (disables this feature)]. Setting a Limit (valid for +/-) for the Phase Error between an external 1PPS reference and the System 1PPS will cause the disciplining tracking to restart automatically (after a few minutes delay) if that limit is exceeded. This will help to quickly re-align the System 1PPS with a reference.

When using a Host Reference as a primary or backup reference, for improved performance it is recommended to set the phase error limit for NTP to a suggested value of 100000 ns (= 100 µ second). Adjust this value as needed, based on your accuracy requirements.

Restart Tracking : Check this box, and click Submit if you want to manually restart disciplining tracking.

This option causes the disciplining algorithm to stop tracking the input reference and start over (as if it was just acquired). This can be useful if there is a large phase offset between reference 1PPS and system 1PPS, as it may occur when going back into sync to the external reference after a long holdover. A

Restart Tracking will re-align the system 1PPS with the reference 1PPS very quickly, but may cause the 1PPS output to jump.

Recalibrate : In rare cases, existing calibration data may no longer be suitable to calibrate the oscillator. This function will delete the existing calibration data, and begin a new calibration process (not applicable for low phase-noise Rubidium oscillators).

4.

Click Submit.

3.5.2.1

Time Figure of Merit (TFOM)

The TFOM reflects the estimated error range values between the reference 1PPS (such as GPS 1PPS) and the System 1PPS which is being aligned to the 1PPS. The estimated error is referred to as the 1PPS Phase error. TFOM values are ranges of these phase errors.

The larger the phase error estimate, the larger the TFOM value will be. For example,

TFOM 3 is reported when the estimated phase error is any value between 10 ns to less than 100 ns of the offset between the selected 1PPS reference and the system’s 1PPS.

TFOM is SecureSync’s estimation of how accurately it is synchronized with its time and

1PPS reference inputs, based on several factors, known as the Estimated Time Error or

ETE. The larger the TFOM value, the less accurate SecureSync believes it is aligned with

CHAPTER 3 • SecureSync 2400 User Manual Rev. 2 231

3.5  Managing the Oscillator its 1PPS input that is used to perform disciplining. If this estimated error is too large, it could adversely affect the performance of oscillator disciplining. The available TFOM range is 1 through 15. You may refer to the following for the TFOM to ETE conversions:

13

14

15

9

10

11

12

7

8

5

6

3

4

1

2

Table 3-5: TFOM to ETE conversion

Reported TFOM Value Estimated Time Error (ETE)

<= 1 nsec

1 nsec < ETE <= 10 nsec

10 nsec < ETE <= 100 nsec

100 nsec < ETE <= 1 μ sec

1 μ sec < ETE <= 10 μ sec

10 μ sec < ETE <= 100 μ sec

100 μ sec < ETE <= 1 msec

1 msec < ETE <= 10 msec

10 msec < ETE <= 100 msec

100 msec < ETE <= 1 sec

1 sec < ETE <= 10 sec

10 sec < ETE <= 100 sec

100 sec < ETE <= 1000 sec

1000 sec < ETE <= 10000 sec

ETE > 10000 sec

Example

TFOM is a value between 1 and 15. TFOM can never exceed the default MaxTFOM value of 15.

Typically the MaxTFOM requires no adjustment, but in some instances it may be advisable to decrease MaxTFOM so that TFOM can potentially exceed it: For example, by lowering the MaxTFOM to “5” it is now possible for TFOM to be always higher than the MaxTFOM value:

Assuming the MaxTFOM is set to 5 and the TFOM happens to go to a 6, i.e. TFOM is now exceeding MaxTFOM. This condition will cause a 1PPS out of specification alarm to be asserted and the oscillator disciplining will change in order to speed-up the alignment of the system 1PPS to the selected reference (causing it to take less time getting closer into alignment with the reference):

This will cause the TFOM to start to decrease faster. Once TFOM no longer exceeds

MaxTFOM because the System 1PPS is now much closer to the reference 1PPS , the dis-

232 CHAPTER 3 • SecureSync 2400 User Manual Rev. 2

3.5  Managing the Oscillator ciplining slows back down again as the system 1PPS continues to be brought into alignment with the selected 1PPS input.

3.5.3

Monitoring the Oscillator

The Oscillator Management screen provides current and history status information on disciplining state and accuracy.

To access the Oscillator Management screen:

1.

Navigate to MANAGEMENT > OTHER: Disciplining .

2.

The Oscillator Management screen will display. It consists of two panels:

The Oscillator Status Panel

This panel provides comprehensive information on the current status of SecureSync's timing state.

Oscillator Type : Type of oscillator installed in the unit.

Disciplining State : State of oscillator control and disciplining; indicates whether or not the internal oscillator is currently being disciplined (steered to an input reference). The states are: "Warm up", "Calibration", "Tracking Setup", "Lock State",

"Freerun", and "Fault".

1PPS Phase Error : A tracking measurement [scaled time, in ns, or ms] of the internal

1PPSs' phase error with respect to the selected input reference. Long holdover

CHAPTER 3 • SecureSync 2400 User Manual Rev. 2 233

3.5  Managing the Oscillator periods or an input reference with excessive jitter will cause the phase error to be high. The oscillator disciplining control will gradually reduce the phase error over time. Alternatively, restarting the tracking manually (see "Restart Tracking" under

"Configuring the Oscillator" on page 230

), or automatically via a pre-set Phase

Error Limit, will quickly reduce the phase error.

10 MHz Frequency Error : An internal estimated calculation (in Hertz) of the internal oscillator's frequency error, based on the phase accuracy error at the beginning and end of a frequency measurement window (the length of this window will vary depending upon the type of oscillator installed and the oscillator adjustment algorithm).

Current DAC Setting : Current DAC value, as determined by the oscillator disciplining system. The value is converted into a voltage that is used to discipline the oscillator. A stable value over time is desirable and suggests steady oscillator performance (see also the graph in the History Panel).

DAC Step : Step size for adjustments to the internal oscillator, as determined by the oscillator disciplining system. Larger steps = quicker, but coarser adjustments. The step size is mainly determined by the type of oscillator.

TFOM : The Time Figure of Merit is SecureSync’s estimation of how accurately the unit is synchronized with its time and 1PPS reference inputs, based on several factors, known as the Estimated Time Error or ETE. The larger the TFOM value, the less accurate SecureSync believes it is aligned with its 1PPS input that is used to perform disciplining. If this estimated error is too large, it could adversely affect the performance of oscillator disciplining. The available TFOM range is 1 through 15.

Max TFOM for Sync : Value, as set under

"Configuring the Oscillator" on page 230

Temperature(s) : Three temperatures are displayed:

Oscillator temperature, which has an effect on oscillator accuracy, and therefore can be used to interpret oscillator performance.

Board temperature (measured on the main board, sometimes also referred to as 'System temperature')

CPU temperature

Note: Oscillator temperature is plotted over time in the History panel on the right, while graphs for board and CPU temperature can be found under TOOLS > SYSTEM: System

Monitor .

Last Time Reference Change : [Timestamp: Last occurrence]

234 CHAPTER 3 • SecureSync 2400 User Manual Rev. 2

3.5  Managing the Oscillator

Last 1PPS Reference Change : [Timestamp: Last occurrence]

Last TFOM Change : [Timestamp: Last occurrence]

Last Sync State Change : [Timestamp: Last occurrence]

Last Holdover State Change : [Timestamp: Last occurrence]

The Oscillator History Panel

The Oscillator History Panel offers real- time graphical monitoring of SecureSync’s internal timing. The following graphs plot key oscillator-relevant data over time::

Phase Error Magnitude : See

1PPS Phase Error

Frequency Error : See

10_MHz_Frequency_Error

Scaled DAC Value : See

DAC Step

Oscillator Temperature , which has an effect on oscillator accuracy, and therefore can be used to interpret oscillator performance.

You can zoom in on any of the graphs by grabbing the handles at either end and pulling them inwards. The graph will focus in on the time interval you choose in real time.

Clicking on the Delete icon in the top-right hand corner will erase all current oscillator log data.

Clicking on the Download arrow icon will download the latest oscillator log data as a .

csv file.

3.5.4

Oscillator Logs

To export, or delete the oscillator logs:

1.

Navigate to MANAGEMENT > OTHER: Disciplining .

2.

To download the log file: In the History panel, click the downwards pointing

ARROW icon. in the top-right corner:

3.

The log file will be downloaded onto your local computer. Its name is oscillatorStatusLog.csv

. Depending on the operating system you can open the file, or save it locally.

CHAPTER 3 • SecureSync 2400 User Manual Rev. 2 235

3.5  Managing the Oscillator

To delete the log file, click the TRASH CAN icon, and confirm.

236 CHAPTER 3 • SecureSync 2400 User Manual Rev. 2

System Administration

The following topics are included in this Chapter:

4.1 Powering Up/Shutting Down

4.2 Notifications

4.3 Managing Users and Security

238

241

250

4.4 Miscellanous Typical Configuration Tasks

4.5 Quality Management

274

279

4.6 Updates and Licenses 313

4.7 Backing-up and Restoring Configuration Files 316

CHAPTER 4 • SecureSync 2400 User Manual 237

4.1  Powering Up/Shutting Down

4.1

4.1.1

Powering Up/Shutting Down

Powering Up the Unit

1.

After installing your SecureSync unit, and connecting all references and network(s), verify that power is connected, and wait for the device to boot up.

Note: SecureSync does not have a power switch. When the unit is plugged in, the power will be on (unless you have an additional condition, such as your unit has been halted).

2.

Observe that the front panel illuminates The time display will reset and then start incrementing the time.

238

Figure 4-1: SecureSync front panel

3.

Check the front panel status LED indicators:

The Power LED should be lit (not flashing).

The GNSS LED will be either OFF or flashing HEARTBEAT, since synchronization has not yet been achieved.

The Alarms LED light should be OFF (startup behavior) or HEARTBEAT

(acquiring fix behavior). A FAST blinking pattern would indicate the unit requires attention.

For additional information, see

"Status LEDs" on page 4

and

"Status Monitoring via Front

Panel" on page 279

.

4.1.2

Shutting Down the Unit

Shutting down SecureSync by interrupting the AC power supply is acceptable and will not damage the unit.

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2

4.1  Powering Up/Shutting Down

It is, however, worthwhile to point out the differences between shutting down the unit by interrupting the power supply vs. gracefully shutting it down e.g., via the Web UI.

To learn more, see

"Issuing the HALT Command Before Removing Power" below

.

4.1.3

Issuing the HALT Command Before Removing Power

Gracefully shutting down SecureSync by using the HALT command offers the following advantages over shutting the unit down by interrupting the power supply:

The shutdown process will be logged

The System Clock will update the Real Time Clock with the latest System Time.

SecureSync's file system will be synchronized, which under some circumstances will allow for faster startup next time the unit will be powered up.

The HALT command may be issued to the SecureSync via: the Web UI the front panel keypad the front panel serial port.

Note: Wait 30 seconds after entering the HALT command before removing power.

Once the HALT process has been initiated, the front panel display will show halting and the time display will stop incrementing.

Issuing a HALT Command via the Web UI

1.

Navigate to TOOLS > SYSTEM: Reboot/Halt .

2.

The Reboot/Halt window will display. Select the Shutdown the Unit checkbox.

3.

Click Submit .

4.

Wait 30 seconds after entering the HALT command before disconnecting power from the unit.

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2 239

4.1  Powering Up/Shutting Down

Issuing a HALT Command via SerialPort/Telnet/SSH:

With a serial connection to the front panel USB or rear panel serial port, telnet connection or SSH connection, type halt <Enter> to halt the unit for shutdown. For more information on SecureSync commands, see

"CLI Commands" on page 514 .

Note: After issuing the HALT command wait 30 seconds before you remove power.

Issuing a HALT Command via the Front Panel:

1.

Press the POWER menu button to switch the front panel display to the Power

Menu. Verify that you are under the Management sub menu (use the left and right arrow keys if necessary).

2.

Press DOWN until Halt is highlighted. Press the ENTER button in the center of the keyapd once to activate the halt, and then press it again to confirm your choice in the confirmation menu to the right.

Once you have halted your SecureSync, power must be removed (unplugged) and reapplied in order to restart the unit.

4.1.4

Rebooting the System

To reboot SecureSync via the Web UI:

1.

Navigate to TOOLS > SYSTEM: Reboot/Halt .

2.

Select the Restart after Shutdown box in the Reboot/Halt window.

240

3.

SecureSync will now be rebooted and be accessible again shortly thereafter.

Rebooting via LCD/Keypad, Serial Port, Telnet, SSH, SNMP

With a serial connection to the front panel serial port, telnet connection or SSH connection, type reboot <Enter> to reboot SecureSync.

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2

4.2  Notifications

Reboot is also is available to be performed through an snmpset operation. For more information on SecureSync commands, see

"CLI Commands" on page 514 .

Once the Reboot process has been initiated, the front panel LCD will display a Power off message, and the front panel LED time display will stop incrementing until SecureSync has started booting back up again.

Rebooting via the front panel

1.

Press the POWER menu button to switch the front panel display to the Power

Menu. Verify that you are under the Management sub menu (use the left and right arrow keys if necessary).

2.

Press DOWN until Reboot is highlighted. Press the ENTER button in the center of the keyapd once to activate the halt, and then press it again to confirm your choice in the confirmation menu to the right.

During reboot, the front panel display will read Rebooting and the time display will stop incrementing.

4.2

Notifications

If an event occurs e.g., SecureSync transitions into Holdover, or a short is detected in the

GNSS antenna, SecureSync can automatically notify users that a specific event has occurred.

In some situations, two events are generated. One event occurs in the transition to a specified state and then another event occurs when transitioning back to the original state.

Examples of these are losing sync and then regaining sync, or going into Holdover mode and then going out of Holdover mode. Other situations may only consist of one event. An example of this situation is switching from one input reference to another.

Notifications of each event that may occur can be via alarms, via SNMP Traps being sent to one or more SNMP Managers, via an email being sent to a specified email recipient, or a combination of the three. The Notifications page allows a user to configure whether the occurrence of each event automatically triggers an alarm to be generated, an SNMP trap to be sent out, an email to be sent out, or a combination of the three.

Also, this page allows the desired email recipient’s address for that particular event to be specified. Each event can be configured with the desired email address that is specific to just that one event only. Note that only one email address can be specified in each Email

Address field. If desired, the same email address can be used in all of the fields, or different addresses can be used for different events.

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2 241

4.2  Notifications

Note: Whether or not notifications are enabled/disabled for a given event, the occurrence of the event is always logged.

All available SecureSync events that can generate a notification to be sent are located under different tabs in the Notification Events panel: Timing , GPS , and System .

The SecureSync Events that can automatically trigger a notification are listed in the Event column. It is possible to:

Mask the alarm generation for specific events (prevent the alarm)

Enable “SNMP” (to send out an SNMP trap)

Send an email to the address specified in the corresponding “Email Address” column.

4.2.1

Configuring Notifications

To configure Notifications:

1.

Navigate to MANAGEMENT > OTHER: Notifications . The Notifications screen will display:

242

It is divided into two panels:

The Actions panel, featuring:

The SNMP Setup button: See

"SNMP" on page 83 .

The Email Setup button: Configure SecureSync's interface settings for Exchange email servers and Gmail.

For more information on this subject, see the Technical Note

Notification Setup

.

Email

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2

4.2  Notifications

The Events panel, offering three tabs:

Timing : Events for Sync Status and Holdover, Frequency error, Input references and the internal oscillator.

GPS : Events related to the GNSS receiver, including antenna cabling, tracking less than the minimum number of satellites and GNSS receiver faults.

Systems : Events related to the system operation, including minor and major alarms being asserted, reboot, timing system errors and option cards.

2.

In the Events panel, choose the Timing , GPS or System tab. Configure your Notifications (see below), and click Submit.

The columns under each tab are:

Event —This is the event that will trigger the notification. The events under each tab will vary according to context.

Mask Alarm —Check here to enable an alarm mask. Enabling an alarm mask for a given notification will prevent that notification from generating an alarm condition. Other notifications for that event and logging of the event will still occur.

SNMP Trap —Check here to configure the event to trigger an SNMP Trap.

Email —Check here to configure the event to trigger an email notification.

Email Address —Enter the address to which the email should be sent when triggered by the event.

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2 243

4.2  Notifications

Note: Each event can be configured with the desired email address that is specific to just that one event only. Note that only one email address can be specified in each Email Address field.

For each event choose the notification you want and an email address – if any – to which you want the notification to be sent. For more information, see

"SNMP" on page 83

and

"Setting Up Email Notifications" on page 247 .

For each event, only the notification options available can be configured. For example, a mask alarm can be set for an In-Sync event, and a Not-in-Sync event, but not for an In-Holdover event.

4.2.2

Notification Event Types

The following types of events can be used to trigger notifications:

4.2.2.1

Timing Tab: Events

In Sync

Not In Sync

In Holdover

No Longer in Holdover

Frequency Error

Frequency Error Cleared

1PPS Not In Specification

1PPS Restored to Specification

Oscillator Alarm

Oscillator Alarm Cleared

Reference Change (Cleared)

Reference Change

4.2.2.2

GPS Tab: Events

Too Few GPS Sat, Minor Alarm

Too Few GPS Sat, Minor, Cleared

Too Few GPS Sat, Major Alarm

244 CHAPTER 4 • SecureSync 2400 User Manual Rev. 2

4.2  Notifications

Too Few GPS Sat, Major, Cleared

GPS Antenna Problem

GPS Antenna OK

GPS Receiver Fault

GPS Receiver Fault Cleared

Under the GPS Events tab, you can also configure Minor and Major Alarm Thresholds for GNSS fault events; see

"Configuring GPS Notification Alarm Thresholds" below

.

4.2.2.3

System Tab: Events

Minor Alarm Active

Minor Alarm Inactive

Major Alarm Active

Major Alarm Inactive

Unit Reboot

Timing System Software Error

Timing System Hardware Error

High Temperature, Minor Alarm

High Temperature, Minor, Cleared

High Temperature, Major Alarm

High Temperature, Major, Cleared

4.2.3

Configuring GPS Notification Alarm Thresholds

SecureSync allows you to configure Minor and Major alarm thresholds for the GNSS receiver. This is done by setting the minimum number of satellites the receiver can track for a set time before an alarm is triggered. If both conditions are met, i.e. the reception quality falls below the set number of satellites for the set amount of time, an alarm is triggered.

The alarm notification feature described below allows you to be notified of a potential reception issue BEFORE the GNSS reference becomes invalid. This may be useful e.g., to notify system operators of a deteriorating signal reception before SecureSync loses the

GNSS reference.

Note that SecureSync itself has a pre-defined minimum number of satellites that must be tracked in order for GNSS to be considered a valid reference. The minimum number of satellites depends e.g., on your receiver mode, the GNSS signal reception in the area where your antenna is located, and the type of receiver in your unit. In Stationary mode, and for SAASM units, the minimum number of satellites is normally 4 (four). Hence, it

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2 245

4.2  Notifications would be prudent to set the Minor Alarm Threshold to 8, and the Major Alarm Threshold to

6.

Note: While GPS Notification Alarms can be used in Mobile GNSS receiver mode , it is not advisable.

To determine which GNSS receiver mode your SecureSync is using and how many satellites your SecureSync unit is currently receiving, navigate to INTERFACES >

REFERENCES: GNSS 0 . See also

"Reviewing the GNSS Reference Status" on page 204 .

To set the GPS Alarm Thresholds:

1.

Navigate to MANAGEMENT > OTHER: Notifications , and choose the GPS tab.

2.

At the bottom of the window, locate the ALARM THRESHOLD panel:

246

3.

In the Minimum Satellites fields enter the minimum number of satellites that must be available before the alarm is triggered. The alarm will be triggered when the number of satellites available is BELOW this number.

4.

In the Duration Below Threshold (s) fields, enter the time in seconds that the system must be below the threshold set in the Minimum Satellites field before an alarm is triggered. The alarm will be triggered when this time is reached.

By default, this timeout value is set to 0 seconds: As soon as the receiver drops below the minimum number of satellites, the associated alarm is triggered. A delay of e.g., 5 seconds, however, would not trigger an alarm if the number of received satellites drops below the specified number for only 3 seconds.

You can configure this event to cause either a Minor alarm, or a Major alarm, or both.

To learn more about Minor and Major alarms, see

"Minor and Major Alarms" on page 326 .

Note that the GNSS receiver must initially be tracking more than the configured number of satellites in order for this alarm to be triggered (the alarm is triggered when the receiver falls below the number of Minimum Satellites you specified above).

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2

4.2  Notifications

4.2.4

Setting Up SNMP Notifications

SNMP Notifications are SNMP traps that occur on a change of a monitored event.

To configure SNMP notifications:

1.

Navigate to MANAGEMENT > OTHER: Notifications .

2.

In the Actions panel, click SNMP Setup .

For more information on SNMP, see

"SNMP" on page 83

.

4.2.5

Setting Up Email Notifications

The Email Setup window provides a means to configure SecureSync with the necessary settings to interface it with Exchange email servers and Gmail.

To set up Notification Emails (Standard Mode):

1.

Navigate to MANAGEMENT> OTHER: Notifications .

2.

In the Email Setup panel, click on the gear icon

3.

Enter your email information in the popup window

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2 247

4.2  Notifications

4.

To test your settings:

In the Test Email Address field, enter an email address.

Click the Send Test Email button.

A notification that your email has been sent will appear at the top of the window.

To set up Notification Emails (Expert Mode):

1.

Navigate to MANAGEMENT> OTHER: Notifications .

2.

In the Actions panel of the Notifications screen, toggle Expert Mode to ON and click the * Email Setup gear.

3.

The Email Setup window will display:

248

The Email Configuration box provides two example configuration files. One is for interfacing SecureSync with an Email Exchange server; and the other is for sending emails via Gmail:

4.

To configure the applicable example email configuration, delete the comments (“#”) from each line and replace the “<>” with the appropriate values for your particular email server (such as the user name and password for your Email server).

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2

4.2  Notifications

E x a m p l e I : S M T P i n t e r f a c e t o M S E x c h a n g e set smtp=outlook.office365.com

set [email protected]> set from="[email protected]" set smtp-auth-password=PASSWORD set smtp-auth=login set ssl-verify=ignore set smtp-use-starttls

E x a m p l e I I : S M T P i n t e r f a c e t o G m a i l set smtp=smtp.gmail.com:587 set smtp-use-starttls set ssl-verify=ignore set smtp-auth-user=<user name, example [email protected]> set smtp-auth-password=<password> set smtp-auth=login

5.

Click the Submit button at the bottom of the window.

6.

To test your settings:

In the Test Email Address field, enter an email address.

Click the Send Test Email button.

A notification that your email has been sent will appear at the top of the window.

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2 249

4.3  Managing Users and Security

4.3

Managing Users and Security

4.3.1

Managing User Accounts

Users need to authenticate as the login to SecureSync. The system administrator is responsible for maintaining a list of user accounts (user names, passwords etc.) via the

MANAGEMENT > OTHER: Authentication screen of the SecureSync Web UI

(HTTP/HTTPS). Note that user accounts CANNOT be created or edited via CLI commands using telnet or SSH.

4.3.1.1

Types of Accounts

There are three types of accounts:

Account

Type

Permissions

"user" These accounts are intended for users only e.g., operators. These "user" accounts are read-only accounts, i.e. they do not allow any editing rights and are restricted to reviewing status-related information. The Web UI will not show (or gray-out) any editing functionality.

"admin" Administrator accounts are intended to be used by system administrators. These accounts have writing access. You can add additional admin accounts to the pre-installed administrator account spadmin .

"factory" The default factory account with the username spfactory is meant to provide access to

Orolia technical support personnel. You can delete this account, if you so prefer. Note, however, that executing the

Clean and Halt command will recreate the Factory account.

4.3.1.2

About "user" Account Permissions

As outlined above – unlike "administrator" accounts – "user" accounts are read- only accounts, i.e. they do not allow any editing rights and are restricted to reviewing statusrelated information. Otherwise, the privileges assigned to admin groups are exactly the same whether logging in via the Web UI, or connecting via SSH.

Account Differences, General

While most menus look the same to "admin" and "user" type accounts (except the

MANAGEMENT menu, see below), the screens and panels located below the main menus will differ in such that the "user" UI will show fewer (if any) configuration options:

250 CHAPTER 4 • SecureSync 2400 User Manual Rev. 2

4.3  Managing Users and Security

The status information presented, however, will be largely identical.

The most significant differences are visible in the MANAGEMENT menu, since most of the

Setup menus are hidden from "user" accounts:

Account Differences, by Menu

INTERFACES Menu

"user" and "admin" accounts can view and modify all settings in these pages (can view/edit

GNSS receiver, Outputs, and Option Cards).

MANAGEMENT Menu

Network : While the toggle switches in the Network Services panel are displayed, "user" cannot modify any of the network-related configurations (such as telnet, FTP, SSH and

HTTP/HTTPS). The switches can be moved, but an error message will be displayed shortly thereafter.

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2 251

4.3  Managing Users and Security

Authentication : "user" can access this page but can only change his/her own password.

Users cannot create any new accounts and cannot modify any accounts.

Reference Priority : "user" can access this page and modify settings.

Notifications : "user" can access this page and modify settings.

Time Management : "user" can access this page and modify settings.

Front panel : "user" can access this page and modify settings.

Log Configuration : "user" can access this page and modify settings.

Disciplining : "user" can access this page and modify settings.

Change my password : "user" can access this page and change only their password.

TOOLS Menu

Logs : "user" can view only the listed logs

Upgrade/Backup : "user" cannot perform any updates.

Reboot/Halt : "user" cannot reboot/shutdown/halt the unit.

4.3.1.3

Rules for Usernames

Length : Usernames can be between 3 and 32 characters long.

Accepted characters :

All letters, including the first, must be lower-case.

Numbers, underscores and dashes are accepted.

Next to punctuation symbols, the following special characters are NOT accepted: ! @ # $ % ^ & * ( )

4.3.1.4

Adding/Deleting/Changing User Accounts

To access the Users list, and the Password Security panel:

1.

Navigate to MANAGEMENT > OTHER: Authentication .

2.

The Users panel on the right shows a list of all user accounts, including their Username , the Group to which that user account is assigned to, and any Notes about

252 CHAPTER 4 • SecureSync 2400 User Manual Rev. 2

4.3  Managing Users and Security the user account:

SecureSync units are shipped with two default accounts: i.

The "administrator" account ( spadmin

), and ii.

The "factory" service account ( spfactory ).

Additional accounts may be added and deleted as desired. The number of accounts that can be setup is virtually unlimited.

Note: The password for the spadmin account can be changed (and it is recommended to do so for security reasons). However, the spadmin account name cannot be changed, and the account cannot be removed from SecureSync.

Note: The spfactory account is for use by Orolia service personnel. While the spfactory account can be deleted by an administrator, it should be noted that this may potentially limit remotely provided technical support.

User accounts can be created to have either limited user or full administrator rights. Each user can be assigned his own login password.

To ADD a user account, click the PLUS icon in the top-right corner of the Users screen.

To DELETE a user account, click the Delete button in that account’s entry on the

Users screen.

To APPLY CHANGES to a user account, click the Change button next to the desired user account.

When either the Change button or the PLUS icon is clicked, the Add or Change User window appears:

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2 253

4.3  Managing Users and Security

254

To add a user account:

1.

Enter a Username . (For rules, see

"Rules for Usernames" on page 252

.)

2.

Enter a Password . The password requirements are configurable, see

"Managing

Passwords" on the facing page . By default a password can be any combination of

upper- and lower-case characters. Minimum password length = 8 characters, maximum length = 32 characters.

3.

Repeat the new Password .

4.

In the Group field, choose the permission group to which you want the user to belong to: user or admin . The user permission level assigns permission to access and change all settings, with the following exceptions that are limited to the admin accounts:

Changing network settings

Adding and deleting user accounts

Web Interface Settings

Upgrading SecureSync system software

Resetting the SecureSync configuration

Clearing log files

Changing Disciplining Setup options

Changing configuration options for the following protocols or features:

NTP

HTTPS, SSH

LDAP/RADIUS

SNMP (with the exception of configuring SNMP notifications).

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2

4.3  Managing Users and Security

To change a user account:

1.

In the Add or Change User window the Username field will be populated.

a.

To change it, type the new name.

b.

To change the user account’s password, type the new password in the Password field and confirm it in the Repeat New Password field. Note that the password requirements are configurable, see

"Managing Passwords" below .

c.

To change the user account’s user permission group, select the group from the drop-down menu.

For more information, see also

"Managing Passwords" below .

4.3.2

Managing Passwords

Caution: For security reasons, it is advisable to change the default credentials.

4.3.2.1

Configuring Password Policies

To configure password requirements e.g., rules for minimum password length and special characters:

1.

Navigate to MANAGEMENT > OTHER: Authentication .

2.

In the Actions panel, click Security Policy .

3.

The Password Security window will display. Fill in the self-explanatory fields and

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2 255

4.3  Managing Users and Security click Submit.

256

4.3.2.2

The Administrator Password

The factory default administrator login password value of admin123 can be changed from the default value to any desired value. If the current password is known, it can be changed using the SecureSync Web UI.

Note: To follow this procedure, you must be logged in as the spadmin user.

If you are unable to login as spadmin , follow the procedure outlined in

"Lost

Password" on the facing page

.

If the password has already been changed from the default value, but the current value is no longer known, the administrator password can be reset back to the factory default value, see

"Lost Password" on the facing page

. Once reset, it can then be changed to a new desired value via the Web UI.

Changing the admin password

To change the admin password from a known value to another desired value:

1.

Navigate to MANAGEMENT > OTHER: Change My Password .

2.

The Change Password window will display.

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2

4.3  Managing Users and Security

3.

In the Old Password field, type the current password.

4.

In the New Password field, type the new password.

Note: The new password can be from 8 to 32 characters in length.

5.

In the Repeat New Password field, retype the new password.

6.

Click Submit .

For more information, see also

"Managing User Accounts" on page 250 .

4.3.2.3

Lost Password

If the current spadmin account password has been changed from the default value and has been forgotten or lost, you can reset the spadmin password back to the factory default value of admin123 .

Resetting the spadmin account password does not reset any user-created account passwords. This process only resets the spadmin account password.

Any user with administrator rights can reset the

MANAGEMENT > OTHER: Authentication window.

spadmin password through the

If you do not know the password for any user with administrator rights, your only options are: restore the factory defaults via the front panel (press the power button and select Restore factory defaults ), or: contact customer service to request a password reset.

Changing the "spadmin" password via Web UI

To change the spadmin password:

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2 257

4.3  Managing Users and Security

1.

Navigate to the MANAGEMENT > OTHER: Authentication window.

2.

Locate the spadmin entry in the Users table.

3.

Click the CHANGE button.

4.

In the Add or Change User window:

1.

Enter a new password.

Note: The new password can be from 8 to 32 characters in length.

2.

Confirm the new password.

258

3.

Click Submit .

To reset the "spadmin" account password via the serial port, or SSH:

1.

Connect a PC to the front panel USB or rear panel seial console port, and log in using an account with admin group rights (such as the spadmin account).

2.

Type: resetpw

<Enter>. The spadmin account password is now reset.

After resetting the password follow the procedure above to change the word in the MANAGEMENT > OTHER: Authentication window.

spadmin pass-

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2

4.3  Managing Users and Security

4.3.3

Web UI Timeout

For security reasons, the Web UI will automatically timeout after a set number of minutes, i.e. you will be logged out by the system, regardless of activity, and need to actively login again.

Minimum timeout duration: 10 minutes

Maximum timeout duration: 1440 minutes (24 hours)

Default timeout duration: 60 minutes.

To change the time after which the Web UI will timeout:

1.

Navigate to the MANAGEMENT > Network Setup screen.

2.

In the Actions panel on the left, click on Web Interface Settings .

3.

In the Web Interface Settings window, enter the desired value in minutes.

In order for a new setting to take effect, you need to log off, and then log back in again.

This setting affects all users, not just the user changing the value.

Note: The Web UI does not allow simultaneous logins. Any subsequent logins will discontinue any prior instances of the Web UI.

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2 259

4.3  Managing Users and Security

4.3.4

LDAP Authentication

LDAP (Lightweight Directory Access Protocol) authentication provides the means to use an external LDAP server to authenticate the user account credentials when logging in to

SecureSync. LDAP allows the login password for user-created accounts to be stored and maintained in a central LDAP or server on the network. This function greatly simplifies password management. Instead of having to change the password in many network appliances when a password needs to be changed, if a user password is changed in the LDAP server, it automatically changes the login password for all of the appliances that are using the LDAP server to authenticate a user login.

In order to use the LDAP authentication capability of SecureSync, it needs to first be configured with the appropriate settings in order to be able to communicate with the LDAP server(s) on the network.

Caution: If you plan on using LDAP, configure it with diligence. If not required, Spectracom recommends to keep LDAP disabled.

Configuring LDAP authentication

1.

Navigate to MANAGEMENT > OTHER: Authentication .

2.

In the Actions panel, click the LDAP Setup button.

260 CHAPTER 4 • SecureSync 2400 User Manual Rev. 2

3.

The LDAP Setup window will display.

4.3  Managing Users and Security

4.

There will be 5 tabs from which to choose:

Servers : This is where you identify the LDAP server to be used.

Settings : This is where you set up the general LDAP Distinguished Name and

Bind settings.

Security : This is where you upload and manage the CA server certificate, CA client certificate and CA client key.

Group : This is where you enable/disable group-based authentication.

Advanced : This is where you set up your search filter(s) and login attribute.

LDAP Servers Settings

Under the Servers tab, you manage the LDAP server(s) to be accessed:. It is necessary to add a server before other settings are configured.

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2 261

4.3  Managing Users and Security

262

Under the LDAP Servers tab, the window displays:

LDAP Server Status —This will display one of the following states:

PASS ( green )—An LDAP server that has been set up is available and is able to pass data.

CONFIGURATION MISSING ( red )—No configuration files are available.

FAILED TO READ DATA ( red )—An LDAP server is available but no data was passed.

FAILED NOT REACHABLE ( red )—No LDAP server could be reached.

LDAP DISABLED —The Enabled checkbox under the Settings tab as not been selected.

Server —The hostname(s) or IP address(es) of the LDAP server(s) that have been added.

Action —After a server has been listed, it can be removed by clicking the Xbutton.

Port : The port number of the LDAP server (default port numbers: regular LDAP =

389; secure LDAP = 636)

Add additional server —Enter the hostname or IP address of the LDAP server to be queried. You may list multiple servers.

LDAP Settings

Under the LDAP Settings tab, set the following parameters:

Server Type : This must be the correct type—check with your LDAP server administrator if you are not sure which you are using. You have a choice of:

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2

4.3  Managing Users and Security

Active Directory : This will be used when the LDAP server is a Windows server.

Open LDAP : This will be used when the LDAP server is a Linux/UNIX server.

Server Base DN : Specifies the default base distinguished name to use for searches.

This is the base name to use in the database search. Typically, this is the top-level of the directory tree structure. Your LDAP server administrator will provide this information.

Bind DN : Enter the Distinguished Name used to bind to (this is an optional field if the database allows anonymous simple authentication). You are able to use any same level of the tree and everything below.

The bind DN is the user that is permitted to search the LDAP directory within the defined search base. Most of the time, the bind DN will be permitted to search the entire directory. The role of the bind DN is to query the directory using the LDAP query filter (as specified under the Advanced tab) and search base for the DN for authenticating users. When the DN is returned, the DN and password are used to authenticate the user.

Bind Password : Enter the password to be used to bind with the LDAP Server.

Leave this field empty for anonymous simple authentication.

Checkbox Auto-follow Referrals : Allow the use of LDAP referrals to be utilized in order to access locations that more likely hold a requested object.

LDAP Security Settings

Under the LDAP Security tab, you can upload and install the SSL required certificates and

NTP client key. If your LDAP server requires secure communications with its "clients" (i.e.

the use of SSL), the Server Certificate , the Client Certificate , and the Client Key must be uploaded to SecureSync here.

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2 263

4.3  Managing Users and Security

You may upload a server certificate, a client certificate, or a client key.

For each: a.

If necessary, create the desired certificate or client key.

b.

Click the INFO icon for the certificate you wish to upload.

c.

In the Certificate window, click the Choose File button.

264 d.

Locate and upload the certificate or client key file.

e.

Click Submit .

The SSL certificates and/or client key you upload will be installed in the /home/spectracom/xfer/cert/ directory.

Use the checkbox Enable Security if you want to enable SSL security, i.e. use Secure

LDAP.

Use the checkbox Clean Security Certificates to remove all certificates currently stored on SecureSync (e.g., to eliminate expired certificates).

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2

LDAP Group Settings

Under the LDAP Group tab, you can filter access by group.

4.3  Managing Users and Security

To enable group authentication: a.

Select the Enable group filter checkbox.

b.

Enter information for:

Group Attribute —Enter the group attribute. Example: distinguishedName for AD or gidNumber for OpenLDAP.

Group Value —Enter the required group. Example: ou=Group, dc=example, dc=com

.

Membership Attribute — Enter the attribute of the above group that will specify a user of that group. Example: member or memberUid .

Membership Value — Enter the value of the above attribute that will be stored in the group. Acceptable values are username

, uid

, and dn

.

c.

Click the Submit button.

LDAP Advanced Settings

Under the LDAP Advanced tab, you can set the search filter and the LDAP login attribute.

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2 265

4.3  Managing Users and Security

Fill in the following fields, as desired:

Search filter —This is the LDAP search filter. Example: objectclass=user

.

Login Attribute —This is the LDAP login attribute. Example: sAMAccountName

.

NSS base — Enter the search base to be used for nss_base and nss_shadow .

Example: ou=People,dc=example,dc=com

NSS Scope :Enter the scope of the NSS search.

266 CHAPTER 4 • SecureSync 2400 User Manual Rev. 2

4.3  Managing Users and Security

4.3.5

RADIUS Authentication

RADIUS authentication provides a means to use an external RADIUS server for authentication purposes when logging in to SecureSync. RADIUS allows the login password for user-created accounts to be stored and maintained in a central RADIUS server on the network.

This function greatly simplifies password management: Instead of having to change a password in many network appliances, it is changed on the RADIUS server only.

In order to use RADIUS authentication with SecureSync, RADIUS and the RADIUS network server first need to be configured. Currently, http/https/ssh/telnet/ftp protocols are supported, i.e. you can login to a SecureSync unit using RADIUS authentication via applications using any of these protocols.

Caution: In order to utilize RADIUS authentication, the account username on the RADIUS server must NOT be used with a local user account.

E x a m p l e :

A user with the username user3 on the RADIUS server will not be able to login to a

SecureSync unit, if on that unit a local user account with the username user3 exists. However, once the user deleted the local user3 account, she will be able to login with the RADIUS user3 account.

See also

"TACACS+ Authentication" on page 271

4.3.5.1

Enabling/Disabling RADIUS

To enable or disable the use of RADIUS authentication on a SecureSync unit:

1.

In the Web UI, navigate to MANAGEMENT > OTHER: Authentication .

2.

In the Actions panel on the left, click RADIUS . The RADIUS Setup window will be displayed:

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2 267

4.3  Managing Users and Security

268

3.

Click the ON/OFF toggle under Enable RADIUS to enable or disable the feature.

4.

If you are enabling the service, in the Retransmit Attempts field, select the number of retries for SecureSync to communicate with the RADIUS server (default = 0).

5.

Click Submit.

4.3.5.2

Adding/Removing a RADIUS Server

To add a RADIUS authentication server, or remove a server from the list:

1.

Navigate to MANAGEMENT > OTHER: Authentication .

2.

In the Actions panel on the left, click RADIUS Setup . The RADIUS Setup window will be displayed:

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2

4.3  Managing Users and Security

3.

Fill out the fields:

Host : The hostname or IP address of the RADIUS server

Port : Defines the RADIUS Port to use. The default RADIUS Port is 1812, but this can be changed, as required.

Secret Key : The secret key which is shared by SecureSync and the RADIUS server (the key is used to generate an MD5 hash).

Timeout : [seconds] Defines the Timeout that SecureSync will wait to communicate with the RADIUS server e.g., 10 seconds.

4.

Click the Add Server button. A confirmation message The item has been added will be displayed if the server could be added, and the server will be added to the list, indicating its status. The server status can be:

DISABLED : RADIUS service is disabled.

UNREACHABLE : This RADIUS server cannot be reached.

REACHABLE : This RADIUS server can be reached.

5.

To remove a RADIUS server from the list, click the X -button in the Actions column.

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2 269

4.3  Managing Users and Security

Note: SecureSync supports multiple RADIUS servers. The system performance, however, will be negatively affected by a large number of servers or invalid servers, respectively.

270 CHAPTER 4 • SecureSync 2400 User Manual Rev. 2

4.3  Managing Users and Security

4.3.6

TACACS+ Authentication

Terminal Access Controller Access-Control System Plus (TACACS+) is a protocol that handles authentication, authorization, and accounting (AAA) services. SecureSync supports pam_tacplus , allowing users to validate their username/password when logging into

SecureSync via a TACACS+ server. Currently, http/https/ssh/telnet/ftp protocols are supported, i.e. you can login to a SecureSync unit using TACACS+ authentication via applications using any of these protocols.

Note: Your TACACS+ files will need to have either a pap or global user attribute. SecureSync does not authenticate tacacs.conf

files with the default login user attribute.

Caution: In order to utilize TACACS+ authentication, the account username on the TACACS+ server must NOT be used with a local user account.

E x a m p l e :

A user with the username user3 on the TACACS+ server will not be able to login to a

SecureSync unit, if on that unit a local user account with the username once the user deleted the local user3 exists. However, user3 account, she will be able to login with the TACACS+ user3 account.

Sources of general reference information on TACACS+: https://en.wikipedia.org/wiki/TACACS http://www.cisco.com/c/en/us/support/docs/security-vpn/remoteauthentication-dial-user-service-radius/13838-10.html

https://github.com/jeroennijhof/pam_tacplus

See also

"RADIUS Authentication" on page 267

4.3.6.1

Enabling/Disabling TACACS+

To enable or disable the use of TACACS+ authentication on a SecureSync unit:

1.

In the Web UI, navigate to MANAGEMENT > OTHER: Authentication .

2.

In the Actions panel on the left, click TACACS+ . The TACACS+ Setup window will be displayed.

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2 271

4.3  Managing Users and Security

3.

Under Enable TACACS+, click the toggle to ON to enable TACACS+, and click the toggle to OFF to disable this feature.

4.

Click Submit.

4.3.6.2

Adding/Removing a TACACS+ Server

To add a TACACS+ authentication server, or remove a server from the list:

1.

Navigate to MANAGEMENT > OTHER: Authentication .

2.

In the Actions panel on the left, click TACACS+ Setup . The TACACS+ Setup window will be displayed:

272

3.

Fill out the fields:

Host : The hostname or IP address of the TACACS+ server

Port : Defines the TACACS+ Port to use.

Secret Key : The same encryption key as used on the TACACS+ server.

4.

Click the Add Server button. A confirmation message The item has been added will be displayed if the server could be added, and the server will be added to the list.

The server status can be:

DISABLED : The TACACS+ service is disabled.

UNREACHABLE : This TACACS+ server cannot be reached.

REACHABLE : This TACACS+ server can be reached.

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2

4.3  Managing Users and Security

5.

To remove a TACACS+ server from the list, click the X -button in the Actions column.

Note: SecureSync supports multiple TACACS+ servers. The system performance, however, will be negatively affected by a large number of servers or invalid servers, respectively.

4.3.7

HTTPS Security Levels

SecureSync supports two different modes of HTTPS operation:

The Standard HTTPS Level allows the use of medium strength ciphers and older

TLS (Transport Layer Security) protocols, while the High-Security Level is restricted to strong ciphers and TLS version 1.2

exclusively.

While Standard Mode is the default setting, the High-Security Level is preferred (unless you require the extra compatibility), since security vulnerabilities.

High Security turns off TLSv1, which has known

B r o w s e r S u p p o r t

Note that the High Security Level requires the use of current browsers - as of July 2016, the oldest compatable clients include:

• Firefox ®  27

• Chrome ® 30

• Internet Explorer ® 11

• Safari

®

9.

(This is not an exhaustive list.)

To enable High-Security HTTPS :

1.

Navigate to MANAGEMENT > Network Setup .

2.

In the Actions Panel on the left, click on Web Interface Settings . The Web Interface Settings window will open.

3.

Click on the tab Security Level :

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2 273

4.4  Miscellanous Typical Configuration Tasks

274

4.

Read the Caution statement and verify that you meet the requirements stated.

5.

Check the box Enable High Security , and click Submit.

6.

While it is NOT necessary to close the Web UI, and restart the browser, it is recommended to wait 90 seconds before continuing to use the Web UI, in order to allow the web server software to restart in the background.

It is also possible to disable High-Security HTTPS and TLS: Follow the procedure outlined above, but un check the box Enable High Security .

For more information on HTTPS certificates, see

"HTTPS" on page 65

.

4.4

Miscellanous Typical Configuration Tasks

4.4.1

REST API Configuration

REST (Representational State Transfer) API offers many benefits for customers who require additional configuration access. Any functionality that can be done manually through the Web UI can be scripted, creating machine-to-machine automation and communication.

Common tasks that would ordinarily require manual interaction with the Web UI can be scheduled and automated.

REST API is free and available on any SecureSync with Web UI communication.

For detailed instructions on REST API configuration and to obtain access, contact your local sales or service representative.

4.4.2

Configuring the Front Panel

The front panel of the SecureSync 2400 Time and Frequency Synchronization System can be configured to display your local time and can be locked to prevent unwanted

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2

4.4  Miscellanous Typical Configuration Tasks access.

4.4.2.1

To change the time display on the front panel:

1. Log on to the Web UI

2. Navigate to MANAGEMENT > Front Panel.

3. Select your general region, and the specific time zone. The listed time regions and zones are based on the zones found

here

.

4. Click Submit

Changing this time display does not affect any internal clocks or create a local clock within the system.

4.4.2.2

To lock or unlock the front panel:

1. Log on to the Web UI

2. Navigate to MANAGEMENT > Front Panel.

3. Check the box next to Lock Front Panel to lock. To unlock, verify that the box is unchecked.

4. Click Submit

The front panel information display will lock at the last viewed screen. A small padlock icon will appear in the upper right hand corner of the display, and will flash brighter if any buttons are pressed on the front panel.

Figure 4-2: Locked Front Panel Display

The front panel will remain locked until it is unlocked through the Web UI. The Web UI is the only means of locking and unlocking the front panel information display.

4.4.3

Creating a Login Banner

A login banner is a customizable banner message displayed on the login page of the

SecureSync Web UI. The login banner can be used, for example, to identify a unit.

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2 275

4.4  Miscellanous Typical Configuration Tasks

Figure 4-3: Login banner (example)

To configure a login banner:

1.

Navigate to the MANAGEMENT > Network Setup screen.

2.

In the Actions panel on the left, click Login Banner .

3.

The Network Access Banner window will display. Check the box Enable Custom

Banner .

4.

In the Plain Text Banner text box, type in your custom text.

Note: The Plain Text Banner is used to create a message for all interactive login interfaces (Web UI, telnet, SSH, FTP, SFTP, serial, etc.). It is not required to include HTML tags.

5.

Optionally, you may also use the Web Interface Banner text box.

Note: Enabling and using the Web Interface Banner text box will allow you to apply HTML formatting tags to your message (e.g., colors ). Note that this functionality is limited to browser-based Web UI

276 CHAPTER 4 • SecureSync 2400 User Manual Rev. 2

access.

4.4  Miscellanous Typical Configuration Tasks

6.

To test your new banner, click Apply to see a preview at the bottom of the window.

OR, click Submit , and log out of the Web UI, and back in so as to see the banner on the actual login page.

4.4.4

Show Clock

Instead of the Web UI, a large digital clock can be displayed on your computer screen. Next to the system status, the screen clock will display the UTC time, and the SecureSync time.

To display the screen clock instead of the Web UI:

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2 277

4.4  Miscellanous Typical Configuration Tasks

1.

Navigate to TOOLS > SYSTEM: Show Clock :

2.

To return to the standard Web UI, click Home .

4.4.5

Product Registration

Orolia recommends that you register your SecureSync so as to allow our Customer Service and Technical Support to notify you of important software updates, or send you service bulletins, if required.

Upon initial start of the SecureSync Web UI, you will be prompted to register your new product. It is also possible to register at a later time via the HELP menu item, or directly on the Orolia website: register.orolia.com/

278

4.4.6

Synchronizing Network PCs

Frequently, network PCs have to be synchronized to SecureSync via the Ethernet port, using NTP (Network Time Protocol). A detailed description on how to synchronize Windows PCs can be found online in the Orolia Technical Note Synchronizing Windows Computers on the

Orolia website

. This document also contains information and details about using the Orolia PresenTense NTP client software.

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2

4.5  Quality Management

4.5

Quality Management

4.5.1

System Monitoring

4.5.1.1

Status Monitoring via Front Panel

When you have physical access to the SecureSync front panel, you can obtain a system status overview. To see specifics on how to operate the front panel, see

"Front Panel

Keypad, and Display" on page 6

Figure 4-4: Front panel layout

Figure 4-5: Status LED menu buttons

The GNSS Menu provides monitoring of the tracked constellations under the

MONITORING submenu. Toggle between constellations to see a chart of each tracked satellite.

The INPUTS Menu provides monitoring of the references and the order of their priority under the MONITORING submenu.

The TIMING Menu provides a discription of the current oscillator state in the

MONITORING submenu.

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2 279

4.5  Quality Management

The NETWORK Menu provides a graph of the network traffic in the

MONITORING submenu. Toggle between eth0 and eth1 to view the traffic data for each port.

The ALARMS Menu provides valuable information about any current alerts and alarms.

the STATUS submenu will list active alarms. Toggle between minor alarms and major alarms to see each list.

the MONITORING submenu lists the temperature status, the memory, CPU, and disk used thus far within the unit. Select each of these values to see a graph relating to the measurement.

4.5.1.2

Status Monitoring via the Web UI

status information can be accessed via the SecureSync Web UI , such as:

Time synchronization status, including references

GNSS satellites currently being tracked

NTP sync status and current Stratum level

Estimated time errors

Oscillator disciplining

Temperature monitoring

The HOME screen provides time server status information, while the TOOLS > System

Monitor screen also displays hardware status data, e.g. temperature curves:

Status Monitoring via the HOME Screen

The HOME screen of the SecureSync Web UI provides a system status overview (see also

"The Web UI HOME Screen" on page 30

).

The HOME screen is divided into four panels :

280 CHAPTER 4 • SecureSync 2400 User Manual Rev. 2

4.5  Quality Management

System Status panel

Reference —Indicates the status of the current synchronizing reference, if any.

Power —Indicates whether the power is on.

Status —Indicates the status of the network’s timing. There are three indicators in the Status field:

Sync —Indicates whether SecureSync is synchronized to its selected input references.

Green indicates SecureSync is currently synchronized to its references.

Orange indicates SecureSync is not currently synchronized to its references.

Hold —When lit, SecureSync is in Holdover mode.

Fault —Indicates a fault in the operation of the SecureSync. See

"Troubleshooting via Web UI Status Page" on page 327

for instructions for troubleshooting faults.

Alarm Status : If a major or minor alarm is present, it will be displayed here.

NTP —Current STRATUM status of this SecureSync unit.

Temperature —The current board temperature will be displayed here.

Reference Status panel

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2 281

4.5  Quality Management

REFERENCE : Indicates the name type of each reference. These are determined by the inputs set up for the SecureSync

PRIORITY : Indicates the priority of each reference. This number will be between 1 and 15. References in this panel appear in their order of priority. See

"Configuring

Input Reference Priorities" on page 184

for more information.

STATUS : Indicates which available input reference is acting as the Time reference and which available input reference is acting as the 1PPS reference.

Green indicates that the reference is present and has been declared valid.

Orange indicates the input reference is not currently present or is not currently valid.

Performance panel

Disciplining State —Indicates whether or not the internal oscillator is currently being disciplined (steered to an input reference).

1PPS Phase Error —An internal measurement (in nanoseconds) of the internal

1PPSs’ phase error with respect to the selected input reference (if the input reference has excessive jitter, phase error will be higher)

10 MHz Frequency Error —An internal estimated calculation (in Hertz) of the internal oscillator’s frequency error, based on the phase accuracy error at the beginning and end of a frequency measurement window (the length of this window will vary depending upon the type of oscillator installed and the oscillator adjustment algorithm).

Events panel

The Events panel in the bottom-left corner of the HOME screen is a log of SecureSync’s recent activity. It updates in real time.

Note: If you know the individual reference or output whose status you wish to see, you can access the Status window of that reference or output directly through the INTERFACES > REFERENCES or INTERFACES >

OUTPUTS drop-down menu.

Status Monitoring via the System Monitor Screen

To display status information pertaining mainly to SecureSync's current hardware status, navigate to TOOLS > SYSTEM > System Monitor .

The information provided on the System Monitor Screen is subdivided into three panels:

282 CHAPTER 4 • SecureSync 2400 User Manual Rev. 2

4.5  Quality Management

System Status panel

This is identical with the HOME screen

"System Status panel" on page 281

.

Disk Status panel

This panel displays:

Total: [MB]

Used: [MB]

Free: [MB]

Percent: [%]

The last item refers to system storage. If you need to update the System Software, and this number is 70% or higher , it is recommended to clear logs and stats in order to free up memory space. (Navigate to TOOLS > SYSTEM: Upgrade/Backup , and click the corresponding buttons in the lower left-hand corner.)

System Monitor panel

Graphs are displayed for:

Board Temperature

CPU Temperature

Memory Used

CPU Used.

To delete the logged data used to generate the displayed graphs, click the TRASHCAN icon. (Note that re-populating the graphs with fresh data generated at a 1/min. rate will take several minutes.)

To download the logged data in

.csv

format, click the ARROW icon.

4.5.1.3

Status Monitoring of Input References

SecureSync’s input references can be monitored in real time through the INTERFACES menus. The menus will populate dynamically, depending on which references are available.

To display all references, navigate to INTERFACES > REFERENCES .

To display all references of a given type , click on the entry for that reference type

( not indented e.g., GNSS Reference ).

To display one particular reference, click on its entry (indented e.g., GNSS 0 ).

The Reference window will show the validity status for the chosen reference(s):

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2 283

4.5  Quality Management

To display more status information for a particular input reference, click the corresponding INFO button:

The reference window being displayed will show additional status information and option-card specific settings. The type of input reference, and the option card model determine which status information and option card settings will be displayed.

284

To change settings, click the Edit button in the bottom left corner.

4.5.1.4

Reference Monitoring: Phase

The quality of input references can be assessed by comparing their phase offsets against the current system reference, and against each other. This is called Reference Monitoring .

Reference Monitoring helps to understand and predict system behavior, and is an interference mitigation tool. It can also be used to manually re-organize reference priorities e.g.,

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2

4.5  Quality Management by assigning a lower reference priority to a noisy reference or a reference with a significant phase offset, or to automatically failover to a different reference if certain quality thresholds are no longer met.

SecureSync allows Reference Monitoring by comparing the phase data of references against the System Ontime Point. The phase values shown are the filtered phase differences between each input reference 1PPS, and the internal disciplined 1PPS.

The data is plotted in a graph in real-time. The plot also allows you to display historic data, zoom in on any data range or on a specific reference. A data set can be exported, or deleted.

To monitor the quality of references, navigate to TOOLS > SYSTEM: Reference Monitor . The Reference Monitor screen will display:

On the left side of the screen, Status information is displayed for the System and the

References. Note that the Reference Status panel also displays the latest PHASE

OFFSET reading (1) for active references against the System Ontime Point. The reading is updated every 30 seconds.

This Reference Phase Offset Data is plotted over time (abscissa) in the Reference Monitor panel in the center of the screen. Use the check boxes in the References panel (2) to select the reference(s) for which you want to plot the phase offset data. Use the handles

(3) to zoom in on a time window.

The scale of the axis of ordinate (4) is determined by the largest amplitude of any of the references displayed in the current time window. Use the checkboxes in the References panel on the right to remove references from the graph, or add them to it.

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2 285

4.5  Quality Management

4.5.1.5

Ethernet Monitoring

To monitor Ethernet status and traffic:

1.

Navigate to TOOLS > SYSTEM: Ethernet Monitor . The Ethernet monitoring screen opens:

286

The data displayed is linked to a specific Ethernet port e.g., ETH0. If you enable additional

Ethernet ports, their throughput data will also be displayed.

In the Traffic pane on the right the traffic throughput in Bytes per second is displayed in two graphs. Drag the handles at the bottom of the graphs to zoom in on a particular time frame.

In the Actions panel on the left, you can clear or download monitoring data.

In the Status panel on the left, information pertaining to the given Ethernet port is displayed, including throughput statistics and error statistics. The Mode field indicates which transmission mode is being used for the given Ethernet port:

FULL duplex, or

HALF duplex.

Note that the Mode is auto-negotiated by SecureSync. It can be changed only via the switch SecureSync is connected to, not by using the SecureSync Web UI.

4.5.1.6

Outputs Status Monitoring

Per standard configuration, SecureSync is equipped with one 1PPS and one 10 MHz output. Additional outputs can be added by means of output option cards.

Outputs can be monitored in real time via the INTERFACES drop-down menu. The menu will populate dynamically, depending on which outputs are installed.

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2

4.5  Quality Management

Monitoring the status of all outputs

To display a list of all the outputs installed in a SecureSync unit:

1.

Select INTERFACES and click OUTPUTS in the menu heading.

2.

The Outputs panel will list all the outputs installed, sorted by category.

To display more detailed information about a particular output, click the corresponding INFO button.

To edit the settings of an output, click the GEAR button (see also

"Configuring Outputs" on page 148

.)

To refresh the information displayed, click the REFRESH button (circling arrows icon on the right side of the screen).

On the rear panel illustration, click on an output connector to highlight its list entry.

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2 287

4.5  Quality Management

Monitoring all outputs of a specific type

To monitor all the outputs of a particular category (PPS, for example) simultaneously:

1.

Navigate to INTERFACES > OUTPUTS , and click the desired output category ( not recessed e.g., PPS Output ):

2.

The Status window will display a list of all outputs of the selected category:

288

To display more detailed information about a particular output, click the corresponding INFO button.

To edit the settings of a given output, click the GEAR button (see also

"Configuring

Outputs" on page 148 .)

To refresh the information displayed, click the REFRESH button (circling arrows icon).

In the illustration of the rear panel, click on a connector to highlight the corresponding list entry.

Displaying the settings of a specific output

The outputs installed in your SecureSync unit have specific settings that can be reviewed, and—to some extent—edited.

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2

4.5  Quality Management

To display the settings of an output:

1.

Navigate to INTERFACES > OUTPUTS , and click on the desired output (recessed e.g.,

PPS Output 0 ):

2.

The corresponding Status window will display:

Click the Edit button in the bottom-left corner to configure settings that are user-editable.

See also

"Configuring Outputs" on page 148 .

4.5.1.7

Monitoring the Oscillator

The Oscillator Management screen provides current and history status information on disciplining state and accuracy.

To access the Oscillator Management screen:

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2 289

4.5  Quality Management

1.

Navigate to MANAGEMENT > OTHER: Disciplining .

2.

The Oscillator Management screen will display. It consists of two panels:

290

The Oscillator Status Panel

This panel provides comprehensive information on the current status of SecureSync's timing state.

Oscillator Type : Type of oscillator installed in the unit.

Disciplining State : State of oscillator control and disciplining; indicates whether or not the internal oscillator is currently being disciplined (steered to an input reference). The states are: "Warm up", "Calibration", "Tracking Setup", "Lock State",

"Freerun", and "Fault".

1PPS Phase Error : A tracking measurement [scaled time, in ns, or ms] of the internal

1PPSs' phase error with respect to the selected input reference. Long holdover periods or an input reference with excessive jitter will cause the phase error to be high.

The oscillator disciplining control will gradually reduce the phase error over time.

Alternatively, restarting the tracking manually (see "Restart Tracking" under

"Configuring the Oscillator" on page 230

), or automatically via a pre-set Phase Error

Limit, will quickly reduce the phase error.

10 MHz Frequency Error : An internal estimated calculation (in Hertz) of the internal oscillator's frequency error, based on the phase accuracy error at the beginning and end of a frequency measurement window (the length of this window will vary

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2

4.5  Quality Management depending upon the type of oscillator installed and the oscillator adjustment algorithm).

Current DAC Setting : Current DAC value, as determined by the oscillator disciplining system. The value is converted into a voltage that is used to discipline the oscillator. A stable value over time is desirable and suggests steady oscillator performance (see also the graph in the History Panel).

DAC Step : Step size for adjustments to the internal oscillator, as determined by the oscillator disciplining system. Larger steps = quicker, but coarser adjustments. The step size is mainly determined by the type of oscillator.

TFOM : The Time Figure of Merit is SecureSync’s estimation of how accurately the unit is synchronized with its time and 1PPS reference inputs, based on several factors, known as the Estimated Time Error or ETE. The larger the TFOM value, the less accurate SecureSync believes it is aligned with its 1PPS input that is used to perform disciplining. If this estimated error is too large, it could adversely affect the performance of oscillator disciplining. The available TFOM range is 1 through 15.

Max TFOM for Sync : Value, as set under

"Configuring the Oscillator" on page 230

Temperature(s) : Three temperatures are displayed:

Oscillator temperature, which has an effect on oscillator accuracy, and therefore can be used to interpret oscillator performance.

Board temperature (measured on the main board, sometimes also referred to as 'System temperature')

CPU temperature

Note: Oscillator temperature is plotted over time in the History panel on the right, while graphs for board and CPU temperature can be found under TOOLS > SYSTEM: System

Monitor .

Last Time Reference Change : [Timestamp: Last occurrence]

Last 1PPS Reference Change : [Timestamp: Last occurrence]

Last TFOM Change : [Timestamp: Last occurrence]

Last Sync State Change : [Timestamp: Last occurrence]

Last Holdover State Change : [Timestamp: Last occurrence]

The Oscillator History Panel

The Oscillator History Panel offers real- time graphical monitoring of SecureSync’s

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2 291

4.5  Quality Management internal timing. The following graphs plot key oscillator-relevant data over time::

Phase Error Magnitude : See

1PPS Phase Error

Frequency Error : See

10_MHz_Frequency_Error

Scaled DAC Value : See

DAC Step

Oscillator Temperature , which has an effect on oscillator accuracy, and therefore can be used to interpret oscillator performance.

You can zoom in on any of the graphs by grabbing the handles at either end and pulling them inwards. The graph will focus in on the time interval you choose in real time.

Clicking on the Delete icon in the top-right hand corner will erase all current oscillator log data.

Clicking on the Download arrow icon will download the latest oscillator log data as a .

csv file.

4.5.1.8

Monitoring the Status of Option Cards

SecureSync’s installed option cards can be monitored in real time through the

INTERFACES > OPTION CARDS drop-down menu. The menu will populate dynamically, depending on which option cards are installed.

Monitoring ALL Option Cards

To monitor all option cards, or a specific option card installed in your SecureSync:

292 CHAPTER 4 • SecureSync 2400 User Manual Rev. 2

1.

Navigate to INTERFACES , and click on OPTION CARDS :

4.5  Quality Management

2.

The resulting screen will display all installed option cards, and their current status.

You can drill down on any of the listed input references and outputs by clicking the

INFO button (for status information), or the GEAR button (to edit settings).

Monitoring a SPECIFIC Option Card

To monitor the status of a selected option card:

1.

Navigate to INTERFACES > OPTION CARDS , and click on a specific option card, or one of its indented input references, or outputs drop-down menu.

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2 293

4.5  Quality Management

2.

A window will display for the specific option you chose.

Via the GEAR button, INFO button, or Edit button you can access and edit more detailed settings.

4.5.1.9

NTP Status Monitoring

SecureSync's NTP Status Summary provides a means to monitor NTP status and performance parameters relevant to your SecureSync at a glance.

1.

To access the NTP Status Summary panel, navigate to MANAGEMENT >

NETWORK: NTP Setup .

294

2.

The NTP Status Summary panel is at the lower left of the screen. The panel contains the following information:

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2

4.5  Quality Management

Selected Ref —The reference SecureSync is currently using.

Stratum —This is the stratum level at which SecureSync is operating.

Leap Indicator —The leap indicator bits (usually 00). See

"Leap Second

Alert Notification" on page 177

.

Delay (ms) —The measured one-way delay between SecureSync and its selected reference.

Time Offset —This is a graphical representation of the system time offset over time. Clicking on this graph in the NTP Status Summary panel will open a window in the main panel containing a larger, more detailed view of the graph.

See

"The NTP Time Offset Performance Graph" below .

Offset (ms) —Displays the configured 1PPS offset values.

Frequency Offset —This is a graphical representation of the system frequency offset over time. Clicking on this graph in the NTP Status Summary panel will open a window in the main panel containing a larger, more detailed view of the graph. See

"The NTP Frequency Offset Performance Graph" on page 297 .

Jitter (ms) —Variance (in milliseconds) occurring in the reference input time

(from one poll to the next).

Jitter —This is a graphical representation of the system jitter over time. Clicking on this graph in the NTP Status Summary panel will open a window in the main panel containing a larger, more detailed view of the graph. See

"The

NTP Jitter Performance Graph" on page 298 .

Note: This panel is updated every 30 seconds, or upon clicking the browser refresh button.

The NTP Time Offset Performance Graph

To view the NTP Time Offset performance graph:

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2 295

4.5  Quality Management

1.

Navigate to MANAGEMENT > NETWORK: NTP Setup .

2.

In the NTP Status Summary panel locate the Time Offset graph.

3.

Click the graph in the NTP Status Summary panel.

4.

The NTP Performance Graph panel will appear.

296

5.

To select the statistics for a particular day, select a date from the drop-down list in the Select Day for Statistics field. The default date is the present date. Click Apply .

6.

To display a higher resolution graph for a shorter time span, move one or both time

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2

sliders at the bottom of the graph inwards.

4.5  Quality Management

The NTP Frequency Offset Performance Graph

To view the NTP Frequency Offset performance graph:

1.

Navigate to MANAGEMENT > NETWORK: NTP Setup .

2.

In the NTP Status Summary panel locate the Frequency Offset graph.

3.

Click the graph in the NTP Status Summary panel.

4.

The NTP Performance Graph panel will appear (the data may be displayed with a delay). The X-axis represents time, the Y-axis shows the frequency offset in partsper-million (PPM); e.g. 290 PPM is equivalent to .0290 percent.

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2 297

4.5  Quality Management

5.

To select the statistics for a particular day, select a date from the drop-down list in the Select Day for Statistics field (highlighted in green in the illustration above).

The default date is the present date. Click the Apply button.

To display a higher resolution graph of a shorter time frame, move one or both of the two sliders inwards.

The NTP Jitter Performance Graph

To view the NTP Jitter performance graph:

1.

Navigate to MANAGEMENT > NETWORK: NTP Setup screen.

2.

In the NTP Status Summary panel locate the Jitter graph.

298

3.

Click the graph in the NTP Status Summary panel.

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2

4.

The NTP Performance Graph panel will appear.

4.5  Quality Management

5.

To select the statistics for a particular day, select a date from the drop-down list in the Select Day for Statistics field. The default date is the present date. Click the

Apply button.

To display a higher resolution graph for a shorter time span, move one or both time sliders at the bottom of the graph inwards.

4.5.1.10

Temperature Management

SecureSync is equipped with one cooling fan, located behind the right-hand side of the front panel, and several hardware temperature sensors, including: the board temperature near the CPU the CPU temperature the air temperature near the oscillator .

Temperature readings are performed once per minute. The temperature data is logged, and can be visualized via graphs integrated into the Web UI. The temperature readings can also be used to control the fan. For details see below under Fan Control Feature .

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2 299

4.5  Quality Management

Temperature Monitoring

You can monitor the unit's measured temperatures actively by inspecting the temperature graphs in the Web UI, or passively by setting up automatic alarm messages.

Alarm notifications can be generated via SNMP Traps and Emails, as well as log messages in the Alarm and Event Logs. The alarms may optionally be masked.

Also, it is possible to implement a delay by setting the number of times the 1/minute readings need to exceed a temperature threshold before an alarm is triggered.

Monitoring CPU and Board Temperature

Current readings for Oscillator/Board/CPU Temperature are displayed in the System

Status panel, which can be accessed via the HOME screen, or via TOOLS > System Monitor .

CPU and Board Temperature graphs are displayed under TOOLS > System Monitor :

300

The graph for the Oscillator Temperature is displayed under MANAGEMENT > OTHER:

Disciplining :

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2

4.5  Quality Management

Temperature readings are subject to environmental conditions and hardware configuration e.g., oscillator type. Under normal operating conditions, all temperatures should remain fairly constant. Drastic changes may indicate e.g., a problem with the fan. Note that the oscillator temperature will have a direct impact on its accuracy, i.e. there is a strong correlation between disciplining performance and oscillator temperature.

Setting Temperature Monitoring Alarms

Navigate to MANAGEMENT > OTHER: Notifications . In the Events panel, select the System tab:

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2 301

4.5  Quality Management

302

Under the System tab, you can set Notifications for Minor and Major Alarms/Clearances.

The temperature readouts used for the Alarms are generated by the CPU temperature sensor .

Also, you can set the temperature threshold value for Minor/Major alarms, and define a retry value by determining how many readings (1/min.) the temperature must exceed the threshold value before an alarm/clearance is triggered.

The default temperature threshold value for both Minor, and Major Alarms is 100°C. With simultaneous alarm triggerings, the Major Alarm will override the Minor Alarm, i.e. you will be notified only about the Major Alarm. If you want to be notified early about a rise in temperature, a recommended setting for the Minor Alarm temperature would be 90°C. Please

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2

4.5  Quality Management note that it is not advisable to set the Major Alarm temperature to a value higher than

100°C.

Downloading Temperature Data

It is possible to download the temperature data e.g., to plot your own temperature graphs, or because Orolia Technical Support inquires about this data for diagnostic purposes in the event of technical problems.

To download the logged data used to generate the displayed graphs, navigate to any panel that displays one or more graphs (see above), and click on the Arrow icon in the top-right corner.

A file named systemMonitorLog.csv

file will be generated in your designated download folder.

Deleting Temperature Data

Temperature graphs (and other graphs as well) will display up to approximately 10000 readings, which are generated at a 1/min. rate, i.e. the data displayed covers about 7 days.

Thereafter, the oldest data gets overwritten.

To delete the logged data used to generate the displayed graphs, click the TRASH

CAN icon in the top-right corner of the panel.

Note that re-populating the graphs with fresh data will take several minutes.

Temperature Readout via CLI

Temperature data can be read out via the CLI using the i2cget command:

E X A M P L E : i2cget -y 0 0x4d <register> i2cget returns temperature in Celsius in hex format. No additional conversion required.

Further reading

See also:

"Troubleshooting the Cooling Fan" on page 331 .

4.5.2

Logs

SecureSync maintains different types of event logs (see below) to allow for traceability, and for record keeping. Should you ever require technical support from Orolia, you may be asked for a copy of your logs to facilitate remote diagnosis.

Logs stored internally are being kept automatically, while the storage of log files in a remote location has to be set up by the user.

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2 303

4.5  Quality Management

For each type of log, four 75 KB files are maintained internally on a revolving basis, i.e. the oldest file will be overwritten, as soon as all four files have filled up with event data. The life expectancy of a log file depends on the amount of data accumulating over time: Some types of logs will fill up within days, while others can take months until they have reached their maximum storage capacity.

You can delete logs at any time, see .

4.5.2.1

Types of Logs

SecureSync generates log files for the following event categories:

Alarms Log

Displays log entries for the Timing System, for example:

The Unit has Rebooted : SecureSync was either rebooted or power cycled.

In Holdover : Input references were available, but all input references have since been lost. If the references are not restored before the Holdover period expires, time sync will be lost.

No longer in Holdover : Input references were lost at one point (or declared not valid), but have since been restored OR the Input references were not restored before the Holdover period expired (Time Sync alarm is asserted).

In Sync : SecureSync is synchronized to its selected Time and 1PPS reference inputs.

Not In Sync : SecureSync is not synchronized to its Time and 1PPS inputs and is not currently in Holdover. NTP will indicate to the network that it is Stratum 15 and so the time server likely be ignored as a time reference.

Frequency Error : The oscillator’s frequency was measured and the frequency error was too large. Or, the frequency couldn’t be measured because a valid input reference was not available.

Reference change : SecureSync has selected a different Time and 1PPS input reference for synchronization. Either the previously selected input reference was declared not valid (or was lost), so a lower priority reference (as defined by the Reference Priority Setup table) is now selected for synchronization OR a valid reference with higher priority than the previous reference is now selected for synchronization.

E X A M P L E :

GNSS is the highest priority reference with IRIG input being a lower priority. SecureSync is synced to GNSS and so GNSS is the selected reference. The GNSS antenna is disconnected and

304 CHAPTER 4 • SecureSync 2400 User Manual Rev. 2

4.5  Quality Management

IRIG becomes the selected reference. The Reference change entry is added to this log.

Authentication Log

Displays log entries for authentication events (e.g., unsuccessful login attempts, an incorrectly entered password, etc.) that are made to SecureSync’s command line interfaces

(such as telnet, SSH, FTP, etc.).

Events Log

Displays log entries related to GNSS reception status changes, Sync/Holdover state changes, SNMP traps being sent, etc. Examples include:

Reference Change : SecureSync has switched from one input reference to another

(for example, IRIG was the selected input being used, but now GNSS is the selected reference).

GPS Antenna Problem : The GPS Antenna Problem alarm indicates the GNSS receiver has detected an over-current or undercurrent condition (an open or short exists in the GNSS antenna cable, or the GNSS antenna is not connected to

SecureSync). The receiver will attempt to continue the normal acquisition and tracking process regardless of the antenna status. The current draw measurements that will indicate an antenna problem are:

Under-current indication < 8 mA

Over-current indication > 80 mA

Note: This alarm condition will also be present if a GNSS antenna splitter that does not contain a load to simulate an antenna being present is being used.

GPS Antenna OK : The antenna coax cable was just connected or an open or short in the antenna cable was being detected but is no longer being detected.

Frequency Error : The oscillator’s frequency was measured and the frequency error was too large. Or, the frequency couldn’t be measured because a valid input reference was not available.

Frequency Error cleared : The Frequency Error alarm was asserted but was then cleared.

In Holdover : Input references were available, but all input references have since been lost. If the references are not restored before the Holdover period expires, time sync will be lost.

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2 305

4.5  Quality Management

No longer in Holdover : Input references were lost at one point (or declared not valid), but have since been restored OR the Input references were not restored before the Holdover period expired (Time Sync alarm is asserted).

In Sync : SecureSync is synchronized to its Time and 1PPS inputs.

Not In Sync : SecureSync is not synchronized to its Time and 1PPS inputs and is not currently in Holdover. NTP will indicate to the network that it is Stratum 15 and so the time server likely be ignored as a time reference.

Sending trap for event 1 (SNMPSAD) : An SNMP trap was sent by the SNMP agent to the SNMP Manager. The event number in this entry indicates which SNMP trap was sent.

The Unit has Rebooted : SecureSync was either rebooted or power cycled.

Journal Log

Displays log entries created for all configuration changes that have occurred (such as creating a new user account, for example).

NTP Log

The NTP log displays operational information about the NTP daemon, as well as NTP throughput statistics (e.g., packets/sec.). Examples for entries in this log include indications for when NTP was synchronized to its configured references (e.g., it became a Stratum 1 time server), as well as stratum level of the NTP references.

The NTP throughput statistics data can be utilized to calculate mean values and the standard deviation.

Example log entries include:

Synchronized to (IP address), stratum=1 : NTP is synchronizing to another

Stratum 1 NTP server.

ntp exiting on signal 15 : This log entry indicates NTP is now indicating to the network that it is a Stratum 15 time server because it is not synchronized to its selected reference.

Time reset xxxxx s : These entries indicate time corrections (in seconds) applied to

NTP.

No servers reachable : NTP cannot locate any of its configured NTP servers.

Synchronized to PPS(0), stratum=0 : NTP is synchronized using the PPS reference clock driver (which provides more stable NTP synchronization).

Oscillator Log

Displays log entries related to oscillator disciplining. Provides the calculated frequency error periodically while synchronizing to a reference.

306 CHAPTER 4 • SecureSync 2400 User Manual Rev. 2

4.5  Quality Management

GPS Qualification Log

If SecureSync is connected to a GNSS antenna and is tracking satellites, this log contains a running hourly count of the number of GNSS satellites tracked each hour. This history data can be used to determine if a GNSS reception problem exists and whether this is a continuous or intermittent reception issue.

GNSS reception may be displayed as cyclic in nature. A cyclic 12 hour pattern of decreased

GNSS reception typically indicates that the GNSS antenna has an obstructed view of the horizon. The GNSS satellites are in a 12-hour orbit, so if part of the sky is blocked by large obstructions, at the same time every day (at approximately 12 hour intervals), the GNSS reception may be reduced or may vanish altogether. If this occurs, the antenna should be relocated to afford it an unobstructed view of the sky.

Every hour (displayed in the log as UTC time), SecureSync counts the total number of satellites that were tracked during that hour. The GNSS qualification log shows the number of satellites that were tracked followed by the number of seconds that the particular number of satellites were tracked during the hour (3600 seconds indicates a full hour). The number to the left of the “=” sign indicates the number of satellites tracked and the number to the right of the “=” sign indicates the number of seconds (out of a total of 3600 seconds in an hour) that the unit was tracking that number of satellites. For example, “0=3600” indicates the unit was tracking 0 satellites for the entire hour, while “0=2700 1=900” indicates the unit was tracking one satellite for 900 seconds, but for the remaining portion of the hour it was tracking zero satellites.

Every hourly entry in the log also contains a quality value, represented by “Q= xxxx”

(where x can be any number from 0000 through 3600). The Qualification log records how many satellites were tracked over a given hour. If for every second of the hour a tracked satellite was in view, the Quality value will equal 3600. For every second SecureSync tracked less than the minimum number of satellites, the value will be less than 3600. The minimum requirement is one satellite at all times after the unit has completed the GNSS survey and indicates “Stationary”. A minimum of four satellites are required in order for the

GNSS survey to be initially completed.

If all entries in the qualification log are displayed as “0=3600”, a constant GNSS reception problem exists, so the cause of the reception issue is continuous. If the unit occasionally shows 0=3600 but at other times shows that 1 through 12 have numbers of other than

“0000”, the reception is intermittent, so the cause of the reception issue is intermittent. If the Quality value normally equals 3600 but drops to lower than 3600 about every 12 hours, the issue is likely caused by the GNSS antenna having an obstructed view of the sky.

E x a m p l e G P S Q u a l i f i c a t i o n L o g E n t r y :

6 = 151 7 = 1894 8 = 480 9 = 534 10 = 433 12 = 108 Q = 3600

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2 307

4.5  Quality Management

In this example, SecureSync tracked no less that 6 satellites for the entire hour. Out of the entire hour, it was tracking 6 satellites for a cumulative total of 151 seconds (not necessarily in a row). For the duration of the hour, it was tracking, 7, 8, 9, 10 and 12 satellites for a period of time. Because it was tracking at least at least one satellite for the entire hour, this

Quality value is Q=3600.

Note: If SecureSync is not connected to a GNSS antenna, this log will remain empty.

System Log

Displays log entries related to the Timing System events and daemon events (such as the

Alarms, Monitor, Notification, or SNMP daemons starting or stopping, etc.)

Timing Log

Displays log entries related to Input reference state changes (for example, IRIG input is not considered valid), antenna cable status. Examples include:

GR GR = GNSS Reference 1 antenna fault : The GNSS Antenna Problem alarm indicates the GNSS receiver has detected an over-current or undercurrent condition (an open or short exists in the GNSS antenna cable, or the GNSS antenna is not connected to SecureSync). The receiver will attempt to continue the normal acquisition and tracking process regardless of the antenna status.

GR antenna ok : The antenna coax cable was connected at this time or an open or short in the antenna cabling was occurring but is no longer being detected.

Update Log

Displays log entries related to software updates that have been performed.

4.5.2.2

The Logs Screen

The Logs Screen provides access to settings that apply to all logs.

To access the Logs Screen:

1.

Navigate to MANAGEMENT > OTHER : Log Configuration.

1

GR = GNSS Reference

308 CHAPTER 4 • SecureSync 2400 User Manual Rev. 2

2.

The Logs screen will appear, with several panels:

4.5  Quality Management

The Logs Actions panel

The Actions panel on the upper-left corner of the Logs screen allows you to perform batch actions on your logs:

Save and Download All Logs —Save and download all the logs on SecureSync.

Clear All Logs —Clear all the logs on SecureSync.

The Remote Log Server panel

The Remote Log Server panel, which is where you set up and manage logs on one or more remote locations. See also:

"Setting up a Remote Log Server" on page 311

The Logs Settings panel

The Settings panel allows you you change log settings for your product. These settings apply to all logs.

Persistence allows the unit to retain logs permanently.

When Persistence is ON [default] , your logs will be retained on the disk and will always be available for troubleshooting and informational purposes.

When Persistence is OFF, logs will be overwritten over time by the most recent information. Logs will also be removed upon reboot of the unit.

This setting will increase the disk lifetime by reducing the amount of permanently stored data.

The Local Logging panel

The Local Logging panel will control the local logging (logs stored directly on the unit) for each log individually.

Each log defaults to logging locally unless the user turns off the logging for a particular log directly.

To turn off local logging, simply switch the toggle to OFF in the Local Logging

Panel. See

"Types of Logs" on page 304

for information on each log type.

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2 309

4.5  Quality Management

4.5.2.3

Displaying Individual Logs

To access individual SecureSync logs:

1.

From the TOOLS drop-down menu, select the desired Logs category (for example,

“Alarms”, or “Events”) from the right-hand column.

4.5.2.4

Saving and Downloading Logs

The SecureSync Web UI offers a convenient way to save, bundle, and download all logs in one simple step. This feature may be useful when archiving logs, for example, or for troubleshooting technical problems: Orolia Technical Support/Customer Service may ask you to send them the bundled logs to remotely investigate a technical concern.

To save, bundle, and download all logs:

1.

Navigate to MANAGEMENT > OTHER: Log Configuration .

2.

On the left side of the screen, in the Actions panel, click on the Save and Download All Logs button.

310

3.

Select the log bundle save locaion. The file name is logs.tar.gz

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2

4.5  Quality Management

4.

If so asked by Orolia Technical Support, attach the bundled log files (typically together with the oscillator status log, see:

"Saving and Downloading the Oscillator

Log" below

) to your email addressed to OroliaTechnical Support.

Saving and Downloading the Oscillator Log

The oscillator status log captures oscillator performance data, such as frequency error and phase error. The data can be retrieved as a comma-separated .csv file that can be read and edited with a spreadsheet software, such as Microsoft Excel ® . You may want to review and/or keep this data for your own records, or you may be asked by Orolia Technical Support to download and send the oscillator status log in the event of technical problems.

To download the oscillator status log:

1.

Navigate to MANAGEMENT > OTHER: Disciplining .

2.

Click on the ARROW icon in the top-right corner of the screen. Save the .csv file to your computer.

3.

If so asked by Spectracom Technical Support, attach the oscillator status log file (typically together with the bundled SecureSync log files, see:

"Saving and Downloading

Logs" on the previous page ) to your email addressed to Orolia Technical Support.

4.5.2.5

Setting up a Remote Log Server

Storing log files on a remote log server supports advanced logging functionality.

Adding a remote log server:

1.

Navigate to MANAGEMENT > OTHER: Log Configuration.

2.

In the Remote Log Servers panel, click on the PLUS icon in the top-right corner of the panel. The Remote Log Server window displays.

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2 311

4.5  Quality Management

312

3.

In the Remote Server Setup tab, enter the IP address or host server name (e.g.,

“MyDomain.com”) you want to use as a remote log server under Log Server

Address.

4.

Fill out your desired Log Server Port.

5.

Select your Log Server Protocol [UDP, TCP].

6.

In the Log Forwarding Setup tab, click the checkbox of each type of Log File to be used by your remote log server. You can also select the Facility and Severity of the message.

7.

Click the Submit button.

8.

Your remote log server will appear in the Remote Log Server panel.

Changing or deleting a remote log server:

1.

Navigate to MANAGEMENT > OTHER: Log Configuration .

2.

In the Remote Log Server panel locate the remote server you wish to change or delete.

3.

Choose the X button to delete the remote log server. Confirm by clicking OK in the message window.

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2

4.6  Updates and Licenses

—OR—

3.

In the Remote Log Server panel, click the GEAR button to edit the remote log server. Type in a new IP address, for instance, or select new logs to be configured.

4.5.2.6

Clearing All Logs

Note: Authentication logs cannot be cleared.

All local logs in the home/spectracom directory will be logged. Other logs e.g., located on

Syslog Servers, must be maintained by the user.

To clear all locally stored log files:

1.

Navigate to MANAGEMENT > OTHER: Log Configuration .

2.

In the Actions panel, click Clear All Logs :

3.

In the grey confirmation window, click OK .

4.6

Updates and Licenses

4.6.1

Software Updates

Orolia periodically releases new versions of software for SecureSync. These updates 1 are offered for free and made available for download from the Orolia website. If you register your product, you will be notified of software updates.

To carry out a software update:

1 The terms update and upgrade are both used throughout Orolia technical literature, as software releases may include fixes and enhancements, as well as new features.

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2 313

4.6  Updates and Licenses

1.

In the Web UI, navigate to Tools > Upgrade/Backup .

2.

Determine your System software version in the System Configuration panel: Proceed to the next step if it is lower than the software version you plan on installing.

3.

Free up disk space, if needed:

Under Tools > Upgrade/Backup > Disk Status , check Percent Used : If the number is greater than 70% , free up disk space.

(NOTE: If required, existing logs can be archived; for details see

"Saving and Downloading Logs" on page 310 .)

To free up disk space: a.

Delete old log files: Tools > Upgrade/Backup > Disk Status > Clear All

Logs .

b.

Delete old statistics files: [~] > Clear All Stats .

c.

Delete previous Upgrade files: Tools > Upgrade/Backup > Actions >

Update System > Delete Upgrade File (s). Note that Delete Upgrade File and Update System cannot be selected at the same time.

4.

Download the latest upgrade software bundle from the Orolia website onto your PC.

5.

Perform the actual upgrade by navigating to TOOLS > Upgrade/Backup >

Actions : Update System Software . Upload the upgrade software bundle previously downloaded onto your PC ( updateXYZ.tar.gz

).

Once you have uploaded the software bundle, the following checkbox options will be presented:

Remove software bundle : Cancel the upgrade, and remove the uploaded software bundle from the system.

Perform update : Perform the software upgrade.

Perform clean update : Factory settings will be applied during the upgrade; any custom settings you may have applied previously will be overwritten! This also includes the unit's static IP address (if you applied one): it will be replaced by the default DHCP address (i.e., 0.0.0.0.) Also note that the browser session will terminate: After reconfiguring the unit's IP address, you will need to login to the Web UI in a new browser session.

6.

Click Submit to carry out the update. A progress bar will provide real-time status information:

314 CHAPTER 4 • SecureSync 2400 User Manual Rev. 2

4.6  Updates and Licenses

7.

Verify that the update was successful: Navigate to Tools > Upgrade/Backup , and confirm the new SW version in the System Configuration panel.

Note: Should you use DHCP, a new IP address may be assigned to your unit, and you may have to point your web browser to it.

Note: In the event that the update failed, see

"Troubleshooting Software

Update" on page 332 .

4.6.2

Applying a License File

Software options must be activated by applying a license file (OPT-xyz):

Typically, SecureSync units are shipped with the license file pre-installed, reflecting the system configuration as ordered. If, however, a feature is to be activated after delivery of the

SecureSync unit, please contact your local Orolia Sales Office first to have a license file generated. License files are archive files with a tar.gz

extension. One license file may contain multiple licenses for multiple products.

To apply the license file, you need to upload it into your SecureSync unit and install it:

1.

Save the license file license.tar.gz

to a location on your PC (which needs to be connected to the same network SecureSync is.)

2.

Open the SecureSync Web UI, and navigate to Tools > Upgrade/Backup :

3.

In the Actions panel, click Apply License File .

4.

In the Apply License File window, click Upload New File .

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2 315

4.7  Backing-up and Restoring Configuration Files

5.

In the Upload File window, click Choose File . Using the Explorer window, navigate to the location mentioned under the first step, select the license file, and monitor the installation progress in the Status Upgrade window until the application has rebooted.

6.

Refresh the browser window, and login to the Web UI again. Re-navigate to Tools >

Upgrade/Backup , and confirm that the newly installed Option is listed in the System Configuration panel.

4.7

Backing-up and Restoring Configuration Files

Once SecureSync has been configured, it may be desired to back up the configuration files to a PC for off-unit storage. If necessary in the future, the original configuration of the

SecureSync can then be restored into the same unit.

The capability to backup and restore configurations also adds the ability to “clone” multiple

SecureSync units with similar settings. Once one SecureSync unit has been configured as desired, configurations that are not specific to each unit (such as NTP settings, log configs, etc.) can be backed up and loaded onto another SecureSync unit for duplicate configurations.

There are several configuration files that are bundled in one file for ease of handling.

Note: For security reasons, configurations relating to security of the product, such as SSH/SSL certificates, cannot be backed up to a PC.

4.7.1

Accessing the System Configuration Screen

The System Configuration Screen provides comprehensive information about hardware and software status. To access the System Configuration screen:

316 CHAPTER 4 • SecureSync 2400 User Manual Rev. 2

4.7  Backing-up and Restoring Configuration Files

1.

Navigate to TOOLS > SYSTEM: Upgrade/Backup .

2.

The System Configuration screen will display:

The System Configuration screen consists of 5 panels:

The Actions panel

The Actions panel is used for updating the system software, managing license files, saving and restoring the configuration files, and restoring the factory defaults.

The System Configuration panel

The System Configuration panel provides the following information:

System —The model name of this unit, and the software version currently installed.

Model —The model number of this unit.

Serial Number —The serial number of this unit.

Oscillator —The type of internal timing oscillator installed in this unit.

Timing Processor —The timing processor in use with this unit.

GNSS Receiver —The GNSS receiver in use with this unit.

HW Slots 1–6 —The Option Cards installed in this unit.

Option —The optional features also included on this unit.

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2 317

4.7  Backing-up and Restoring Configuration Files

The Upgrade Log panel

The upgrade log is a running log of system upgrades, used for historical and troubleshooting purposes. It can be expanded by clicking on the DIAGONAL ARROWS icon in the topright corner:

318

Each log entry is comprised of a unique ID, the date the entry was created, the originator of the entry, and the actual message. Refresh the log by clicking the CIRCLE ARROWS icon in the top- right corner. Go to the First, Last, or Previous entries by clicking the corresponding buttons in the bottom-right corner.

The Disk Status panel

The Disk Status panel provides information on the memory usage. This information is relevant for troubleshooting purposes, and when preparing the system for a software update.

The Software Versions panel

This panel provides version information on the different SW components utilized by the system.

4.7.2

Saving the System Configuration Files

To save (back up) the system configuration files:

1.

Navigate to TOOLS > SYSTEM: Upgrade/Backup .

2.

In the Actions panel, click the Save Configuration button.

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2

4.7  Backing-up and Restoring Configuration Files

3.

Click OK in the grey confirmation window that displays.

4.

Save the configuration file to a directory where it will be safe. SecureSync simultaneously saves a file at

/home/spectracom/xfer/config/config.tar

.

4.7.3

Uploading Configuration Files

To upload configuration files from a PC:

1.

Navigate to TOOLS > SYSTEM: Upgrade/Backup .

2.

In the Actions panel, click the Upload Configuration button.

3.

Click Choose File in the window that displays, and navigate to the directory on your

PC where the bundled file is stored.

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2 319

4.7  Backing-up and Restoring Configuration Files

4.

Click the Upload button. SecureSync saves the uploaded bundled file in the

/home/spectracom/xfer/config/ directory.

Note: When uploading files remotely via long distances, or when uploading multiple files via several browser windows simultaneously, the upload process may fail to complete. In this case, cancel the upload by clicking X, and go back to Step 2.

5.

To use the new configuration file for this SecureSync, click the Restore Configuration button, and follow the procedure described under

"Restoring the System Configuration" below

.

4.7.4

Restoring the System Configuration

To restore the System Configuration:

1.

Navigate to TOOLS > SYSTEM: Upgrade/Backup .

2.

In the Actions panel, click Restore Configuration .

320

3.

Click OK in the grey confirmation window. The system will restore the configuration using the bundled file stored at

/home/spectracom/xfer/config/

SecureSync

.conf

, then reboot in order to read the new configuration file. Once powered back up, SecureSync will be configured with the previously stored file.

4.7.5

Restoring the Factory Defaults

For instructions on how to restore the SecureSync's configuration files to their factory default settings see

"Resetting All Configurations to their Factory Defaults" on the facing page

.

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2

4.7  Backing-up and Restoring Configuration Files

4.7.6

Resetting the Unit to Factory Configuration

In certain situations, it may be desired to reset all SecureSync configurations back to the factory default configuration. The GNSS location, any SecureSync configurations and the locally stored log files can be cleared via the Web UI.

Caution: It is not possible to clear the Authentication logs.

Note: Restoring configurations (reloading a saved configuration), erasing the stored GNSS location and clearing the log files are separate processes.

You may restore one without restoring the others.

If SecureSync was assigned a static IP address before cleaning the configurations, it will be reset to DHCP after the clean has been performed. If no DHCP server is available after the clean operation, the static IP address will need to be manually reconfigured.

4.7.6.1

Resetting All Configurations to their Factory Defaults

To restore the configuration files to their factory defaults:

1.

Navigate to TOOLS > SYSTEM: Upgrade/Backup .

2.

In the Actions panel, click the Restore Factory Defaults (Clear) button.

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2 321

4.7  Backing-up and Restoring Configuration Files

3.

In the Factory Restore Options panel, choose your options for the restore:

322

Clear All Logs erases all logs

Clear All Stats will clear NTP stats, PTP stats, and all database tables

Clear Configuration clears any user configuration, including network settings

Reboot restarts the unit after the clear.

Halt puts the unit in a halted stated after performing the clear.

4.

Click on Submit to finalize the commands.

4.7.7

Default and Recommended Configurations

The factory default configuration settings were chosen for ease of initial setup. However, some of the default settings may deviate from best practices recommendations. The following table outlines the differences between factory default and recommended configuration settings for your consideration:

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2

4.7  Backing-up and Restoring Configuration Files

Table 4-1: Default and recommended configurations

Feature Default Setting Recommended Setting

Where to

Configure

HTTP Enabled Disabled

Disabled or Enabled (with SNMP v3 w/ encryption*)

Web UI or

CLI

HTTPS Enabled (using customer-generated certificate and key or default Spectracom self-signed certificate and common public/private key SSH/SCP/SFTP enabled with unit unique 1024-bit keys)

Web UI

SNMP Enabled Web UI

NTP Enabled (with no MD5 values entered)

Daytime

Protocol

Enabled

Time

Protocol

Enabled

Enabled (use MD5 authentication with user-defined keys)

Web UI

Disabled Web UI

Disabled

Command Line Interface

Web UI

Serial

Port

Available

Telnet Disabled

SSH Enabled (default private keys provided)

Available

Disabled (use SSH instead)

Enabled n/a

Web UI

Web UI

SCP

SFTP

Available

Available

File Transfer

Disabled (use SFTP or SCP)

Disabled (use SFTP or SCP)

Web UI

Web UI

* Orolia recommends that secure clients use only SNMPv3 with authentication for secure installations.

CHAPTER 4 • SecureSync 2400 User Manual Rev. 2 323

4.7  Backing-up and Restoring Configuration Files

BLANK PAGE.

324 CHAPTER 4 • SecureSync 2400 User Manual Rev. 2

Appendix

The following topics are included in this Chapter:

5.1 Troubleshooting

5.2 Option Cards

5.3 Command-Line Interface

5.4 Time Code Data Formats

5.5 IRIG Standards and Specifications

5.6 Technical Support

5.7 Return Shipments

5.8 List of Tables

5.9 List of Images

5.10 Document Revision History

326

333

513

519

546

563

564

564

566

568

SecureSync 2400 User Manual • APPENDIX 325

APPENDIX

5.1

Troubleshooting

The Web UI provide SecureSync status information that can be used to help troubleshoot failure symptoms that may occur.

5.1.1

Minor and Major Alarms

Minor Alarm

There are several conditions that can cause the Web UI status lights to indicate a Minor alarm has been asserted. These conditions include:

Too few GPS satellites, 1st threshold : The GNSS receiver has been tracking less than the minimum number of satellites for too long of a duration. Refer to

"Troubleshooting GNSS Reception" on page 329

for information on troubleshooting GNSS reception issues.

Major Alarm

There are several conditions that can cause the Web UI status lights to indicate a Major alarm has been asserted. These conditions include:

Frequency error : Indicates a jump in the oscillator’s output frequency has been detected. Contact Tech Support for additional information.

1PPS is not in specification : The 1PPS input reference is either not present or is not qualified.

Not In Sync : A Major alarm is asserted when the Timing System is not in sync (Input references are not available and the unit is not in Holdover). Examples of not being synced include:

When the Timing System has just booted-up and has not yet synced to a reference.

When all input references were lost and Holdover Mode has since expired.

Timing System Error : A problem has occurred in the Timing System. Contact Orolia technical support if the error continues.

5.1.2

Troubleshooting: System Configuration

One of the first tasks when troubleshooting a unit is to read out the current system configuration (you may also be asked for this when contacting Orolia Technical Support.)

326 SecureSync 2400 User Manual

APPENDIX

Select TOOLS > Upgrade/Backup : The screen displayed will provide information on:

System configuration

Disk status, memory status

Software versions, and

Recent log entries.

5.1.2.1

System Troubleshooting: Browser Support

Orolia recommends using one of the following Web browsers to run the

SecureSyncWeb UI on: Google Chrome, Mozilla Firefox, Internet Explorer > Ver. 8.

Using different or older browsers may lead to some incompatibility issues.

5.1.3

Troubleshooting – Unable to Open Web UI

With SecureSync connected to either a stand-alone or networked PC and with the network configuration correct, it should be possible to connect to the Web UI.

5.1.4

Troubleshooting via Web UI Status Page

SecureSync’s Web UI includes pages that provide current “remote” status information about SecureSync. The following table includes information that can be used as a troubleshooting guidance if status fault indications or conditions occur.

SecureSync 2400 User Manual 327

APPENDIX

Table 5-1: Troubleshooting using the Web UI Status indications

Web UI Page location

Current Status Indication Troubleshooting

HOME page, System Status panel,

Status row

SYNC indicator is not

“lit” (not Green).HOLD

indicator is “lit”

(Orange).—OR—FAULT indicator is “lit” (Red).

Below the System Status panel there is an Out of

Sync alarm statement

MANAGEMENT/

NTP Setup page

Stratum 15

NTP Status Summary panel

Stratum row

SecureSync is in Holdover mode—OR—

SecureSync is now out of

Time Sync

All available Input References have been lost. The Reference Status table on the HOME page will show the current status of all inputs

(Green is valid and Red is invalid or not present).

1. Make sure the Input Reference Priority table still has the desired reference inputs Enabled, based on the desired priority. See

Input Reference Priorities" on page 184

.

"Configuring

2. Make sure the desired input references are still connected to the correct input port of SecureSync.

3. Verify GNSS antenna installation

(if applicable). See

ing GNSS Reception" on the facing page

.

"Troubleshoot-

NTP is not synchronized to its available input references

(SecureSync may have been in Holdover mode, but Holdover has since expired without the return of valid inputs)

Note: If SecureSync was just recently powered-up or rebooted and input references are applied, no troubleshooting may be necessary.

Allow at least 10-20 minutes for the input references to be declared valid and NTP to align to the System

Time (allow an additional 35-40 minutes for a new install with GNSS input).

1. Verify in the Configure Reference

Priorities table that all available references enabled. See

"Configuring Input Reference

Priorities" on page 184

.

2. Verify that the Reference Status on the HOME page shows “OK”

(Green) for all available references.

3. Verify NTP is enabled and configured correctly. See

ence Configuration" on page 102

.

"NTP Refer-

328 SecureSync 2400 User Manual

APPENDIX

Web UI Page location

Current Status

MANAGEMENT/

NETWORK page

Cannot login or access the Web UI.

Indication Troubleshooting

The following error message is displayed:

“Forbidden

You don’t have permission to access/ on this server”

This message is displayed when any value has been added to the Network Access Rules table and your

PC is not listed in the table as an

Allow From IP address. To restore access to the Web UI, either

1. Login from a PC that is listed as an

Allow From in this table; or

2. If it is unknown what PCs have been listed in the Access table, perform an unrestrict command to remove all entries from the Network Access Rules table. This will allow all PCs to be able to access the

Web UI.

5.1.5

Troubleshooting GNSS Reception

If SecureSync reports GPS, Holdover, and/or Time Sync Alarms caused by insufficient

GNSS reception:

When a GNSS receiver is installed in SecureSync, a GNSS antenna can be connected to the rear panel antenna connector via a coax cable to allow it to track several satellites in order for GNSS to be an available input reference. Many factors can prevent the ability for the GNSS receiver to be able to track the minimum number of satellites.

With the GNSS antenna installed outdoors, with a good view of the sky (the view of the sky is not being blocked by obstructions), SecureSync will typically track between 5-10 satellites (the maximum possible is 12 satellites). If the antenna’s view of the sky is hindered, or if there is a problem with the GNSS antenna installation, the GNSS receiver may only be able to a few satellites or may not be able to track any satellites at all.

When GNSS is a configured time or 1PPS input reference, if the GNSS receiver is unable to continuously track at least four satellites (until the initial GNSS survey has been completed) or at least one satellite thereafter, the GNSS signal will not be considered valid. If no other inputs are enabled and available, SecureSync may not initially be able to go into time sync. Or, if GNSS reception is subsequently lost after initially achieving time sync,

SecureSync will go into the Holdover mode. If GNSS reception is not restored before the

Holdover period expires (and no other input references become available) SecureSync will go out of sync. The GNSS reception issue needs to be troubleshot in order to regain time sync.

SecureSync 2400 User Manual 329

APPENDIX

For additional information on troubleshooting GNSS reception issues with SecureSync, please refer to the GNSS Reception Troubleshooting Guide , available

here

on the Orolia website.

5.1.6

Troubleshooting – Outputs

If the 1PPS from the DCLS OUT BNC connector and/or the 15-pin multi-I/O connector outputs are not present, input power may not be applied. Or SecureSync is not synchronized to its input references and Signature Control is enabled.

Table 5-2: Troubleshooting outputs not being present

Web UI Page

HOME page

Navigate to

INTERFACES/OUTPUTS page

Current Status

Reference

Status Table

Select the Outputs screen.

Indication Troubleshooting

One or more input references indicate “Not Valid”

(red)

Signature Control will show

"Output Always

Enabled",

"Output

Enabled in Holdover",

"Output Disabled in Holdover" or

"Output Always

Disabled".

All available Input References have been lost. The Reference Status table on this same page will show the current status of all inputs

(Green is valid and red is not valid, or not present). If Signature Control is enabled in this state, the output may be disabled.

1. Make sure the Input Reference Priority table still has the desired inputs enabled, based on desired priority.

2. Make sure desired input references are still connected to the correct input port of SecureSync.

3. Verify GNSS antenna installation

(if applicable).

1. With "Output Always Enabled" selected, the selected output will be present no matter the current synchronization state.2. Any other configured value will cause the applicable output to be halted if

SecureSync is not fully synchronized with its input references.

330 SecureSync 2400 User Manual

APPENDIX

5.1.7

Troubleshooting the Serial Port

The front panel or rear panel serial port can be used for SecureSync configuration or to obtain select data. The serial port is a standard DB9 female port. Communication with this port is via a standard DB9 F to DB9M serial cable (minimum pinout is pin 2 to 2, pin 3 to 3 and pin 5 to 5) connected to a PC running a terminal emulator program such as Tera Term or Microsoft HyperTerminal. The port settings of the terminal emulator should be configured as 115200, N, 8, 1 (flow control setting does not matter).

If the terminal emulator program does not display any data when the keyboard <Enter> key is pressed, either SecureSync is not powered up or there is a problem with the connection between SecureSync and the PC.

Using a multimeter, ring out the pins from one end of the serial cable to the other. Verify the cable is pinned as a straight-thru serial cable (pin 2 to 2, pin 3 to 3 and pin 5 to 5) and not as a null-modem or other pin-out configuration.

Disconnect the serial cable from SecureSync. Then, jumper (using a wire, paperclip or car key, etc.) pins 2 and 3 of the serial cable together while pressing any character on the PC’s keyboard. The character typed should be displayed on the monitor. If the typed character is not displayed, there is a problem with either the serial cable or with the serial COM port of the PC.

Refer to

"Setting up a Terminal Emulator" on page 513

for more information on using a terminal emulator software to communicate with SecureSync via serial port.

5.1.8

Troubleshooting the Cooling Fan

The cooling fan (located on the front panel, to the right of the LED time display) is a temperature controlled cooling fan. Temperature sensor(s) determine when the cooling fan needs to turn on and off. It is normal operation for the cooling fan to not operate the entire time SecureSync is running. It may be turned off for long periods at a time, depending on the ambient and internal temperatures.

To verify the cooling fan is still operational, power cycle SecureSync unit .

Note: If the internal temperature in the unit is below 30 degrees Celsius, the fan may not turn on as part of the power-up sequence. In this case, it is recommended to let the unit “warm up” for approximately 30 minutes, in order to allow the unit to get to the appropriate temperature.

See also:

"Temperature Management" on page 299

SecureSync 2400 User Manual 331

APPENDIX

5.1.9

Troubleshooting – Network PCs Cannot Sync

In order for clients on the network to be able to sync to SecureSync, several requirements must be met:

1.

The PC(s) must be routable to SecureSync. Make sure you can access SecureSync

Web UI from a PC that is not syncing. If the PC cannot access the Web UI, a network issue likely exists. Verify the network configuration.

2.

The network clients have to be configured to synchronize to SecureSync's address.

For additional information on syncing Windows PC's, see

https://www.orolia.com/documents/synchronizing-windows-computers

.

The last section of this document also contains troubleshooting assistance for Windows synchronization. For UNIX/Linux computer synchronization, please visit

http://www.ntp.org/

.

3.

If at least one PC can sync to SecureSync, the issue is likely not with SecureSync itself. The only SecureSync configurations that can prevent certain PCs from syncing to the time server are the NTP Access table and MD5 authentication. See

"Configuring NTP Symmetric Keys" on page 111 . A network or PC issue likely exists.

A firewall may be blocking Port 123 (NTP traffic), for example.

4.

NTP in SecureSync must be “in sync” and at a higher Stratum level than Stratum 15

(such as Stratum 1 or 2, for example). This requires SecureSync to be either synced to its input references or in Holdover mode. Verify the current NTP stratum level and the sync status.

5.1.10

Troubleshooting Software Update

When experiencing slow data transmission rates, or other network issues, it may be possible that a system software update will be aborted due to a web server timeout during the transfer.

In such an event, the Upload New File window will disappear, and the Upgrade System

Software window will be displayed again instead.

Should this happen repeatedly, you can transfer the update file using a file transfer protocol such as scp, sftp or ftp, if security is not a concern. The update can then be initiated from the Web UI or Command Line.

Disk Status: In the event of an aborted update process, under Tools >

Upgrade/Backup > Disk Status , check Percent Used : If the number is greater than 70% , free up disk space, before starting another attempt to update the System

Software.

332 SecureSync 2400 User Manual

APPENDIX

5.2

Option Cards

This Chapter lists all option cards currently available, their features, specifications, and how to configure them via the Web UI.

5.2.1

Accessing Option Cards Settings via the Web UI

The topics below describe Web UI functionality that is common to all Option Cards.

5.2.1.1

Web UI Navigation: Option Cards

Figure 5-1: Option card navigation

To view or edit option card settings in the SecureSync Web UI (see also image above):

SecureSync 2400 User Manual 333

APPENDIX

Status Summary panel

Under INTERFACES > OPTION CARDS , clicking the superordinate list entry will open the Status Summary panel , which provides a status overview, as well as access to the Status window and the Edit window .

Status window

Under INTERFACES > OPTION CARDS , clicking subordinate (indented) entries will open the Status window , providing detailed option card status information.

Edit window

To edit option card settings, either click the Edit button in the lower-left corner of the Status window , or click the GEAR button in the Status Summary panel : The

Edit window will open.

5.2.1.2

Viewing Input/Output Configuration Settings

The configurable settings of any SecureSync input or output interface can be viewed in its

Status window. The Status window can be accessed in several ways; the procedure below describes the standard way:

1.

Identify the name of the option card, (e.g., PPS OUT, 4-BNC ) and the name of the input or output you want to configure (e.g., PPS Output 1 ).

Note: If you have only one input or output of any type, SecureSync will number that input or output 0. Additional inputs or outputs will be numbered 1 or above.

2.

Navigate to INTERFACES > OPTION CARDS , and click the list entry of the option card identified above. The option card’s Status Summary panel opens:

334 SecureSync 2400 User Manual

APPENDIX

3.

Click on the INFO button next to the input or output whose settings you wish to review. The Status window will open:

4.

If you want to change any of the settings shown in the Status window, click the Edit button in the bottom-left corner. The Edit window will open:

5.

Information about the configurable settings can be found in the corresponding option card section, see

"Option cards listed by their ID number" on page 19

.

SecureSync 2400 User Manual 335

APPENDIX

5.2.1.3

Configuring Option Card Inputs/Outputs

The configurable settings of any SecureSync input or output interface are accessible through the Edit window of the option card to which the input or output belongs. The Edit window can be accessed in several ways; the procedure below describes the standard way:

1.

Identify the name of the card, (e.g., PPS OUT, 4-BNC ), and verify the name of the input or output you want to configure (e.g., PPS Output 1 ).

Note: If you have only one input or output of any type, SecureSync will number that input or output 0. Additional inputs or outputs will be numbered 1 or above.

2.

Navigate to the INTERFACES > OPTION CARDS drop-down menu, and click the list entry of the option card identified above. The option card’s Status Summary panel opens:

3.

Click on the GEAR button next to the input or output you wish to configure (as verified in Step 1 of this procedure). The Edit window of the input or output opens:

336 SecureSync 2400 User Manual

APPENDIX

4.

Information about the configurable settings can be found in the corresponding option card section, see

"Option cards listed by their ID number" on page 19

.

5.2.1.4

Viewing an Input/Output Signal State

To view if an input or output is currently enabled or disabled, go to the option card’s Status

Summary panel:

1.

Identify the name of the option card, (e.g., PPS OUT, 4-BNC ), and the name of the input or output you want to configure (e.g., PPS Output 1 ).

Note: If you have only one input or output of any type, SecureSync will number that input or output 0. Additional inputs or outputs will be numbered 1 or above.

2.

Navigate to the INTERFACES > OPTION CARDS drop-down menu, and click the list entry of the option card identified above. The option card’s Status Summary panel opens:

All the inputs and/or outputs of this option card are listed in the Status Summary panel.

In accordance with the Signature Control setting, and the Lock Status, the current signal state for an output is indicated as:

ENABLED (green); or

DISABLED (orange)

The current state of an input signal is indicated as:

SecureSync 2400 User Manual 337

APPENDIX

VALID (in green); or

INVALID (in red)

The Status Summary panel will be refreshed automatically every 30 seconds. Click the

Refresh button (circling arrows) on the right to refresh the status instantaneously. A slight refreshment delay is normal (the duration depends on the configuration of your system.)

5.2.1.5

Verifying the Validity of an Input Signal

The HOME page of the SecureSync Web UI provides quick access to the status of all inputs via its Reference Status panel.

338

If an INPUT is not present , or not valid, and qualified , the 1PPS Validity and Time Validity fields will be “ Not Valid ” (orange).

If an INPUT is present , and the signal is considered valid, and qualified , the two indicators will then turn “ Valid ” (Green).

SecureSync 2400 User Manual

APPENDIX

5.2.2

Option Card Field Installation Instructions

Typically, SecureSync units are shipped with custom-ordered option cards pre-installed at the factory. In the event that an option card is purchased at a later time, you need to install it yourself, following the instructions below.

5.2.2.1

Field Installation: Introduction

SecureSync time and frequency synchronization system offers customizability and expandability via the addition of a range of modular option cards. Up to 6 option cards (depending on your unit specifications) can be accommodated to offer not only synchronization to a variety of input references, but also numerous types of output signals, supporting an extensive number of traditional and contemporary timing protocols including: digital and analog timing and frequency signals (1PPS, 1MHz/5MHz/10 MHz) timecodes (IRIG, STANAG, ASCII) high accuracy and precision network timing (NTP, PTP) telecom timing (T1/E1), and more.

Note: The installation procedure varies, depending on the type of option card and the installation location to be installed.

5.2.2.2

Outline of the Installation Procedure

The general steps necessary for installing SecureSync option cards are as follows:

1.

If adding or removing option cards that provide a reference, optionally backup your

SecureSync configuration (refer to

"[2]: Saving Refererence Priority Configuration" on page 341 , if applicable to your scenario or environment.)

2.

Safely power down the SecureSync unit and remove the top cover of the main chassis (housing).

SecureSync 2400 User Manual 339

APPENDIX

DANGER!

SecureSync does not have an ON/OFF switch. It is necessary to unplug the machine to remove power!

Caution: NEVER install an option card from the rear of the unit,

ALWAYS from the top, after removing the chassis cover.

3.

Select one of the unused Slots as installation location for the new card. The chosen

Slot determine s the installation procedure (see

"[3]: Determining the Installation

Procedure" on page 342 ).

4.

Prepare slot (if required), and plug card into the slot.

5.

Connect any required cables and secure option card into place.

6.

Replace chassis cover, power on unit.

7.

Log in to the SecureSync web interface; verify the installed card is identified.

8.

Restore SecureSync configuration (if it had been backed up before, see above).

5.2.2.3

Safety

Before beginning any type of option card installation, please carefully read the safety statements and precautions under

"SAFETY" on page 39 .

5.2.2.4

[1]: Unpacking

On receipt of materials, unpack and inspect the contents and accessories (retain all original packaging for use in return shipments, if necessary).

The following additional items are included with the ancillary kit for the field installation of option card(s). Some of the parts listed below will be required for the installation (depending upon option card model, and installation location).

340 SecureSync 2400 User Manual

APPENDIX

Table 5-3: Parts list, Ancillary Kit [1204-0000-0700]

Item Quant.

Part Number

50-pin ribbon cable

Washer, flat, alum., #4,  .125 thick

Screw, M3-5, 18-8SS, 4 mm, thread lock 5

Standoff, M3 x 18 mm, hex, M-F, Zinc-pl. brass 2

1

2

Standoff, M3 x 12 mm, hex, M-F, Zinc-pl. brass 1

Cable tie 2

CA20R-R200-0R21

H032-0440-0002

HM11R-03R5-0004

HM50R-03R5-0018

HM50R-03R5-0012

MP00000

In addition to the parts supplied with your option card ancillary kit, you will need a #1 Philips head screwdriver, and may need a cable tie clipper and 6mm hex wrench.

5.2.2.5

[2]: Saving Refererence Priority Configuration

Note: This step is optional .

When adding or removing option cards with reference inputs such as IRIG Input, ASCII

Timecode Input, etc., any user-defined Reference Priority configuration will be reset back to the factory default. This means that you will need to re-configure the Reference Priority table at the end of the installation procedure.

To avoid this manual re-configuration, you can save your configuration: For instructions, see

"Saving the System Configuration Files" on page 318

.

Saving the System Configuration Files

To save (back up) the system configuration files:

1.

Navigate to TOOLS > SYSTEM: Upgrade/Backup .

2.

In the Actions panel, click the Save Configuration button.

SecureSync 2400 User Manual 341

APPENDIX

342

3.

Click OK in the grey confirmation window that displays.

4.

Save the configuration file to a directory where it will be safe.

Note: The Reference Priority configuration must be saved BEFORE beginning with the hardware installation.

After completion of the hardware installation, the Reference Priority configuration needs to be restored; see STEP [9].

5.2.2.6

[3]: Determining the Installation Procedure

The installation procedure for option cards varies, depending on: i.

option card model ii.

installation slot chosen by you, and iii.

for upper slots only: if the bottom slot is used or not.

Determining the correct installation procedure

a.

Identify the last two digits of the part number of your option card (see label on bag).

b.

Inspect the back of the SecureSync housing, and select an empty slot for the new card. If the card is to be installed in one of the upper slots (4, or 6), take note if the

SecureSync 2400 User Manual

APPENDIX corresponding lower slot (3 or 5) is occupied.

Slots 1 and 2 always have an occupied slot below them.

Units must be equipped with an Extension Board to fill option card slots 3, 4,

5, and 6.

Figure 5-2: Unit rear view

Figure 5-3: Unit internal view (from rear) c.

Identify your installation steps.

i.

All installation situations include steps 1 (unpacking), 2 (save reference configuration), and 3 (determine installation procedure).

ii.

Steps 4 through 8 of this installation procedure should only be performed if your installation location or card requires it:

Step 4 is for installation in slots 1 or 2

(

"[4]: Slot 1 & 2 Installation" on the next page )

Step 5 should be followed for bottom card installation in slots 3 and 5

SecureSync 2400 User Manual 343

APPENDIX

(

"[5]: Bottom Slot Installation" on page 346 )

Step 6 is for top slot installation, when the bottom slot is empty ( slots 4 and 6 )

(

"[6]: Top Slot Installation, Bottom Slot Empty" on page 347 )

Step 7 should be followed for top slot installation, when the bottom slot is occupied by another card ( slots 4 and 6 )

(

"[7]: Top Slot Installation, Bottom Slot Occupied" on page 349

), and

Step 8 is the final step for installation of frequency cards

(

"[8]: Frequency Output Cards: Wiring" on page 351

).

iii.

All installation situations include steps 9 and 10 .

5.2.2.7

[4]: Slot 1 & 2 Installation

Option cards installed in Slot 1 or Slot 2 sit on top of and are screwed into pre-installed standoffs and plug in to the unit through the included ribbon cable.

Instructions for installing an option card into one of the slots above the CPU board ( 1 or 2 ): a.

Safely power down the SecureSync unit and remove the top cover of the main chassis (housing). Save the screws.

b.

DANGER!

SecureSync does not have an ON/OFF switch. You must unplug the machine to remove power!

Caution: NEVER install an option card from the rear of the unit,

ALWAYS from the top, after removing the chassis cover.

c.

Unscrew and remove the blank option card plate from the back of the unit (or the existing option card). Save the screws.

344 SecureSync 2400 User Manual

APPENDIX d.

Insert option card into the slot, lining up the screw holes on the card with the standoffs..

Figure 5-4: Standoffs location e.

Using the supplied M3 screws, screw the board, and the option card plate into the chassis, applying a torque of 0.9 Nm/8.9 in-lbs.

f.

Take the supplied 50-pin ribbon cable and carefully press it into the connector on the mainboard (lining up the red sided end of the cable with PIN 1 on the mainboard), then into the connector on the option card (see Figure below).

SecureSync 2400 User Manual 345

APPENDIX

Caution: Ensure that the ribbon cable is aligned and fastened properly to all pins on the connector of the card, before powering the unit up, to avoid damage to the equipment.

5.2.2.8

[5]: Bottom Slot Installation

Instructions for installing an option card into one of the bottom slots ( 3 , or 5 ): a.

Safely power down the unit and remove the top cover of the main chassis (housing).

Save the screws.

DANGER!

SecureSync does not have an ON/OFF switch. It is necessary to unplug the machine to remove power!

Caution: NEVER install an option card from the rear of the unit,

ALWAYS from the top, after removing the chassis cover.

b.

Remove the blank option card plate, or the existing option card in the slot. Save the screws.

If a card is populating the slot above the bottom slot your option card is to be installed into, remove it temporarily (also remove and save the standoffs for reuse).

c.

Insert the card into the bottom slot by carefully pressing its connector into the mainboard connector (see Figure below), and by lining up the screw holes on the card with the screw holes on the chassis.

346 SecureSync 2400 User Manual

APPENDIX

Figure 5-5: Connector installation d.

Using the supplied M3 screws, screw the board, and the option card plate into the chassis, applying a torque of 0.9 Nm/8.9 in-lbs.

If you are reinstalling an option card above this one, you can instead follow the instructions for

" [7]: Top Slot Installation, Bottom Slot Occupied" on page 349

(you will be screwing on standoffs, rather than screws, in this situation).

Caution: Ensure that screw holes on the card are properly lined up and secured to the chassis before powering the unit up, otherwise damage to the equipment may result.

5.2.2.9

[6]: Top Slot Installation, Bottom Slot Empty

Instructions for installing an option card into an upper slot ( 4 , or 6 ) of the SecureSync unit, with no card populating the bottom slot: a.

Safely power down your SecureSync unit and remove the top cover of the main chassis (housing). Save the screws.

SecureSync 2400 User Manual 347

APPENDIX

DANGER!

SecureSync does not have an ON/OFF switch. It is necessary to unplug the machine to remove power!

Caution: NEVER install an option card from the rear of the unit,

ALWAYS from the top, after removing the chassis cover.

b.

Remove blank option card plate, or existing option card. Save the screws.

c.

Place one of the supplied washers over each of the two chassis screw holes (see

Figure below), then screw the 18 mm standoffs (= the longer standoffs) into the chassis (see Figure below), applying a torque of 0.9 Nm/8.9 in-lbs.

348 SecureSync 2400 User Manual

APPENDIX

Figure 5-6: Washers & standoffs secured to chassis screw holes d.

Insert option card into the slot, lining up the screw holes on the card with the standoffs.

e.

Using the supplied M3 screws, screw the board into the standoffs, and the option card plate into the chassis, applying a torque of 0.9 Nm/8.9 in-lbs.

f.

Take the supplied 50-pin ribbon cable and carefully press it into the connector on the mainboard (lining up the red sided end of the cable with PIN 1 on the mainboard), then into the connector on the option card (see Figure below).

Figure 5-7: Ribbon cable installation

Caution: Ensure that the ribbon cable is aligned and fastened properly to all pins on the connector of the card. Otherwise, damage to the equipment may occur during power-up.

5.2.2.10 [7]: Top Slot Installation, Bottom Slot Occupied

Instructions for installing an option card into an upper slot ( 4 , or 6 ), above a populated bottom slot: a.

Safely power down the SecureSync unit, and remove the top cover of the main chassis (housing). Save the screws.

SecureSync 2400 User Manual 349

APPENDIX b.

DANGER!

SecureSync does not have an ON/OFF switch. It is necessary to unplug the machine to remove power!

Caution: NEVER install an option card from the rear of the unit,

ALWAYS from the top, after removing the chassis cover.

c.

Remove the blank option card plate, or the existing option card. Save the screws.

d.

Remove screws securing the card already populating the bottom slot. Save the screws.

e.

Screw the 18-mm standoffs into the option card populating the bottom slot (see

Figure below) , applying a torque of 0.9 Nm/8.9 in-lbs.

350

Figure 5-8: Bottom card with standoffs installed f.

Insert option card into the slot above the existing card, lining up the screw holes with the standoffs.

g.

Using the supplied M3 screws, screw the board into the standoffs, and the option plate into the chassis, applying a torque of 0.9 Nm/8.9 in-lbs.

SecureSync 2400 User Manual

APPENDIX h.

Take the supplied 50-pin ribbon cable and carefully press it into the connector on the mainboard (lining up the red sided end of the cable with PIN 1 on the mainboard), then into the connector on the option card (see Figure below).

Figure 5-9: Ribbon cable installation

Caution: Ensure that the ribbon cable is aligned and fastened properly to all pins on the connector of the card. Otherwise, damage to equipment may result during power up.

5.2.2.11

[8]: Frequency Output Cards: Wiring

Additional installation instructions for the following option card models:

Frequency Output cards:

1MHz (PN 1204-26)

5MHz (PN 1204-08)

10 MHz (PN 1204-0C)

10 MHz (PN 1204-1C)

For the cable installation, follow the steps detailed below: a.

Install the coax cable(s) onto the main PCB, connecting them to the first available open connectors, from J4 to J7. See figure below:

SecureSync 2400 User Manual 351

APPENDIX

352

Figure 5-10: J Connectors

Note: For 10 MHz option cards with 3 coax cables:  From the rear of the option card, outputs are labeled J1, J2, J3. Start by connecting the cable attached to J1 on the card to the first available open connector on the SecureSync mainboard, then connect the cable attached to J2, then J3, etc.

b.

Using the supplied cable ties, secure the coax cable from the option card to the white nylon cable tie holders fastened to the mainboard.

5.2.2.12 [9]: Verifying HW Detection and SW Update

Complete the Option Card installation procedure by verifying that SecureSync detected the card, and by updating the system software: a.

Re-install the top cover of the unit chassis (housing), using the saved screws.

Caution: Ensure that screw holes on the card are properly lined up and secured to the chassis before powering the unit up, otherwise damage to the equipment may result.

SecureSync 2400 User Manual

APPENDIX b.

Power on the unit.

c.

Verify the successful installation by ensuring the card has been detected:

Open a web browser, log in to the SecureSync Web UI, and navigate to INTERFACES >

OPTION CARDS : The new card will be displayed in the list.

If the card does not appear to be properly identified, proceed with the Software update as described below, and then navigate to INTERFACES > OPTION CARDS again to confirm the card has been detected.

If the card has been detected properly, proceed with the Software update as described below to ensure SecureSync and the newly installed card are using the same, latest available version.

Updating the System Software

Even if the newly installed option card has been detected, and even if the latest System

Software version is installed on your SecureSync unit, you must (re-)install the software to ensure both SecureSync, and the option card are using the latest software:

Follow the System Software update procedure, as outlined under

"Software

Updates" on page 313 .

NEXT : Restore your reference priority configuration, as described in the following topic, and configure other option card-specific settings, as described in the main User Manual.

5.2.2.13 [10]: Restoring Reference Priority Configuration

If you saved your Reference Priority configuration under STEP [2], you can now restore it:

For instructions, see

"Restoring the System Configuration" on page 320

.

Card-specific configuration instructions may be found in the Option Cards Guide, see

"Option Card Identification" on page 18

to locate your card.

5.2.3

Time and Frequency Option Cards

This section contains technical information and Web UI procedures relevant to

SecureSync option cards designed to deliver time and frequency signals.

SecureSync 2400 User Manual 353

APPENDIX

5.2.3.1

1PPS Out [1204-18, -19, -21, -2B]

1PPS Output Modules (TTL, 10V, RS-485)

The 1PPS output module provides four additional 1PPS outputs on BNC connectors or terminal block for the SecureSync platform.

Model 1204-18 1PPS Output (TTL): Specifications

Outputs: (4) 1PPS output

Signal Type and Connector: TTL (BNC)

Output Load Impedance: 50 Ω

Rise Time to 90% of Level: <10 ns

Programmable Pulse Width: 100 ns to 900 ms with 20 ns resolution

Absolute Phase Error: ±50 ns (1 σ )

Programmable Phase Shift: ±5ns to 500 ms with 5ns resolution

Maximum Number of Cards: 6

Ordering Information: 1204-18 1PPS TTL output module, BNC connector

Figure 5-11: Model 1204-18 option card rear plate

Model 1204-19 1PPS Output (10 V): Specifications

Outputs: ( 4) 1PPS output

Signal Type and Connector: 10 V (BNC)

Output Load Impedance: 50 Ω

Rise Time to 90% of Level: <30 ns

Programmable Pulse Width: 100 ns to 900 ms with 20 ns resolution

Absolute Phase Error: ±50 ns (1 σ )

354 SecureSync 2400 User Manual

Programmable Phase Shift: ±5ns to 500 ms with 5ns resolution

Maximum Number of Cards: 6

Ordering Information: 1204-19 1PPS 10 V output module, BNC connector

APPENDIX

Figure 5-12: Model 1204-19 option card rear plate

Model 1204-21 1PPS Output (RS-485): Specifications

Inputs/Outputs: (4) 1PPS output

Signal Type and Connector: RS-485 (terminal block)

Output Load Impedance: 120 Ω

Rise Time to 90% of Level: <10 ns

Programmable Pulse Width: 100 ns to 900 ms with 20 ns resolution

Absolute Phase Error: ±50 ns (1 σ )

Programmable Phase Shift: ±5ns to 500 ms with 5ns resolution

Maximum Number of Cards: 6

Ordering Information: 1204-21 1PPS RS-485 output module, terminal block

Figure 5-13: Model 1204-21 option card rear plate

SecureSync 2400 User Manual 355

APPENDIX

Model 1204-21 terminal block pin assignments

Pin No.

7

8

5

6

3

4

1

2

9

10

Function

1PPS Output 1 +

1PPS Output 1 -

GND

1PPS Output 2 +

1PPS Output 2 -

1PPS Output 3 +

1PPS Output 3 -

GND

1PPS Output 4 +

1PPS Output 4 -

Model 1204-2B 1PPS Output (Fiber Optical): Specifications

Inputs/Outputs: (4) 1PPS output

Operating Wavelength: 820/850 nm

Optical Power: -15 dBm average into 50/125 fiber

Fiber Optic Compatibility: 50/125  μ m, 62.5/125  μ m multi-mode cable

Optical Connector: ST

Programmable Pulse Width: 100 ns to 900 ms with 20 ns resolution

Absolute Phase Error: ±50 ns (1 σ )

Programmable Phase Shift: ±5ns to 500 ms with 5ns resolution

Maximum Number of Cards: 6

Ordering Information: 1204-12B 1PPS Fiber Optic output module, ST connector

356 SecureSync 2400 User Manual

APPENDIX

Figure 5-14: Model 1204-2B option card rear plate

1PPS Output: Edit Window

To configure the settings of a 1PPS Output , go to its Edit window. For instructions, see:

"Configuring Option Card Inputs/Outputs" on page 336 .

The Web UI list entries for these option cards are:

1PPS OUT, 4-BNC

1PPS OUT, 10 V

1PPS OUT, RS-485

1PPS OUT, Fiber

The Edit window allows the configuration of the following settings:

Signature Control: Used to control when the 1PPS output signal will be present.

See

"Signature Control" on page 161

.

Offset: Used to account for 1PPS cable delays or other latencies in the 1PPS output.

The Offset value is entered and displayed in nanoseconds (ns). The available Offset range is -500 to +500 ms.

Edge: The operator can select if the output signal is a positive (reference on the rising edge) or a negative (reference on the falling edge) pulse.

Pulse Width: Configures the Pulse Width of the 1PPS output. The Pulse Width is entered and displayed in nanoseconds (ns). The default Pulse Width is 200 milliseconds.

1PPS Output: Status Window

To view the current settings of a 1PPS Output , go to its Status window. For instructions, see:

"Viewing Input/Output Configuration Settings" on page 334 .

The Web UI list entries for these option cards are:

SecureSync 2400 User Manual 357

APPENDIX

1PPS OUT, 4-BNC

1PPS OUT, 10V

1PPS OUT, RS-485

1PPS OUT, Fiber

358

The Status window displays the following settings:

Signature Control: Displays the current configuration of Signature Control; see

"Signature Control" on page 161 .

Frequency: Indicates the configured frequency of the 1PPS output signal.

Offset: Displays the configured Offset (to account for cable delays or other latencies).

Edge: Shows if the on-time point of the 1PPS output is the rising or falling edge of the pulse.

Pulse Width: Displays the configured Pulse Width of the 1PPS output. The Pulse

Width is displayed in nanoseconds (ns). The default Pulse Width is 200 milliseconds.

5.2.3.2

1PPS In/Out [1204-28]

These 1PPS input/output cards provide one 1PPS input, and three or two additional 1PPS outputs on BNC or ST connectors for the SecureSync platform.

Model 1204-28 1PPS Input/Output: Specifications

Inputs/Outputs : (1) 1PPS input/(3) 1PPS output

Signal Type and Connector : TTL (BNC)

Input Impedance : 50 Ω

Output Load Impedance : 50 Ω

Rise Time to 90% of Level : <10 ns

SecureSync 2400 User Manual

Programmable Pulse Width : 100 ns to 900 ms with 20 ns resolution

Absolute Phase Error : ±50 ns (1 σ )

Programmable Phase Shift : ±5ns to 500 ms with 5ns resolution

Maximum Number of Cards : 6

Ordering Information : 1204-28: 1PPS 1-input/3-output, BNC connectors

APPENDIX

Figure 5-15: Model 1204-28 option card rear plate

1PPS Input or Output: Viewing Signal State

To quickly view if the 1PPS inputs and outputs of this option card are currently enabled or disabled, go to the option card’s Status Summary panel. For instructions, see:

"Viewing an Input/Output Signal State" on page 337

.

1PPS Output: Edit Window

To configure the settings of a 1PPS output , go to its Edit window. For instructions, see:

"Configuring Option Card Inputs/Outputs" on page 336 .

The Web UI list entries for these cards are:

1PPS In/Out

1PPS In/Out, Fiber

The connector numbers are:

J2, J3, J4 (model -28)

J2, J3 (model -2A)

Note: SecureSync starts numbering I/O ports with 0 (only 1PPS and

10 MHz outputs start at 1, because of the built-in outputs).

SecureSync 2400 User Manual 359

APPENDIX

360

The fields available are:

Signature Control : Used to control when the 1PPS output signal will be present.

See:

"Signature Control" on page 161

.

Offset : Used to account for 1PPS cable delays or other latencies in the 1PPS output.

The Offset value is entered and displayed in nanoseconds (ns). The available Offset range is -500 to +500 ms.

Edge : The operator can select if the output signal is a positive (reference on the rising edge) or a negative (reference on the falling edge) pulse.

Pulse Width : Configures the Pulse Width of the 1PPS output. The Pulse Width is entered and displayed in nanoseconds (ns). The default Pulse Width is 200 milliseconds.

1PPS Output: Status Window

To view the current settings of a 1PPS output , go to its Status window. For instructions, see:

"Viewing Input/Output Configuration Settings" on page 334 .

The Web UI list entries for these cards are:

1PPS In/Out

1PPS In/Out, Fiber

The connector numbers are:

J2, J3, J4 (model -28)

J2, J3 (model -2A)

SecureSync 2400 User Manual

APPENDIX

The fields displayed are:

Signature Control : Displays the current configuration of Signature Control. See

"Signature Control" on page 161 .

Frequency : Indicates the configured frequency of the 1PPS output signal.

Offset : Displays the configured Offset (to account for cable delays or other latencies).

Edge : Shows if the on-time point of the 1PPS output is the rising or falling edge of the pulse.

Pulse Width : Displays the configured Pulse Width of the 1PPS output. The Pulse

Width is displayed in nanoseconds (ns). The default Pulse Width is 200 milliseconds.

1PPS Input: Edit Window

To configure the settings of the PPS Input (also referred to as ‘Reference’), go to its Edit window. For instructions, see:

"Configuring Option Card Inputs/Outputs" on page 336 .

The Web UI list entries for these cards are:

1PPS In/Out

1PPS In/Out, Fiber

The connector number for the input is: J1

The Edit window allows the configuration of the following settings:

SecureSync 2400 User Manual 361

APPENDIX

Edge : The operator can select either the rising or the falling edge as the input time reference (defines the on-time point of the signal).

Offset : It is possible to add an offset to the input signal (to account for cable delays), with a resolution of 5ns and a positive or negative value of 500 ms maximum.

1PPS Input: Status Window

To view the current settings of the PPS Input (also referred to as ‘Reference’), go to its

Status window. For instructions, see:

"Viewing Input/Output Configuration Settings" on page 334 .

The Web UI list entries for these cards are:

1PPS In/Out

1PPS In/Out, Fiber

The connector number for the input is: J1

The Status window displays the following settings:

Reference ID : Name used to represent this 1PPS input reference in the Reference

Priority table. See also:

"Configuring Input Reference Priorities" on page 184

.

1PPS Validity : Indicates “OK” (green) if the 1PPS input signal is present and valid.

Indicates “Not Valid” (orange) if the 1PPS input signal is either not present or is not considered valid.

Edge : Displays the selected Edge (rising of falling) of the 1PPS input that defines the on-time point.

Offset : Displays the configured 1PPS offset values.

The 1PPS Input signal is analyzed and an absence of the signal triggers a “Not Valid” indication.

362 SecureSync 2400 User Manual

APPENDIX

5.2.3.3

1PPS In/Out, 10 MHz In [1204-01, -03]

Model 1204-01, 1PPS/Freq Input (TTL): General Specifications

Inputs/Outputs : One Frequency Input (=J1), one 1PPS Input (=J2), one 1PPS Output

Signal Type And Connector : TTL/Sine (BNC into 50 Ω)

Maximum Number of Cards : 6

Ordering Information : 1204-01: 1PPS/Freq input (TTL levels) module

Figure 5-16: Model 1204-01 option card rear plate

Model 1204-03, 1PPS/Freq Input (RS-485): General Specifications

Inputs/Outputs : (1) 1PPS Input, (1) Freq Input (1) 1PPS Output. All input and output signals are RS-485 compatible.

Signal Type And Connector : Balanced RS-485 (3.8 mm terminal block)

Maximum Number of Cards : 6

Ordering Information : 1204-03: 1PPS/Freq input (RS-485 levels) module

Figure 5-17: Model 1204-03 option card rear plate

SecureSync 2400 User Manual 363

APPENDIX

Table 5-4: Model 1204-03 1PPS/Freq Input: Connector pin assignment

Pin No.

Signal Function

7

8

5

6

3

4

1

2

9

10

GND Ground

FREQIN_RS485+ RS-485 Frequency Input +

FREQIN_RS485RS-485 Frequency Input –

GND Ground

PPSIN_RS485+

PPSIN_RS485-

RS-485 1PPS Input +

RS-485 1PPS Input –

GND Ground

PPSOUT_RS485+ RS-485 1PPS Output +

PPSOUT_RS485RS-485 1PPS Output –

GND Ground

Models 1204-01,-03: Input/Output Specifications

FREQ Input Specifications

Signal Type And Connector : Sine wave (BNC)

Detected Level : +13 dBm to -6dBm

Frequency Setting : 1KHz…10 MHz in 1Hz steps

1PPS Input Specifications

Input Impedance : 50 Ω

Minimum Pulse Width detected : 100 ns

Input Signal Jitter : <±500 ns t o achieve oscillator lock, <±50 ns to achieve system performance

Programmable Phase Shift : ±5ns to 500 ms with 5ns resolution

1PPS Output Specifications

Signal Type And Connector : TTL level (BNC)

Output Load Impedance : 50 Ω

Rise Time to 90% of Level : <10 ns

364 SecureSync 2400 User Manual

APPENDIX

Programmable Pulse Width : 100 ns to 900 ms with 20 ns resolution

Absolute Phase Error : ±50 ns (1 σ )

Programmable Phase Shift : ±5ns to 500 ms with 5ns resolution

1PPS Input and Output: Viewing Signal State

To quickly view if the PPS inputs and outputs of this option card are currently enabled or disabled, go to the option card’s Status Summary panel. For instructions, see:

"Viewing an

Input/Output Signal State" on page 337

.

1PPS Input: Edit Window

To configure the settings for the 1PPS Input (also referred to as ‘Reference’), go to its Edit window. For instructions, see:

"Configuring Option Card Inputs/Outputs" on page 336 .

The Web UI list entries for these cards are: 1PPS/Frequency BNC and 1PPS/Frequency

RS-485 . The connector number is: J2 (Model 1204-03: RS-485 connector: Pins 5 and 6)

The Edit window allows the configuration of the following settings:

Edge : The operator can select either the rising or the falling edge as the input time reference (defines the on-time point of the signal).

Offset : It is possible to add an offset to the input signal (to account for cable delays), with a resolution of 5ns and a positive or negative value of 500 ms maximum.

1PPS Input: Status Window

To view the current settings of the PPS Input (also referred to as ‘Reference’), go to its

Status window. For instructions, see:

"Verifying the Validity of an Input Signal" on page 338 .

The Web UI list entries for these cards are: 1PPS/Frequency BNC and 1PPS/Frequency

RS-485. The connector number is: J2 (Model 1204-03: RS-485 connector: Pins 5 and 6)

SecureSync 2400 User Manual 365

APPENDIX

366

The Status window displays the following settings:

Reference ID : Name used to represent this 1PPS input reference in the Reference

Priority table; see

"Configuring Input Reference Priorities" on page 184

for more information on reference priority configuration.

1PPS Validity : Indicates “OK” (green) if the 1PPS input signal is present and valid.

Indicates “Not Valid” (orange) if the 1PPS input signal is either not present or is not considered valid.

Edge : Displays the selected Edge (rising of falling) of the 1PPS input that defines the on-time point.

Offset : Displays the configured 1PPS offset values.

The 1PPS Input signal is analyzed and an absence of the signal triggers a “Not Valid” indication.

Frequency Input: Edit Window

To configure the settings for the Frequency Input (also referred to as ‘Reference’), go to its Edit window. For instructions, see:

"Configuring Option Card Inputs/Outputs" on page 336 .

The Web UI list entries for these cards are: 1PPS/Frequency BNC and 1PPS/Frequency

RS-485. The connector number is: J1 (BNC card); J1 (RS-485 card).

The Edit window allows the configuration of the following settings:

SecureSync 2400 User Manual

APPENDIX

Reference Mode : Used to control how the reference mode operates in determining its validity. Values are:

Primary Reference —Allows the frequency reference to be valid based solely on its own presence.

Secondary Reference —Requires another valid reference to synchronize the system before the frequency reference can be determined to be valid. This is used when the frequency reference is intended to operate as a backup reference to a different primary reference source.

Frequency : Used to configure the frequency (in Hertz) of the input signal. The available Frequency range is 1KHz…10 MHz in 1Hz steps.

The input frequency is measured versus internal frequency and compared to the setup value. If the discrepancy is larger than 1kHz, the input is disqualified and not considered valid. The frequency reference does not inherently provide an on-time point, so it relies on the current on-time point of the system prior to its taking over for synchronization.

Frequency Input: Status Window

To view the current settings of the Frequency Input (also referred to as ‘Reference’), go to its Status window. For instructions, see:

"Viewing Input/Output Configuration Settings" on page 334

.

The Web UI list entries for these cards are: 1PPS/Frequency BNC and 1PPS/Frequency

RS-485.

The connector number is: J1 (BNC card); J1 (RS-485 card).

The Status window displays the following settings:

Reference ID : Name used to represent this 1PPS input reference in the Reference

Priority table; see

"Configuring Input Reference Priorities" on page 184

for more information on reference priorities.

SecureSync 2400 User Manual 367

APPENDIX

1PPS Validity : Indicates “OK” (green) if the 1PPS input signal is present and valid.

Indicates “Not Valid” (orange) if the 1PPS input signal is either not present or is not considered valid.

Reference Mode : Displays how the reference mode operates in determining its validity.

Frequency : Displays (in Hertz) the configured frequency of the input frequency signal.

The 1PPS Input signal is analyzed and an absence of the signal triggers a “Not Valid” indication.

1PPS Output: Edit Window

To configure the settings of the 1PPS output , go to its Edit window. For instructions, see:

"Configuring Option Card Inputs/Outputs" on page 336 .

The Web UI list entries for these cards are: 1PPS/Frequency BNC and 1PPS/Frequency

RS-485.

The connector number is: J3 (BNC card); J1 (RS-485 card).

The Edit window allows the configuration of the following settings:

Signature Control : Used to control when the 1PPS output signal will be present.

See

"Signature Control" on page 161

for more information.

Offset : Used to account for 1PPS cable delays or other latencies in the 1PPS output.

The Offset value is entered and displayed in nanoseconds (ns). The available Offset range is -500 to +500 ms.

Edge : The operator can select if the output signal is a positive (reference on the rising edge) or a negative (reference on the falling edge) pulse.

368 SecureSync 2400 User Manual

APPENDIX

Pulse Width : Configures the Pulse Width of the 1PPS output. The Pulse Width is entered and displayed in nanoseconds (ns). The default Pulse Width is 200 milliseconds.

PPS Output: Status Window

To view the current settings of the 1PPS output , go to its Status window. For instructions, see:

"Viewing Input/Output Configuration Settings" on page 334 .

The Web UI list entries for these cards are: 1PPS/Frequency BNC and 1PPS/Frequency

RS-485.

The connector number is: J3 (BNC card); J1 (RS-485 card).

The Status window displays the following settings:

Signature Control : Displays the current configuration of Signature Control. See also:

"Signature Control" on page 161

.

Frequency : Indicates the configured frequency of the 1PPS output signal.

Offset : Displays the configured Offset (to account for cable delays or other latencies).

Edge : Shows if the on-time point of the 1PPS output is the rising or falling edge of the pulse.

Pulse Width : Displays the configured Pulse Width of the 1PPS output. The Pulse

Width is displayed in nanoseconds (ns). The default Pulse Width is 200 milliseconds.

SecureSync 2400 User Manual 369

APPENDIX

5.2.3.4

Frequency Out [1204-08, -1C, -26]

Frequency Out [1204-08, -1C, -26]: Specifications

Outputs : (3) 1MHz, (3) 5MHz, or (3) 10 MHz Outputs

Signal Type and Connector :

(10 MHz) +13 dBm into 50 Ω, BNC, or TNC (-38)

(5MHz)   +10 dBm into 50 Ω, BNC, or TNC (-38)

(1MHz) +10 dBm into 50 Ω, BNC, or TNC (-38)

1MHz or 5MHz Phase Noise (with OCXO or low phase noise Rubidium oscillator):

-115 dBc/Hz @ 10 Hz

-130 dBc/Hz @ 100 Hz

-140 dBc/Hz @ 1kHz

1MHz or 5MHz Phase noise (with Rubidium oscillator):

-85 dBc/Hz @ 10 Hz

-110 dBc/Hz @ 100 Hz

-130 dBC/Hz @ 1kHz

10 MHz Phase Noise (with TCXO oscillator):

-110 dBc/Hz @ 100 Hz

-135 dBc/Hz @ 1kHz

-140 dBc/Hz @ 10 kHz

10 MHz Phase Noise (with OCXO oscillator) [Numbers in brackets represent Low

Phase Noise OCXO option]:

-95 [-100] dBc/Hz @ 1Hz

-123 [-128] dBc/Hz @ 10 Hz

-140 [-148] dBc/Hz @ 100 Hz

-145 [-153] dBc/Hz @ 1kHz

-150 [-155] dBc/Hz @ 10 kHz

Harmonics : -40 dBc minimum

370 SecureSync 2400 User Manual

APPENDIX

Spurious :

-60 dBc minimum (1MHz)

-50 dBc minimum (5MHz)

-70 dBc minimum (10 MHz)

Accuracy : See

"10 MHz Output" on page 24

Maximum Number of Cards :

(4)

Ordering Information :

1204-1C: 10 MHz output (3X) Module

1204-08: 5MHz output (3X) Module

1204-26: 1MHz output (3X) Module

Figure 5-18: Model 1204-1C option card rear plate

Figure 5-19: Model 1204-08 option card rear plate

SecureSync 2400 User Manual 371

APPENDIX

Figure 5-20: Model 1204-26 option card rear plate

The Frequency Out option cards each have 3 outputs, distributing a 1MHz signal, 5MHz or

10 MHz signal (depending on the card model). All 3 outputs are configured as a single output and will appear as such in the SecureSync Web UI, numbered sequentially by card instance, starting with 0 (except the 10 MHz option card, which starts with no.1 because of the built-in 10 MHz output.)

Frequency Output: Edit Window

To configure the settings of a Frequency Output , go to its Edit window. For instructions, see:

"Configuring Option Card Inputs/Outputs" on page 336

.

The list entry for this card is named: 1/5/10 MHz BNC (or: TNC)

The connector numbers are: J1…J3.

The Edit window allows the configuration of the following settings:

Signature Control : Controls when the output will be present; see

"Signature Control" on page 161

.

Frequency Output: Status Window

To view the settings of a Frequency output , go to its Status window. For instructions, see:

"Viewing Input/Output Configuration Settings" on page 334

.

The Web UI list entry for this card is named: 1/5/10 MHz BNC (or: TNC).

The connector numbers are: J1…J3.

The Status window displays the following settings:

372 SecureSync 2400 User Manual

APPENDIX

Signature Control : Controls when the output will be present. See also:

"Signature

Control" on page 161 .

Frequency : The frequency of the output: 1MHz, 5MHz or 10 MHz, depending on the card model.

For more information on monitoring installed option cards, see:

"Monitoring the Status of

Option Cards" on page 292 .

5.2.3.5

Programmable Frequency Out [1204-13, -2F, -30]

Programmable Frequency Output option modules provide output square waves at programmable pulse rates, or sine waves at programmable frequencies. The output frequency, which is adjustable via the SecureSync Web UI, is locked to the SecureSync system-disciplined oscillator.

These option cards can be used for a variety of applications requiring programmable frequency outputs. The RS-485 model of this card can be operated as an N.8 frequency synthesizer.

Depending on your card model number, the outputs are available in different formats:

RS-485 on a pluggable terminal block

TTL square wave on BNC, or

Sine wave on BNC

Each output can be phase-offset between 0-360° in 0.1°-increments.

Programmable Frequency Card 1204-13 (Sine Wave, BNC): Specifications

Outputs : (4) independently programmable sine wave outputs

Signal Type : +13 dBm

Wave Form : sine

Connector : BNC

Output Load Impedance : 50 Ω

Output Pulse/Frequency Rates : 1Hz to 25 MHz in 0.1-Hz increments

Accuracy : Function of input synchronization source (GPS, IRIG, 1 PPS, etc.)

Synchronization : Output frequency locked to SecureSync disciplined 10 MHz

Jitter , cycle-to-cycle: n/a

SecureSync 2400 User Manual 373

APPENDIX

Phase Noise :

-120 dBc/Hz @ 1kHz offset

-130 dBc/Hz @ 10-kHz offset

-140 dBc/Hz @ 100-kHz offset

Harmonics : <-30 dBc

Spurious : <-60 dBc

Maximum Number of Cards : 6

Ordering Information : 1204-13, Programmable Frequency Card, sine wave, BNC

Figure 5-21: Model 1204-13 option card rear plate

Programmable Frequency Card 1204-2F (TTL, BNC): Specifications

Outputs : (4) independently programmable square wave outputs

Signal Type : TTL (BNC)

Wave Form : square

Connector : BNC

Output Load Impedance : 50 Ω

Output Pulse/Frequency Rates : 1PPS to 25 MPPS in 0.1-PPS increments

Accuracy : Function of input synchronization source (GPS, IRIG, 1 PPS, etc.)

Synchronization : Output frequency locked to SecureSync disciplined 10 MHz

Jitter , cycle-to-cycle: <10 ns

Phase Noise : n/a

Harmonics : n/a

Spurious : n/a

374 SecureSync 2400 User Manual

Maximum Number of Cards : 6

Ordering Information : 1204—2F, Programmable Frequency Card, TTL, BNC

APPENDIX

Figure 5-22: Model 1204-2F option card rear plate

Progr. Frequ. Card 1204-30 (TTL, RS-485): Specifications

Outputs : (4) independently programmable square wave outputs

Signal Type : RS-485

Wave Form : square

Connector : Terminal block

Output Load Impedance : n/a

Output Pulse/Frequency Rates : 1PPS to 25 MPPS in 0.1-PPS increments

Accuracy : Function of input synchronization source (GPS, IRIG, 1 PPS, etc.)

Synchronization : Output frequency locked to SecureSync disciplined 10 MHz

Jitter , cycle-to-cycle: <10 ns

Phase Noise : n/a

Harmonics : n/a

Spurious : n/a

Maximum Number of Cards : 6

Ordering Information : 1204—30, Programmable Frequency Card, TTL, RS-485

SecureSync 2400 User Manual 375

APPENDIX

Figure 5-23: Model 1204-30 option card rear plate

Table 5-5: Model 1204-30 terminal block pin assignments

Pin No.

Function

7

8

5

6

3

4

1

2

9

10

Frequ. Output 1 +

Frequ. Output 1 –

GND

Frequ. Output 2 +

Frequ. Output 2 –

Frequ. Output 3 +

Frequ. Output 3 –

GND

Frequ. Output 4 +

Frequ. Output 4 –

Programmable Frequency Output: Edit Window

To configure a Programmable Frequency Output , go to its Edit window. For instructions, see:

"Configuring Option Card Inputs/Outputs" on page 336 .

The Web UI list entry for this card is: Prog Freq Out, Sine [or: TTL, or: RS-485, respectively].

The connector numbers are: J1…J4 [J1 for the RS-485 model].

376

The Edit window allows the configuration of the following settings:

SecureSync 2400 User Manual

APPENDIX

Signature Control : Controls when the output will be present. See also:

"Signature

Control" on page 161 .

Frequency : Enter the desired output frequency. The ranges are as follows:

Sine wave output frequency (model no. 1204-13): 1 to 25,000,000 Hz

Pulse rate output in Hertz (model no.’s 1204-2F/-30): 1 to 25,000,000 PPS

Phase : Adjust the phase by entering a phase offset (0.1 to 360°), if required.

Note: The phase offset will lose its reference at a SecureSync reboot, and hence the value will be reset to 0 (ZERO).

The reference will also be lost if you enter a new output frequency for a port – however in this case, the value will not be reset to 0, but instead remain unchanged. In both cases you will need to re-enter the required phase offset value.

Programmable Frequency Output: Status Window

To view the settings of a Programmable Frequency Output , go to its Status window. For instructions, see:

"Viewing Input/Output Configuration Settings" on page 334 .

The Web UI list entry for this card is named: Prog Freq Out, Sine [or: TTL, or: RS-485, respectively].

The connector numbers are: J1…J4 [J1 for the RS-485 model].

The Status window displays the following settings:

Signature Control : Controls when the output will be present. See also:

"Signature

Control" on page 161 .

Frequency : Indicates the configured frequency.

SecureSync 2400 User Manual 377

APPENDIX

Phase : Displays the configured phase offset (e.g., to account for delays caused by different cable lengths, or other latencies).

Lock : Shows, if the output frequency is locked to the SecureSync system-disciplined oscillator.

Note: Even if an output frequency status is LOCKED, it will not be available at the output port, if the Signature Control for that port has been

DISABLED.

5.2.3.6

Programmable Square Wave Out [1204-17]

The Model 1204-17 Square Wave output Option Card provides four programmable square wave outputs for the SecureSync platform.

Inputs/Outputs : (4) Programmable square wave outputs

Signal Type and Connector : TTL (BNC)

Accuracy : ±50 ns (1 σ )

Output Load Impedance : 50 Ω

Rise Time to 90% of Level : <10 ns

Programmable Period : 100 ns to 2,000,000,000 ns in 5ns steps, or to

1,800,000,000 µs in 1µs steps

Programmable Pulse Width : 20 ns to 900 ms with 5 ns resolution

Maximum Number of Cards : 6

Ordering Information : 1204-17: Square Wave Out

Figure 5-24: Model 1204-17 option card rear plate

378 SecureSync 2400 User Manual

APPENDIX

Configuring a Square Wave Output

To configure one of the Square Wave Outputs :

1.

Navigate INTERFACES >OUTPUTS: Square Wave Output . The panel on the right side of the screen displays all Sqr. Wv. Outputs and their statuses. All outputs are numbered by signal type (e.g., 'pulse'), hence the numbering may not start with 0.

To determine which output number is allocated to which connector (J1–J4), hover your mouse pointer over the back panel image .

Click on the INFO button next to one of the outputs to open a detailed Status panel (the displayed settings are described below.)

2.

Click on the GEAR button to open the Edit window.

SecureSync 2400 User Manual 379

APPENDIX

380

The Edit window allows the configuration of the following settings:

Note: The fields viewable are contextually determined according to the Output Mode .

Output Mode :

Direct Output Value

1PPS

1PPM

5MPPS/1PPS

Square Wave

Custom

Output Value : Determines the output level (Low or High).

Re-Initialize : Re-initializes square wave generation and aligns to 1PPS.

Signature Control : Controls when the output will be present.  See also:

"Signature Control" on page 161

.

Edge : Used to determine if the on-time point of the output is the Rising or

Falling edge of the signal.

SecureSync 2400 User Manual

APPENDIX

Offset : Accounts for cable delays and other latencies [nanoseconds].

On-Time Point Pulse Width : The on-time point pulse width is the pulse width of the first square wave pulse aligned to the 1PPS On-Time Point.  This is only active when the alignment count is non-zero [nanoseconds].

Pulse Width : Pulse width of the output [nanoseconds].

Alignment Count (s) : The alignment counter determines how often (in seconds) the square wave will be aligned back to the 1PPS.  Setting zero will disable PPS alignment beyond the initial alignment.

Time Alignment : (Enabled/Disabled) The time alignment enable changes the function of the alignment counter to align the square wave whenever the current time’s seconds value is a multiple of the alignment count. For example: If time alignment is enabled and alignment count is set to 15 seconds, the square wave will be aligned to the 1PPS when the seconds value on the time display equals 00, 15, 30, 45. The current Time Alignment range is from 0 to 3600 seconds.

Period : Sets the period of the square wave (in ns or µs scale).

The wave’s frequency will display at the top of the window once you have configured the output. The frequency is calculated based on the

Period and Period Correction settings.

Period Correction : Period correction allows for the generation of more precise frequencies at the expense of additional period jitter. Over a length of time, the true square wave period comes to:

Period + [(numerator/denominator) * 5 ns]

5.2.3.7

Simulcast (CTCSS/Data Clock) [1204-14]

The Simulcast CTCSS/Data Sync/Data Clock Option Card provides CTCSS, data clock, and alarm outputs through relays for the SecureSync platform through one DB-9 and one

RJ-12 connector. The maximum number of cards installed is six (6).

a.

Connector : DB-9

Outputs :

(3) RS-485 Outputs (Data Clocks, CTCSS frequencies, 1PPS)

(1) Alarm

SecureSync 2400 User Manual 381

APPENDIX

Voltage :

Alarms: GND normally, high impedance when Alarm b.

Connector : RJ-12

Outputs :

(1) RS-485 Outputs (Data Clocks, CTCSS frequencies, 1PPS)

(2) Alarm

Voltage :

Alarms: 5V pulled up through 10 kΩ normally, GND when Alarm

Note: By factory default, all CTCSS outputs are DISABLED.

Figure 5-25: Model 1204-14 option card rear plate

Pin Assignment: DB-9 Connector

Outputs : Alarm0, CTC0 Out, CTC1 Out, CTC2 Out (with only one Simulcast option card installed)

Note: Alarm Output 0 through Alarm Output 3 are reserved by

SecureSync. In the Web UI, numbering for alarm outputs for this option card will begin at Alarm 4, which is available on the DB-9 output, while

Alarms 5 and 6 are assigned to the RJ-12 connector.

382 SecureSync 2400 User Manual

APPENDIX

Figure 5-26: DB-9 connector pin-out

3

4

1

2

7

8

5

6

9

Table 5-6: DB-9 pin-out

PIN NOTES SIGNAL 819x Mapping 819x Option17 Mapping

RS-485 + Terminal Output 0+

RS-485 + Terminal Output 1+

+9.6 kHz

+18 kHz

+CTCSS #1

+18 kHz

RS-485 + Terminal Output 2+

Ground = Normal

OPEN = ALARM

+1 PPS +CTCSS #2

Major Alarm Major Alarm Major Alarm

Cable Shield Ground Ground

RS-485 – Terminal Output 0 – –9.6 kHz

RS-485 – Terminal Output 1 – –18 kHz

RS-485 – Terminal Output 2 – –1PPS

Cable Shield GROUND GROUND

Ground

– CTCSS #1

– 18 kHz

– CTCSS #2

GROUND

Pin Assignment: RJ-12 Connector

Outputs: Alarm1, Alarm2, CTC3 Out, (with only one Simulcast option card installed)

Note: Alarm Output 0 through Alarm Output 3 are reserved by

SecureSync. In the Web UI, numbering for alarm outputs for this option card will begin at Alarm 4, which is available on the DB-9 output, while

Alarms 5 and 6 are assigned to the RJ-12 connector.

SecureSync 2400 User Manual 383

APPENDIX

Figure 5-27: RJ-12 connector pin-out

1

2

3

4

5

Table 5-7: RJ-12 pin assignments

PIN

6

NOTES SIGNAL 938x SP360 Mapping

Cable Shield GROUND GROUND

5V = NORMAL

GROUND = ALARM

MAJOR ALARM RELAY MAJOR ALARM RELAY

RS-485 + Terminal Output 3+

RS-485 - Terminal Output 3-

+ 1PPS

- 1PPS

5V = NORMAL

GROUND = ALARM

MINOR ALARM RELAY MINOR ALARM RELAY

Cable Shield GROUND GROUND

CTCSS and Alarm Outputs: Viewing Signal States

To quickly view the current signal state of the 1204-14 Simulcast outputs , in the Web UI navigate to the option card’s Status Summary panel. For instructions, see:

"Viewing an

Input/Output Signal State" on page 337

.

384

All outputs are listed, displaying their current output states. For a listing of the states, see

"CTCSS Outputs: Edit Window" on the facing page

, and

"Alarm Outputs: Edit Window" on page 386

.

SecureSync 2400 User Manual

APPENDIX

To view the settings of one of the Alarm Outputs or CTCSS Outputs , go to its Status window. For instructions, see:

"Viewing Input/Output Configuration Settings" on page 334 .

The Web UI list entry for this card is named: Simulcast .

Note: Alarm Output 0 through Alarm Output 3 are reserved by

SecureSync. Numbering for alarm outputs from the option card will begin at Alarm 4, which is available on the DB-9 output, while Alarms 5 and 6 are assigned to the RJ-12 connector.

Figure 5-28: Simulcast Alarm Output Status window

CTCSS Outputs: Edit Window

To configure a CTCSS output , go to its Edit window. For instructions, see:

"Configuring

Option Card Inputs/Outputs" on page 336

.

The Web UI list entry for this card is named: Simulcast .

The Edit window allows the configuration of the following settings:

SecureSync 2400 User Manual 385

APPENDIX

Signal Type : Allows selection of the desired signal type. Available options include:

Disabled

CTCSS 1/3 Tones

CTCSS 1/10 Tones

Data Clocks

1PPS

Signal Output :

CTCSS 1/3 Tones (see also:

"CTCSS exact (1/3 Hz) tones" on page 388 )

CTCSS 1/10 Tones (see also:

"CTCSS exact (1/10 Hz) tones" on page 389

)

Data Clocks (see also:

"Data Clock Signals" on page 389 )

1PPS (see also:

"1PPS Duty Cycle" on page 389

)

Offset : Value in nanoseconds that can be used to adjust for cable delays or latencies.

Signature Control : Controls when the output will be present. For more information, see

"Signature Control" on page 161

.

819x Option 17 Mapping

To replicate settings used in Series 819x devices, use the following information to configure option card no. 1204-14 for compatible CTCSS operation:

DB-9 Output Index 0 : Set to desired CTCSS 1/10 or CTCSS 1/3 tone

DB-9 Output Index 1 : Set to 18 kHz Data Clock

DB-9 Output Index 2 : Set to desired CTCSS 1/10 or CTCSS 1/3 tone.

Alarm Outputs: Edit Window

To configure one of the ALARM Outputs , go to its Edit window. For instructions, see:

"Configuring Option Card Inputs/Outputs" on page 336 .

The Web UI list entry for this card is named: Simulcast .

386 SecureSync 2400 User Manual

APPENDIX

Note: Alarm Output 0 through Alarm Output 3 are reserved by

SecureSync. Numbering for alarm outputs from the option card will begin at Alarm 4, which is available on the DB-9 output, while Alarms 5 and 6 are assigned to the RJ-12 connector.

Note: You can configure the alarm type (None, Minor, or Major) for both the

DB-9 and RJ-12 connectors. For additional information on alarm types, see

"Minor and Major Alarms" on page 326 .

The Edit window allows the configuration of the following settings:

Alarm Type :

None—Will not output for an alarm

Minor—Will output on a minor alarm

Major—Will output on a major alarm.

SecureSync 2400 User Manual 387

APPENDIX

CTCSS Encoding Tables, Signal Data

Table 5-8: CTCSS exact (1/3 Hz) tones

Code Tone Freq. Code Tone Freq. Code Tone Freq.

YB

ZZ

ZA

ZB

1Z

XZ 67.000

WZ 69.333

XA 72.000

WA 74.333

XB 77.000

WB 79.666

YZ

YA

82.666

85.333

88.666

91.666

95.000

97.333

100.000

136.666

141.333

146.333

151.333

156.666

162.333

168.000

103.666

107.333

111.000

115.000

119.000

123.000

127.333

132.000

5A

5B

6Z

4Z

4A

4B

5Z

2B

3Z

3A

3B

1A

1B

2Z

2A

173.666

180.000

186.333

193.000

203.666

206.666

210.666

218.333

225.666

229.000

233.666

242.000

250.333

254.000

M4

9Z

M5

M6

M7

0Z

M1

8Z

M2

M3

6A

6B

7Z

7A

388 SecureSync 2400 User Manual

APPENDIX

Table 5-9: CTCSS exact (1/10 Hz) tones

Code Tone Freq. Code Tone Freq. Code Tone Freq.

YB

ZZ

ZA

ZB

1Z

1A

XZ 67.0

WZ 69.3

XA 71.9

WA 74.4

XB 77.0

WB 79.7

YZ

YA

82.5

85.4

88.5

91.5

94.8

97.4

100.0

103.5

M4

9Z

M5

M6

M7

0Z

M1

8Z

M2

M3

6A

6B

7Z

7A

141.3

146.2

151.4

156.7

162.2

167.9

107.2

110.9

114.8

118.8

123.0

127.3

131.8

136.5

4A

4B

5Z

5A

5B

6Z

3Z

3A

3B

4Z

1B

2Z

2A

2B

225.7

229.1

233.6

241.8

250.3

254.1

173.8

179.9

186.2

192.8

203.5

206.5

210.7

218.1

Table 5-10: Data Clock Signals

Output Duty Cycle

9.6 kHz, 18.0 kHz, 64.0 kHz 50% ±2%

17 2/3 Hz 888 µs pulse width

26 2/3 Hz

33 1/3 Hz

25% low, 75% high

208 µs pulse width

Table 5-11: 1PPS Duty Cycle

Output Duty Cycle

1PPS 20% ±5%

SecureSync 2400 User Manual 389

APPENDIX

5.2.4

Telecom Option Cards

This section contains technical information and Web UI procedures relevant to

SecureSync option cards commonly used in the telecommunications industry.

5.2.4.1

T1/E1 Out [1204-09, -0A, -4C, -53]

The 1204-09 and 1204-0A E1/T1 option card provide 1.544 MHz or 2.048 MHz and E1 or

T1 data outputs for the SecureSync platform. The 1204-4C and 1204-53 E1/T1 option cards each provide (4) E1 or T1 data outputs (but do not include a clock output).

SecureSync meets G.812 Type I when installed with a Rubidium option, and G.811 when installed with a Rubidium option and synchronized with GNSS.

Note: Rubidium oscillators are recommended for the E1/T1 option cards.

Model 1204-09 E1/T1 (75 Ω): Specifications

Outputs :

(1) 1.544/2.048 MHz Output

(2) Unbalanced E1/T1 Outputs

T1 mode :

1.544 MHz (square wave) frequency output

(2) 1.544 Mb/sec data rate outputs:

Outputs are DS1 framed all ones

Supports Super Frame (SF or D4) and Extended Super Frame (ESF)

SSM support

E1 mode :

2.048 MHz (square wave) frequency output

(2) 2.048 Mb/sec data rate outputs:

Outputs are E1 frame all ones

Supports CRC4 and CAS Multiframe

SSM support

390 SecureSync 2400 User Manual

APPENDIX

Connector and Signal Type : BNC

1.544/2.048 MHz TTL into 50 Ω

T1 according to GR-499-CORE (75 Ω)

E1 according to ITU-T G703 (75 Ω)

Maximum Number of Cards : 6

Ordering Information : 1204-09: T1/E1 (75 Ω) module

Figure 5-29: Model 1204-09 option card rear plate

Model 1204-0A E1/T1 (100/120 Ω): Specifications

Outputs :

(1) 1.544/2.048 MHz RS-485 Outputs

(2) Balanced E1/T1Outputs

T1 mode :

1.544 MHz (square wave) frequency output

(2) 1.544 Mb/sec data rate outputs:

Outputs are DS1 framed all ones

Supports Super Frame (SF or D4) and Extended Super Frame (ESF)

SSM support

E1 mode :

2.048 MHz (square wave) frequency output

(2) 2.048 Mb/sec data rate outputs:

Outputs are E1 frame all ones

Supports CRC4 and CAS Multiframe

SSM support

SecureSync 2400 User Manual 391

APPENDIX

Connector and Signal Type : Terminal block

1.544/2.048 MHz RS-485

T1 according to GR-499-CORE (100 Ω)

E1 according to ITU-T G703 (120 Ω)

Maximum Number of Cards : 6

Ordering Information : 1204-0A: T1/E1 (100/120 Ω) module

Figure 5-30: Model 1204-0A option card rear plate

7

8

5

6

3

4

1

2

9

10

Table 5-12: 1204-0A option card pin assignments

Pin Assignments

Pin No.

Signal Function Description

GND Ground Ground

1.544MHz/2.048MHz RS-485 A Terminal Square wave

1.544MHz/2.048MHz RS-485 B Terminal Square wave

GND Ground Ground

T1/E1 output A1

T1/E1 output B1

GND

T1/E1 output A2

T1/E1 output B2

GND

GR-499/G.703

GR-499/G.703

Ground

GR-499/G.703

GR-499/G.703

Ground

Tip

Ring

Ground

Tip

Ring

Ground

Model 1204-53 E1/T1 (75 Ω): Specifications

Outputs :

(4) Unbalanced E1 or T1 Outputs

392 SecureSync 2400 User Manual

APPENDIX

T1 mode :

(4) 1.544 Mb/sec data rate outputs:

Outputs are DS1 framed all ones

Supports Super Frame (SF or D4) and Extended Super Frame (ESF)

SSM support

E1 mode :

(4) 2.048 Mb/sec data rate outputs:

Outputs are E1 frame all ones

Supports CRC4 and CAS Multiframe

SSM support

Connector and Signal Type : BNC

T1 according to GR-499-CORE (75 Ω)

E1 according to ITU-T G703 (75 Ω)

Maximum Number of Cards : 6

Ordering Information : 1204-53: T1/E1 (75 Ω) module

Figure 5-31: Model 1204-53 option card rear plate

Model 1204-4C E1/T1 (100/120 Ω): Specifications

Outputs :

(4) Balanced E1 or T1 Outputs

T1 mode :

(4) 1.544 Mb/sec data rate outputs:

SecureSync 2400 User Manual 393

APPENDIX

Outputs are DS1 framed all ones

Supports Super Frame (SF or D4) and Extended Super Frame (ESF)

SSM support

E1 mode :

(4) 2.048 Mb/sec data rate outputs:

Outputs are E1 frame all ones

Supports CRC4 and CAS Multiframe

SSM support

Connector and Signal Type : Terminal block

T1 according to GR-499-CORE (100 Ω)

E1 according to ITU-T G703 (120 Ω)

Maximum Number of Cards : 6

Ordering Information : 1204-4C: T1/E1 (100/120 Ω) module

Figure 5-32: Model 1204-4C option card rear plate

Table 5-13: 1204-4C option card pin assignments

E1/T1 Output: Edit Window

To configure an E1/T1 data output (1.544/2.048 MHz clock on J1 BNC connector and unbalanced E1/T1 outputs on J2 to J3 BNC connectors, or all terminal block J1 outputs), navigate to its Edit window. For instructions, see:

"Configuring Option Card Inputs/Outputs" on page 336 .

In the Web UI this card is listed under: E1/T1 Out BNC and E1/T1 OUT Terminal .

394 SecureSync 2400 User Manual

APPENDIX

The Edit window allows the configuration of the following settings:

Signature Control : Controls when the output will be present. For more information, see

"Signature Control" on page 161

.

Mode : This option selects T1, E1, or disabled mode. For T1 mode, the clock output

(on the -09 and -0A cards) will be 1.544 MHz, and for E1 the clock output will be

2.048 MHz.

SSM Enabled : Enables or disables Sync Status Messaging (SSM). T1 SSM is not valid with D4/Superframe or AIS framing. E1 SSM is not valid with AIS framing.

E1 Encode : HDB3 only.

E1 Framing : This option selects the framing standard (CRC-4, No CRC-4, or AIS).

T1 Framing : This option selects the framing standard (D4/Superframe, Extended

Superframe [CRC-6/no CR C-6], or AIS).

T1 Encoding : This option selects the encoding method (B8ZS or AMI).

T1SSM Value : This option selects the SSM quality level transmitted when SSM is enabled.

E1 SSM Value : This option selects the SSM quality level transmitted when SSM is enabled.

E1/T1 Output: Status Window

To view the configuration settings of the E1 OUT  or T1 OUT  output, go to its Status window. For instructions, see:

"Viewing Input/Output Configuration Settings" on page 334 .

The Web UI list entries for these cards are: E1/T1 Out BNC and E1/T1 OUT Terminal .

SecureSync 2400 User Manual 395

APPENDIX

396

The E1/T1 Output 0 Status Screen will vary according to whether the output signal mode is E1 or T1.

The Status windows display the following settings:

Signature Control : Controls when the output will be present; see

"Signature Control" on page 161

.

Mode : This option selects T1, E1, or disabled mode. For T1 mode, the clock output

(on the -09 and -0A cards) will be 1.544 MHz, and for E1 the clock output will be

2.048 MHz.

SSM Enabled : Enables or disables Sync Status Messaging (SSM). T1 SSM is not valid with D4/Superframe or AIS framing. E1 SSM is not valid with AIS framing.

E1 Encoding : HDB3 only.

E1 Framing : This option selects the framing standard (CRC-4, No CRC-4, or AIS).

T1 Framing : This option selects the framing standard (D4/Superframe, Extended

Superframe [CRC-6/no CR C-6], or AIS).

T1 Encoding : This option selects the encoding method (B8ZS or AMI).

T1 SSM Value : This option selects the SSM quality level transmitted when SSM is enabled.

E1 SSM Value : This option selects the SSM quality level transmitted when SSM is enabled.

SecureSync 2400 User Manual

APPENDIX

5.2.5

Time Code Option Cards

This section contains technical information and SecureSync Web UI procedures for option cards designed to deliver timing data in time code formats, e.g. IRIG, HAVE QUICK, or

STANAG.

5.2.5.1

IRIG Out [1204-15, -1E, -22]

These IRIG Output option cards provide SecureSync with four IRIG outputs. Available with

BNC connectors, Fiber Optic ST connectors, or RS-485 terminal block.

IRIG Out (BNC): Specifications

Inputs/Outputs : (4) IRIG Outputs

Output Signal : IRIG A, B, G, E or NASA-36, amplitude modulated sine wave (AM),

0.5V to 6V p-p into 50 Ω; or pulse-width-coded (DCLS). User-selectable.

AM Carrier : IRIG B 1000 Hz, IRIG A and G 100 or 100

AM Signal Level : 500 mV to 10 V p-p

[high Z]; (modulated 2:1 to 6:1).

DCLS Signal Level : >10 kΩ TTL

Connector : AM and DCLS: BNC female

Accuracy : see

"IRIG Output Accuracy Specifications" on page 562

Number of Cards : Up to 6

Ordering Information : 1204-15, IRIG module, BNC Connector

Figure 5-33: Model 1204-15 option card rear plate

IRIG Out (Fiber Optic): Specifications

Inputs/Outputs : (4) IRIG Outputs

Signal : IRIG A, B, E, G or NASA-36

SecureSync 2400 User Manual 397

APPENDIX

Operating Wavelength : 820/850 nm

Optical Power : -15 dBm average into 50/125 fiber

Fiber Optic Compatibility : 50/125 μ m, 62.5/125 μ m multi-mode cable

Optical Connector : ST

Signal Type : DC Level Shift (unmodulated)

Accuracy : see

"IRIG Output Accuracy Specifications" on page 562

Maximum Number of Cards : 6

Ordering Information : 1204-1E Four IRIG Output Module, Fiber Optic

Figure 5-34: Model 1204-1E option card rear plate

IRIG Out (RS-485): Specifications

Inputs/Outputs : (4) IRIG Outputs

Signal : IRIG A, B, E, G or NASA-36

Signal Type and Connector : RS-485 levels (terminal block)

Output Load Impedance : 120 Ω

Accuracy : see

"IRIG Output Accuracy Specifications" on page 562

Maximum Number of Cards : 6

Ordering Information : 1204-22 Four IRIG Output Module, RS-485

Figure 5-35: Model 1204-22 option card rear plate

398 SecureSync 2400 User Manual

APPENDIX

Pin Assignments

7

8

5

6

3

4

1

2

9

10

J1 Pin No.

Function

IRIG Output 1 +

IRIG Output 1 –

GND

IRIG Output 2 +

IRIG Output 2 –

IRIG Output 3 +

IRIG Output 3 –

GND

IRIG Output 4 +

IRIG Output 4 –

Table 5-14: 1204-22 terminal block pin-out

IRIG Output: Viewing Signal State

To quickly view if an IRIG output is enabled or disabled, go to the option card’s Status Summary panel. For instructions, see:

"Viewing an Input/Output Signal State" on page 337 .

IRIG Output: Edit Window

To configure an IRIG Output , go to its Edit window. For instructions, see:

"Configuring

Option Card Inputs/Outputs" on page 336

.

The Web UI list entries for these option cards are: IRIG Out BNC, IRIG Out Fiber, IRIG

Out RS-485 .

SecureSync 2400 User Manual 399

APPENDIX

400

The Edit window allows the configuration of the following settings:

Signature Control : Used to control when the IRIG modulation will be present. This function allows the modulation to stop under certain conditions; see also

"Signature

Control" on page 161 .

Format : Used to configure the desired IRIG output formatting. The available choices are:

IRIG A

IRIG B

IRIG G

IRIG E

NASA-36

Modulation : Changes the type of output signal modulation. The available choices are:

IRIG DCLS: TTL-modulated output

IRIG AM: Amplitude-modulated output. The amplitude of the output is determined by the value entered in the Amplitude field.

Frequency : The IRIG modulation frequency. This is determined by the configuration of Format and Modulation Type. See

"IRIG Carrier Frequencies" on page 546

for details.

SecureSync 2400 User Manual

APPENDIX

Coded Expression : Defines the data structure of the IRIG signal, where:

BCD = Binary Coded Decimal

TOY = Time of Year

CF = Control Field

SBS = Straight Binary Seconds

Note: The available options will vary according to the values of Format and

Modulation Type.

Control Function Field : IRIG signals have an optional section in the data stream that can be used to include additional information (such as the present year, for example). This field allows the Control Field section of the IRIG output to be defined.

The available configurations are:

Fields conform to RCC 200-04 : IRIG spec 200-04 specified a location for year value, if included in this field.

Fields conform to IEEC 37.118-2005 (IEEE 1344): Control Field contains year, leap second and daylight savings time information.

Fields conform to Spectracom Format : Year is included in Control Field but not in the same location as RCC-2004 output (year is offset by one position).

Fields conform to Spectracom FAA Format : A unique IRIG output Control

Field that contains satellite lock status and time error flags.

Fields conform to NASA Formats : Variants of IRIG B

Fields confirm to Spectracom IEEE C37.118-2005 : Has been extended to support one-month leap second notification

Note: The available options will vary according to the configurations of

Format and Modulation Type.

Timescale : Used to select the time base for the incoming time code data. The entered Timescale is used by the system to convert the time in the incoming data stream to UTC time for use by the System Time. The available choices are:

SecureSync 2400 User Manual 401

APPENDIX

UTC : Coordinated Universal Time ("temps universel coordonné"), also referred to as ZULU time

TAI : Temps Atomique International

GPS : The raw GPS time as transmitted by the GNSS satellites (as of 15-February-2021, this is 18 seconds ahead of UTC)

A local clock set up through the Time Management Page: This option will appear under the name of the local clock you have set up. See for more information. Local timescale allows a Local Clock to apply a time offset for

Time Zone and DST correction.

Amplitude : The peak-to-peak output voltage level into a 600 Ω load is adjusted by entering a digital control value in this field. The level adjustment has no effect on

TTL outputs, only on AM formats. The value of 128 will cause the Mark amplitude to be about 5V p-p into high impedance. A value of 200 results in an output amplitude of about 9V p-p into high impedance.

Note: These are nominal values only. Actual values will vary from unit to unit. To adjust the level precisely, connect an oscilloscope to the output connector when adjusting.

Offset : Provides the ability to account for IRIG cable delays or other latencies in the

IRIG input. The Offset value is entered and displayed in nanoseconds (ns). The available Offset range is -500 to +500 ms.

For IRIG frequency and output specifications, see

"IRIG Standards and Specifications" on page 546 .

For information on IRIG output resolution, see

"About the IRIG Output Resolution" on page 546 .

IRIG Output: Status Window

To view the specifications of an IRIG Output , go to its Status window. For instructions, see:

"Viewing Input/Output Configuration Settings" on page 334

.

The Web UI list entries for these option cards are: IRIG Out BNC, IRIG Out Fiber, IRIG

Out RS-485 .

402 SecureSync 2400 User Manual

APPENDIX

Descriptions of the settings shown in the Status window can be found

"IRIG Output: Edit

Window" on page 399

. For IRIG frequency and output specifications, see

"IRIG Standards and Specifications" on page 546

.

5.2.5.2

IRIG In/Out [1204-05, -27]

The IRIG Input/Output option card provides SecureSync with one IRIG input and two IRIG outputs. The IRIG input can be used as the primary SecureSync time and 1PPS reference input for synchronization. Or, it can also be used in conjunction with other primary references (such as GNSS and NTP) to synchronize SecureSync. Available with BNC or Fiber

Optic ST connectors.

IRIG In/Out, BNC [1204-05]: Input Specifications

Input Signal : IRIG A, B, G or NASA-36; amplitude modulated sine wave (AM) OR pulse-width-coded (DCLS); user-selectable, with automatic switching of load on input

AM Carrier : IRIG B 1000 Hz, IRIG A 10 kHz and G 100 kHz

AM Signal Level : 500 mV to 10 V p-p

(modulated 2:1 to 6:1); 50 Ω load

SecureSync 2400 User Manual 403

APPENDIX

DCLS Signal Level : TTL; 0.8V max., 2.3V min fail.; >10 kΩ load

Connector : AM and DCLS: BNC female

Accuracy : n/a

Number of Cards : Up to 6

Ordering Information : 1204-05, IRIG module, BNC Connector

IRIG In/Out, BNC [1204-05]: Output Specifications

Output Signal : IRIG A, B, G, E or NASA-36, amplitude modulated sine wave (AM),

0.5V to 6V p-p into 50 Ω; or pulse-width-coded (DCLS). User-selectable.

AM Carrier : IRIG B 1000 Hz, IRIG A and G 100 or 100

AM Signal Level : 500 mV to 10 V p-p

[high Z]; (modulated 2:1 to 6:1).

DCLS Signal Level : >10 kΩ TTL

Connector : AM and DCLS: BNC female

Accuracy : see

"IRIG Output Accuracy Specifications" on page 562

Number of Cards : Up to 6

Ordering Information : 1204-05, IRIG module, BNC Connector

404

Figure 5-36: Model 1204-05 option card rear plate

IRIG In/Out, Fiber Opt. [1204-27]: Input Specifications

Signal : IRIG A, B, G or NASA-36, (DCLS only, unmodulated)

Operating Wavelength : 820/850 nm

Optical Minimum Sensitivity : -25 dBm @ 820 nm

Fiber Optic Compatibility : 50/125  μ m, 62.5/125  μ m multi-mode cable

Optical Connector : ST

SecureSync 2400 User Manual

Accuracy : n/a

Number of Cards : Up to 6

Ordering Information : 1204-27, IRIG module, Fiber Optic ST Connector

IRIG In/Out, Fiber Opt. [1204-27]: Output Specifications

Signal : IRIG A, B, E, G or NASA-36, (DCLS only, unmodulated)

Operating Wavelength : 820/850 nm

Optical Power : -15 dBm average into 50/125 fiber

Fiber Optic Compatibility : 50/125  μ m, 62.5/125  μ m multi-mode cable

Optical Connector : ST

Accuracy : see

"IRIG Output Accuracy Specifications" on page 562

Number of Cards : Up to 6

Ordering Information : 1204-27, IRIG module, Fiber Optic ST Connector

APPENDIX

Figure 5-37: Model 1204-27 option card rear plate

Supported IRIG Formats

The IRIG option cards models 1204-05 and -27 support IRIG input and output formats A, B, and G (DCLS and AM). Additionally, the cards support inputs with frequency/resolution values of no carrier/index count interval, 1kHz/1ms, 10 kHz/0.1 ms, and 100 kHz/10 ms, as well as IRIG input coded expressions of the fields BCD

TOY

, CF, SBS, and BCD

YEAR

.

The IRIG inputs support the following coded expression combinations for BCD

TOY

, CF,

SBS, and BCD

YEAR fields:

0 – BCD

TOY

, CF, SBS

1 – BCD

TOY

, CF

2 – BCD

TOY

3 – BCD

TOY

, SBS

SecureSync 2400 User Manual 405

APPENDIX

A130

A131

A132

A133

A134

A135

A136

A137

B-DCLS

A000

A001

A002

A003

A004

A005

A006

A007

A-AM

B000

B001

4 – BCD

TOY

, BCD

YEAR

, CF, SBS

5 – BCD

TOY

, BCD

YEAR

, CF

6 - BCD

TOY

, BCD

YEAR

7 - BCD

TOY

, BCD

YEAR

, SBS

The cards support synchronization with the following analog and DCLS IRIG input formats:

Provided

IRIG Code Format

A-DCLS

Code Description

IRIG A, DCLS, BCD

TOY

, CF, SBS

IRIG A, DCLS, BCD

TOY

, CF

IRIG A, DCLS, BCD

TOY

IRIG A, DCLS, BCD

TOY

, SBS

IRIG A, DCLS, BCD

TOY

, BCD

YEAR

, CF, SBS

IRIG A, DCLS, BCD

TOY

, BCD

YEAR

, CF

IRIG A, DCLS, BCD

TOY

, BCD

YEAR

IRIG A, DCLS, BCD

TOY

, BCD

YEAR

, SBS

IRIG A, AM, 10kHz, BCD

TOY

, CF, SBS

IRIG A, AM, 10kHz, BCD

TOY

, CF

IRIG A, AM, 10kHz, BCD

TOY

IRIG A, AM, 10kHz, BCD

TOY

, SBS

IRIG A, AM, 10kHz, BCD

TOY

, BCD

YEAR

, CF, SBS

IRIG A, AM, 10kHz, BCD

TOY

, BCD

YEAR

, CF

IRIG A, AM, 10kHz, BCD

TOY

, BCD

YEAR

IRIG A, AM, 10kHz, BCD

TOY

, BCD

YEAR

, SBS

IRIG B, DCLS, BCD

TOY

, CF, SBS

IRIG B, DCLS, BCD

TOY

, CF

406 SecureSync 2400 User Manual

APPENDIX

Provided

IRIG Code Format

B002

B003

B004

B005

B006

B007

B-AM

Code Description

IRIG B, DCLS, BCD

TOY

IRIG B, DCLS, BCD

TOY

, SBS

IRIG B, DCLS, BCD

TOY

, BCD

YEAR

, CF, SBS

IRIG B, DCLS, BCD

TOY

, BCD

YEAR

, CF

IRIG B, DCLS, BCD

TOY

, BCD

YEAR

IRIG B, DCLS, BCD

TOY

, BCD

YEAR

, SBS

B120

B121

B122

B123

B124

B125

B126

B127

IRIG B, AM, 1kHz, BCD

TOY

, CF, SBS

IRIG B, AM, 1kHz, BCD

TOY

, CF

IRIG B, AM, 1kHz, BCD

TOY

IRIG B, AM, 1kHz, BCD

TOY

, SBS

IRIG B, AM, 1kHz, BCD

TOY

, BCD

YEAR

, CF, SBS

IRIG B, AM, 1kHz, BCD

TOY

, BCD

YEAR

, CF

IRIG B, AM, 1kHz, BCD

TOY

, BCD

YEAR

IRIG B, AM, 1kHz, BCD

TOY

, BCD

YEAR

, SBS

E-DCLS (output only)

E000

E001

E002

E003

E004

E005

E006

E007

IRIG E, DCLS, BCD

TOY

, CF, SBS

IRIG E, DCLS, BCD

TOY

, CF

IRIG E, DCLS, BCD

TOY

IRIG E, DCLS, BCD

TOY

, SBS

IRIG E, DCLS, BCD

TOY

, BCD

YEAR

, CF, SBS

IRIG E, DCLS, BCD

TOY

, BCD

YEAR

, CF

IRIG E, DCLS, BCD

TOY

, BCD

YEAR

IRIG E, DCLS, BCD

TOY

, BCD

YEAR

, SBS

E-AM (output only)

E110

E111

IRIG E, AM, 100 Hz, BCD

TOY

, CF, SBS

IRIG E, AM, 100 Hz, BCD

TOY

, CF

SecureSync 2400 User Manual 407

APPENDIX

G001

G002

G005

G006

G-AM

G141

G142

G145

G146 

NASA-36

NASA-36

NASA-36

Provided

IRIG Code Format

E122

E123

E124

E125

E126

E127

E112

E113

E114

E115

E116

E117

E120

E121

G-DCLS

Code Description

IRIG E, AM, 100 Hz, BCD

TOY

IRIG E, AM, 100 Hz, BCD

TOY

, SBS

IRIG E, AM, 100 Hz, BCD

TOY

, BCD

YEAR

, CF, SBS

IRIG E, AM, 100 Hz, BCD

TOY

, BCD

YEAR

, CF

IRIG E, AM, 100 Hz, BCD

TOY

, BCD

YEAR

IRIG E, AM, 100 Hz, BCD

TOY

, BCD

YEAR

, SBS

IRIG E, AM, 100 Hz, BCD

TOY

, CF, SBS

IRIG E, AM, 1 kHz, BCD

TOY

, CF

IRIG E, AM, 1 kHz, BCD

TOY

IRIG E, AM, 1 kHz, BCD

TOY

, SBS

IRIG E, AM, 1 kHz, BCD

TOY

, BCD

YEAR

, CF, SBS

IRIG E, AM, 1 kHz, BCD

TOY

, BCD

YEAR

, CF

IRIG E, AM, 1 kHz, BCD

TOY

, BCD

YEAR

IRIG E, AM, 1 kHz, BCD

TOY

, BCD

YEAR

, SBS

IRIG G, DCLS, BCD

TOY

, CF

IRIG G, DCLS, BCD

TOY

IRIG G, DCLS, BCD

TOY

, BCD

YEAR

, CF

IRIG G, DCLS, BCD

TOY

, BCD

YEAR

IRIG G, AM, 100kHz, BCD

TOY

, CF

IRIG G, AM, 100kHz, BCD

TOY

IRIG G, AM, 100kHz, BCD

TOY

, BCD

YEAR

, CF

IRIG G, AM, 100kHz, BCD

TOY

, BCD

YEAR

NASA-36, AM, 1 msec

NASA-36, DCLS, 10 msec

408 SecureSync 2400 User Manual

APPENDIX

Table 5-15: Accepted IRIG reference formats

IRIG Output: Signal State

To quickly view if an IRIG output is enabled, or disabled, navigate to the option card’s

Status Summary panel. For instructions, see:

"Viewing an Input/Output Signal State" on page 337 .

IRIG Input: Edit Window

To configure the IRIG Input (also referred to as ‘Reference’), navigate to its Edit window.

For instructions, see:

"Configuring Option Card Inputs/Outputs" on page 336 .

The Web UI list entries for these cards are: IRIG In/Out BNC and IRIG In/Out Fiber .

The connector number is: J1.

The Edit window allows the configuration of the following settings:

Format : Sets the formatting of the IRIG input signal, as defined by the IRIG generator time source. The available choices are:

IRIG A

IRIG B

SecureSync 2400 User Manual 409

APPENDIX

410

IRIG G

NASA-36

Modulation Type : Configures the type of input signal modulation. The choices are:

IRIG DCLS—A TTL (Phase) modulated signal.

IRIG AM—An amplitude modulated signal.

Frequency : The IRIG modulation frequency. This is determined by the configuration of Format and Modulation Type. See

"IRIG Carrier Frequencies" on page 546

for details.

Coded Expression —Defines the data structure of the IRIG signal, where:

BCD = Binary Coded Decimal

TOY = Time of Year

CF = Control Field

SBS = Straight Binary Seconds

The available options will vary according to the configurations of Format and

Modulation Type.

Control Function Field : IRIG signals have an optional section in the data stream that can be used to include additional information (such as the present year, for example). This field allows the Control Field section of the IRIG output to be defined.

The available configurations are:

Fields conform to RCC 200-04 : IRIG spec 200-04 specified a location for year value, if included in this field.

Fields conform to IEEC 37.118-2005 (IEEE 1344): Control Field contains year, leap second and daylight savings time information.

Fields conform to Spectracom Format : Year is included in Control Field but not in the same location as RCC-2004 output (year is offset by one position).

Fields conform to Spectracom FAA Format : A unique IRIG output Control

Field that contains satellite lock status and time error flags.

Fields conform to NASA Formats : Variants of IRIG B

Fields confirm to Spectracom IEEE C37.118-2005 : Has been extended to support one-month leap second notification

The available options will vary according to the configurations of Format and Modulation Type.

SecureSync 2400 User Manual

APPENDIX

Note: If the Format value is changed, the Control Field and Coded Expression change to the default values for the given Format value. The user can only change the Control Field field and Coded Expression field to allowed values for the Format field.

It is recommended that the SecureSync administrator/operator only use this if they do not know what the IRIG Input Format is, and they wish to identify the signal type, or to determine if a signal is present.

Local Clock : The incoming IRIG input time information may be provided as local time, but System Time may be configured as UTC time, so internal computations need to be performed. With the Timescale field set to “Local”, select the name of a previously created Local Clock. The Time Zone and DST rules, as configured in the

Local Clock will be applied to the front panel time display.

Offset : Provides the ability to account for IRIG cable delays or other latencies in the

IRIG input. The Offset value is entered and displayed in nanoseconds (ns). The available Offset range is -500 to +500 ms.

Configuring the IRIG Input Year

The IRIG time source may be able to provide SecureSync with the current year information via the IRIG input data stream. As the year value is not a required field in the IRIG data stream, (and if the year value is present, it may not always be in the same location of the

Control Field), if the year value is contained in the control field section of the IRIG data stream, the control field “layout” needs to be defined in SecureSync (as determined by the

Coded Expressions and Control Field values). If the year value is not present in the IRIG input signal, the year value will need to be manually set in SecureSync when using IRIG input as the only input Time reference.

Note: By default, the “year” fields in the IRIG message are ignored and a user-defined value is used.

SecureSync 2400 User Manual 411

APPENDIX

Note: By default, the “year” fields in the IRIG message are ignored and a user-defined value is used. Make sure the year is set correctly when the

SecureSync is installed. If the year is not set correctly before NTP achieves time synchronization, it will use the value entered. The unit will also default to the year entered if it is powered down during the rollover of the year. If the SecureSync was not switched on during the rollover, this value must be updated.

Note: When the IRIG Input year is updated, NTP must be restarted from the Web UI NTP page (or the SecureSync unit rebooted) for the New Year value to take effect.

The current year value can be manually entered from the MANAGEMENT/OTHER/Time

Management page. The year value only needs to be manually entered once, as it will automatically increment to the next year each New Year’s day. See

"System Time" on page 168

for instructions on how to set the current year manually.

Verifying IRIG Input Signal Validity

See:

"Verifying the Validity of an Input Signal" on page 338

.

IRIG Input: Status Window

To view the current settings of the IRIG Input (also referred to as ‘Reference’), go to its

Status window. For instructions, see:

"Viewing Input/Output Configuration Settings" on page 334 .

The Web UI list entries for these cards are: IRIG In/Out BNC and IRIG In/Out Fiber . The connector number is: J1.

412 SecureSync 2400 User Manual

APPENDIX

The Status window displays the following settings:

Reference ID : If you have only one IRIG card installed, SecureSync will number that card 0 and it will be identified as irg0. Additional cards will be numbered irg1 or above.

Validity : If the IRIG input is not present, or is not considered valid and qualified, the

“1PPS Validity” and “Time Validity” fields will be considered “Not Valid” (Orange).

Once the IRIG input has been supplied and the signal is considered valid and qualified, the two indicators will then turn “Valid” (Green).

Format : Identifies the formatting of the IRIG input signal, as defined by the IRIG generator time source. The possible values are:

IRIG A

IRIG B

IRIG G

NASA-36

Modulation Type : Identifies the type of input signal modulation. The possible values are:

IRIG DCLS—A TTL (Phase) modulated signal.

IRIG AM—An amplitude modulated signal.

Frequency—The IRIG modulation frequency. This is determined by the configuration of Format and Modulation Type. See also:

"IRIG Carrier Frequencies" on page 546

.

SecureSync 2400 User Manual 413

APPENDIX

Coded Expression : Defines the data structure of the IRIG signal, where:

BCD = Binary Coded Decimal

TOY = Time of Year

CF = Control Field

SBS = Straight Binary Seconds

Message : The IRIG message.

IRIG Output: Edit Window

To configure the settings of one of the two IRIG Outputs , go to its Edit window. For instructions, see:

"Configuring Option Card Inputs/Outputs" on page 336 .

The Web UI list entries for these cards are: IRIG In/Out BNC and IRIG In/Out Fiber .

The connector numbers are: J2 and J3.

414

The Edit window allows the configuration of the following settings:

Signature Control : Is used to control when the IRIG modulation will be present.

This function allows the modulation to stop under certain conditions; see also

"Signature Control" on page 161

.

Format : Used to configure the desired IRIG output formatting. The available choices are:

IRIG A

IRIG B

SecureSync 2400 User Manual

APPENDIX

IRIG G

IRIG E

NASA-36

Modulation : Changes the type of output signal modulation. The available choices are:

IRIG DCLS—A TTL-modulated output.

IRIG AM-–An amplitude modulated output. The amplitude of the output is determined by the value entered in the Amplitude field.

Frequency—The IRIG modulation frequency. This is determined by the configuration of Format and Modulation Type. See also

"IRIG Carrier Frequencies" on page 546

.

Coded Expression : Defines the data structure of the IRIG signal, where:

BCD = Binary Coded Decimal

TOY = Time of Year

CF = Control Field

SBS = Straight Binary Seconds

The available options will vary according to the values of Format and Modulation Type.

Control Function Field : IRIG signals have an optional section in the data stream that can be used to include additional information (such as the present year, for example). This field allows the Control Field section of the IRIG output to be defined.

The available configurations are:

Fields conform to RCC 200-04 : IRIG spec 200-04 specified a location for year value, if included in this field.

Fields conform to IEEC 37.118-2005 (IEEE 1344): Control Field contains year, leap second and daylight savings time information.

Fields conform to Spectracom Format : Year is included in Control Field but not in the same location as RCC-2004 output (year is offset by one position).

Fields conform to Spectracom FAA Format : A unique IRIG output Control

Field that contains satellite lock status and time error flags.

Fields conform to NASA Formats : Variants of IRIG B

SecureSync 2400 User Manual 415

APPENDIX

Fields confirm to Spectracom IEEE C37.118-2005 : Has been extended to support one-month leap second notification

The available options will vary according to the configurations of Format and Modulation Type.

Timescale : Used to select the time base for the incoming time code data. The entered Timescale is used by the system to convert the time in the incoming data stream to UTC time for use by the System Time. The available choices are:

UTC —Coordinated Universal Time ("temps universel coordonné"), also referred to as ZULU time

TAI —Temps Atomique International

GPS —The raw GPS time as transmitted by the GNSS satellites (as of 15-

February-2021, this is 18 seconds ahead of UTC time).

A local clock set up through the Time Management Page—This option will appear under the name of the local clock you have set up. See

"Local Clock

(s), DST" on page 179

for more information. Local timescale allows a Local

Clock to apply a time offset for Time Zone and DST correction.

Amplitude : The peak-to-peak output voltage level into a 600 Ω load is adjusted by entering a digital control value in this field. The level adjustment has no effect on

TTL outputs, only on AM formats. The value of 128 will cause the Mark amplitude to be about 5V p-p of about 9V p-p into high impedance. A value of 200 results in an output amplitude into high impedance.

Note: These are nominal values only. Actual values will vary from unit to unit. To adjust the level precisely, connect an oscilloscope to the output connector when adjusting.

Offset : Provides the ability to account for IRIG cable delays or other latencies in the

IRIG input. The Offset value is entered and displayed in nanoseconds (ns). The available Offset range is -500 to +500 ms.

For IRIG frequency and output specifications, see

"IRIG Standards and Specifications" on page 546 .

IRIG Output: Status Window

To view the current settings of one of the IRIG Outputs , go to its Status window. For instructions, see:

"Viewing Input/Output Configuration Settings" on page 334 .

416 SecureSync 2400 User Manual

APPENDIX

The Web UI list entries for these cards are: IRIG In/Out BNC and IRIG In/Out Fiber . The connector numbers are: J2 and J3.

The Status window displays the following settings:

Signature Control : is used to control when the IRIG modulation will be present.

This function allows the modulation to stop under certain conditions; see also

"Signature Control" on page 161

.

Format : Used to configure the desired IRIG output formatting. The possible values are:

IRIG A

IRIG B

IRIG G

IRIG E

NASA-36

Modulation : Changes the type of output signal modulation. The possible values are:

IRIG DCLS—A TTL-modulated output.

IRIG AM-–An amplitude modulated output. The amplitude of the output is determined by the value entered in the Amplitude field.

Frequency—The IRIG modulation frequency. This is determined by the configuration of Format and Modulation Type. See also:

"IRIG Carrier Frequencies" on page 546

.

SecureSync 2400 User Manual 417

APPENDIX

Coded Expression : Defines the data structure of the IRIG signal, where:

BCD = Binary Coded Decimal

TOY = Time of Year

CF = Control Field

SBS = Straight Binary Seconds

The possible values will vary according to the values of Format and Modulation Type

Message : The IRIG message of the output.

For IRIG frequency and output specifications, see

"IRIG Standards and Specifications" on page 546 .

5.2.5.3

STANAG Out [1204-11, -25]

The STANAG Output option card models 1204-11 and 1204-25 provide (2) configurable

STANAG outputs and (1) 1PPS output for the SecureSync platform.

STANAG Out [1204-11, -25]: Specifications

Outputs : (2) STANAG Outputs, (1) 1PPS Output

Signal Type and Connector : 5V or 10 V or RS-485 level (user selectable) for

STANAG and 1PPS output. DB-25 connector.

Formats Supported :

STANAG 4246 HAVE QUICK I

STANAG 4246 HAVE QUICK II

STANAG 4372 HAVE QUICK IIA

STANAG 4430 Extended HAVE QUICK

STANAG 4430 Standard Time Message (STM)

ICD-GPS-060A BCD Time Code

ICD-GPS-060A HAVE QUICK

DOD-STD-1399 BCD Time Code

Programmable Pulse Width (1PPS Output): 100 ns to 500 ms with 20 ns resolution

418 SecureSync 2400 User Manual

Accuracy : ±50 ns (1 σ )

Maximum Number of Cards : 6

Ordering Information : 1204-11 (for non-isolated board); 1204-25 (for isolated board)

APPENDIX

Figure 5-38: Model 1204-11 option card rear plate

Figure 5-39: Model 1204-25 option card rear plate

Pin Assignments

Pin No.

Signal

7

8

5

6

9

3

4

1

2

Function Pin No.

GND Ground 14

TOD1+ TOD1 RS-485+ Out 15

NC 16

TOD2+ TOD2 RS-485+ Out 17

NC

GND

GND

NC

-

Ground

Ground

-

18

19

20

21

1PPS+ 1PPS RS-485+ Out 22

Signal Function

TOD1TOD1 RS-485- Out

NC -

NC -

TOD2- TOD2 RS-485- Out

NC

NC

-

5 MHz Out (1204-11 Only)

NC -

1PPS1PPS RS-485- Out

NC -

SecureSync 2400 User Manual 419

APPENDIX

10

11

12

13

Pin No.

Signal Function Pin No.

Signal

TFD Time Fault Discrete 23

TOD1 TOD1 TTL Out 24

GND Ground

TOD2 TOD2 TTL Out

25

GND

1PPS

GND

Ground

Function

1PPS TTL Out

Ground

Table 5-16: Models 1204-11, -25: DB-25 pin-out

STANAG Output: Edit Window

To configure a STANAG output , go to its Edit window. For instructions, see:

"Configuring

Option Card Inputs/Outputs" on page 336

.

The Web UI list entries for these cards are: STANAG Out and STANAG Out, Isolated .

The outputs are named: Stanag HQ Output [number] .

Note: SecureSync starts numbering I/O ports with 0 (only 1PPS and

10 MHz outputs start at 1, because of the built-in outputs).

420

The Edit window allows the configuration of the following settings:

SecureSync 2400 User Manual

APPENDIX

Under General Settings :

Level of Single-ended Signals : 10 V or 5V can be selected for the TOD 1 and 1PPS

Output.

Generate Time Fault Discrete (TFD) :

Enabled: The TFD signal uses the “Threshold to activate” value to provide the level of TFD.

Disabled: The TFD signal is always valid.

Threshold to activate TFD : If the TFD is activated, the user can select the TFOM value threshold. Below this value, the TFD is high, otherwise the TFD is low.

Generate Bit Synchronization (BS) :

Enabled : The second STANAG signal (TOD 2) is used to send the BS (Bit

Stream) signal used with STANAG 4430-STM. When BS is active, the configuration of TOD 2 is superseded and only used for BS.

Disabled : The second STANAG signal (TOD 2) can be used to send an independent TOD.

Timescale : Used to select the time base for the incoming time code data. The entered Timescale is used by the system to convert the time in the incoming data stream to UTC time for use by the System Time. The available choices are:

UTC —Coordinated Universal Time ("temps universel coordonné"), also referred to as ZULU time

TAI —Temps Atomique International

GPS —The raw GPS time as transmitted by the GNSS satellites (as of 15-

February-2021, this is 18 seconds ahead of UTC time)

A local clock set up through the Time Management Page—Refer to

"The

Time Management Screen" on page 166

for more information on how to configure and read the System Time. Local timescale allows a Local Clock to apply a time offset for Time Zone and DST correction.

The incoming input time information may be provided as local time, but System Time may be configured as UTC time, so internal computations need to be performed. With the

Timescale field set to “Local”, select the name of a previously created Local Clock. The

Time Zone and DST rules, as configured in the Local Clock will be applied to the front panel time display. Refer to for more information on Local Clocks.

Configurable settings for each Time of Day are:

SecureSync 2400 User Manual 421

APPENDIX

Signature Control : Used to control when the signal will be present. This function allows the modulation to stop under certain conditions, see also

"Signature Control" on page 161

.

TOD Format : The user-selectable format to be used. Available formats include:

STANAG 4246 HQI

STANAG 4246 HQII

STANAG 4372 HQIIA

STANAG 4430 STM

STANAG 4430 XHQ

ICD-GPS-060A BCD

ICD-GPS-060A HQ

DOD-STD-1399 BCD

Electrical Format : Selects signaling on either RS-485 or TTL (supporting up to 10

V levels) signal lines.

Time Scale : Used to set the desired time scale (UTC, TAI, GPS, or Local). See above.

Offset (ns) : Provides the ability to account for STANAG Line (TOD1 and TOD2 independently) cable delays or other latencies in the STANAG output. Available Offset range is –500 to +500 ms in 5ns steps.

Configurable settings under 1PPS Output are:

PPS Signature Control : Used to control when the signal will be present. This function allows the modulation to stop under certain conditions, see also

"Signature Control" on page 161

.

PPS Offset (ns) : Used to account for 1PPS cable delays or other latencies in the

1PPS output. Available Offset range is –500 to +500 ms in 5ns steps.

PPS Edge : The operator can select if the output signal is a rising or falling edge pulse.

PPS Pulse Width : Configures the Pulse Width of the 1PPS output. The Pulse Width is entered and displayed in nanoseconds (the default Pulse Width is 200 ms).

PPS Electrical Format : Selects signaling on either RS-485 or TTL (supporting up to 10 V levels) signal lines.

422 SecureSync 2400 User Manual

APPENDIX

STANAG Output: Status Window

To view the current settings of a STANAG Output , go to its Status window. For instructions, see:

"Viewing Input/Output Configuration Settings" on page 334

.

The Web UI list entries for these cards are: STANAG Out and STANAG Out, Isolated .

The outputs are named: Stanag HQ Output [number] .

The Status window displays the following settings:

Under General Status :

Level of Single-ended Signals : 10 V or 5V will be indicated for the TOD 1 and 1PPS

Output.

Generate Time Fault Discrete (TFD) :

Enabled : The TFD signal uses the “Threshold to activate” value to provide the level of TFD.

Disabled : The TFD signal is always valid.

Threshold to activate TFD : If the TFD is activated, indicates the TFOM value threshold. Below this value, the TFD is high, otherwise the TFD is low.

Generate Bit Synchronization (BS) :

Enabled : The second STANAG signal (TOD 2) is used to send the BS (Bit

Stream) signal used with STANAG 4430-STM. When BS is active, the configuration of TOD 2 is superseded and only used for BS.

SecureSync 2400 User Manual 423

APPENDIX

Disabled : The second STANAG signal (TOD 2) can be used to send an independent TOD.

Timescale : Indicates the time base for the incoming time code data. The entered

Timescale is used by the system to convert the time in the incoming data stream to

UTC time for use by the System Time. The available choices are:

UTC —Coordinated Universal Time ("temps universel coordonné"), also referred to as ZULU time

TAI —Temps Atomique International

GPS —The raw GPS time as transmitted by the GNSS satellites (as of 15-

February-2021, this is 18 seconds ahead of UTC time).

A local clock set up through the Time Management Page—Refer to

"The

Time Management Screen" on page 166

for more information on how to configure and read the System Time. Local timescale allows a Local Clock to apply a time offset for Time Zone and DST correction.

The incoming input time information may be provided as local time, but System Time may be configured as UTC time, so internal computations need to be performed. With the

Timescale field set to “Local”, select the name of a previously created Local Clock. The

Time Zone and DST rules, as configured in the Local Clock will be applied to the front panel time display. Refer to for more information on Local Clocks.

For each Time of Day the following settings are displayed:

Signature Control : Indicates when the signal is present. This function allows the modulation to stop under certain conditions, see

"Signature Control" on page 161

.

TOD Format : The user-selectable format being used. Available formats include:

STANAG 4246 HQI

STANAG 4246 HQII

STANAG 4372 HQIIA

STANAG 4430 STM

STANAG 4430 XHQ

ICD-GPS-060A BCD

ICD-GPS-060A HQ

DOD-STD-1399 BCD

424 SecureSync 2400 User Manual

APPENDIX

Electrical Format : Selects signaling on either RS-485 or TTL (supporting up to

10 V levels) signal lines.

Time Scale : Used to set the desired time scale (UTC, TAI, GPS, or Local). See above.

Offset (ns) : Provides the ability to account for STANAG Line (TOD1 and TOD2 independently) cable delays or other latencies in the STANAG output. Available Offset range is –500 to +500 ms in 5ns steps.

STANAG TFOM : The Time Figure of Merit for the output.

Under 1PPS Output , the following settings are displayed:

PPS Signature Control : Indicates whether the signal will be present. This function allows the modulation to stop under certain conditions, see

"Signature Control" on page 161 .

PPS Offset (ns) : Used to account for 1PPS cable delays or other latencies in the

1PPS output. Available Offset range is –500 to +500 ms in 5ns steps.

PPS Edge : Indicates whether the output signal is a rising or falling edge pulse.

PPS Pulse Width : Indicates the Pulse Width of the 1PPS output. The Pulse Width is entered and displayed in nanoseconds (the default Pulse Width is 200 ms).

PPS Electrical Format : Indicates signaling on either RS-485 or TTL (supporting up to 10 V levels) signal lines.

5.2.5.4

STANAG In [1204-1D, -24]

The STANAG Input option cards 1204-1D and 1204-24 STANAG provide (2) configurable

STANAG inputs and (1) 1PPS input for the SecureSync platform.

STANAG In [1204-1D, -24]: Specifications

Inputs : (2) STANAG Inputs, (1) 1PPS Input

Signal Type and Connector : TTL or RS-485 level (user selectable) for STANAG and 1PPS input. DB25.

Formats Supported :

STANAG 4246 HAVE QUICK I

STANAG 4246 HAVE QUICK II

STANAG 4372 HAVE QUICK IIA

SecureSync 2400 User Manual 425

APPENDIX

STANAG 4430 Extended HAVE QUICK

STANAG 4430 Standard Time Message (STM)

ICD-GPS-060A BCD Time Code

ICD-GPS-060A HAVE QUICK

DOD-STD-1399 BCD Time Code

Accuracy : 100 ns

Maximum Number of Cards : 6

Ordering Information : 1204-1D (for non-isolated board); 1204-24 (for isolated board)

Figure 5-40: Model 1204-1D option card rear plate

Figure 5-41: Model 1204-24 option card rear plate

Pin Assignments

Pin No.

Signal

3

4

1

2

GND

Function

Ground

Pin No.

14

TOD1+ TOD1 RS-485+ Input 15

NC 16

TOD2+ TOD2 RS-485+ Input 17

Signal

TOD1-

NC

NC

Function

TOD1 RS-485- Input

-

-

TOD2- TOD2 RS-485- Input

426 SecureSync 2400 User Manual

APPENDIX

Pin No.

Signal

9

10

11

12

13

7

8

5

6

Function Pin No.

NC

GND

GND

NC

-

Ground

Ground

-

1PPS+ 1PPS RS-485+ Input 22

TFD Time Fault Discrete 23

TOD1 TOD1 TTL Input

GND Ground

TOD2 TOD2 TTL Input

24

25

18

19

20

21

Signal Function

NC

NC

-

-

NC -

1PPS1PPS RS-485- Input

NC -

GND Ground

1PPS 1PPS TTL Input

GND Ground

Table 5-17: 1204-1D, 1204-24 option cards: DB-25 pin-outs

STANAG Input: Edit Window

To configure a STANAG Input (also referred to as ‘Reference’), go to its Edit window. For instructions, see:

"Configuring Option Card Inputs/Outputs" on page 336 .

The Web UI list entries for this card are: STANAG In and STANAG In, Isolated .

The inputs are named: Stanag HQ Input [number] .

The configurable settings are grouped under the following three tabs:

General Settings tab

SecureSync 2400 User Manual 427

APPENDIX

Use of Time Fault Discrete : There are two options:

Enabled : The TFD input signal is used to validate the STANAG input.

Disabled (default): The TFD input signal is ignored.

Use of Bit Synchronization (BS) : There are two options:

Enabled : The second STANAG input (TOD 2) is used to receive the BS (Bit

Stream) signal used with STANAG 4430-STM. When BS is active, the configuration of TOD2 is superseded and only used for BS.

Disabled : The second STANAG input (TOD 2) can be used to receive an independent TOD.

Timescale : Used to select the time base for the incoming time code data. The entered Timescale is used by the system to convert the time in the incoming data stream to UTC time for use by the System Time. The available choices are:

UTC : Coordinated Universal Time ("temps universel coordonné"), also referred to as ZULU time

TAI : Temps Atomique International

GPS : The raw GPS time as transmitted by the GNSS satellites (as of 15-February-2021, this is 18 seconds ahead of UTC time).

A local clock set up through the Time Management Page: Refer to

"The

Time Management Screen" on page 166

for more information on how to configure and read the System Time. Local timescale allows a Local Clock to apply a time offset for Time Zone and DST correction.

The incoming input time information may be provided as local time, but System Time may be configured as UTC time, so internal computations need to be performed. With the Timescale field set to “Local”, select the name of a previously created Local Clock. The Time Zone and DST rules, as configured in the Local Clock will be applied to the front panel time display. Refer to for more information on Local Clocks.

Reference Selection : Selects TOD 1 or TOD 2 (configured below) which TOD signal is used for synchronization.

Time of Day Settings tab

428 SecureSync 2400 User Manual

APPENDIX

For Time of Day 1 and Time of Day 2 (STANAG content supports two ToD streams).

ToD Format : The user-selectable format to be used. Available formats include:

STANAG 4246 HAVE QUICK I

STANAG 4246 HAVE QUICK II

STANAG 4372 HAVE QUICK IIA

STANAG 4430 Extended HAVE QUICK

STANAG 4430 Standard Time Message (STM)

ICD-GPS-060A BCD Time Code

ICD-GPS-060A HAVE QUICK

DOD-STD-1399 BCD Time Code

Electrical Type : Selects synchronization to either RS-485 or TTL (supporting up to

10 V levels) signal lines.

SecureSync 2400 User Manual 429

APPENDIX

Offset : Provides the ability to account for STANAG Line (TOD1 and TOD2 independently) cable delays or other latencies in the STANAG input. Available Offset range is –500 to +500 ms in 5ns steps.

TFOM Threshold : Under the STANAG protocol, the TFOM (Time Figure of Merit) threshold value can be utilized as a means to validate timing data based on the

TFOM. For more information on TFOM, see

"Configuring the Oscillator" on page 230 .

1PPS Input Settings tab

430

1PPS Offset : Used to account for 1PPS cable delays or other latencies in the 1PPS input. Available Offset range is –500 to +500 ms in 5ns steps

PPS Edge : The operator can select if the output signal is a rising or falling edge pulse.

PPS Electrical Format : Selects synchronization to either RS-485 or TTL (supporting up to 10 V levels) signal lines.

STANAG Input: Status Window

To view the current settings of a STANAG Input (also referred to as ‘Reference’), go to its

Status window. For instructions, see:

"Viewing Input/Output Configuration Settings" on page 334 .

The Web UI list entries for this card are: STANAG In and STANAG In, Isolated .

The inputs are named: Stanag HQ Input [number] .

SecureSync 2400 User Manual

APPENDIX

The Status window displays the following settings:

Under General Status:

Reference ID : This is the identifier given to the input by SecureSync.

Validity : Indicates the validity of the Time input and the PPS input. If the input signal is valid the indicator will be green. If the signal is not valid, the indicator will be orange.

SecureSync 2400 User Manual 431

APPENDIX

Use of Time Fault Discrete : There are two options:

Enabled : The TFD input signal is used to validate the STANAG input.

Disabled (default): The TFD input signal is ignored.

Time Fault Discrete State : If this is valid, the indicator will be green. If it is not valid, the indicator will be orange.

Use of Bit Synchronization (BS) : There are two options:

Enabled : The second STANAG input (TOD 2) is used to receive the BS (Bit

Stream) signal used with STANAG 4430-STM. When BS is active, the configuration of TOD2 is superseded and only used for BS.

Disabled : The second STANAG input (TOD 2) can be used to receive an independent TOD.

Reference Selection : Indicates which TOD signal is used for synchronization. This will be either TOD 1 or TOD 2.

The incoming input time information may be provided as local time, but System Time may be configured as UTC time, so internal computations need to be performed. With the

Timescale field set to “Local”, select the name of a previously created Local Clock. The

Time Zone and DST rules, as configured in the Local Clock will be applied to the front panel time display. Refer to for more information on Local Clocks.

Under Time of Day Inputs:

TOD Format : The user-selectable format being used. Available formats include:

STANAG 4246 HAVE QUICK I

STANAG 4246 HAVE QUICK II

STANAG 4372 HAVE QUICK IIA

STANAG 4430 Extended HAVE QUICK

STANAG 4430 Standard Time Message (STM)

ICD-GPS-060A BCD Time Code

ICD-GPS-060A HAVE QUICK

DOD-STD-1399 BCD Time Code

Electrical Type : Either RS-485 or TTL (supporting up to 10 V levels) signal lines.

Time Scale : Used to select the time base for the incoming time code data. The entered Timescale is used by the system to convert the time in the incoming data

432 SecureSync 2400 User Manual

APPENDIX stream to UTC time for use by the System Time. The available choices are:

UTC : Coordinated Universal Time ("temps universel coordonné"), also referred to as ZULU time

TAI : Temps Atomique International

GPS : The raw GPS time as transmitted by the GNSS satellites (as of 15-February-2021, this is 18 seconds ahead of UTC time).

A local clock can be set up through the Time Management Page; see

"Local

Clock(s), DST" on page 179

. Local timescale allows a Local Clock to apply a time offset for Time Zone and DST correction.

Offset : Provides the ability to account for STANAG Line (TOD1 and TOD2 independently) cable delays or other latencies in the STANAG input. Available Offset range is –500 to +500 ms in 5ns steps.

Stanag TFOM : The Time Figure of Merit for the input.

Under 1PPS Input:

1PPS Offset : Used to account for 1PPS cable delays or other latencies in the 1PPS input. The available Offset range is –500 to +500 ms in 5ns steps.

PPS Edge : Indicates whether the output signal is a rising or falling edge pulse.

PPS Electrical Format : Indicates whether the signal is synchronized to RS-485 or

TTL (supporting up to 10 V levels) signal lines.

5.2.5.5

HAVE QUICK Out [1204-10, -1B]

The HAVE QUICK option cards provide (4) HAVE QUICK outputs for the SecureSync platform.

HAVE QUICK Out, BNC [1204-10]: Specifications

Outputs : (4) HAVE QUICK

Signal Type and Connector : TTL levels (BNC)

Formats Supported :

STANAG 4246 HAVE QUICK I

STANAG 4246 HAVE QUICK II

STANAG 4372 HAVE QUICK IIA

SecureSync 2400 User Manual 433

APPENDIX

STANAG 4430 Extended HAVE QUICK

STANAG 4430 Standard Time Message (STM)

ICD-GPS-060A BCD Time Code

ICD-GPS-060A HAVE QUICK

DOD-STD-1399 BCD Time Code

Output Load Impedance : 10 kΩ

Start of Signal : <10 µs after 1PPS output

Programmable Phase Shift : ±20ns to 500 ms with 20ns resolution

Accuracy : ±50 ns (1 σ )

Maximum Number of Cards : 6

Ordering Information : 1204-10 HAVE QUICK outputs, BNC

Figure 5-42: Model 1204-10 option card rear plate

HAVE QUICK Out, RS-485 [1204-1B]: Specifications

Outputs : (4) HAVE QUICK outputs

Signal Type and Connector : RS-485 levels (terminal block)

Formats Supported :

STANAG 4246 HAVE QUICK I

STANAG 4246 HAVE QUICK II

STANAG 4372 HAVE QUICK IIA

STANAG 4430 Extended HAVE QUICK

STANAG 4430 Standard Time Message (STM)

ICD-GPS-060A BCD Time Code

434 SecureSync 2400 User Manual

ICD-GPS-060A HAVE QUICK

DOD-STD-1399 BCD Time Code

Output Load Impedance : 120 Ω

Start of Signal : <10 µs after 1PPS output

Programmable Phase Shift : ±5ns to 500 ms with 5ns resolution

Accuracy : ±50 ns (1 σ )

Maximum Number of Cards : 6

Ordering Information : 1204-1B HAVE QUICK outputs, RS-485

Figure 5-43: Model 1204-1B option card rear plate

Pin Assignments

Pin No.

7

8

5

6

3

4

1

2

9

10

Function

HAVE QUICK Output 1 +

HAVE QUICK Output 1 -

GND

HAVE QUICK Output 2 +

HAVE QUICK Output 2 -

HAVE QUICK Output 3 +

HAVE QUICK Output 3 -

GND

HAVE QUICK Output 4 +

HAVE QUICK Output 4 -

APPENDIX

SecureSync 2400 User Manual 435

APPENDIX

Table 5-18: 1204-1B terminal block pin-out

HAVE QUICK Output: Viewing Signal State

To quickly view if a HAVE QUICK Output is enabled or disabled, go to the option card’s

Status Summary panel. For instructions, see:

"Viewing an Input/Output Signal State" on page 337 .

HAVE QUICK Output: Edit Window

To configure a HAVE QUICK Output , go to its Edit window. For instructions, see:

"Configuring Option Card Inputs/Outputs" on page 336 .

The Web UI list entries for this card are: HAVE QUICK out, BNC and HAVE QUICK Out,

RS-485 .

The outputs are named: HQ Output [number] .

436

The Edit window allows the configuration of the following settings:

Signature Control : Signature Control is used to control when the HAVE QUICK modulation is present; see also

"Signature Control" on page 161

.

Format : Used to configure the formatting of the four available HAVE QUICK outputs. The available output formats are as follows:

STANAG 4246 HQ I

STANAG 4246 HQ II

STANAG 4372 HQ IIA

STANAG 4430 Ext HQ (Extended HAVE QUICK)

STANAG 4430 STM (Standard Time Message)

ICD-GPS-060A BCD

SecureSync 2400 User Manual

APPENDIX

ICD-GPS-060A HQ

DOD-STD-1399 BCD

Timescale : Used to select the time base for the incoming time code data. The entered Timescale is used by the system to convert the time in the incoming data stream to UTC time for use by the System Time. The available choices are:

UTC : Coordinated Universal Time ("temps universel coordonné"), also referred to as ZULU time

TAI : Temps Atomique International

GPS : The raw GPS time as transmitted by the GNSS satellites (as of 15-February-2021, this is 18 seconds ahead of UTC time)

A local clock set up through the Time Management Page: This option will appear under the name of the local clock you have set up. Refer to

"The Time

Management Screen" on page 166

for more information on how to configure and read the System Time. Local timescale allows a Local Clock to apply a time offset for Time Zone and DST correction.

The incoming input time information may be provided as local time, but System Time may be configured as UTC time, so internal computations need to be performed. With the

Timescale field set to “Local”, select the name of a previously created Local Clock. The

Time Zone and DST rules, as configured in the Local Clock will be applied to the front panel time display. See also .

Offset : Provides the ability to account for HAVE QUICK cable delays or other latencies in the HAVE QUICK outputs. The Offset values are entered in nanoseconds

(ns). The available Offset range is –500 to +500 ms.

HAVE QUICK Output: Status Window

To view the current settings of a HAVE QUICK Output , go to its Status window. For instructions, see:

"Viewing Input/Output Configuration Settings" on page 334 .

The Web UI list entries for this card are: HAVE QUICK out, BNC and HAVE QUICK Out,

RS-485 .

The outputs are named: HQ Output [number] .

SecureSync 2400 User Manual 437

APPENDIX

438

The Status window displays the following settings:

Signature Control : Signature Control is used to control when the HAVE QUICK modulation is present, see

"Signature Control" on page 161

.

Format : Used to configure the formatting of the four available HAVE QUICK outputs. The available output formats are as follows:

STANAG 4246 HQ I

STANAG 4246 HQ II

STANAG 4372 HQ IIA

STANAG 4430 Ext HQ (Extended HAVE QUICK)

STANAG 4430 STM (Standard Time Message)

ICD-GPS-060A BCD

ICD-GPS-060A HQ

DOD-STD-1399 BCD

Timescale : Used to select the time base for the incoming time code data. The entered Timescale is used by the system to convert the time in the incoming data stream to UTC time for use by the System Time. The available choices are:

UTC : Coordinated Universal Time ("temps universel coordonné"), also referred to as ZULU time

TAI : Temps Atomique International

GPS : The raw GPS time as transmitted by the GNSS satellites (as of 15-February-2021, this is 18 seconds ahead of UTC time)

A local clock set up through the Time Management Page: This option will appear under the name of the local clock you have set up. Refer to

"The Time

Management Screen" on page 166

for more information on how to configure and read the System Time. Local timescale allows a Local Clock to apply a time offset for Time Zone and DST correction.

SecureSync 2400 User Manual

APPENDIX

The incoming input time information may be provided as local time, but System Time may be configured as UTC time, so internal computations need to be performed. With the

Timescale field set to “Local”, select the name of a previously created Local Clock. The

Time Zone and DST rules, as configured in the Local Clock will be applied to the front panel time display. Refer to for more information on Local Clocks.

Offset : Provides the ability to account for HAVE QUICK cable delays or other latencies in the HAVE QUICK outputs. The Offset values are entered in nanoseconds

(ns). The available Offset range is –500 to +500 ms.

5.2.5.6

HAVE QUICK In/Out [1204-29]

The HAVE QUICK input/output option card 1204- 29 provides SecureSync with (1)

HAVE QUICK input and (3) HAVE QUICK outputs.

HAVE QUICK In/Out [1204-29]: Specifications

Inputs/Outputs : (1) HAVE QUICK input/(3) HAVE QUICK outputs

Signal Type and Connector : TTL levels (BNC)

Output Load Impedance : 10 kΩ

Start of Signal : <10 µs after 1PPS output

Programmable phase shift : ±5ns to 500 ms with 5ns resolution

Maximum Number of Cards : 6

Ordering Information : 1204-29: HAVE QUICK Input/Output

Figure 5-44: Model 1204-29 option card rear plate

HAVE QUICK Output: Viewing Signal State

To quickly view if a HAVE QUICK Output is enabled or disabled, go to the option card’s

Status Summary panel. For instructions, see:

"Viewing an Input/Output Signal State" on page 337 .

SecureSync 2400 User Manual 439

APPENDIX

HAVE QUICK Input: Edit Window

To configure the settings of the HAVE QUICK Input (also referred to as ‘Reference’), go to its Edit window. For instructions, see:

"Configuring Option Card Inputs/Outputs" on page 336 .

The Web UI list entry for this card is: HAVE QUICK In/Out .

The input is named: HQ Input [number] .

440

The Edit window allows the configuration of the following settings:

Format : Used to configure the formatting of the four available HAVE QUICK outputs. The available output formats are as follows:

STANAG 4246 HQ I

STANAG 4246 HQ II

STANAG 4430 STM

STANAG 4430 Ext HQ

ICD-GPS-060A BCD

ICD-GPS-060A HQ

DOD-STD-1399 BCD

Timescale : Used to select the time base for the incoming time code data. The entered Timescale is used by the system to convert the time in the incoming data stream to UTC time for use by the System Time. The available choices are:

UTC: Coordinated Universal Time ("temps universel coordonné"), also referred to as ZULU time

SecureSync 2400 User Manual

APPENDIX

TAI: Temps Atomique International

GPS: The raw GPS time as transmitted by the GNSS satellites (as of 15-February-2021, this is 18 seconds ahead of UTC time)

Offset: Provides the ability to account for HAVE QUICK cable delays or other latencies in the HAVE QUICK outputs. The Offset values are entered in nanoseconds (ns). The available Offset range is –500 to +500 ms.

HAVE QUICK Input: Status Window

To view the current settings of the HAVE QUICK Input (also referred to as ‘Reference’), go to its Status window. For instructions, see:

"Viewing Input/Output Configuration Settings" on page 334

.

The Web UI list entry for this card is: HAVE QUICK In/Out .

The input is named: HQ Input [number] .

The Status window displays the following settings:

Reference ID : Indicates the letters used in the Input Reference Priority table for this particular input reference.

Validity : [TIME, PPS] Indicates the validity of the Time input and the PPS input. If the input signal is valid the indicator will be green. If the signal is not valid, the indicator will be orange.

Format : Used to configure the formatting of the four available HAVE QUICK outputs. The available output formats are as follows:

SecureSync 2400 User Manual 441

APPENDIX

STANAG 4246 HQ I

STANAG 4246 HQ II

STANAG 4430 STM

STANAG 4430 Ext HQ

ICD-GPS-060A BCD

ICD-GPS-060A HQ

DOD-STD-1399 BCD

Timescale : Used to select the time base for the incoming time code data. The entered Timescale is used by the system to convert the time in the incoming data stream to UTC time for use by the System Time. The available choices are:

UTC : Coordinated Universal Time ("temps universel coordonné"), also referred to as ZULU time

TAI : Temps Atomique International

GPS : The raw GPS time as transmitted by the GNSS satellites (as of 15-February-2021, this is 18 seconds ahead of UTC time).

Offset : Provides the ability to account for HAVE QUICK cable delays or other latencies in the HAVE QUICK outputs. The Offset values are entered in nanoseconds

(ns). The available Offset range is –500 to +500 ms.

TFOM : The Time Figure of Merit for the input.

HAVE QUICK Output: Edit Window

To configure the settings of a HAVE QUICK Output , go to its Edit window. For instructions, see:

"Configuring Option Card Inputs/Outputs" on page 336 .

The Web UI list entry for this card is: HAVE QUICK In/Out .

Outputs are named: HQ Output [number] .

442 SecureSync 2400 User Manual

APPENDIX

The Edit window allows the configuration of the following settings:

Signature Control : Signature Control is used to control when the HAVE QUICK modulation is present, see

"Signature Control" on page 161

.

Format : Used to configure the formatting of the four available HAVE QUICK outputs. The available output formats are as follows:

STANAG 4246 HQ I

STANAG 4246 HQ II

STANAG 4372 HQ IIA

STANAG 4430 Ext HQ (Extended HAVE QUICK)

STANAG 4430 STM (Standard Time Message)

ICD-GPS-060A BCD

ICD-GPS-060A HQ

DOD-STD-1399 BCD

Timescale : Used to select the time base for the incoming time code data. The entered Timescale is used by the system to convert the time in the incoming data stream to UTC time for use by the System Time. The available choices are:

UTC : Coordinated Universal Time ("temps universel coordonné"), also referred to as ZULU time

TAI : Temps Atomique International

SecureSync 2400 User Manual 443

APPENDIX

GPS : The raw GPS time as transmitted by the GNSS satellites (as of 15-February-2021, this is 18 seconds ahead of UTC time).

A local clock set up through the Time Management Page: This option will appear under the name of the local clock you have set up. Refer to

"The Time

Management Screen" on page 166

for more information on how to configure and read the System Time. Local timescale allows a Local Clock to apply a time offset for Time Zone and DST correction.

The incoming input time information may be provided as local time, but System

Time may be configured as UTC time, so internal computations need to be performed. With the Timescale field set to “Local”, select the name of a previously created Local Clock. The Time Zone and DST rules, as configured in the Local Clock will be applied to the front panel time display. Refer to for more information on Local

Clocks.

Offset : Provides the ability to account for HAVE QUICK cable delays or other latencies in the HAVE QUICK outputs. The Offset values are entered in nanoseconds

(ns). The available Offset range is –500 to +500 ms.

HAVE QUICK Output: Status Window

To view the current settings of a HAVE QUICK Output , go to its Status window. For instructions, see:

"Viewing Input/Output Configuration Settings" on page 334 .

The Web UI list entry for this card is: HAVE QUICK In/Out .

Outputs are named: HQ Output [number] .

444

The Status window displays the following settings:

Signature Control : Signature Control is used to control when the HAVE QUICK modulation is present, see

"Signature Control" on page 161

.

Format : Used to configure the formatting of the four available HAVE QUICK outputs. The available output formats are as follows:

SecureSync 2400 User Manual

APPENDIX

STANAG 4246 HQ I

STANAG 4246 HQ II

STANAG 4372 HQ IIA

STANAG 4430 Ext HQ (Extended HAVE QUICK)

STANAG 4430 STM (Standard Time Message)

ICD-GPS-060A BCD

ICD-GPS-060A HQ

DOD-STD-1399 BCD

Timescale : Used to select the time base for the incoming time code data. The entered Timescale is used by the system to convert the time in the incoming data stream to UTC time for use by the System Time. The available choices are:

UTC : Coordinated Universal Time ("temps universel coordonné"), also referred to as ZULU time

TAI : Temps Atomique International

GPS : The raw GPS time as transmitted by the GNSS satellites (as of 15-February-2021, this is 18 seconds ahead of UTC time)

A local clock set up through the Time Management Page: This option will appear under the name of the local clock you have set up. Refer to

"The Time

Management Screen" on page 166

for more information on how to configure and read the System Time. Local timescale allows a Local Clock to apply a time offset for Time Zone and DST correction.

The incoming input time information may be provided as local time, but System Time may be configured as UTC time, so internal computations need to be performed. With the

Timescale field set to “Local”, select the name of a previously created Local Clock. The

Time Zone and DST rules, as configured in the Local Clock will be applied to the front panel time display. Refer to for more information on Local Clocks.

Offset : Provides the ability to account for HAVE QUICK cable delays or other latencies in the HAVE QUICK outputs. The Offset values are entered in nanoseconds

(ns). The available Offset range is –500 to +500 ms.

5.2.5.7

ASCII Time Code In/Out [1204-02, -04]

The ASCII Time Code Option Card, Model 1204-02 (RS-232) provides:

SecureSync 2400 User Manual 445

APPENDIX one male DB-9 RS-232 input connector (J2), and one female DB-9 RS-232 output connector (J1)

The ASCII Time Code Option Card, Model 1204-04 (RS-485) consists of one RS-485 input, and one RS-485 output, integrated in a shared terminal block connector.

The interfaces accept Asynchronous Serial signals including date and time information.

The input and output Data Formats are selected among predefined formats.

ASCII input

The ASCII input provides a serial data interface between an ASCII time generator (e.g., another SecureSync unit), serving as an input reference for Time and 1PPS in order to synchronize SecureSync (in conjunction with, or in lieu of, other available inputs, such as

GNSS and/or IRIG).

ASCII output

The ASCII output provides SecureSync with the ability to output one, two or three backto-back ASCII time code data streams that can be provided to peripheral devices which accept an ASCII RS-232 input data stream for either their external time synchronization or for data processing. See

"Time Code Data Formats" on page 519

for a description of all supported time code formats.

The RX signal on an output interface is used for triggering the output ASCII message output when a configured character is received from the peripheral device.

When SecureSync is configured to output only one format message (the second and third formats configured as “None”), the one configured message will be available on the output port as either a broadcast message or only upon a request character being received.

SecureSync has the ability to output one or two additional data stream messages immediately following the first message. In this configuration, only the first message determines the on-time point for the entire output string. The on-time points for the second and third messages that are provided at the same time as the first message are discarded. This unique capability allows SecureSync to be able to simultaneously provide multiple pieces of data from different selected format messages.

An example of selecting multiple formats is selecting “NMEA GGA” as the first format,

“NMEA RMC” as the second format and “NMEA ZDA” as the third format. Depending on the setting of the “Mode” field (which determines if the data streams are available every second or upon a request character being received), at the next second or the receipt of the next request character, the output port will provide the GGA message followed immediately by the corresponding RMC message for that same second, followed immediately by

446 SecureSync 2400 User Manual

APPENDIX the corresponding ZDA message for that same second. The first GGA message will provide the on-time point for the entire output data stream.

ASCII Time Code, RS-232 [1204-02]: Specifications

Inputs/Outputs : (1) Input, (1) Output

Signal Type and Connector :

Connector J1 — (RS-232 Output) RS-232 DB-9 F

Connector J2 –- (RS-232 Input) RS-232 DB-9 M

Accuracy : ±100…1000 µs (format dependent)

Maximum Number of Cards : 6

Ordering Information : 1204-02: ASCII Time Code Module (RS-232)

Figure 5-45: Model 1204-02 option card rear plate

Pin Assignments: OUTPUT connector J1

Figure 5-46: OUTPUT connector J1

SecureSync 2400 User Manual 447

APPENDIX

Table 5-19: Pin-out, OUTPUT connector "J1"

Pin Number

Signal Function Notes

Top row of 5 pins

8

9

6

7

1

2

3

4

5

PPS_OUT

SERIAL_

OUT_TX

SERIAL_IN_

RX

NC

GND

Bottom row of 4 pins

1PPS output

RS-232 Transmit data

TTL level on 50 Ω

Data output (ToD messages)

RS-232 Receive data

Data input into unit; use this to transmit commands to the unit)

No connection

Ground

NC

NC

NC

NC

No connection

No connection

No connection

No connection

Pin Assignments: INPUT connector J2

448

Figure 5-47: INPUT connector J2

Table 5-20: Pin-out, INPUT connector "J2"

Pin Number Signal Function

Top row of 5 pins

1 PPS_IN 1PPS input

Notes

SecureSync 2400 User Manual

APPENDIX

Pin Number Signal Function Notes

8

9

6

7

4

5

2

3

SERIAL_IN_RX RS-232 Receive data Data input into unit; ToD message

NC No Connection

NC

GND

No connection

Ground

Bottom row of 4 pins

NC

NC

NC

NC

No connection

No connection

No connection

No connection

ASCII Time Code, RS-485 [1204-04]: Specifications

Inputs/Outputs : (1) Input, (1) Output

Signal Type and Connector : (1) RS-485 terminal block for both Input and Output

Accuracy : ±100…1000 µs (format dependent)

Maximum Number of Cards : 6

Ordering Information : 1204-04 ASCII Time Code Module (RS-485)

Figure 5-48: Model 1204-04 option card rear plate

Pin Assignments

Table 5-21: Pin-out, RS-485 terminal block connector J1

Pin No.

Signal Function

1 (left) SERIALTX_RS485+ + RS-485 data output

SecureSync 2400 User Manual 449

APPENDIX

Pin No.

Signal Function

4

5

2

3

SERIALTX_RS485- RS-485 data output

GND Ground

PPS_OUT_RS485+ + 1PPS output

PPS_OUT_RS485- 1PPS output

8

9

6

7

SERIALRX_RS485+ + RS-485 data input

SERIALRX_RS485-

GND

PPS_IN_RS485+

10 (right) PPS_IN _RS485-

- RS-485 data input

Ground

+ 1PPS input

- 1PPS input

ASCII Time Code Input: Edit Window

To configure the ASCII Input (also referred to as ‘Reference’), go to its Edit window. For instructions, see:

"Configuring Option Card Inputs/Outputs" on page 336 .

The Web UI list entries for this card are: ASCII TIMECODE RS-232 and ASCII TIMECODE

RS-485 .

450 SecureSync 2400 User Manual

APPENDIX

The Input Edit window allows the configuration of the following settings:

Format Group : Determines the time code message format category (see also

"Time Code Data Formats" on page 519 .) Choices are:

Auto

Spectracom

NMEA

ICD-153

EndRun

Format : Once a Format Group has been selected, one or more Format fields may appear, allowing you to select one or more time code Formats . For detailed spe-

SecureSync 2400 User Manual 451

APPENDIX cifications and limitations on the supported time code formats, see

"Time Code Data

Formats" on page 519 .

Note: If Auto is chosen as the format group, the format will automatically be Auto-detect. SecureSync will attempt to identify the format of the incoming ASCII message.

Offset : Provides the ability to account for ASCII input cable delays or other latencies in the ASCII input. The Offset value is entered and displayed in nanoseconds (ns).

The available Offset range is –500 to +500 ms.

Timescale : Used to select the time base for the incoming ASCII time code data. The entered Timescale is used by the system to convert the time in the incoming ASCII data stream to UTC time for use by the System Time. The available choices are:

UTC : Coordinated Universal Time ("temps universel coordonné"), also referred to as ZULU time

TAI : Temps Atomique International

GPS : The raw GPS time as transmitted by the GNSS satellites (as of 15-February-2021, this is 18 seconds ahead of UTC time)

A local clock set up through the Time Management Page: This option will appear under the name of the local clock you have set up. Refer to

"The Time

Management Screen" on page 166

for more information on how to configure and read the System Time. Local timescale allows a Local Clock to apply a time offset for Time Zone and DST correction.

The incoming input time information may be provided as local time, but System Time may be configured as UTC time, so internal computations need to be performed. With the Timescale field set to “Local”, select the name of a previously created Local Clock. The Time Zone and DST rules, as configured in the Local Clock will be applied to the front panel time display. See for more information on Local Clocks.

452 SecureSync 2400 User Manual

APPENDIX

Note: The Timescale of the ASCII input (as configured in the ASCII time source) must be set correctly, especially if other input references are enabled. Failure to configure the Timescale of the ASCII input correctly could result in time jumps occurring in the System

Time when input reference changes occur. These time jumps could affect NTP and normal operation of the system.

PPS Source – choices are:

Message : The 1PPS on time point is extracted from the ASCII message received.

1PPS Pin : The origin of the 1PPS on-time-point is the 1PPS input connector.

Baud Rate : Determines the speed at which the input port will operate.

Data Bits : Defines the number of Data Bits for the input output.

Parity : Configures the parity checking of the input port.

Stop Bits : Defines the number of Stop Bits for the input port.

ASCII Time Code Output: Edit Window

To configure the ASCII Output , go to its Edit window. For instructions, see:

"Configuring

Option Card Inputs/Outputs" on page 336

.

The Web UI list entries for this card are: ASCII TIMECODE RS-232 and ASCII TIMECODE

RS-485 .

SecureSync 2400 User Manual 453

APPENDIX

454

The Output Edit window allows the configuration of the following settings:

Format Group – configures the message format type. Choices are:

None (no message will be output)

Spectracom

NMEA

BBC

ICD-153

EndRun

Once selected, the Format Group may offer a choice of Formats . For more information on supported Formats , see

"Time Code Data Formats" on page 519 .

Format 1 : Selects either the first of up to three, or the only format message to be output.

Format 2 : Selects the second consecutive format message to be outputted.

Select “None” if only one output format is desired. “None” will be the only choice available if Format 1 is “None.”

SecureSync 2400 User Manual

APPENDIX

Format 3 : Selects the third consecutive format message to be outputted.

Select “None” if only one output format is desired. “None” will be the only choice available if Format 2 is “None.”

Signature Control : Signature Control controls when the selected ASCII data output format will be present; see

"Signature Control" on page 161

.

Output Mode : This field determines when the output data will be provided. The available Mode selections are as follows:

Broadcast : The format messages are automatically sent out on authorized condition (Signature control), every second a message is generated in sync with the 1PPS.

Request (On-time) : A format message is generated in sync with 1PPS after the configured request character has been received.

Request (Immediate) : A format message is generated as soon as the request character is received. As this selection does not correlate the output data to the on-time point for the message, in Data Formats that do not provide sub-second information (such as Formats 0 and 1 whereas Format 2 provides sub-second information), it should be noted that the output data can be provided immediately, but a time error could occur when using the on-time point of the message in addition to the data for timing applications.

Note: The choices available in this field are determined by the choices of Format Group and Format.

Time Scale : Used to select the time base for the incoming data. The entered Timescale is used by the system to convert the time in the incoming data stream to UTC time for use by the System Time. The available choices are:

UTC : Coordinated Universal Time ("temps universel coordonné"), also referred to as ZULU time

TAI : Temps Atomique International

GPS : The raw GPS time as transmitted by the GNSS satellites (as of 15-February-2021, this is currently 18 seconds ahead of UTC time).

If GPS or TAI time is used, then the proper timescale offsets must be set on the

MANAGEMENT/OTHER/Time Management page. (See

"The Time Management

SecureSync 2400 User Manual 455

APPENDIX

Screen" on page 166

for more information on how to configure and read the System Time). Local timescale allows a Local Clock to apply a time offset for Time Zone and DST correction.

A Local Clock can be set up through the Time Management page: This option will appear under the name of the local clock you have set up. See for more information. Local timescale allows a Local Clock to apply a time offset for Time Zone and DST correction.

The incoming input time information may be provided as local time, but System Time may be configured as UTC time, so internal computations need to be performed. With the Timescale field set to “Local”, select the name of a previously created Local Clock. The Time Zone and DST rules, as configured in the Local Clock will be applied to the front panel time display. See for more information on Local Clocks.

Baud Rate : Determines the speed at which the output port will operate.

Data Bits : Defines the number of Data Bits for the output port.

Parity : Configures the parity checking of the output port.

Stop Bits : Defines the number of Stop Bits for the output.

ASCII Time Code Output: Status Window

To view the current settings of the ASCII Output , go to its Status window. For instructions, see:

"Viewing Input/Output Configuration Settings" on page 334

.

The Web UI list entries for this card are: ASCII TIMECODE RS-232 and ASCII TIMECODE

RS-485 .

456

The Status window displays the following settings:

Signature Control : Indicates whether Signature Control is enabled (Signature Control determines when the ASCII data stream will be enabled to be present). See also:

"Signature Control" on page 161 .

Format 1 : Indicates the configured format of the ASCII time code input data stream.

SecureSync 2400 User Manual

APPENDIX

Format 2 : Indicates the configured format of the second consecutive ASCII time code input data stream.

Format 3 : Indicates the configured format of the third consecutive ASCII time code input data stream.

ASCII Time Code Input: Status Window

To view the current settings of the ASCII Input (also referred to as ‘Reference’), go to its

Status window. For instructions, see:

"Viewing Input/Output Configuration Settings" on page 334 .

The Web UI list entries for this card are: ASCII TIMECODE RS-232 and ASCII TIMECODE

RS-485 .

The Status window displays the following settings:

Reference ID : Indicates the letters used in the Input Reference Priority table for this particular input reference.

Validity : Indicates whether the ASCII input data is present and considered valid for Time and 1PPS references.

A green light indicates a valid reference.

An orange light indicates the reference is not considered valid.

Leap Flag : Displays whether the incoming data stream is indicating that a pending leap second is to be added to the UTC timescale at the end of the month. See

"Leap

Seconds" on page 176 .

Format : Indicates the configured format of the ASCII time code input data stream.

SecureSync 2400 User Manual 457

APPENDIX

5.2.6

Network Interface Option Cards

This section contains technical information and SecureSync Web UI procedures pertaining to option cards designed as Ethernet network interfaces using, e.g. the PTP format.

5.2.6.1

NTP and Networking [4A, 49]

The NTP and Networking cards have interfaces that allow the user to communicate outside of the normal channels that the SecureSync provides.

The 4A card, for instance, provides (4) 1 Gb NTP Server Outputs that can operate independently of the unit network.

Quad 1 Gb NTP Server [-4A]: Specifications

Inputs/Outputs : (4) Gigabit Ethernet

Connectors : SFP Ports (4x)

Management : Enabled or Disabled (NTP server only)

Maximum Number of Cards : 1

Ordering Information : 1204-4A: Quad Gigabit Ethernet

Figure 5-49: 1204-4A option card rear plate

Dual 1 Gb NTP Server [-49]: Specifications

Inputs/Outputs : (2) Gigabit Ethernet

Connectors : SFP Ports (2x)

Management : Enabled or Disabled (NTP server only)

Maximum Number of Cards : 1

Ordering Information : 1204-49: Dual Gigabit Ethernet

458 SecureSync 2400 User Manual

APPENDIX

Figure 5-50: 1204-49 option card rear plate

Networking

To configure the network information on this set of cards, navigate to MANAGEMENT >

Network Setup.

In the Actions Panel, select Configure xxxx 1GBE (Slot x).

In the xxxx 1GBE (Slot x) Network Status window, each of your Ethernet ports will be listed, along with their status.

To view the network information for each port, click on the information icon.

To edit the network information, click on the gear icon.

SecureSync 2400 User Manual 459

APPENDIX

xxxx 1GBE (Slot x) Edit Interface Settings: eth* Window

Add your network information in the following fields to edit or add network information to an Ethernet port. (Some selections will reveal or hide additional fields).

General Status tab:

Enable Interface [checkbox]

Auto-connect [checkbox]

MTU (0=auto)

IPv4 Status tab

Enable DHCP [checkbox]

Address

Subnet Mask

Gateway

Ignore Auto DNS? [checkbox]

Ignore Auto Routes? [checkbox]

Primary DNS

Secondary DNS

IPv6 Status tab

Enable DHCP [checkbox]

Address

Subnet prefix

Gateway

Ignore Auto DNS? [checkbox]

Ignore Auto Routes? [checkbox]

Primary DNS

Secondary DNS

NTP

To configure NTP on this set of option cards, navigate to MANAGEMENT > NTP Setup.

In the Actions panel, select the Configure xxxx 1GBE (Slot x) button.

In the xxxx 1GBE (Slot x) NTP Status window are four tabs:

460 SecureSync 2400 User Manual

APPENDIX

In the General Status tab:

Enable or disable NTP

Enter Symmetric Keys

Enter Access Restrictions

In the Ref-Clocks tab:

The phc0 of your host unit will be listed (the time reference provided to the card)

In the Servers tab:

View a list of configured servers and click Edit Servers to add or edit them.

In the NTP Servers window, click on the plus sign to add additional servers by entering information into the following fields:

Host

Min Poll Interval

Max Poll Interval

Symmetric Key

Enable Burst [checkbox]

Enable Iburst [checkbox]

Mark ad Preferred [checkbox]

In the Peers tab:

View a list of configured peers and click Edit Peers to add or edit them.

In the NTP Peers window, click on the plus sign to add additional servers by entering information into the following fields:

Host

Min Poll Interval

Max Poll Interval

Symmetric Key

Enable Burst [checkbox]

Enable Iburst [checkbox]

Mark ad Preferred [checkbox]

SecureSync 2400 User Manual 461

APPENDIX

5.2.6.2

PTP Grandmaster [1204-32]

Precision Time Protocol (PTP) is a protocol that can be used to synchronize computers on an Ethernet network. The Precision Time Protocol (PTP) option module supports PTP Version 2, as specified in the IEEE 1588-2008 standard (PTP Version 1 is not supported), via one (1) Ethernet port.

The PTP option module implements a PTP Ordinary Clock that can be configured to run as a Master Clock only. It transmits PTP packets via the Ethernet port, with information about the current time and synchronization reference selected by the SecureSync device.

PTP Grandmaster [-32]: Specifications

Inputs/Outputs : (1) Configurable as Input or Output

Signal Type and Connector : Ethernet via SFP, and 1PPS Output via BNC

Management : Web UI

Resolution : 8ns (±4ns) packet time stamping resolution

Accuracy : 30 ns accuracy (3 σ ) Master to Slave, via crossover cable

Network Speeds : 100 Mb/s, or 1Gb/s, depending on SFP module used

PTP Version supported: PTP 2 (IEEE 1588-2008)

PTP Profiles supported: Default, Telecom, Enterprise

Transmission modes : Unicast [default], Multicast

Maximum Number of Cards : 6

Ordering Information : 1204-32: PTP/Precision Timing Protocol Option Module

Figure 5-51: Model 1204-32 option card rear plate

462 SecureSync 2400 User Manual

PTP Grandmaster [-32]: Edit Window

1.

To configure this option card, go to its Edit window. For instructions, see

"Configuring Option Card Inputs/Outputs" on page 336 .

APPENDIX

Note: If you have only one input or output of any type, SecureSync will number that input or output 0. Additional inputs or outputs will be numbered 1 or above.

2.

The Gb PTP Edit window will display. It includes the top panel , and offers access

SecureSync 2400 User Manual 463

APPENDIX to three different tabs , described below:

464

Top panel settings

Enable PTP : Enables/Disables PTP. Check the box to enable PTP. Uncheck it to disable PTP.

Profile : offers a choice of:

Default (incl. Enterprise)

Telecom

Bottom panel: tabs

Main : These settings pertain to network connectivity.

Contract : These settings pertain to the unicast contract.

Advanced : These setting pertain to time Sync information.

Main tab settings

Domain Number : Sets the current PTP Domain Number, as defined in IEEE Std

1588-2008 Section 7.1

SecureSync 2400 User Manual

APPENDIX

Clock Mode : PTP has two ways to transmit the initial T1 timestamp of the Sync packet transmission from the Master to the Slave:

One-Step Master: The Sync packet is timestamped, then the timestamp is inserted into the Sync packet in real-time, as it is transmitted.

Two-Step Master : The Sync packet is timestamped, but the timestamp value in the Sync packet is ignored. The actual T1 value is transmitted in a "Follow-

Up" packet after the Sync packet.

Note: PTP Masters must select one mode or the other to operate in. The default mode is one-step.

Enable DHCP : This is a checkbox to enable or disable the delivery of IP addresses from a DHCP Server. The default setting is enabled (the box is checked).

Static IP Address : When a DHCP server is not requested or is requested but not available, the PTP Module will use this IP address. In the format “#.#.#.#” with no leading zeroes or spaces, where each ‘#’ is a decimal integer from the range [0,255].

Network Mask : When a DHCP server is not requested or is requested but not available, the PTP Module will use this Network Mask. In the format “#.#.#.#” with no leading zeroes or spaces, where each ‘#’ is a decimal integer from the range [0,255].

Default Gateway : When a DHCP server is not requested or is requested but not available, the PTP Module will use this Default Gateway. In the format “#.#.#.#” with no leading zeroes or spaces, where each ‘#’ is a decimal integer from the range

[0,255].

Contract tab settings

Note: The settings under this tab only apply to Unicast mode.

[Default settings in parenthesis]

Min Sync Interval : The minimum value of Sync interval granted by the Master

Clock. In packets per second. [128 Per Second]

Max Sync Duration : The maximum value of Sync interval granted by the Master

Clock. In seconds. [10000]

SecureSync 2400 User Manual 465

APPENDIX

Min Announce Interval : The minimum value of the Announce interval granted by the Master Clock. In packets per second. [128 Per Second

Max Announce Duration : The maximum value of the Announce interval granted by the Master Clock. In seconds. [10000]

Min Delay_Req Interval : In packets per second. [128 Per Second]

Max Delay_Req Duration : In seconds. [10000]

Max Slaves : The maximum number of slaves the card will serve. [4000]

Advanced tab settings

A b o u t … P T P T r a n s m i s s i o n M o d e s

The PTP Card is able to transmit the PTP packets in three transmission modes:

• Multicast Mode : PTP packets are transmitted to all PTP Clocks by means of Multicast IP addresses dedicated to the PTP protocol (224.0.1.129, 224.0.0.107). PTP packets received by the PTP Clocks are then filtered from the Domain Number, the Port Identity (Clock Identity +

Port Number) of the transmitter, the packet identifier (Sequenced). When the Master Clock is set in Multicast mode, this module will deny the requests from the Slaves Clocks to run in

Unicast mode. When the Master Clock is set in Unicast mode, it doesn’t transmit any PTP messages until a Slave has been granted to run in Unicast mode.

• Unicast Mode : This mode is enabled by default. This is a Point-to-Point transmission mode between two PTP Clocks by means of the unique IP address assigned to each PTP Clock.

---------------------------------------------

N O T E: The Unicast mode is only implemented for the following PTP packets:

Announce , Sync and Follow-Up , Delay_Req and Delay_Resp .

The Unicast mode is activated at the initiative of the Slaves. Each Slave, which wants to run in

Unicast mode, shall first negotiate Unicast contracts with the Master.

_______________

• Minicast/Hybrid Mode : The Minicast/Hybrid mode is a method to minimize the PTP packets payload on the network, where: The transmissions initiated by the Master (Announce,

Sync/Follow-Up) run in Multicast mode.

The transmissions initiated by the Slaves (Delay_Req/Delay_Resp) run in Unicast mode.

466 SecureSync 2400 User Manual

APPENDIX

Multicast Sync : Activating this option will cause the PTP Master to broadcast Sync and Announce messages to the Multicast address (as long as it is the Best Master on the network). Deactivating this option will remove the messages. When the PTP module is set in multicast mode, this will deny the requests from the Slaves Clocks to running in unicast mode.

Checking this box will cause two additional fields to display that will allow you to configure the:

Multicast Sync Rate

Multicast Announce Rate

Multicast Delay_Req : Activating this option will cause the PTP Master to respond to multicast Delay Requests (as long as it is the Best Master on the network). Deactivating this option will prevent the Master from responding to these.

Unicast Sync : The PTP Master will always respond to attempts from Unicast slaves to communicate with it, provided the Slaves use the proper Unicast Auto-Negotiation process. This setting is always enabled.

Unicast Delay_Req : The PTP Master will always respond to attempts from Unicast slaves to communicate with it, provided the Slaves use the proper Unicast Auto-

Negotiation process. This setting is always enabled.

Transport Protocol : Selects the transport protocol used for PTP packets.

Clock Class Set : Parameter broadcast in a PTP profile, indicating the quality of the attached reference; PTP [default], ARB, ITU [Telecom 1 ]. See also "ESMC Signal

Control" below.

Time To Live (Packet Lifespan) : Sets the TTL field for PTP packets except for

Peer-to-Peer packets for which TTL is forced to 1 as specified in IEEE Std 1588-

2008 Annex D.3.

1PPS Offset : The 1PPS signal of this option card can be offset from the main System 1PPS. This offset will be applied to all timestamps created by this card. It can be set in 8ns increments. Range is -500 ms to +500 ms.

Priority 1 : See IEEE 1588-2008, Section 8.10.1, 8.10.2.

1

The Telecom profile uses different clock class values than the default profile. It uses clock classes in the range from 80 to

110, and these values map to the SSM Quality level that is broadcast in the ESMC message, as defined in Section 6.7.3.1 of

G8265.1. If the user enables Sync-E, and broadcasting of the ESMC message, the parameter that controls which SSM quality level is broadcast when the unit is in sync is user-accessible. This will appear both in the ESMC message, and in the

Clock Class (if the “Clock Class Set” is set to ITU). It is also possible to control whether the ESMC message chosen degrades to QL-DNU when out of sync.

SecureSync 2400 User Manual 467

APPENDIX

Priority 2 : See IEEE 1588-2008, Section 8.10.1, 8.10.2.

Enable SyncE : If checked, allows access to the synchronous Ethernet settings.

There will always be an ESMC message broadcast if Enable SyncE is checked.

Note: For full functionality, SyncE requires Fiber Optic SFP modules.

Standard RJ45/ 1000BASE-T modules are generally not compatible with SyncE.

Enable ESMC : [checkbox]

ESMC Signal Control : Determines which SSM to use in the ESMC message. One of two messages will be broadcast: either the message selected in the SSM Code dropdown or the QL_DNU code. The user may set one of the following broadcasting options:

Output Always Enabled : Always broadcasts the selected SSM code, even when SecureSync is not synchronized to its references.

Output Enabled in Holdover : The output uses the selected

SSM code unless SecureSync is not synchronized to its references (the output is present while in the Holdover mode).

While SecureSync is not synchronized, QL-DNU SSM code will be broadcast.

Output Disabled in Holdover : The output uses the selected

SSM code unless the SecureSync references are considered not qualified and invalid (the output is not present while in the Holdover mode). While references are invalid, QL-DNU SSM code will be broadcast.

Output Always Disabled : The output is not present, even if any

SecureSync references are present and considered qualified.

QL-DNU SSM code is broadcast.

SSM Code : The Sync Status Messaging (SSM) code to be used.

Choice of code is made through the drop-down list.

468 SecureSync 2400 User Manual

APPENDIX

Note: Note: Some parameters define a PTP packet's throughput. They use the "log2seconds", defined as follows.

Positive Value: n => 2n seconds between two successive PTP packets

Negative Value: -n => 2(-n) = (1/2n) => 2n PTP packets per second

PTP Grandmaster [-32]: Status Window

To view the status of a PTP interface, go to its Status window. For instructions, see

"Viewing Input/Output Configuration Settings" on page 334 .

The GB PTP Status window contains two tabs: Main and Advanced .

Main tab: Status information

Ethernet Status : Whether the module is connected to a network through Ethernet.

Green =Connected. The speed of the connection is indicated.

Orange =Not connected.

Port State : Reports the current state of the PTP State Machine:

Disabled : PTP Ethernet port is Disabled. See PTP Setup/Network page, PTP

Network Settings options.

Initializing : Ethernet link is unplugged/PTP Module is in power-up state. A

Master Clock doesn’t leave this state while it can’t get the current time and synchronization references from the SecureSync to synchronize with it.

SecureSync 2400 User Manual 469

APPENDIX

Listening : PTP module is looking for a Master Clock.

Master : PTP Master has become the active Master Clock on the network.

Passive : PTP Module has become a Passive Master Clock. (There is another

Master Clock on the network with better quality or higher priority). This

Master will wait until the Best Master Clock Algorithm determines it should become the best Master Clock, and then it will transition to the Master Clock state.

Uncalibrated : PTP Slave has selected a Master Clock on the network attempts to synchronize with it using sync packets.

Number of Unicast Slaves : Number of PTP Slaves that have been granted by the

PTP Master to run in unicast mode (maximum = 4000 unicast contracts)

Profile : Whether the profile is the default or Telecom.

Domain Number : The current PTP Domain Number.

Clock Mode : See

"Main tab settings" on page 464 .

Current IP Address : The IP address currently being used by the PTP interface.

MAC Address : The MAC address currently being used by the PTP interface.

Advanced tab: Status information

Time Properties:

UTC Offset : The Master’s current offset between UTC time and TAI time. Units: seconds.

UTC Offset Valid : Indicates whether or not the Master’s UTC Offset is valid.

Leap Second : The Leap second correction as set on the Time Management page.

Time Traceable : Indicates whether the Master’s time is traceable (Enabled) to a primary reference or not (Disabled).

Frequency Traceable : Indicates whether the Master’s Frequency is traceable

(Enabled) to a primary reference or not (Disabled).

PTP Time Scale : Indicates the timescale that the Master is using to broadcast its time. TAI is the default PTP timescale.

Time source : The Time Source that the Master is using. Refer to IEEE Standard

1588-2008, Section 7.6.2.6.

470 SecureSync 2400 User Manual

APPENDIX

Clock Quality:

Clock Accuracy : A number describing the accuracy of the oscillator in the Master relative to its UTC reference (see IEEE Standard 1588-2008, Section 7.6.2.5).

Offset Scaled Variance : A constant value based on the variance of the oscillator installed in the SecureSync unit.

Clock Class : A number describing the state of the time and 1pps references of the

PTP Clock.

See table below for Clock Class definitions (see also: IEEE Standard 1588-2008,

Section 7.6.2.4, Table 5).

Table 5-22: Clock class definitions

PTP

Time

Scale

Arbitrary

Time

Scale

6 13

7

52

14

58

187 193

255 255

248 248

Clock Class Definition

Time and 1pps references are synchronized with the host references and PTP clock shall not be a slave to another clock in the domain.

Time and 1pps references are in holdover state, within specifications and PTP clock shall not be a slave to another clock in the domain.

Time and 1pps references are in holdover state, not within specifications, and PTP clock shall not be a slave to another clock in the domain. Then, applied to Master

Clocks who have just powered on and have not yet achieved a suitable TFOM value.

Time and 1pps references are in holdover state, not within specifications, and PTP clock may be a slave to another clock in the domain.

Class assigned to “Slave-Only” clocks.

“Unknown” class.

Ethernet Status

Current IP Address : The IP address currently being used by the PTP interface.

Note: If the PTP Module is set up for DHCP but fails to obtain an IP address, it will use the Static IP instead. To reacquire a DHCP address, reset the module via the Main tab in the PTP settings window.

SecureSync 2400 User Manual 471

APPENDIX

Current Network Mask : The Network Mask currently being used by the PTP interface.

Current Gateway : The Gateway address currently being used by the PTP interface.

Port Status

Port State : Reports the current state of the PTP State Machine:

Disabled : PTP Ethernet port is Disabled. See PTP Setup/Network page, PTP

Network Settings options.

Initializing : Ethernet link is unplugged/PTP Module is in power-up state. A

Master Clock doesn’t leave this state while it can’t get the current time and synchronization references from SecureSync to synchronize with it.

Listening : PTP module is looking for a Master Clock.

Master : PTP Master has become the active Master Clock on the network.

Passive : PTP Module has become a Passive Master Clock. (There is another

Master Clock on the network with better quality or higher priority). This

Master will wait until the Best Master Clock Algorithm determines it should become the best Master Clock, and then it will transition to the Master Clock state.

Uncalibrated : PTP Slave has selected a Master Clock on the network attempts to synchronize with it using sync packets.

One Step Mode : Determines the number of steps in the PTP protocol. Will be one of the following:

Disabled : Two-Step Mode is enabled

Enabled : One-Step Mode is enabled

[Default=Disabled]

Note: One-Step Mode is not supported with the Peer-to-Peer

Delay Mechanism.

The current implementation of One-Step Mode involves a software oriented timestamping. The Two- Step Mode imlements a hardware oriented timestamping, insensitive to software execution time variations. The Two-

Step Mode is recommended, as it increases the PTP Clock's accuracy

472 SecureSync 2400 User Manual

APPENDIX

Delay Mechanism : Will be one of the following:

E2E : End-to-End Delay Mechanism

P2P : Peer-to-Peer Mechanism

Disabled : No Delay Mechanism

Default setting: E2E

Note: Peer-to-Peer Delay Mechanism is only applicable on networks equipped with Transparent Clocks

(switches/routers IEEE 1588 compatible). Peer-to-Peer

Delay Mechanism is not supported in Unicast transmission mode.

PPS Offset : See

"Advanced tab settings" on page 466

.

Module Information

Software Version : Version number of embedded software

Hardware Version: Version number

Configuration — General Steps

Ensure that SecureSync's PTP port is connected to the network (check the Link

Status in the PTP Status/Network page).

Ensure the PTP port speed is 100 Mb/s (see: PTP Status page > Advanced tab >

Port Speed ).

Be sure that valid time and 1PPS references are currently selected (go to

MANAGEMENT/OTHER/Time Management ).

In order to operate properly as a Master Clock, SecureSync must be synchronized to a non-

PTP reference. Confirm that the chosen reference transmits the following information (as reported by the Time Properties on the PTP Status page, under the Advanced tab):

The proper TAI or UTC time (including the current year)

The current TAI to UTC offset (required even if the reference’s time is in TAI)

Pending leap second information at least a day in advance.

If the reference does not transmit this information, it must be provided by the user in order for the Master Clock to function properly.

SecureSync 2400 User Manual 473

APPENDIX

The built-in GNSS reference provides all information needed with no user intervention.

Configuration — PTP-Specific Steps

Confirm that:

The PTP Port Activity is enabled (check the Port Status on the PTP Status page under the Advanced tab). If not, enable it from the Port Activity of the PTP

Setup/Network page).

The clock is set to be a Master-Only clock (check the Clock Mode on the PTP

Setup/Clock page).

A valid IP address is currently being used (check the Ethernet Settings on the PTP

Setup/Network page).

When the PTP Module is set to be a Master Clock, the module will immediately attempt to become the active Master Clock on the network ( PTP Port State = Master ). If it does, it will start to transmit PTP packets (even if SecureSync is not yet synchronized).

There are several reasons why the PTP Module may not become the active Master Clock, or may not be broadcasting the correct time, even if it is set to be a Master Clock: a.

If using any reference other than self for 1PPS, SecureSync will not become an active Master Clock until the Time Figure of Merit (TFOM) value of the system is less than 15. After first going into sync after power-up, it may take a minute or two for the Time Figure of Merit (TFOM) value to fall to an acceptable level. The current

Time Figure of Merit (TFOM) value is available in the Time Properties panel under the Advanced tab on the Status page.

b.

PTP uses the TAI timescale to transfer time. Many timing references communicate time in the UTC timescale. UTC is offset from TAI by a small amount which changes every time a leap second occurs. The TAI to UTC Offset is part of the PTP Specification and must be provided to a Master Clock. If no active reference can provide that information, the offset must be provided by the Host. The TAI to UTC Offset can be set from the MANAGEMENT/OTHER/Time Management page (while setting the GPS to UTC Offset).

c.

The PTP protocol also provides for the transfer of Leap Second information. If the active time reference does not provide Leap Second information, it must be added by the user through the MANAGEMENT/OTHER/Time Management page. If this is not done, the PTP network will have the incorrect UTC time after a leap second event.

d.

If there are multiple multicast Master Clocks on the network, the PTP Module uses the Best Master Clock (BMC) algorithm specified in the PTP Specification to decide

474 SecureSync 2400 User Manual

APPENDIX whether or not to become the active Master Clock. The BMC algorithm selects the

Best Master Clock on the network from the following criteria: i.

The BMC algorithm first selects the clock having the higher Priority1 parameter (a lowest value means a higher priority).

ii.

If the BMC cannot be determined from the previous parameter, the BMC algorithm selects the clock having the higher Clock Quality (Clock Class, Clock

Accuracy, Clock Variance).

iii.

If the BMC cannot be determined from the previous parameters, the BMC algorithm selects the clock having the higher Priority2 parameter.

The Master Clock selected by the BMC algorithm as the Best Master Clock will transition into the Master state to become the active Master Clock on the network. It will then start to transmit Sync packets to the Slave Clocks. The other Master Clocks will transition into the

Passive state.

Enabling PTP

To enable PTP:

1.

Navigate to the Top panel of the GB PTP Edit window.

2.

Check the Enable PTP box.

Configuring Multicast Mode

To enter Multicast mode, perform the following steps:

1.

In the GB PTP Edit window, navigate to the Advanced tab.

2.

Select the Multicast Sync checkbox.

3.

Select the Multicast Sync Rate from the drop-down list.

SecureSync 2400 User Manual 475

APPENDIX

4.

Select the Multicast Announce Rate from the drop-down list.

Configuring Unicast Mode

To enter the Unicast mode, perform the following steps:

1.

In the GB PTP Edit window, navigate to the Advanced tab.

2.

Confirm that Unicast Sync is checked. The 1204-32 PTP module should always respond to unicast negotiations.

476

Configuring Minicast/Hybrid Mode

To enter the Minicast/Hybrid mode, perform the following steps:

1.

In the GB PTP Edit window, navigate to the Advanced tab.

2.

Select the Multicast Sync checkbox.

3.

Select the Multicast Sync Rate from the drop-down list.

4.

Select the Multicast Announce Rate from the drop-down list.

5.

Confirm that Unicast Sync is checked. The 1204-32 PTP module should always respond to unicast negotiations.

Configuring PTP on the Network

SecureSync 2400 User Manual

APPENDIX

To configure PTP on the network:

1.

In the GB PTP Edit window, navigate to the Main tab.

2.

Under the Main tab of the GB PTP Edit window, make the following settings:

Domain Number : Sets the current PTP Domain Number, as defined in IEEE

Std 1588-2008 Section 7.1

Clock Mode : See under

"Main tab settings" on page 464 .

Enable DHCP : This is a checkbox to enable or disable the delivery of IP addresses from a DHCP Server. The default setting is enabled (the box is checked).

Static IP Address : When a DHCP server is not requested or is requested but not available, the PTP Module will use this IP address. In the format “#.#.#.#” with no leading zeroes or spaces, where each ‘#’ is a decimal integer from the range [0,255].

Network Mask : When a DHCP server is not requested or is requested but not available, the PTP Module will use this Network Mask. In the format

“#.#.#.#” with no leading zeroes or spaces, where each ‘#’ is a decimal integer from the range [0,255].

Default Gateway : When a DHCP server is not requested or is requested but not available, the PTP Module will use this Default Gateway. In the format

“#.#.#.#” with no leading zeroes or spaces, where each ‘#’ is a decimal integer from the range [0,255].

Configuring PTP Contracts

SecureSync 2400 User Manual 477

APPENDIX

1.

Navigate to the Contract tab of the GB PTP Edit window.

478

2.

Under the Contract tab of the GB PTP Edit window, make the following settings:

Min Sync Interval : The minimum value of Sync interval granted by the

Master Clock. In packets per second.

Max Sync Duration : The maximum value of Sync interval granted by the

Master Clock. In seconds.

Min Announce Interval : The minimum value of the Announce interval granted by the Master Clock. In packets per second.

Max Announce Duration : The maximum value of the Announce interval granted by the Master Clock. In seconds.

Min Delay_Req Interval : In packets per second.

Max Delay_Req Duration : In seconds.

Max Slaves : The maximum number of slaves to be served. The 1204-32 module can serve up to 4000 slaves (unicast contracts).

5.2.7

Miscellaneous Option Cards

This section contains technical information and SecureSync Web UI procedures pertaining to option cards that do not fall into other categories, e.g. cards that serve as signal relays.

SecureSync 2400 User Manual

APPENDIX

5.2.7.1

STL Option Module [1204-3E]

Satelles Satellite Time and Location (STL) signal is broadcast on Iridium satellites and offers a spoofing-resilient encrypted signal that is 1000x stronger than GNSS-based timing signals. Hence, it is difficult to jam, and it can be received indoors.

STL is a subscription-based service. Please contact Spectracom for details.

A SecureSync equipped with the STL 1204-3E option card can be operated with or without GPS, depending on your application, i.e. STL can be utilized as a backup, or as the only external timing source.

Note: Devices are shipped with the STL subscription deactivated. It is necessary to contact customer service to activate the subscription: [email protected]

US: +1 585 321 5800; France: +33 (0)1 64 53 3980.

For subscription renewal information, see

"Renewing Your STL Subscription" on page 485

Hardware Installation

1.

If your STL option card was purchased together with a SecureSync unit, the card will be pre-installed in the unit. Proceed to Step 3.

2.

If you purchased your STL option card separately, you will need to install the card into the SecureSyncunit. For instructions, see the hard copy of the Option Card

Installation Guide that shipped with the unit, or see the Field Installation instructions in the user manual.

Note: The -3E card can be installed in any free card slot.

3.

Install the SecureSync unit in its assigned location e.g., in a server rack.

4.

Install the supplied STL satellite antenna: The antenna is designed for indoor use.

The ideal location for the antenna is near the ceiling of the room in which your

SecureSync unit is located, or near an outside wall. In general, a higher location is preferable over a lower location. Do not cover the antenna with electronic equipment or other metal objects.

SecureSync 2400 User Manual 479

APPENDIX

Note: The supplied antenna cable is 2.4 m (96") long. Longer cables are available upon request. The antenna does not require a separate power supply.

5.

Connect the antenna cable to the SecureSync unit via the SMA connector on the option card -3E rear plate. The SecureSync can be in a powered off or a powered on state during antenna installation.

Figure 5-52: Model 1204-3E option card rear plate

If the unit is ON, verify that the BURST lamp is blinking.

If the unit is OFF, turn it on, and wait until the BURST lamp is blinking.

If the BURST lamp is not blinking after the subscription has been activated , the

STL receiver is not receiving an STL signal. Check the antenna cable and its connections, and the antenna location. Move the antenna to another location (higher or closer to an outside wall).

R e a r P l a t e L E D s :

BURST : Indicates the incoming STL burst rate. A high burst rate (desired) is indicated by the LED flashing quickly.

PPS : Indicates that the STL receiver is sending out a PPS signal to SecureSync. One (1) pulse per second means that the receiver is locked. NOTE: It can take approximately 10 minutes or longer until the receiver is locked. This depends on the burst rate (see

"Burst Rate" on page 485

.)

Both LEDs have equivalent indicators in the Web UI STL 0 status window:

480 SecureSync 2400 User Manual

APPENDIX

6.

Proceed with the SW configuration of the STL settings, as described below.

Note: The RJ-45 MAINT.

connector will not be needed for the STL configuration. Use this connector only if so requested by Spectracom

Service personnel.

Configuring STL Settings

Note: If you do not yet have a subscription key, you will need to obtain one before continuing with installation. Please contact Orolia customer service: [email protected]

US: +1 585 321 5800; France: +33 (0)1 64 53 3980

Note: During the initial installation of a unit equipped with an STL card, the exact geographic position needs to be entered into the Web UI (see below). Should the unit be relocated at a later point in time, the position must be changed accordingly.

The STL option card 1204- 3E is configured via the SecureSync Web UI. See

"The

SecureSync Web UI" on page 30

for basic SecureSync setup and initial login information.

SecureSync 2400 User Manual 481

APPENDIX

To configure STL settings:

1.

Log into the Web UI, and navigate to INTERFACES > OPTION CARDS: STL 0 . The

STL 0 status window will be displayed.

2.

In the STL 0 status window, click on the Edit button to open the STL 0 setup window.

482

In the STL 0 setup window, you can configure the following parameters:

Subscription Key : [ required ] Enter the key obtained from customer service in order to activate STL access.

Latitude, Longitude, Altitude : [decimal degrees, meters] Actual geographic position of SecureSync's STL antenna. For help determining your actual position, see

"Determining Your Position" on page 220

.

Geolocation Mode : Static Known Position / Static Unknown Position

[ default ] / Pseudo Static / Dynamic : This parameter refers to how the STL receiver handles position estimation. The default setting is recommended for most applications.

Sensitivity Level : [ default = 40] This value determines the sensitivity of the

STL receiver towards the STL signal bursts transmitted by the satellites. The

SecureSync 2400 User Manual

APPENDIX lower the number, the more responsive the receiver will be to acknowledge the bursts. The default value is optimized for an indoor antenna. A higher value can be used for outdoor antenna installations (not typical). A value lower than (40) is not recommended.

3.

Assign the STL 0 reference a reference priority by navigating to MANAGEMENT >

OTHER: Reference Priority .

4.

In the Configure Reference Priorities panel, click the + icon in the upper right corner. The Add Reference window will open.

5.

Select a Priority Level : a.

If STL is to be used as a backup to GPS: Select a Priority Level of 2 .

b.

If STL is the only reference: Select a Priority Level of 1 .

For Time and PPS , select STL 0 . Click Submit.

6.

Verify your settings in the Reference Priority table, and ensure that the new reference is Enabled .

Reviewing the STL Status

Validity Status

To check or monitor the validity of the STL reference:

1.

Navigate to INTERFACES > REFERENCES .

2.

In the References status panel, under STL 0 , check the status indicator light:

Detailed Status

SecureSync 2400 User Manual 483

APPENDIX

To obtain detailed STL status information:

1.

Navigate to INTERFACES > REFERENCES: STL 0 . The STL 0 status panel will be displayed.

2.

In the STL 0 status panel, click the INFO button. The STL 0 status window will open:

484

Besides STL system data, the window also displays STL validity and the subscription status.

For a description of the other parameters, see

"Configuring STL Settings" on page 481 .

Subscription status reminder banner : Lists your current subscription state.

Validity – TIME : Should always be green; if red, the -3E card is not installed correctly, or there is a defect; – PPS : If green, indicates the STL receiver is sending a PPS signal to

SecureSync.

SecureSync 2400 User Manual

APPENDIX

Subscription Start Date, End Date : Day the STL subscription began and will end.

Application Version, System Version : Receiver software versions.

Serial Number : Receiver serial number.

IP address [button]: Maintenance port – opens a separate browser window indicating the

IP address of the Maintenance port (if a cable is plugged into the MAINT. port).

NOTE : This functionality is only required if Spectracom Service personnel request access to the STL receiver directly.

Strong Burst : Indicates color-coded burst rate. For more information see

"Burst Rate" below .

Latitude, Longitude, Altitude : Position data, as entered under

"Configuring STL Settings" on page 481 .

Geolocation Mode : Position estimation setting, as entered under

"Configuring STL Settings" on page 481 .

Sensitivity Level : STL receiver sensitivity setting, as entered under

"Configuring STL Settings" on page 481 .

Renewing Your STL Subscription

Contact customer service to obtain a new subscription key: US: +1 585 321 5800; France:

+33 (0)1 64 53 3980.

In the WebUI, navigate to INTERFACES > OPTION CARDS: STL0 > EDIT to access to

STL status panel. Enter your new subscription key.and click submit.

If your location information is different from your End User Agreement, please contact customer service.

Confirm that your start date, end date, and subscription state have updated in the STL reference panel.

Burst Rate

Satellites transmit the STL time and location data in bursts. The number of bursts per minute that the receiver detects is the burst rate , but only strong bursts have a quality high enough to be usable. Note that the burst rate changes over time due to the movement of the satellites and other factors.

The current strong burst rate is shown in the STL 0 status window (described above) and offers a good indication on the reception quality. Typically, a number of received strong bursts per minute is greater than 60, the location has sufficient STL service for the receiver to converge and provide a timing solution.

SecureSync 2400 User Manual 485

APPENDIX

Strong

Bursts

80+ Excellent, minimal signal attenuation

35-55 Good, some signal attenuation

15-30 Moderate, strong signal attenuation

5-15

0

Conditions

Marginal, major signal attenuation

Poor, severe signal attenuation

Typically experienced ...

Receiver lock status

… outdoors

… indoors near windows

Short time to convergence

Short time to convergence

… indoors far from windows

Longer time to convergence

… deep indoors

… very deep indoors

Significantly longer time to convergence

No convergence

Troubleshooting

No action required

No action required

Wait a couple of minutes for better satellite geometry; relocate antenna

Wait several minutes for better satellite geometry; relocate antenna

Verify that STL service is enabled in your area; wait several minuts for better satellite geometry; relocate antenna

Note: The values shown above are only guidelines: Due to the dynamic nature of satellite signal characteristics over time, a specific burst threshold value does not guarantee a good receiver performance.

Specifications

The specifications of the STL Option Module 1204-3E are:

Inputs : One STL antenna input, one Ethernet maintenance input

Antenna input connector : SMA

Maintenance connector : RJ45

Frequency band : 1626 MHz

Timing synchronization accuracy to UTC : ±500 ns (specified); ±200 ns (typical)

Coverage : Global

Time-to-first-fix (Timing) : Several seconds (the PPS pulse will become available once the positioning fix has been obtained)

Jamming resilience : Signal is 30 to 40 dB stronger than GPS signal

Spoofing resilience : Encrypted signal

486 SecureSync 2400 User Manual

APPENDIX

Maximum number of cards : 1

Ordering information :

STL module: 1204-3E

STL subscription (1 year): STL-SS-1Y

Figure 5-53: Model 1204-3E option card rear plate

5.2.7.2

Alarm Relay Out [1204-0F]

The Model 1204-0F Alarm Relay Option Card provides three (3) configurable relay outputs for the SecureSync platform.

Alarm Relay Out [1204-0F]: Specifications

Inputs/Outputs : (3) three contact relay connections (NC, common, NO)

Signal Type and Connector : Terminal block

Contacts switch under max. load of 30 VDC, 2A

Contacts rated to switch: 220 VDC

Nominal Switch Capacity : 30 V, 2A

Maximum switch voltage : 220 VDC

Maximum switch power : 60 W

Maximum switch current : 2A

Breakdown voltage : 1000 VDC between contacts

Switch time : 4ms, max.

Maximum Number of Cards : 1

Ordering Information : 1204-0F: Relay Outputs Module

SecureSync 2400 User Manual 487

APPENDIX

Figure 5-54: Model 1204-0F option card rear plate

Terminal block pin-out, alarm relay out

PIN SIGNAL

7

8

5

6

3

4

1

2

GND

Relay 0 NO

Relay 0 NC

Relay 0 COMMON

Relay 1 NO

Relay 1 NC

Relay 1 COMMON

Relay 2 NO

9 Relay 2 NC

10 Relay 2 COMMON

Operation of the Alarm Relay Card

488 SecureSync 2400 User Manual

APPENDIX

Figure 5-55: Contact closure relay pinouts

1.

All relay contacts are labeled as in their de-energized state (power removed or alarm asserted).

2.

The "normal" state of the relays (no alarms asserted) is relays energized.

3.

The applicable relay(s) (Minor or Major, as configured in the browser) is /are de-energized when a Minor or Major alarm is asserted.

4.

Both the Minor and Major alarms are active (relays de-energized and in their alarm state) when input power is removed from SecureSync.

5.

For information on how to configure the relays as either a Minor alarm relay or a

Major alarm relay, see

"Alarm Relay Output: Edit Window" on page 491 .

Each of the three available relays on this option card can be configured to be either a Minor or a Major alarm relay. The three relays are dry contact closures that can either open or

SecureSync 2400 User Manual 489

APPENDIX complete a circuit, depending on whether the relay is energized/de- energized and whether the custom alarm circuit is connected to the NO or NC contacts.

To use this option card to provide an audible indication of a Minor or Major alarm being asserted, SecureSync does not pass or generate an audible tone. It is just the switch that allows the tone to be generated. Or for a visible alarm indication, the three relays can allow

DC voltage to be routed to the light, when an alarm is asserted.

The best way to think of each of the alarm relays is that they are simply a light switch on the wall. When the switch is off (relay is in one position) the light/buzzer is off. But if you toggle the switch (relay) to the other position (either a Minor or Major alarm is alarm is asserted), the light/buzzer comes on. When a Minor or Major Alarm is asserted, the applicable relay(s) switches states. This can then allow a custom circuit to be able to sound an alarm or to illuminate a light, as desired.

The nominal switch capacity is 30V, 2A (maximums: voltage = 220 VDC, power = 60W, current = 2A). So you can connect any desired audible//visible device or component to this relay that can operate within this rating (Spectracom doesn't make any specific recommendations on what visible or audible alarms to use in conjunction with this Option Card).

Further below is a diagram of ways that a light or buzzer can be connected to any of the three relays on this Option Card.

Note that any necessary wiring, the light/buzzer and the power source (labeled in the diagram above as “DC Power Supply”) for the light/buzzer is supplied by the customer.

“Relay 1”, “Relay 2” and “Relay 3” represent the three available relays. The three tables on the left provide the pin-outs for each of the relay contact closures.

Alarm Relay Output: Viewing Signal State

To quickly view the signal state of all three alarm outputs, see:

"Viewing an Input/Output

Signal State" on page 337 .

Each alarm output will be in one of these 3 states:

490 SecureSync 2400 User Manual

APPENDIX

NEVER OUTPUTS

OUTPUTS ON MINOR ALARM

OUTPUTS ON MAJOR ALARM

Alarm Relay Output: Edit Window

To configure the Alarm Relay Output, go to its Edit window. For instructions, see:

"Configuring Option Card Inputs/Outputs" on page 336 .

The Web UI list entry for this card is: Relay Output . The name of the output is: Alarm Output [number].

Note: SecureSync starts numbering I/O ports with 0 (only 1PPS and

10 MHz outputs start at 1, because of the built-in outputs).

The Edit window allows the configuration of the following settings:

Alarm Type :

None : Will not output for an alarm.

Minor : Will output on a minor alarm.

Major : Will output on a major alarm.

Alarm Relay Output: Status Window

To view the current settings of an Alarm Relay Output, go to its Status window. For instructions, see:

"Viewing Input/Output Configuration Settings" on page 334

.

The Web UI list entry for this card is: Relay Output . The name of the output is: Alarm Output [number] .

Note: SecureSync starts numbering I/O ports with 0 (only 1PPS and

10 MHz outputs start at 1, because of the built-in outputs).

SecureSync 2400 User Manual 491

APPENDIX

The Status window displays the following settings:

Alarm Type :

None : Will not output for an alarm.

Minor : Will output on a minor alarm.

Major : Will output on a major alarm.

5.2.7.3

NENA-Compliant Option Card [-1F]

IRIG support (including support for all NENA formats)

ASCII RS-232 time code support

ASCII RS-485 time code relay/alarms.

NENA-Compliant Module: Specifications

Outputs:

(1) IRIG B/E, IEEE

1344/C37.118-2005

(AM/TTL) 

Connectors:

BNC (J1)

Accuracy:

±20 to ±200  μ s of UTC, format-dependent

(1) ASCII RS-232

DB9F (J2)

±100-1000  μ s

(format-dependent)

(1) ASCII RS-485 (2)

Relay/Alarm

3.81 mm Terminal block (J3)

±100-1000  μ s

(format-dependent)

Switch time

4ms, max.

Table 5-23: NENA module specifications

492 SecureSync 2400 User Manual

Figure 5-56: Rear plate of NENA-compliant module

IRIG Output Specifications

AM IRIG Output:

Output impedance: 50 Ω nominal

Amplitude (adjustable):

500 mV p-p min, 6V p-p max into 50 Ω

1V p-p min, 12 V p-p max into > 600 Ω

AM Carrier:

IRIG A – 10 kHz

IRIG B – 1kHz

IRIG E – 100 Hz, 1kHz

IRIG G – 100 kHz

Modulation Ratio: 3.3:1 nominal

DCLS IRIG Output:

Signal Level: 0V to 4.3 V (TTL compatible) into 50 Ω

Output impedance of buffer is ~7 to 10 Ω

ASCII RS-232 Specifications

Outputs

:

Signal Type and Connector

:

±5V

DC minimum, ±5.4 V

DC typical

RS-232 DB-9F

RS-232 Input:

-25 V

DC to +25 V

DC

+0.6V

IL min

, +1.2V

IL TYP

+1.5V

IH TYP

, +2.4V

IH MAX

Input impedance > 3kΩ

APPENDIX

SecureSync 2400 User Manual 493

APPENDIX

RS-232 Output:

±5V

DC minimum

±5.4 V

DC typical

Output impedance 300 Ω, minimum

-13.2 V

DC to +13.2 V

DC

1PPS Output:

Signal level: 0V to 4.3 V (TTL compatible) into 50 Ω

Output impedance of buffer is ~7 to 10 Ω

Rise/fall times of ~20 nsec.

Pin Assignments

Figure 5-57: DB-9 connector "J2"

Pin No.

8

9

6

7

Signal Name Function

Top row of 5 pins

3

4

1

2

5

PPS_OUT 1PPS output

SERIAL_OUT_TX RS-232 Transmit data

SERIAL_OUT_RX RS-232 Receive data

NC No connection

GND Ground

Bottom row of 4 pins

NC

NC

NC

NC

No connection

No connection

No connection

No connection

494 SecureSync 2400 User Manual

Table 5-24: ASCII RS-232 Output connector pin assignments

ASCII RS-485 and Alarms/Relays Specifications

Inputs/Outputs :

Signal Type and Connector :

(2) Two contact relay connections (NC, common, NO)

Terminal block

Contacts Switch under max. load of 30 V

DC

, 2A

Contacts rated to switch 220 V

DC

Breakdown voltage of 1000 V

DC between contacts

Switch time 4ms, max.

RS-485 Differential Output:

+1.65 V Typical Common Mode Output Voltage

2V min Differential Output Voltage Swing with 100 Ω load,

3.3 V Differential Output Voltage Swing, No Load, with ESD protection

Pin Assignments

APPENDIX

Figure 5-58: RS-485 connector "J3"

Connector Pin

3

4

1

2

5

Signal

RS-485 TX+

RS-485 TX-

GROUND

Relay 1 NO

Relay 1 NC

Direction

Out

Out

N/A

Out

Out

Characteristics

0V to 3V

DC differential, 120 Ω load

0V to 3V

DC differential, 120 Ω load

GROUND

Normally Open 30 V

DC

, 2A max. switching power

Normally Closed 30 V

DC

, 2A max. switching power

SecureSync 2400 User Manual 495

APPENDIX

Connector Pin

8

9

6

7

10

Signal Direction

Relay 1 COMMON Out

Relay 2 NO Out

Relay 2 NC Out

Relay 2 COMMON Out

GROUND N/A

Characteristics

Common Contact 30 V

DC

, 2A max. switching power

Normally Open 30 V

DC

, 2A max. switching power

Normally Closed 30 V

DC

, 2A max. switching power

Common Contact 30 V

DC

, 2A max. switching power

GROUND

Table 5-25: Relay/RS-485 outputs pin assignments

Note: The last device on each of the RS-485 remote output should be terminated into 120 Ω. Auxiliary Spectracom equipment (such as wall display clocks) include a 120 Ω resistor for termination.

Configuring the IRIG Time Code Output

Via INTERFACES  >   OUTPUTS [ or : INTERFACES  >  OPTION CARDS ], navigate to IRIG

Output 0 . Depending on which path you take, you will need to click the GEAR button, or the Edit button in order to open the Edit window.

496 SecureSync 2400 User Manual

APPENDIX

Note: If you have only one input or output of any type, NetClock will number that input or output 0. Additional inputs or outputs will be numbered 1 or above.

The IRIG output Edit window offers the following configuration fields:

Signature Control : Used to control when the IRIG modulation will be present. This function allows the modulation to stop under certain conditions; see also

"Signature

Control" on page 161 .

Format : Defines the desired IRIG output formatting. Available options include: IRIG

A, B, G, NASA-36, IRIG E (100 Hz or 1kHz)

Modulation : Changes the type of output signal modulation:

IRIG AM is an amplitude modulated output. The amplitude of the output is determined by the value entered in the “Amplitude” field.

IRIG DCLS is a TTL modulated output.

SecureSync 2400 User Manual 497

APPENDIX

Frequency : If AM modulation is chosen above, the frequency is offered. Otherwise

No Carrier is displayed.

Coded Expression : Defines the data structure of the IRIG signal, where:

BCD = Binary Coded Decimal

TOY = Time of Year

CF = Control Field

SBS = Straight Binary Seconds

Control Function Field : IRIG signals have an optional section in the data stream that can be used to include additional information (such as the present year, for example). This field allows the Control Field section of the IRIG output to be defined.

The available configurations are as follows:

RCC-2004 : IRIG spec 200-04 specified a location for year value, if included in this field.

IEE 1344 (C37.118-2005): IRIG B format with extensions. Control Field contains year, Leap Second and DST information.

Spectracom Format : Year is included in Control Field but not in the same location as RCC-2004 output (year is offset by one position).

Spectracom FAA Format : A unique IRIG output Control Field that contains satellite lock status and time error flags.

NASA : A variant of IRIG B.

Time Scale : Used to select the time base for the incoming time code data. The entered Timescale is used by the system to convert the time in the incoming data stream to UTC time for use by the System Time. The available choices are:

UTC : Coordinated Universal Time ("temps universel coordonné"), also referred to as ZULU time

TAI : Temps Atomique International

GPS : The raw GPS time as transmitted by the GNSS satellites (as of July,

2015, this is 17 seconds ahead of UTC)

A local clock set up through the Time Management Page: This option will appear under the name of the local clock you have set up (see

"Local Clock

(s), DST" on page 179

). Local timescale allows a Local Clock to apply a time offset for Time Zone and DST correction.

498 SecureSync 2400 User Manual

APPENDIX

Amplitude : The peak-to-peak output voltage level into a 600 Ω load is adjusted by entering a digital control value in this field. The level adjustment has no effect on

TTL outputs, only on AM formats. The value of 128 will cause the Mark amplitude to be about 5V p-p into high impedance. A value of 200 results in an output amplitude of about 9V p-p into high impedance.

Note: These are nominal values only. Actual values will vary from unit to unit. To adjust the level precisely, connect an oscilloscope to the output connector when adjusting.

Offset : Provides the ability to account for IRIG cable delays or other latencies in the

IRIG input. The Offset value is entered and displayed in nanoseconds (ns). The available Offset range is -500 to +500 ms.

Each IRIG code specifies a carrier frequency that is modulated to encode date and time, as well as control bits to time-stamp events. Initially, IRIG applications were primarily military and government associated. Today, IRIG is commonly used to synchronize voice loggers, recall recorders, and sequential event loggers found in emergency dispatch centers and power utilities.

For more information on IRIG frequency and output specifications, see

"IRIG Standards and Specifications" on page 546

.

Configuring an ASCII Time Code Output (RS-232 or RS-485)

Note: The process of configuring the ASCII Time Code output is independent of the communications protocol.

Via INTERFACES > OUTPUTS [ or : INTERFACES > OPTION CARDS ], navigate to the

ASCII Output you want to configure. Depending on which path you take, you will need to click the GEAR button, or Edit button in order to open the Edit window:

SecureSync 2400 User Manual 499

APPENDIX

500

Note: If you have only one input or output of any type, NetClock will number that input or output 0. Additional inputs or outputs will be numbered 1 or above.

The Edit window offers the following configuration fields:

Format Group : Determines the time code message format category (see also

"Time Code Data Formats" on page 519 ). Choices are:

None

NENA-Spectracom (Formats 0, 1, 2, 3, 4, 7, 8, 9, 1S)

NMEA (GGA, RMC, ZDA message)

BBC (Formats 1, 2, 3 PSTN, 4, 5 RMC)

ICD-153 (Buffer Box, Time Transfer, Current Status)

EndRun (EndRun Time Format, Endrun X Format)

SecureSync 2400 User Manual

APPENDIX

Format : Once a Format Group has been selected, one or more Format fields may appear, allowing you to select one or more time code Formats . For more information on time code formats, see

"Time Code Data Formats" on page 519

.

The choice of format group determines t he format choices available in the

Format 1, Format 2 and Format 3 fields.

Format 1 : Selects either the first of up to three, or the only format message to be output. See

"Time Code Data Formats" on page 519

for a description of available formats.

Format 2 : Selects the second consecutive format message to be outputted. Select “None” if only one output format is desired. See

"Time

Code Data Formats" on page 519

for a description of available formats.

Format 3 : Selects the third consecutive format message to be outputted. Select “None” if only one output format is desired. See

"Time

Code Data Formats" on page 519

for a description of available formats.

Signature Control : Used to control when the IRIG modulation will be present. This function allows the modulation to stop under certain conditions; see also

"Signature

Control" on page 161 .

Output Mode : This field determines when the output data will be provided. The available Mode selections are as follows:

Broadcast : The format messages are automatically sent out on authorized condition (Signature control), every second a message is generated in sync with the 1PPS.

Request (On-time) : A format message is generated in sync with 1PPS after the configured request character has been received.

Request (Immediate) : A format message is generated as soon as the request character is received. As this selection does not correlate the output data to the on-time point for the message, in Data Formats that do not provide sub-second information (such as Formats 0 and 1 whereas Format 2 provides sub-second information), it should be noted that the output data can be provided immediately, but a time error could occur when using the on-time point of the message in addition to the data for timing applications.

Timescale : Used to select the time base for the incoming ASCII time code data. The entered Timescale is used by the system to convert the time in the incoming ASCII data stream to UTC time for use by the System Time. The available choices are:

SecureSync 2400 User Manual 501

APPENDIX

UTC : Coordinated Universal Time ("temps universel coordonné"), also referred to as ZULU time

TAI : Temps Atomique International

GPS : The raw GPS time as transmitted by the GNSS satellites (as of July,

2015, this is 17 seconds ahead of UTC time)

A local clock set up through the Time Management Page: This option will appear under the name of the local clock you have set up. Refer to

"The Time

Management Screen" on page 166

for more information on how to configure and read the System Time. Local timescale allows a Local Clock to apply a time offset for Time Zone and DST correction.

The incoming input time information may be provided as local time, but System Time may be configured as UTC time, so internal computations need to be performed. With the Timescale field set to “Local”, select the name of a previously created Local Clock. The Time Zone and DST rules, as configured in the Local Clock will be applied to the front panel time display. See .

Note: The Timescale of the ASCII input (as configured in the ASCII time source) must be set correctly, especially if other input references are enabled.

Failure to configure the Timescale of the ASCII input correctly could result in time jumps occurring in the System Time when input reference changes occur. These time jumps could affect NTP and normal operation of the system.

Baud Rate : Determines the speed that the output port will operate at.

Data Bits : Defines the number of data bits for the output port.

Parity : Configures the parity checking of the output port.

Stop Bits : Defines the number of stop bits for the output.

Configuring the Relay/Alarm Output

To manage the alarm relays:

1.

Via the INTERFACES > Alarm Output drop-down menu, navigate to the Alarm

Output entry for the card you wish to configure. Depending on the path taken, …

502 SecureSync 2400 User Manual

APPENDIX

… click Edit or the GEAR button to edit the Alarm Output settings, or

… click Status or the INFO button to view the current settings for the Alarm

Output :

2.

The Alarm Type options displayed/to choose from are:

None : Will not output for an alarm.

Minor : Will output on a minor alarm.

Major : Will output on a major alarm.

5.2.7.4

Revertive Selector Card [1204-2E]

The Revertive Selector Option Card provides automatic failover capability, using one option card slot for a single output signal.

Operating Principle

The output follows the selected input. Signals can be 1PPS, 10 MHz, 5MHz or 1MHz.

Input “A” is selected if present and valid. If input “A” disappears, or if power to host

SecureSync is interrupted, input “B” is presented at output “OUT”.

As soon as input “A” becomes valid again, the output switches back to use “A” as source.

At power-up or module reset, there is a timed delay before input “A” is presented. This allows reference at input “A” to stabilize before being used.

SecureSync 2400 User Manual 503

APPENDIX

Model 1204-2E Specifications

Inputs/Outputs :

(2) Inputs – Unselected input terminated with 50 Ω

(1) Output

Connectors : 3 BNC

Signal Type : User selected (jumper switch):

>1MHz

1MHz to 100 Hz

1PPS

Signal Level :

Sine Wave, 0.5 V to 30 V p-p

TTL (50 Ω)

Default Power-on Switch State :

Initially, input “B” ; until a valid signal on input "A" is detected, causing the switch state to change to "A" .

Maximum Number of Cards : 6

Ordering Information : 1204-2E: Revertive Selector Option Module

Figure 5-59: Model 1204-2E option card rear plate

504 SecureSync 2400 User Manual

APPENDIX

Figure 5-60: Location of jumper switches

5.2.7.5

Event Broadcast [1204-23]

The Event Broadcast Module (RS-232) provides a BNC connection for an Event Trigger

Input and a RS-232 connector for an ASCII message output.

When the defined signal edge is detected on the Event Input BNC Connector, an ASCII message is created containing the current time.

ASCII messages are stored in a Message Buffer . The message buffer can store

512 entries before overflowing. Messages may be lost if the buffer overflows.

Messages can be output in one of two ways:

If the Mode is set to Broadcast , messages in the Message Buffer will be output immediately through the RS-232 Output port. If another event is captured while a message is being sent, it will be queued in the buffer until the first message completes, then the next message will be sent.

If the Mode is set to Request , messages in the Message Buffer are only sent when the Request Character is received.

The output format used is selected among a small group of formats with the capability to output data at 5ns resolution. Event Broadcast Output formats are detailed in

"Event

Broadcast Time Code Formats" on page 511

.

SecureSync 2400 User Manual 505

APPENDIX

Event Broadcast [1204-23]: Specifications

Inputs/Outputs : (1) Event Trigger Input, (1) Event Broadcast Output

Signal Type and Connector :

Connector J1 – (RS-232 Output) RS-232 DB9F

Connector J2 – (Event Input) TTL BNC

Event Resolution : 5ns

Minimum Time Between Events : 20 ns

Message Buffer Size : 512 messages

Ordering Information : 1204-23: Event Broadcast

Figure 5-61: Model 1204-23 option card rear plate

Output Port: Pin Assignments

Table 5-26: Output connector DB-9: pin-out

Pin Number Signal Name Function

3

4

1

2

5

Top row of 5 pins

NC No Connection

SERIAL_OUT_TX RS-232 Transmit data

SERIAL_OUT_RX RS-232 Receive data

NC No connection

GND Ground

Bottom row of 4 pins

6

7

NC

NC

No connection

No connection

506 SecureSync 2400 User Manual

APPENDIX

Pin Number

8

9

NC

NC

Signal Name Function

No connection

No connection

Viewing the State of Event Broadcast and Event Input

To view the Status of Event Broadcast and Event Input, see

"Viewing an Input/Output Signal State" on page 337

.

Event Broadcast Output: Edit Window

To configure the Event Broadcast Output , go to its Edit window. For instructions, see:

"Configuring Option Card Inputs/Outputs" on page 336 .

The Web UI list entry for this card is: Event Broadcast .

The Edit window allows the configuration of the following settings:

Signature Control : Signature Control controls when messages will be broadcast in response to events on the Event Input (J2) port when events are enabled and the card is in “broadcast” mode. (Events are still queued even if they are not broadcast, and are transmitted once the signature control conditions permit.) For more information on Signature Control, see

"Signature Control" on page 161 .

Format : Selects the format of the message to be outputted. Refer to

"Event Broadcast Time Code Formats" on page 511

for a description of all of the available formats.

The Event Broadcast card only supports two formats (Event Broadcast Format 0 and Event Broadcast Format 1), and only supports the output of one message per event. If format is set to “None”, no messages will be queued in the Message Buffer.

SecureSync 2400 User Manual 507

APPENDIX

508

Output Mode : This field determines when the output data will be provided. Available Mode selections are as follows:

Broadcast —Event Messages are automatically broadcast when they are created by an event. If a new event happens while an older message is being broadcast, the new message will be queued in a “First-in, First-out” manner.

When the message has finished, the next message out of the queue will be broadcast.

Request —Event Messages are only broadcast in response to a Request Character. New messages will be queued in a “First-in, First-out” manner.

Request character : This field defines the character that SecureSync needs to receive in order for a message to be provided when in “Request” mode. This field will only appear if the Output Mode is set as “Request Broadcast.”

Timescale —Used to select the time base for the incoming ASCII time code data. The entered Timescale is used by the system to convert the time in the incoming ASCII data stream to UTC time for use by the System Time. The available choices are:

UTC —Coordinated Universal Time ("temps universel coordonné"), also referred to as ZULU time

TAI —Temps Atomique International

GPS —The raw GPS time as transmitted by the GNSS satellites (as of 15-

February-2021, this is 18 seconds ahead of UTC time)

A local clock set up through the Time Management Page—This option will appear under the name of the local clock you have set up. Refer to

"The Time

Management Screen" on page 166 for more information on configuring and

reading the System Clock. Local timescale allows a Local Clock to apply a time offset for Time Zone and DST correction.

Note: The Timescale of the input (as configured in the ASCII time source) must be set correctly, especially if other input references are enabled. Failure to configure the Timescale of the input correctly could result in time jumps occurring in the System Time when input reference changes occur.

These time jumps could affect NTP and normal operation of the system.

Baud Rate : Determines the speed that the output port will operate at.

Data Bits : Defines the number of Data Bits for the output port.

SecureSync 2400 User Manual

APPENDIX

Parity : Configures the parity checking of the output port.

Stop Bits : Defines the number of Stop Bits for the output.

Event Broadcast Output: Status Window

To view the current settings of the Event Broadcast Output , go to its Status window. For instructions, see:

"Viewing Input/Output Configuration Settings" on page 334 .

The Web UI list entry for this card is: Event Broadcast .

The Status window displays the following settings:

Signature Control : Signature Control controls when messages will be broadcast in response to events on the Event Input (J2) port when events are enabled and the card is in “broadcast” mode. (Events are still queued even if they are not broadcast, and are transmitted once the signature control conditions permit.) For more information on Signature Control, see

"Signature Control" on page 161 .

Format : The format of the message to be output. Refer to

"Event Broadcast Time

Code Formats" on page 511

for a description of all of the available formats.

The Event Broadcast card only supports two formats (Event Broadcast Format 0 and Event Broadcast Format 1), and only supports the output of one message per event. If format is set to “None”, no messages will be queued in the Message Buffer.

Output Mode : When the output data will be provided. Available Mode selections are as follows:

Broadcast —Event Messages are automatically broadcast when they are created by an event. If a new event happens while an older message is being broadcast, the new message will be queued in a “First-in, First-out” manner.

When the message has finished, the next message out of the queue will be broadcast.

SecureSync 2400 User Manual 509

APPENDIX

Request —Event Messages are only broadcast in response to a Request Character. New messages will be queued in a “First-in, First-out” manner.

Timescale : The time base for the incoming time code data. The entered Timescale is used by the system to convert the time in the incoming data stream to UTC time for use by the System Time. The available choices are:

UTC—Coordinated Universal Time ("temps universel coordonné"), also referred to as ZULU time

TAI—Temps Atomique International

GPS—The raw GPS time as transmitted by the GNSS satellites (as of 15-

February-2021, this is 18 seconds ahead of UTC time).

A local clock set up through the Time Management Page—This option will appear under the name of the local clock you have set up. Refer to

"The Time

Management Screen" on page 166

for more information on configuring and reading the System Time. Local timescale allows a Local Clock to apply a time offset for Time Zone and DST correction.

Note: The Timescale of the input (as configured in the time source) must be set correctly, especially if other input references are enabled. Failure to configure the Timescale of the ASCII input correctly could result in time jumps occurring in the System Time when input reference changes occur.

These time jumps could affect NTP and normal operation of the system.

Request character : This field defines the character that SecureSync needs to receive in order for a message to be provided when in “Request” mode. This field will only appear if the Output Mode is set as “Request Broadcast.”

Baud Rate : The speed that the output port will operate at.

Data Bits : The number of Data Bits for the output port.

Parity : The parity checking of the output port.

Stop Bits : The number of Stop Bits for the output.

Event Broadcast Input: Edit Window

To configure the Event Broadcast Input (also referred to as ‘ Reference ’), go to its Edit window. For instructions, see:

"Configuring Option Card Inputs/Outputs" on page 336 .

The Web UI list entry for this card is: Event Broadcast .

510 SecureSync 2400 User Manual

APPENDIX

The Status window displays the following settings:

Event Capture : Enables the processing of events on the Event Input port J2. When set to “Disabled”, no event messages will be queued. When set to “Enabled”, event messages will be triggered (if a valid Format is selected).

Event Active Edge : Selects the signal edge used for triggering events on Event

Input port J2.

Event Broadcast Input: Status Window

To view the current settings of the Event Broadcast Input , (also referred to as ‘ Reference ’), go to its Status window. For instructions, see:

"Viewing Input/Output Configuration Settings" on page 334

.

The Web UI list entry for this card is: Event Broadcast .

The Status window displays the following settings:

Event Capture : The processing of events on the Event Input port J2. When set to

“Disabled”, no event messages will be queued. When set to “Enabled”, event messages will be triggered (if a valid Format is selected).

Event Active Edge : The signal edge used for triggering events on Event Input port

J2.

Latest Event Message : The last message sent. This can be cleared with the Clear button.

Event Broadcast Time Code Formats

The following ASCII-based time code formats are available:

SecureSync 2400 User Manual 511

APPENDIX

Event Broadcast Format 0

E x a m p l e m e s s a g e :

SSSSSSSSSS.XXXXXXXXX<CR><LF>

Where:

SSSSSSSSSS 10-digit Seconds Time (references from

January 1 st , 1970)

.

Decimal Point Separator

XXXXXXXXX 9-digit Sub-Seconds Time (5 ns resolution)

CR

LF

Carriage Return

Line Feed

Event Broadcast Format 1

E x a m p l e m e s s a g e

YYYY DDD HH:MM:SS.XXXXXXXXX<CR><LF>

Where:

YYYY

DDD

:

HH

:

MM

.

SS

Year

Space Separator

Day of Year (001-366)

Space Separator

Hour of the Day (00-23)

Colon Separator

Minutes of the Hour (00-59)

Colon Separator

Seconds (00-59), (00-60 for leap second)

Period Separator

512 SecureSync 2400 User Manual

APPENDIX

XXXXXXXXX 9-digit Sub-Seconds Time (5 ns resolution)

CR Carriage Return

LF Line Feed

5.3

Command-Line Interface

A terminal emulation program is used to emulate a video terminal, so as to access

SecureSync's CLI (Command- Line Interface) remotely via a serial cable. This may be required if no other means of remotely accessing SecureSync are available, for example if

Ethernet ports are used otherwise or have been disabled (e.g., for security reasons).

5.3.1

Setting up a Terminal Emulator

If no other means are available to access SecureSync, a terminal emulation program can be used to carry out certain configuration changes by accessing SecureSync's CLI (commandline interface) via a serial port connection. An application example for this scenario is to enable a network port so that the SecureSync Web UI can be used. While it is also possible to retrieve selected logs, a terminal emulator does not replace the SecureSync Web UI.

Orolia does not distribute or support its own terminal emulator, and newer Microsoft operating systems no longer include HyperTerminal. However, there are several third-party open-source programs available, such as TeraTerm ® or PuTTY ® . The example below illustrates the use of TeraTerm. The setup procedure is similar when using other terminal emulation programs.

Procedure:

1.

Connect the personal computer to the USB interface.

2.

Configure your terminal emulation program, using the following settings:

Port : COM(#)

Bits per second : 115200

Data bits : 8

Parity : None

SecureSync 2400 User Manual 513

APPENDIX

Stop bits : 1

Flow control : None

514

3.

Depending on which network protocol you are using (SSH, Telnet), you will need to enter authentication upon establishment of the connection either in a separate authentication window, or the Terminal window: The default user name is spadmin

, and the password admin123 .

4.

Using the Terminal window, you can now submit commands.

5.3.2

CLI Commands

SecureSync features a suite of command-line interface (CLI) commands that can be used to configure parameters and retrieve status information or log files via a remote connection, using the telnet or ssh

(if enabled) protocol.

This section includes a list of some of the supported commands.

Notes:

a.

The command “ helpcli

” will provide a list of all available commands and their syntax ( Note : Typing “ help ” will output bash shell help only and will not provide useful information).

b.

You can scroll up or scroll down through the output by using the Page Up/Page down keys, or the arrow keys.

c.

Type “ q

” (lower-case) to quit.

d.

Pressing the up/down keys scrolls through previously typed commands.

SecureSync 2400 User Manual

APPENDIX e.

Commands need to be typed in all lower-case letters.

f.

Where eth0 is the base network port and eth1

(and higher) are used with the optional Gigabit Ethernet module for multiple network interfaces.

g.

User accounts with “user” group permissions can perform “ get ” commands but cannot perform any “ set ” commands or change/reset passwords. Only user accounts with “admin” group permissions can perform “ set

” commands or change/reset password. Refer to

"Adding/Deleting/Changing User Accounts" on page 252

for user account setup information.

Command Description clean cleanhalt clearcfg clearlogs clearstats dateget dateset defcert

Restores SecureSync configuration, logs, and stats to factory defaults and reboots

Restores SecureSync configuration to factory defaults and halts

Restores configuration to factory defaults and reboots

Clears all logs

Clears all statistical data (NTP, and oscillator/disciplining)

Displays current date (for example, 15 APR 2015)

Used to set the current date

Used to create a new Spectracom self-signed SSL certificate for HTTPS in case of expiration of the original certificate dhcp4get dhcp4set dns4cfg dns4get dns4set dhcp6get dhcp6set doyget

Displays whether DHCP is enabled

Used to enable or disable DHCP

Display the configured IPv4 primary and secondary DNS addresses

Displays the configured DNS servers

Used to configure the DNS servers

Displays whether DHCPv6 is enabled

Used to enable or disable DHCPv6

Used to obtain the current Day of Year doyset gpsdop

Used to set the current Day of Year

Displays GNSS receiver positional accuracy estimates gpsdserviceportget Displays the GPSD service port gpsdserviceportset Sets the GPSD service port

SecureSync 2400 User Manual 515

APPENDIX

Command gpsinfo gpsloc gpsmdl gpsreset gpssat gw4cfg gw4get gw4set gw6cfg gw6get gw6set halt helpcli hostget hostset hotstart ip4cfg ip4get ip4set ip6add ip6cfg ip6del ip6get iptables licenses list loadconf locallist

Description

Applicable to SAASM-equipped SecureSync units only

Displays GNSS latitude, longitude and antenna height

Displays the GNSS Manufacturer and Model

Resets the GNSS Position stored in the unit.

Displays GNSS satellites tracked and maximum signal strength being received

Display the configured IPv4 gateway

Displays the default IPv4 gateway

Used to configure the IPv4 gateway addresses

Display the configured IPv6 gateway.

Displays the default IPv6 gateway address

Used to configure the IPv6 gateway address

Used to Halt the system for shutdown

Provides list of available commands and syntax

Displays the DNS hostname

Sets the DNS hostname

Initiate a hot start operation on the SAASM GPS receiver

Display the IPv4 static configuration.

Displays IPv4 Ethernet port information (IP address net mask and gateway)

Used to set IPv4 Ethernet port information (IP address net mask and gateway)

Used to add IPv6 Ethernet port information (IP address net mask and gateway)

Display the IPv6 static configuration

Used to delete IPv6 IP address

Used to obtain the IPv6 IP address

See

"Network Services" on page 62

for more information.

Displays configured licenses installed (if any)

Outputs a list of commands

Restore a saved configuration and reboot

Used to display local clocks

516 SecureSync 2400 User Manual

APPENDIX

SecureSync 2400 User Manual 517

APPENDIX

Command resetpw routes4 routes6 rt4add rt4del rt4get rt6add rt6del rt6get saveconf savelog scaleget scaleset sendtrap sendtrap all services servget servset slaacget slaacset stateset status swupgrade syncstate testevent tfomget

Description

Resets the administrator account (spadmin) password back to the default value

“ admin123 ”

Displays the current IPv4 routing table(s)

Displays the current IPv6 routing table(s)

Adds an IPv4 static route

Deletes an IPv4 static route

Displays the configured IPv4 static routes

Adds an IPv6 static route

Deletes an IPv6 static route

Displays the configured IPv6 static routes

Generate archive of current configuration

Generate archive of all log files

Displays configured system timescale

Used to configure the system timescale

Triggers one type of a possible set of alarms.

Sends one instance of all alarms

Displays the state of services (enabled/disabled)

Displays the state of individual services

Enable or disable specific services

Displays whether SLAAC is enabled

Used to enable or disable SLAAC

Enable or disable an entry in the reference priority table. index = 0...15. state = 0

(disable), 1 (enable)

Displays information about the oscillator disciplining

Performs system upgrade using the update bundle provided

Display timing system synchronization state

Generates SNMP events in the enterprise MIB

Displays current estimated system time error (TFOM – Time Figure of Merit)

518 SecureSync 2400 User Manual

APPENDIX

Command timeget timeset unrestrict version vlanadd vlandel yearget yearset zeroize

Description

Displays current system time (time is displayed in the configured timescale –

See scaleget command to retrieve the configured timescale)

Used to manually set the current time (hours, minutes in seconds); time is entered based on the configured timescale – See scaleget command to retrieve the configured timescale

Used for clearing access control restrictions to SecureSync

Displays the installed main SecureSync and timing system software versions

Add a VLAN connection

Delete a VLAN connection

Displays the current year

Used to set the current year

Applicable to SAASM-equipped SecureSync units only

5.4

Time Code Data Formats

This section describes the different time code data format selections available for use with

SecureSync option cards that accept ASCII data streams as inputs or outputs via their RS-

485 and RS-232 interfaces.

Supported are formats like NMEA, BBC, Spectracom, GSSIP, and Endrun.

5.4.1

NMEA GGA Message

The GGA Format provides essential fix data which includes 3D location and accuracy data.

E x a m p l e m e s s a g e :

$GPGGA,123519.00,4807.038,N,01131.000,E,1,08,0.9,545.4,M,-164.0,M,,,,*47

Note: Not all fields below are available on all products in all applications.

SecureSync 2400 User Manual 519

APPENDIX

NOTE : The GGA format does not support precision timing and 1PPS functionality; the

Web UI may permit the selection of Message or PPS Pin as PPS Source , but the NMEA

GGA Message will not use either. If this data is required for your application, use the ZDA

Message format instead (see

"NMEA ZDA Message" on the facing page ).

Where:

GGA

123519.00

4807.038,N

01131.000, E

1

08

0.9

545.4,M

-164.0,M

(empty field)

*47

Global Positioning System Fix Data

Fix taken at 12:35:19 UTC

Latitude 48 deg 07.038' N

Longitude 11 deg 31.000' E

Fix quality:

0 = Invalid

1 = GNSS fix (SPS)

2 = DGPS fix

3 = PPS fix

4 = Real Time Kinematic

6 = estimated (dead reckoning) (2.3 feature)

7 = Manual input mode

8 = Simulation mode

Number of satellites being tracked

Horizontal dilution of position

Altitude, Meters, above mean sea level (geoid)

Height of geoid (mean sea level) above WGS84 ellipsoid

(Field not provided in this setup)

Checksum data, always begins with *

5.4.2

NMEA RMC Message

NMEA Message Format RMC, (Recommended Minimum) provides fix information, speed over ground and Magnetic Variance information.

E x a m p l e m e s s a g e :

$GPRMC,123519.00,A,4807.038,N,01131.000,E,,,230394,,,A*6A

Where:

520 SecureSync 2400 User Manual

RMC Recommended Minimum Sentence C

123519.00

Fix taken at 12:35:19 UTC

A Status A=active or V=Void.

4807.038,N Latitude 48 deg 07.038' N

01131.000,E Longitude 11 deg 31.000' E

(empty field)

(Field not provided in this setup)

(Field not provided in this setup) (empty field)

230394 Date - 23rd of March 1994

(Field not provided in this setup) (empty field)

(empty field)

A

(Field not provided in this setup)

*6A

Mode Indicator: A=Autonomous, D=Differential, E=Estimated, F=Float RTK, M=Manual input, N=No fix, P=Precise, R=Real time kinematic, S=Simulator

Checksum data, always begins with *

5.4.3

NMEA ZDA Message

The Format ZDA Data message provides Date and Time information.

E x a m p l e m e s s a g e :

$GPZDA,HHMMSS.00,DD,MM,YYYY,XX,YY*CC

Where:

HHMMSS.00

DD,MM,YYYY

XX

YY

*CC

HrMinSec(UTC)

Day, Month, Year

Local zone hours -13…13

Local zone minutes 0…59

Checksum

APPENDIX

SecureSync 2400 User Manual 521

APPENDIX

5.4.4

Spectracom Format 0

Format 0 includes a time synchronization status character, day of year, time reflecting

Time Zone Offset and DST corrections when enabled. Format 0 also includes the

DST/Standard Time indicator, and the Time Zone Offset value. Format 0 data structure is shown below:

E x a m p l e m e s s a g e :

CR LF I ^ ^ DDD ^ HH:MM:SS ^ DTZ=XX CR LF

Where:

DDD

HH

:

MM

I

^

CR

LF

SS

D

TZ

XX

Carriage Return

Line Feed

Time Sync Status (space, ?, *)

Space separator

Day of Year (001-366)

Hours (00-23)

Colon separator

Minutes (00-59)

Seconds (00- 60)

Daylight Saving Time indicator (S,I,D,O)

Time Zone

Time Zone offset (00-23)

The leading edge of the first character ( CR ) marks the on-time point of the data stream.

The time synchronization status character ( I ) is defined as described below:

? When the receiver is unable to track any satellites and the time synchronization lamp is red.

* When the receiver time is derived from the battery backed clock or set manually through the

Setup Port Interface.

The Daylight Saving Time indicator ( D ) is defined as:

522 SecureSync 2400 User Manual

APPENDIX

I

S During periods of Standard time for the selected DST schedule.

During the 24-hour period preceding the change into DST.

D During periods of Daylight Saving Time for the selected DST schedule.

O During the 24-hour period preceding the change out of DST.

E x a m p l e :

271 12:45:36 DTZ=08

The example data stream provides the following information:

Sync Status

Date

Time

D

Time synchronized to GNSS

Day 271

12:45:36 Pacific Daylight Time

DST, Time Zone 08 = Pacific Time

5.4.5

Spectracom Format 1

Format 1 converts the received day of year data (001-366) to a date consisting of day of week, month, and day of the month. Format 1 also contains a time synchronization status character, year, and time reflecting time zone offset and DST correction when enabled.

Available Formats 1 and 1S are very similar to each other. Most external systems utilizing

Data Format 1 will look for a single-digit day of the month for day 1 through day 9, with a space in front of each digit ( ^1, ^2, ^3 … 10, 11… ), whereas other systems need to see a two digit day of the month for all days 1 through 9 with a leading 0 instead of a space (01, 02,

03… 10, 11…).

If your device requires the two digit day of the month for days 1 through 9 (i.e. 01, 02 etc.), select Format 1.

If your device requires the single digit day of the month for days 1 through 9 (i.e. ^1,

^2, etc.), select Format 1S instead. Refer to

"Spectracom Format 1S" on page 525

for information on Format 1S.

F o r m a t 1 d a t a s t r u c t u r e :

CR LF I ^ WWW ^ DDMMMYY ^ HH:MM:SS CR LF

SecureSync 2400 User Manual 523

APPENDIX

Where:

:

HH

MM

SS

I

^

CR

LF

Carriage Return

Line Feed

Time Sync Status (space, ?, *)

Space separator

WWW Day of Week (SUN, MON, TUE, WED, THU, FRI, SAT)

DD Numerical Day of Month (01-31)

MMM

YY

Month (JAN, FEB, MAR, APR, MAY, JUN, JUL, AUG, SEP, OCT, NOV, DEC)

Year without century (99, 00, 01, etc.)

Hours (00-23)

Colon separator

Minutes (00-59)

Seconds (00-60)

The leading edge of the first character (

CR

) marks the on-time point of the data stream.

The time synchronization status character (

I

) is defined as described below:

? When the receiver is unable to track any satellites and the time synchronization lamp is red.

* When the receiver time is derived from the battery backed clock or set manually through the

Setup Port Interface.

E x a m p l e :

FRI 20APR01 12:45:36

The example data stream provides the following information:

Sync

Status

Date

Time

The clock is not time synchronized to GNSS. Time is derived from the battery backed clock or set manually

Friday, April 23, 2015

12:45:36

524 SecureSync 2400 User Manual

APPENDIX

5.4.6

Spectracom Format 1S

Format 1S (Space) is very similar to Format 1, with the exception of a space being the first character of Days 1 through 9 of each month (instead of the leading “0” which is present in

Format 1).

Most external systems utilizing Data Format 1 will look for a single digit day of the month for day 1 through day 9, with a space in front of each digit (^1, ^2, ^3 … 10, 11…) whereas other systems need to see a two digit day of the month for all days 1 through 9 with a leading 0 instead of a space (01, 02, 03… 10, 11…).

If your device requires the single digit day of the month for days 1 through 9 (i.e. 1, 2, etc.), select Format 1S.

If your device requires the two digit day of the month for days 1 through 9 (i.e. 01,

02, etc.), select Format 1 instead. Refer to

"Spectracom Format 1" on page 523

for information on Format 1.

E x a m p l e m e s s a g e :

CR LF I ^ WWW ^ DDMMMYY ^ HH:MM:SS CR LF

Where:

:

HH

MM

SS

I

^

CR

LF

Carriage Return

Line Feed

Time Sync Status (space, ?, *)

Space separator

WWW Day of Week (SUN, MON, TUE, WED, THU, FRI, SAT)

DD Numerical Day of Month (1-31)

MMM

YY

Month (JAN, FEB, MAR, APR, MAY, JUN, JUL, AUG, SEP, OCT, NOV, DEC)

Year without century (99, 00, 01, etc.)

Hours (00-23)

Colon separator

Minutes (00-59)

Seconds (00-60)

The leading edge of the first character (

CR

) marks the on-time point of the data stream.

SecureSync 2400 User Manual 525

APPENDIX

The time synchronization status character (

I

) is defined as described below:

? When the receiver is unable to track any satellites and the time synchronization lamp is red.

* When the receiver time is derived from the battery backed clock or set manually through the

Setup Port Interface.

E x a m p l e :

FRI 20APR15 12:45:36

The example data stream provides the following information:

Sync

Status

Date

Time

The clock is not time synchronized to GNSS. Time is derived from the battery backed clock or set manually.

Friday April, 23, 2015

12:45:36

5.4.7

Spectracom Format 2

This format provides a time data stream with millisecond resolution. The Format 2 data stream consists of indicators for time synchronization status, time quality, leap second and

Daylight Saving Time. Time data reflects UTC time and is in the 24-hour format. Format 2 data structure is shown below:

Note: Format 2 cannot be configured for a Time Zone Offset or with automatic Daylight Saving Time adjustment. Attempting to configure a Local clock using Data Format 2 with either a Time Zone Offset or automatic

DST rule will result in an error message.

E x a m p l e m e s s a g e :

CR LF IQYY ^ DDD ^ HH:MM:SS.SSS ^ LD

Where:

526 SecureSync 2400 User Manual

APPENDIX

L

D

.

SSS

:

MM

:

SS

YY

^

DDD

HH

I

Q

CR

LF

Carriage Return

Line Feed

Time Sync Status (space, ?, *)

Quality Indicator (space, A, B, C, D)

Year without century (99, 00, 01, etc.)

Space separator

Day of Year (001-366)

Hours (00-23 UTC time)

Colon separator

Minutes (00-59)

Colon separator

(00-60)

Decimal separator

Milliseconds (000-999)

Leap Second indicator (space, L)

Daylight Saving Time Indicator (S,I,D,O)

The leading edge of the first character ( CR ) marks the on-time point of the data stream.

The time synchronization status character (

I

) is defined as described below:

? When the receiver is unable to track any satellites and the time synchronization lamp is red.

* When the receiver time is derived from the battery backed clock or set manually through the

Setup Port Interface.

The quality indicator ( Q ) provides an inaccuracy estimate of the output data stream. When the receiver is unable to track any GNSS satellites, a timer is started.

"Quality indicators" on the next page

lists the quality indicators and the corresponding error estimates based upon the GNSS receiver 1PPS stability, and the time elapsed tracking no satellites. The

Tracking Zero Satellites timer and the quality indicator reset when the receiver reacquires a satellite.

SecureSync 2400 User Manual 527

APPENDIX

Quality Time (hours) TXCO Error (milliseconds)

OCXO Error

(milliseconds)

Rubidium Error

(microseconds)

B

C

Space Lock

A <10

D

<100

<500

>500

<1

<10

<100

<500

>500

<0.01

<0.72

<7.2

<36

>36

<0.3

<1.8

<18

<90

>90

Table 5-27: Quality indicators

The leap second indicator (L) is defined as:

(Space) When a leap second correction is not scheduled for the end of the month.

L When a leap second correction is scheduled for the end of the month.

The Daylight Saving Time indicator (D) is defined as:

S During periods of Standard time for the selected DST schedule.

I During the 24-hour period preceding the change into DST.

D During periods of Daylight Saving Time for the selected DST schedule.

O During the 24-hour period preceding the change out of DST.

E x a m p l e :

?A15 271 12:45:36.123 S

The example data stream provides the following information:

Sync

Status

Date

Time

The clock has lost GNSS time sync. The inaccuracy code of “A” indicates the expected time error is <10 milliseconds.

Day 271 of year 2015.

12:45:36 UTC time, Standard time is in effect.

528 SecureSync 2400 User Manual

APPENDIX

5.4.8

Spectracom Format 3

Format 3 provides a format identifier, time synchronization status character, year, month, day, time with time zone and DST corrections, time difference from UTC, Standard time/DST indicator, leap second indicator and on-time marker. The Format 3 data structure is shown below:

E x a m p l e m e s s a g e :

FFFFI^YYYYMMDD^HHMMSS±HHMMD L # CR LF

Where:

MM

DD

HH

MM

I

FFFF Format Identifier (0003)

Time Sync Status (Space, ?, *)

^ Space separator

YYYY Year (1999, 2000, 2001, etc.)

Month Number (01-12)

Day of the Month (01-31)

Hours (00-23)

Minutes (00-59)

L

#

CR

LF

SS

±

Seconds (00-60)

Positive or Negative UTC offset (+,-) Time Difference from UTC

HHMM UTC Time Difference Hours Minutes (00:00-23:00)

D Daylight Saving Time Indicator (S,I,D,O)

Leap Second Indicator (space, L)

On time point

Carriage Return

Line Feed

The time synchronization status character ( I ) is defined as described below:

? When the receiver is unable to track any satellites and the time synchronization lamp is red.

* When the receiver time is derived from the battery backed clock or set manually through the

Setup Port Interface.

SecureSync 2400 User Manual 529

APPENDIX

The time difference from UTC, ±HHMM, is selected when the Serial Com or Remote port is configured. A time difference of -0500 represents Eastern Time. UTC is represented by

+0000.

The Daylight Saving Time indicator ( D ) is defined as:

S During periods of Standard time for the selected DST schedule.

I During the 24-hour period preceding the change into DST.

D During periods of Daylight Saving Time for the selected DST schedule.

O During the 24-hour period preceding the change out of DST.

The leap second indicator ( L ) is defined as:

(Space) When a leap second correction is not scheduled for the end of the month.

L When a leap second correction is scheduled for the end of the month.

E x a m p l e :

0003 20150415 124536-0500D #

The example data stream provides the following information:

Data Format 3

Sync Status Day 271 of year 2015.

Date

Time

April 15, 2015.

12:45:36 EDT (Eastern Daylight Time). The time difference is 5 hours behind UTC.

Leap Second No leap second is scheduled for this month.

5.4.9

Spectracom Format 4

Format 4 provides a format indicator, time synchronization status character, modified

Julian date, time reflecting UTC with 0.1 millisecond resolution and a leap second indicator.

Format 4 data structure is shown below:

E x a m p l e :

FFFFIMJDXX^HHMMSS.SSSS^L CR LF

530 SecureSync 2400 User Manual

Where:

I

FFFF

MJDXX

^

HH

MM

SS.SSSS

L

CR

LF

Format Identifier (0004)

Time Sync Status (Space, ?, *)

Modified Julian Date

Space separator

Hours (00-23 UTC time)

Minutes (00-59)

Seconds (00.0000-60.0000)

Leap Second Indicator (space, L)

Carriage Return

Line Feed

The start bit of the first character marks the on-time point of the data stream.

The time synchronization status character (

I

) is defined as described below:

? When the receiver is unable to track any satellites and the time synchronization lamp is red.

* When the receiver time is derived from the battery backed clock or set manually through the

Setup Port Interface.

The leap second indicator ( L ) is defined as:

(Space) When a leap second correction is not scheduled for the end of the month.

L When a leap second correction is scheduled for the end of the month.

E x a m p l e :

0004 50085 124536.1942 L

The example data stream provides the following information:

Data format

Sync Status

Modified Julian Date

4

Time synchronized to GNSS.

50085

APPENDIX

SecureSync 2400 User Manual 531

APPENDIX

Time

Leap Second

12:45:36.1942 UTC

A leap second is scheduled at the end of the month.

5.4.10

Spectracom Format 7

This format provides a time data stream with millisecond resolution. The Format 7 data stream consists of indicators for time synchronization status, leap second and Daylight Saving Time. Time data reflects UTC time and is in the 24-hour format. Format 7 data structure is shown below:

Note: Format 7 cannot be configured for a Time Zone Offset or with automatic Daylight Saving Time adjustment. Attempting to configure a Local clock using Data Format 7 with either a Time Zone Offset or automatic

DST rule will result in an error message.

E x a m p l e m e s s a g e :

CR LF I^YY^DDD^HH:MM:SS.SSSL^D CR LF

Where:

^

DDD

:

HH

CR

LF

I

YY

.

MM

SS

Carriage Return

Line Feed

Time Sync Status (space, ?, *)

Year without century (99, 00, 01, etc.)

Space separator

Day of Year (001-366)

Hours (00-23 UTC time)

Colon separator

Minutes (00-59)

Seconds (00-60)

Decimal Separator

532 SecureSync 2400 User Manual

APPENDIX

SSS

L

D

Milliseconds (000-999)

Leap Second Indicator (space, L)

Daylight Saving Time Indicator (S,I,D,O)

The leading edge of the first character ( CR ) marks the on-time point of the data stream.

The time synchronization status character (

I

) is defined as described below:

? When the receiver is unable to track any satellites and the time synchronization lamp is red.

* When the receiver time is derived from the battery backed clock or set manually through the

Setup Port Interface.

The leap second indicator ( L ) is defined as:

(Space) When a leap second correction is not scheduled for the end of the month.

L When a leap second correction is scheduled for the end of the month.

The Daylight Saving Time indicator (D) is defined as:

I

S During periods of Standard time for the selected DST schedule.

During the 24-hour period preceding the change into DST.

D During periods of Daylight Saving Time for the selected DST schedule.

O During the 24-hour period preceding the change out of DST.

E x a m p l e :

? 15 271 12:45:36.123 S

The example data stream provides the following information:

Sync Status

Date

Time

The clock has lost GNSS time sync.

Day 271 of year 2015.

12:45:36 UTC time, Standard time is in effect.

5.4.11

Spectracom Format 8

Format 8 includes a time synchronization status character, the four digit year, day of year, time reflecting Time Zone Offset and DST corrections when enabled. Format 8 also

SecureSync 2400 User Manual 533

APPENDIX includes the DST/Standard Time indicator, and the Time Zone Offset value. Format 8 data structure is shown below:

E x a m p l e :

CR LF I ^ ^YYYY^ DDD ^ HH:MM:SS ^ D+XX CR LF or

CR LF I ^ ^YYYY^ DDD ^ HH:MM:SS ^ D-XX CR LF

Where:

MM

SS

D

XX

^

DDD

:

HH

CR

LF

I

YYYY

Carriage Return

Line Feed

Time Sync Status (space, ?, *)

Four digit year indication

Space separator

Day of Year (001-366)

Hours (00-23)

Colon separator

Minutes (00-59)

Seconds (00-60)

Daylight Saving Time indicator (S,I,D,O)

Time Zone Switch Setting (±00…12)

The leading edge of the first character ( CR ) marks the on-time point of the data stream.

Time sync status character ( I ) is described below:

(Space) When SecureSync is synchronized to UTC source.

* When SecureSync time is set manually.

?

When SecureSync has not achieved or has lost synchronization to UTC source.

The time and date can be set to either local time or UTC time, depending upon the configuration of the output port.

534 SecureSync 2400 User Manual

APPENDIX

5.4.12

Spectracom Format 9

Format 9 provides Day-of-Year and Time information.

E x a m p l e m e s s a g e :

<SOH>DDD:HH:MM:SSQ<CR><LF>

Where:

SOH Start of header (ASCII Character 1)

DDD Day of Year (001-366)

: Colon Separator

HH Hours (00-23)

MM Minutes (00-59)

SS Seconds (00-59) (00-60 for leap second)

Q

Q

Time Sync Status [as INPUT] space = SYNC

‘.’ = SYNC

‘*’=NOT IN SYNC

‘#’ = NOT IN SYNC

“?” = NOT IN SYNC

Time Sync Status [as OUTPUT] space = Time error is less than time quality flag 1's threshold (TFOM < or = 3)

“.” = Time error has exceeded time quality flag 1's threshold (TFOM = 4)

“*” = Time error has exceeded time quality flag 2's threshold (TFOM = 5)

“#” = Time error has exceeded time quality flag 3's threshold (TFOM = 6)

“?” = Time error has exceeded time quality flag 4's threshold OR a reference source is unavailable (TFOM >=7)

CR Carriage Return (ASCII Character 13)

LF Line Feed (ASCII Character 10)

The leading edge of the first character (

CR

) marks the on-time point of the data stream.

5.4.12.1

Format 9S

Format 9S is a variation of ASCII Format 9 that uses Sysplex compatible fields indicating sychronization status:

SecureSync 2400 User Manual 535

APPENDIX

FL_SYNC_SYS_REF_NONE ('X')

FL_SYNC_SYS_REF_YES (' ')

FL_SYNC_SYS_REF_LOST ('F')

5.4.13

Spectracom Epsilon Formats

Never been in sync

In sync with a reference

Out of sync, lost reference

5.4.13.1

Spectracom Epsilon TOD 1

This message corresponds to the TOD 1 format provided by EPSILON 2S/3S Series products on RS232/422 ports.

The structure of this format is as follows:

<space>DD/MM/YYYY<space>HH:MM:SST(CR)(LF)

Length=23 bytes

Where:

:

MM

:

SS

T

(CR)

(LF)

<space>

DD

</>

MM

</>

YYYY

<space>

HH separator

2-digit Day of month separator

2-digit Month separator

4-digit Year separator

2-digit Hour separator

2-digit Minutes separator

2-digit Seconds

1-digit Timescale ( 'N' None, 'G' GPS, 'U' UTC, 'A' TAI, 'L' Local, 'M' Manual)

Carriage Return (ASCII Character 13 0x0D)

Line Feed (ASCII Character 10 0x0A)

536 SecureSync 2400 User Manual

APPENDIX

5.4.13.2 Spectracom Epsilon TOD 3

This message corresponds to the TOD 3 format provided by EPSILON 2S/3S Series products on RS232/422 ports.

The structure of this format is as follows:

<space>DOY/YYYY<space>HH:MM:SS<space>T(CR)(LF)

Length=22 bytes

Where:

:

MM

:

SS

T

(CR)

(LF)

<space>

DOY

</>

YYYY

</>

YYYY

<space>

HH separator

3-digit Day of year separator

4-digit Year separator

4-digit Year separator

2-digit Hour separator

2-digit Minutes separator

2-digit Seconds

1-digit Timescale ( 'N' None, 'G' GPS, 'U' UTC, 'A' TAI, 'L' Local, 'M' Manual)

Carriage Return (ASCII Character 13 0x0D)

Line Feed (ASCII Character 10 0x0A)

5.4.14

BBC Message Formats

5.4.14.1

Format BBC-01

This format is based on string ASCII characters, and is sent once per second. It provides year, month, day, day of week, day of month, hours, minutes, and seconds.

Number of characters: 24 (including CRLF and '.')

SecureSync 2400 User Manual 537

APPENDIX

E x a m p l e m e s s a g e :

T:ye:mo:da:dw:ho:mi:sc

Where: dw ho mi sc

T ye mo da

Indicates the synchronous moment for the time setting.

Year (00-99)

Month (01-12)

Day of month (01-31)

Day of week (01=Monday to 7=Sunday)

Hours (00-23)

Minutes (00-59)

Seconds (00-59)

5.4.14.2 Format BBC-02

This is a hexadecimal frame/message sent twice per second. The message should be sent such that the final “99” occurs at 0 msec and 500 msec.

Number of bytes: 26

Format:

START Year Month Day Hour Min Sec.

AA AA 07 DA 06 16 13 59 01

Millisecond

02 BA

Time

Zone

Daylight

Leapsecond

Sign

Leapsecond

Month

80 00 00 00 00

GPS Second GPS to UTC Offset Check-sum END

09 3A 7E 12 FE 99 99

Leapsecond

Zone

00

GPS

Week

1A 2A

538 SecureSync 2400 User Manual

Where:

Leap Second Sign:

01=Positive

FF=Negative

00=No leap second

Leap Second Month:

00=None scheduled

03=March

06=June

09=September

0C=December

Leap Second Zone:

0=Out of zone

1=Within zone

Zone is 15 minutes before to 15 minutes after a leap second.

GPS Week:

Up to FFFF

GPS Second:

Second of week 000000 up to 093A7F (604799 decimal)

GPS to UTC offset:

2’s complement binary signed integer, seconds

Checksum:

Sum of all bytes up to and including the checksum (sum includes the AAAA start identifier but excludes the 9999 end identifier)

APPENDIX

SecureSync 2400 User Manual 539

APPENDIX

5.4.14.3 Format BBC-03 PSTN

The third format is a string ASCII characters and is sent on a received character.

The message should be advanced by an appropriate number such that the stop bit of each

< CR > occurs at the start of the next second. For example, at 300 baud, 8 data bits, 1 stop bit, and no parity, each byte takes 10/300 s=33 ms, so the < CR > byte should be advanced by 33 ms in order for the < CR >’s stop bit to line up with the start of the next second.

Time information is available in UTC format or UK TOD format.

‘t’ command

Input format: t<CR>

Output format:

Current Second Second + 1 Second + 2 Second + 3

<CR> HHMMSS<CR> HHMMSS<CR> HHMMSS<CR>

Number of characters: 7 (including CR)

Each HHMMSS filed refers to the time at the start of the next second. The data transmitted by SecureSync is timed so that the stop bit of each < CR > ends at the start of the next second.

‘d’ command

SecureSync transmits the date on request.

Input format: d<CR>

Output format: YYMMDD<CR>

Number of output characters: 7 (including CR)

‘s’ command

SecureSync transmits the status information on request.

Input format: s<CR>

Output Format: status

Number of output characters: 1

Where returned, values for status are:

540 SecureSync 2400 User Manual

APPENDIX

G

= System Good

D

= Failure of SecureSync internal diagnostics

T

= SecureSync does not have correct time

‘l’ command

The loopback command will cause SecureSyncto echo the next character received back to the caller. This may be used by a caller’s equipment to calculate the round trip delay across the PSTN connection in order to apply a correction to the received time data.

Input format: l<CR>

Output format: (Next character received)

‘hu’ command

The hang up command will cause SecureSync to drop the line immediately and terminate the call.

Input format: hu<CR>

5.4.14.4 Format BBC-04

This format is a string of ASCII characters and is sent once per second.

Number of characters: 18 (including CRLF)

E x a m p l e m e s s a g e :

T:ho:mi:sc:dw:da:mo:ye:lp:cs<CR><LF> ho mi sc dw

Where:

T Indicates the synchronous moment for the time setting.

Hours (00-23)

Minutes (00-59)

Seconds (00-59)

Day of week (01=Monday to 7=Sunday)

SecureSync 2400 User Manual 541

APPENDIX da mo ye lp cs

Day of month (01-31)

Month (01-12)

Year (00-99)

0 (for 60s, no leap) or 1 (for 61s, leap)

Checksum. This is calculated from the start of the message, including start identifier and excluding CRLF. It is created by adding all the 1s.

If the sum is even, 0 is returned. If the sum is odd, 1 is returned. This is mathematically the same as sequentially running an XOR on each bit of each byte.

Standard Serial configuration is:

RS-232 format

115200 baud

8 data bits

1 stop bit

No parity

5.4.14.5 Format BBC-05 (NMEA RMC Message)

The NMEA Message Format RMC, (Recommended Minimum) provides fix information, speed over ground and Magnetic Variance information. Note that this RMC Message is not

100% identical to the official NMEA RMC MESSAGE (that corresponds to the 3.01 NMEA

0183 standard and is another time code format supported by SecureSync.)

The BBC RMC message (BBC-05) corresponds to Version 2 of the NMEA 0183 standard, following the description below:

E x a m p l e m e s s a g e :

$GPRMC,123519,A,4807.038,N,01131.000,E,022.4,084.4,230394,003.1,W*6A

Where:

RMC Recommended Minimum sentence C

542 SecureSync 2400 User Manual

APPENDIX

123519

A

Fix taken at 12:35:19 UTC

Status: A=active or V=Void.

4807.038,N Latitude 48 deg 07.038' N

01131.000,E Longitude 11 deg 31.000' E

22.4

84.4

230394

003.1,W

*6A

Speed over the ground in knots

Track angle in degrees True

Date—23rd of March 1994

Magnetic Variation

The checksum data, always begins with *

5.4.15

GSSIP Message Format

The GSSIP 1 format includes 3  ICD-GPS-153C messages which are used to support emulation of a SAASM GPS used in a SINCGARS interface. The messages are the Buffer Box

(253), Time Transfer (5101), and the Current Status (5040).

The ICD-GPS-153C protocol defines the format of these messages. The Current Status and Time Transfer are sent once per second (1Hz). The Buffer Box is sent once every 6 seconds (1/6 Hz).

The purpose of these three messages is to emulate a SINCGARS interface connection to a

SAASM GPS. SecureSync generates these messages emulating the Time and 1PPS transfer behavior of the SINCGARS interface. An external device compatible with the

SINCGARS interface can attach to an ASCII Output from SecureSync and receive time and 1PPS as if communicating with and ICD-GPS-153C compatible SAASM GPS.

These commands are emulated only and contain only time information; position and velocity information is zeroed out. No controlled data is included in the messages, hence no

SAASM GPS receiver is required.

The ASCII Output supports two configurations for supporting SINCGARS:

A configuration of Time Transfer as Message Format1 and Current Status as Format2 causes the SINCGARS protocol to be emulated and the machine state to be initializated.

1 GSSIP = GPS STANDARD SERIAL INTERFACE PROTOCOL

SecureSync 2400 User Manual 543

APPENDIX

Format1 : Time Transfer (5101)

Format2 : Current Status (5040)

Format3 : Buffer Box (253)

A configuration of Current Status as Message Format1 and Time Transfer as Format2 results in broadcasting of the messages Current Status (1Hz), Time Transfer (1Hz), and Buffer

Box (1/6Hz) at their default rates.

Format1 : Current Status (5040)

Format2 : Time Transfer (5101)

Format3 : Buffer Box (253)

5.4.16

EndRun Formats

The following formats provide compatibility with EndRun technology.

5.4.16.1

EndRun Time Format

E x a m p l e m e s s a g e :

T YYYY DDD HH:MM:SS zZZ m<CR><LF>

Where:

:

HH

MM

SS

T Time Figure of Merit character (TFOM), limited to the range 6 to 9:

9 indicates error >±10 milliseconds, or unsynchronized condition

8 indicates error <±10 milliseconds

7 indicates error <±1 millisecond

6 indicates error <±100 microseconds

YYYY Year

DDD Day of Year (001-366)

Hour of the day (00-23)

Colon Separator

Minutes of the hour

Seconds (00-59), (00-60 for leap second)

544 SecureSync 2400 User Manual

APPENDIX z

ZZ m

CR

LF

The sign of the offset to UTC, + implies time is ahead of UTC

The magnitude of the offset to UTC in units of half-hours.

If ZZ = 0, then z = +

Time mode character, is one of:

G = GPS

L = Local

U = UTC

T = TAI

Carriage Return

Line Feed

5.4.16.2 EndRunX (Extended) Time Format

The EndRunX format is identical to the EndRun format, with the addition of two fields: the current leap second settings and the future leap second settings.

T h e f o l l o w i n g e x a m p l e m e s s a g e s t r i n g i s s e n t o n c e e a c h s e c o n d :

T YYYY DDD HH:MM:SS zZZ m CC FF<CR><LF>

Where:

:

HH

MM

SS z

T Time Figure of Merit character (TFOM), limited to the range 6 to 9:

9 indicates error >±10 milliseconds, or unsynchronized condition

8 indicates error <±10 milliseconds

7 indicates error <±1 millisecond

6 indicates error <±100 microseconds

YYYY Year

DDD Day of Year (001-366)

Hour of the day (00-23)

Colon Separator

Minutes of the hour

Seconds (00-59), (00-60 for leap second)

The sign of the offset to UTC, + implies time is ahead of UTC

SecureSync 2400 User Manual 545

APPENDIX

ZZ m

CC

FF

CR

LF

The magnitude of the offset to UTC in units of half-hours.

If ZZ = 0, then z = +

Time mode character, is one of:

G = GPS

L = Local

U = UTC

T = TAI

The current leap seconds

The future leap seconds, which will show a leap second pending

24 hours in advance

Carriage Return

Line Feed

5.5

IRIG Standards and Specifications

5.5.1

About the IRIG Output Resolution

The IRIG output signals are generated from SecureSync's System Time, which can be synced to one or more external input references (such as GPS, IRIG, PTP, etc). The accuracy of the System time to true UTC time is dependent upon what the selected external reference is (with GPS typically being the most accurate reference for the system to sync with).

IRIG AM synchronization of a device to its IRIG source is typically measured in the tens of microseconds, while synchronization using a IRIG DCLS signal can typically provide around

100 nanoseconds or so (plus the cable delays between SecureSync and the other device, as well as the processing delays of the other system itself).

IRIG AM functionality is available through an option card.

Note that all IRIG outputs has its own available ‘offset’ capability, which is configurable via

SecureSync’s Web UI, to help account for cabling and processing delays of the device each output is connected with.

5.5.2

IRIG Carrier Frequencies

Each IRIG code specifies a carrier frequency that is modulated to encode date and time, as well as control bits to time-stamp events. Initially, IRIG applications were primarily military and government associated. Today, IRIG is commonly used to synchronize voice loggers,

546 SecureSync 2400 User Manual

APPENDIX recall recorders, and sequential event loggers found in emergency dispatch centers and power utilities.

Table 5-28: Available IRIG output signals

Format Encoding Modulation Carrier Coded Expressions Bit rate

Time Frame

Interval

IRIG-A A000 DCLS N/A

IRIG-A

BCD

TOY

, CF and SBS 0.1 sec

IRIG-A A001

IRIG-A A002

IRIG-A A003

IRIG-A A004

IRIG-A A005

IRIG-A A006

IRIG-A A007

IRIG-A A130

IRIG-A A131

IRIG-A A132

IRIG-A A133

IRIG-A A134

IRIG-A A135

IRIG-A A136

DCLS

DCLS

DCLS

DCLS

DCLS

DCLS

DCLS

AM

AM

AM

AM

AM

AM

AM

N/A

N/A

N/A

N/A

N/A

N/A

BCD

TOY

, CF

BCD

TOY

BCD

TOY

, SBS

BCD

TOY

, BCD

YEAR

, CF and SBS

BCD

TOY

, BCD

YEAR

, and

CF

BCD

TOY

, BCD

YEAR

N/A BCD

TOY

, BCD

YEAR

, and

SBS

10 kHz BCD

TOY

, CF and SBS

10 kHz BCD

TOY

, CF

10 kHz BCD

TOY

10 kHz BCD

TOY

, SBS

10 kHz BCD

TOY

, BCD

YEAR

, CF and SBS

10 kHz BCD

TOY

, BCD

YEAR

, and

CF

10 kHz BCD

TOY

, BCD

YEAR

1000 pps

1000 pps

1000 pps

1000 pps

1000 pps

1000 pps

1000 pps

1000 pps

1000 pps

1000 pps

1000 pps

1000 pps

1000 pps

1000 pps

1000 pps

0.1 sec

0.1 sec

0.1 sec

0.1 sec

0.1 sec

0.1 sec

0.1 sec

0.1 sec

0.1 sec

0.1 sec

0.1 sec

0.1 sec

0.1 sec

0.1 sec

SecureSync 2400 User Manual 547

APPENDIX

Format Encoding Modulation Carrier

IRIG-A A137 AM

IRIG-B B000

IRIG-B B001

IRIG-B B002

IRIG-B B003

IRIG-B B004

IRIG-B B005

IRIG-B B006

IRIG-B B007

IRIG-B B120

IRIG-B B121

IRIG-B B122

IRIG-B B123

IRIG-B B124

IRIG-B B125

IRIG-B B126

IRIG-B B127

IRIG-E E000

IRIG-E E001

IRIG-E E002

IRIG-E E003

DCLS

DCLS

DCLS

AM

AM

AM

AM

AM

DCLS

DCLS

DCLS

DCLS

DCLS

AM

AM

AM

DCLS

DCLS

DCLS

DCLS

Coded Expressions

N/A

N/A

N/A

N/A

1 kHz

1 kHz

1 kHz

1 kHz

1 kHz

10 kHz BCD

TOY

, BCD

YEAR

, and

SBS

IRIG-B

N/A

N/A

N/A

N/A

N/A

N/A

N/A

N/A

1 kHz

BCD

TOY

, CF and SBS

BCD

TOY

, CF

BCD

TOY

BCD

TOY

, SBS

BCD

TOY

, BCD

YEAR

, CF and SBS

BCD

TOY

, BCD

YEAR

, and

CF

BCD

TOY

, BCD

YEAR

BCD

TOY

, BCD

YEAR

, and

SBS

BCD

TOY

, CF and SBS

BCD

TOY

, CF

BCD

TOY

BCD

TOY

, SBS

BCD

TOY

, BCD

YEAR

, CF and SBS

BCD

TOY

, BCD

YEAR

, and

CF

1 kHz

1 kHz

BCD

TOY

, BCD

YEAR

BCD

TOY

, BCD

YEAR

, and

SBS

IRIG-E

BCD

TOY

, CF and SBS

BCD

TOY

, CF

BCD

TOY

BCD

TOY

, SBS

Bit rate

1000 pps

Time Frame

Interval

0.1 sec

100 pps 1 sec

100 pps 1 sec

100 pps 1 sec

100 pps 1 sec

100 pps 1 sec

100 pps 1 sec

100 pps 1 sec

100 pps 1 sec

100 pps 1 sec

100 pps 1 sec

100 pps 1 sec

100 pps 1 sec

100 pps 1 sec

100 pps 1 sec

100 pps 1 sec

100 pps 1 sec

10 pps 1 sec

10 pps 1 sec

10 pps 1 sec

10 pps 1 sec

548 SecureSync 2400 User Manual

Format Encoding Modulation Carrier

IRIG-E E004 DCLS

IRIG-E E005

IRIG-E E006

IRIG-E E007

IRIG-E E110

IRIG-E E111

IRIG-E E112

IRIG-E E113

IRIG-E E114

IRIG-E E115

IRIG-E E116

IRIG-E E117

IRIG-E E120

IRIG-E E121

IRIG-E E122

IRIG-E E123

IRIG-E E124

IRIG-E E125

IRIG-E E126

IRIG-E E127

DCLS

DCLS

DCLS

AM

AM

AM

AM

AM

AM

AM

AM

AM

AM

AM

AM

AM

AM

AM

AM

Coded Expressions

N/A

N/A

BCD

TOY

, BCD

YEAR

, CF and SBS

BCD

TOY

, BCD

YEAR

, and

CF

N/A

N/A

BCD

TOY

, BCD

YEAR

BCD

TOY

, BCD

YEAR

, and

SBS

100 Hz BCD

TOY

, CF and SBS

100 Hz BCD

TOY

, CF

100 Hz BCD

TOY

100 Hz BCD

TOY

, SBS

100 Hz BCD

TOY

, BCD

YEAR

, CF and SBS

100 Hz BCD

TOY

, BCD

YEAR

, and

CF

100 Hz BCD

TOY

, BCD

YEAR

100 Hz BCD

TOY

, BCD

YEAR

, and

SBS

100 Hz BCD

TOY

, CF and SBS

1kHz BCD

TOY

, CF

1kHz

1kHz

BCD

TOY

BCD

TOY

, SBS

1kHz BCD

TOY

, BCD

YEAR

, CF and SBS

1kHz BCD

TOY

, BCD

YEAR

, and

CF

1kHz

1kHz

BCD

TOY

, BCD

YEAR

BCD

TOY

, BCD

YEAR

, and

SBS

IRIG-G

Bit rate

Time Frame

Interval

10 pps 1 sec

10 pps 1 sec

10 pps 1 sec

10 pps 1 sec

10 pps 1 sec

10 pps 1 sec

10 pps 1 sec

10 pps 1 sec

10 pps 1 sec

10 pps 1 sec

10 pps 1 sec

10 pps 1 sec

10 pps 1 sec

10 pps 10 sec

10 pps 10 sec

10 pps 10 sec

10 pps 10 sec

10 pps 10 sec

10 pps 10 sec

10 pps 10 sec

APPENDIX

SecureSync 2400 User Manual 549

APPENDIX

Format Encoding Modulation Carrier

IRIG-G G001 DCLS N/A

Coded Expressions

BCD

TOY

, CF

IRIG-G G002

IRIG-G G005

IRIG-G G006

IRIG-G G141

IRIG-G G142

IRIG-G G145

IRIG-G G146

DCLS

DCLS

DCLS

AM

AM

AM

AM

N/A

N/A

N/A

BCD

TOY

BCD

TOY

, BCD

YEAR

, and

CF

BCD

TOY

, BCD

YEAR

100 kHz BCD

TOY

, CF

100 kHz BCD

TOY

100 kHz BCD

TOY

, BCD

YEAR

, and

CF

100 kHz BCD

TOY

, BCD

YEAR

Bit rate

Time Frame

Interval

10000 pps

10000 pps

10000 pps

10000 pps

10000 pps

10000 pps

10000 pps

10000 pps

10 msec

10 msec

10 msec

10 msec

10 msec

10 msec

10 msec

10 msec

1 pps

1 pps

1 sec

1 sec

100 pps 1 sec

IRIG-H H002

IRIG-H H122

N/A NASA-

36

NASA-

36

N/A

DCLS

AM

AM

DCLS

N/A

1KHz

BCD

TOY

BCD

TOY

1msec UNKNOWN

10 msec UNKNOWN 100 pps 1 sec

The Spectracom IRIG formats use the control functions for BCD year information and a

Time Sync Status bit and in format E the control functions are used for straight binary seconds (SBS). Refer to individual IRIG Time Code description figures and text. IRIG Standard 200-98 format B had 27 control bits and format E had 45 bits for control functions.

These control bits could be used for any use and there was no defined function. Spectracom used the control function element at index count 55 as the TIME SYNC STATUS and the sub-frame after position identifiers P6 and P7 as the year info and for format E the sub-frame after P8 and P9 for the straight binary seconds (SBS). The position of the BCD year information does not conform to the newer IRIG Standard 200-04. IRIG Standard

200-04 incorporated the year information after P5 and reduced the allocated control bits to 18 for format B and 36 for format E.

550 SecureSync 2400 User Manual

APPENDIX

Note: DCLS is DC Level Shifted output, pulse width modulated with a position identifier having a positive pulse width equal to 0.8 of the reciprocal of the bit rate, a binary one (1) having a positive pulse width equal to 0.5 of the reciprocal of the bit rate and a binary zero (0) having a positive pulse width equal to 0.2 of the reciprocal of the bite rate.

SecureSync can provide IRIG A, IRIG B, IRIG E and IRIG G code in amplitude modulated

(AM) or pulse width coded (TTL) formats. A signature control feature may be enabled for any IRIG output. Signature control removes the modulation code when a Time Sync Alarm is asserted.

5.5.3

IRIG B Output

The IRIG B Time Code description follows.

Figure 5-62: IRIG B time code description

SecureSync 2400 User Manual 551

APPENDIX

The IRIG B code contains the Binary Coded Decimal (BCD) time of year, Control Function

(CF) field and the Straight Binary Seconds time of day. The following figure illustrates the

IRIG B data structure. The BCD time of year provides the day of the year, 1-366, and the time of day including seconds. The hour of the day is expressed in 24 hour format. The

SBS time is the number of seconds elapsed since midnight. The Control Function field contains year information and a time synchronization status bit.

1.

Time frame: 1.0 seconds.

2.

Code digit weighting:

A.

Binary Coded Decimal time-of-year.

Code word - 30 binary digits.

Seconds, minutes hours, and days.

Recycles yearly.

B.

Straight Binary Seconds time-of-day.

Code word - 17 binary digits.

Seconds only, recycles daily.

3.

Code word structure:

BCD : Word seconds digits begin at index count 1. Binary coded elements occur between position identifier elements P0 and P5 (7 for seconds, 7 for minutes, 6 for hours, and 10 for days) until the code word is complete. An index marker occurs between decimal digits in each group to provide separation for visual resolution. Least significant digit occurs first.

CF : IRIG formats reserve a set of elements known as Control Functions (CF) for the encoding of various control, identification, or other special purpose functions. IRIG B has 27 Control Functions located between elements 50 and

78. The SecureSync uses the Control Functions to encode year information and time synchronization status.

The table below lists the Control Function Field and the function of each element.

Element 55 is the time synchronization status bit. Element 55 is a Binary 1 when the unit is in sync, and a Binary 0 when it is not.

Year information consists of the last two digits of the current year (i.e. 97, 98, 99 etc.). Elements 60 through 63 contain the binary equivalent of year units. Elements

65 through 68 contain the binary equivalent of tens of years. In keeping with IRIG

552 SecureSync 2400 User Manual

APPENDIX formats, the least significant bit occurs first. All unused Control Functions are filled with a space (Binary 0).

SBS : Word begins at index count 80. Seventeen Straight Binary Coded elements occur with a position identifier between the 9th and 10th binary coded elements.

Least significant digit occurs first.

Pulse rates:

Element rate: 100 per second.

Position identifier rate: 10 per second.

Reference marker rate: 1 per second.

Element identification: The "on time" reference point for all elements is the pulse leading edge.

Index marker (Binary 0 or uncoded element): 2 millisecond duration.

Code digit (Binary 1): 5 millisecond duration.

Position identifier: 8 millisecond duration.

Reference marker, 1 per second. The reference marker appears as two consecutive position identifiers. The second position identifier marks the on-time point for the succeeding code word.

Resolution:

Pulse width coded signal: 10 milliseconds.

Amplitude modulated signal: 1 millisecond.

Carrier frequency: 1kHz when modulated.

Table 5-29: IRIG B control function field

C.F. Element # Digit # Function

54

55

56

50

51

52

53

5

6

7

3

4

1

2

Space

Space

Space

Space

Space

Time Sync Status

Space

SecureSync 2400 User Manual 553

APPENDIX

C.F. Element # Digit #

69

70

71

72

65

66

67

68

61

62

63

64

57

58

59

60

73

74

75

76

77

78

Function

22

23

24

25

26

27

11

12

13

14

8

9

Space

Space

PID P6 Position Identifier

10 Years Units Y1

Years Units Y2

Years Units Y4

Years Units Y8

Space

15

16

17

18

Years Tens Y10

Years Tens Y20

Years Tens Y40

Years Tens Y80

PID P7 Position Identifier

19 Space

20

21

Space

Space

Space

Space

Space

Space

Space

Space

5.5.3.1

FAA IRIG B Code Description

SecureSync can be configured to provide IRIG timing, reflecting UTC or local time, with or without daylight saving time corrections. Below is a detailed description of the FAA modified IRIG B code . The FAA modified the IRIG B code by including satellite lock status and time error flags in the Control Function Field. The error flags provide an inaccuracy estimate based on the time elapsed since loss of GPS lock. In addition, the Straight Binary

554 SecureSync 2400 User Manual

APPENDIX

Seconds (SBS) data was removed from the data stream. The SBS time is the number of seconds elapsed since midnight.

FAA IRIG B OUTPUT

The FAA IRIG B code contains the Binary Coded Decimal (BCD) time of year and a Control

Function (CF) field containing satellite lock status and time error flags. With the exception of the position identifiers, all remaining code elements are set to a binary 0. Figure A-1 illustrates the FAA IRIG B data structure. The BCD time of year provides the day of the year,

001-366, and the time of day including seconds. The hour of the day is expressed in 24hour format.

FAA IRIG B General Description

1.

Time frame: 1.0 seconds

2.

Pulse rates:

A.

Element rate: 100 per second

B.

Position identifier rate: 10 per second

C.

Reference marker rate: 1 per second

3.

Element identification: The "on time" reference point for all elements is the pulse leading edge.

A.

Index marker (Binary 0 or uncoded element): 2 millisecond duration

B.

Code digit (Binary 1): 5 millisecond duration

C.

Position identifier: 8 millisecond duration

D.

Reference marker, 1 per second. The reference marker appears as two consecutive position identifiers. The second position identifier marks the on-time point for the succeeding code word.

4.

Resolution: 10 milliseconds

5.

Code word structure:

BCD: Word seconds digits begin at index count 1. Binary coded elements occur between position identifier elements P0 and P5 (7 for seconds, 7 for minutes, 6 for hours, and 10 for days) until the code word is complete. An index marker occurs between decimal digits in each group to provide separation for visual resolution. Least significant digit occurs first.

SecureSync 2400 User Manual 555

APPENDIX

CF: IRIG formats reserve a set of elements known as Control Functions (CF) for the encoding of various control, identification, or other special purpose functions. IRIG B has 27 Control Functions located between elements 50 and

78. The FAA IRIG B code uses five of the Control Function elements to encode satellite lock status and time error flags. For a description of the status and error flag implementation, refer to the table and the paragraphs below.

Element 53 (530 ms) is the time sync status bit. Element 53 is a Binary 1 when the receiver locked to GPS, and a Binary 0 when the receiver is not locked to

GPS.

Element 55 (550 ms) is the ±1.0 millisecond error flag. Element 55 is set to Binary 1 when the expected time error is within +/- 1.0 millisecond, and a Binary 0 during all other conditions of operation.

Element 56 (560 ms) is the ±5.0 millisecond error flag. Element 56 is set to

Binary 1 when the expected time error is within +/- 5.0 milliseconds. and a Binary 0 during all other conditions of operation.

Element 57 (570 ms) is the ±50 millisecond error flag. Element 57 is set to Binary 1 when the expected time error is within +/- 50 milliseconds, and a Binary

0 during all other conditions of operation.

Element 58 (580 ms) is the ±500 millisecond error flag. Element 58 is set to

Binary 1 when the expected time error is within ±500 milliseconds, and a Binary 0 during all other conditions of operation.

Table 5-30: FAA Time Error Indicators

Time Since Loss of Lock

N/A

< 00:16:40

00:16:41 to 01:23:39

01:23:40 to 13:53:19

13:53:20 to 5 days

18:53:19

>5 days 18:53:20

N/A

Status/Error

Locked Error < 2 μ s

Unlocked Error < 1ms

Unlocked Error < 5ms 0

Unlocked Error < 50 ms 0

1

0

0 Unlocked Error < 500 ms

Unlocked Error

Unknown

Power On

0

0

Lock Indicator

±1ms ±5ms ±50 ms ±500 ms

0

0

0

1

0

0

0

1

0

0

0

0

0

0

0

1

0

0

0

0

0

0

0

0

0

1

0

0

556 SecureSync 2400 User Manual

APPENDIX

Figure 5-63: FAA modified IRIG B

Notes

The beginning of each 1.0 second time frame is identified by two consecutive 8.0 ms elements (P

0 and P

8

). The leading edge of the second 8.0 ms element (P

R

) is the "on time" reference point for the succeeding time code. 10 pps position identifiers P

0

, P

1

, ..... P

8

(8.0

ms duration) occur 10 ms before 10 pps "on time" and refer to the leading edge of the succeeding element.

The time code word and the control functions presented during the time frame are pulsewidth coded. The binary "zero" and index markers have a duration of 2.0 ms, and the binary "one" has a duration of 5.0 ms. The leading edge is the 100 pps "on time" reference point for all elements.

The binary coded decimal (BCD) time-of-year code word consists of 30 digits beginning at index count 1. The binary coded subword elements occur between position identifiers P

0 and P

5

(7 for seconds; 7 for minutes; 6 for hours; 10 for days) until the code word is complete. An index marker occurs between the decimal digits in each subword to provide separation for visual resolution. The least significant digit occurs first. The BCD code recycles yearly.

Twenty-seven control functions occur between position identifiers P

5 and P

8

. FAA uses this field to communicate satellite lock status and time error and indicators. The first flag element is at 530 ms which indicates satellite lock. The ±1ms error flag occurs at 550 ms.

The ±5ms error flag occurs at 560 ms. The ±50 ms error flag occurs at 570 ms. The

±500 ms error flag occurs at 580 ms.

SecureSync 2400 User Manual 557

APPENDIX

The straight binary (SB) time-of-day code word normally found between position identifiers P

8 and P

0 is eliminated for FAA IRIG B. All elements between position identifiers P and P

0 are set to Binary 0.

8

5.5.4

IRIG E Output

The IRIG E code contains the Binary Coded Decimal (BCD) time of year and Control Functions. The figure IRIG E Time Code Description illustrates the IRIG E data structure. The

BCD time of year provides the day of year, 1-366, and time of day to tens of seconds. The hour of the day is expressed in 24 hour format. The Control Function field includes a time synchronization status bit, year information and SBS time of day.

Time frame : 10 seconds.

Code Digit Weighting :

Binary Coded Decimal time of year.

Code world - 26 binary digits.

Tens of seconds, minutes, hours, and days.

Recycles yearly.

Code Word Structure : BCD word tens of seconds digits begin at index count 6. Binary coded elements occur between position identifier elements P0 and P5 (3 for seconds, 7 for minutes, 6 for hours, and 10 for days) until the code word is complete.

An index marker occurs between decimal digits in each group to provide separation for visual resolution. Least significant digit occurs first.

Control Functions : IRIG formats reserve a set of elements known as Control Functions (CF) for the encoding of various control, identification, or other special purpose functions. IRIG E has 45 Control Functions located between elements 50 and 98.

The SecureSync uses the Control Function field to encode year data, time synchronization status, and SBS time data. Table B-2 lists the Control Function Field and each element's function.

Element 55 is the time synchronization status bit. Element 55 is a Binary 1 when the front panel time synchronization lamp is green, and a Binary 0 when the lamp is red.

Year information consists of the last two digits of the current year (i.e. 98, 99, etc.). Elements 60 through 63 contain the binary equivalent of year units. Elements 65 through 68

558 SecureSync 2400 User Manual

APPENDIX contain the binary equivalent of tens of years. In keeping with IRIG formats, the least significant bit occurs first.

Elements 80 through 97 are encoded with the Straight Binary Seconds (SBS) time data.

The SBS time data is incremented in 10-second steps and recycles every 24 hours.

Pulse rates:

Element rate: 10 per second.

Position identifier rate: 1 per second.

Reference marker rate: 1 per 10 seconds.

Element identification: The "on time" reference point for all elements is the pulse leading edge.

Index marker (Binary 0 or uncoded element): 20 millisecond duration.

Code digit (Binary 1): 50 millisecond duration.

Position identifier: 80 millisecond duration.

Reference marker: 80 millisecond duration, 1 per 10 seconds. The reference marker appears as two consecutive position identifiers. The second position identifier or reference marker is the on-time point for the succeeding code word.

Figure 5-64: IRIG E time code description

SecureSync 2400 User Manual 559

APPENDIX

Additional information

The beginning of each 10 second time frame is identified by two consecutive 80 ms elements (P

0 and P

R

). The leading edge of the second 80 ms element (P

R

) is the "on time" reference point for the succeeding time code. 1PPS position identifiers P

0

, P

1

… P

9

(80 ms duration) occur 0.1 s before 1PPS "on time" and refer to the leading edge of the succeeding element.

The time code word and the control functions presented during the time frame are pulsewidth coded. The binary "zero" and index markers have a duration of 20 ms, and the binary

"one" has a duration of 50 ms. The leading edge is the 10 pps "on time" reference point for all elements.

The binary coded decimal (BCD) time-of-year code word consists of 26 digits beginning at index count 6. The binary coded subword elements occur between position identifiers P

0 and P

5

(3 for seconds; 7 for minutes; 6 for hours; 10 for days) until the code word is complete. An index marker occurs between the decimal digits in each subword to provide separation for visual resolution. The least significant digit occurs first. The BCD code recycles yearly.

Forty-five control functions occur between position identifiers P

5 and P

0

. Any control function element for combination of control function elements can be programmed to read a binary "one" during any specified number of time frames. Each control element is identified on the Control Function Field Table.

Table 5-31: IRIG E control function field

BIT No. CF ELEMENT No.

FUNCTION

54

55

56

57

50

51

52

53

58

59

7

8

5

6

3

4

1

2

9

PID P6

SPACE

SPACE

SPACE

SPACE

SPACE

TIME SYNC_STATUS

SPACE

SPACE

SPACE

POSITION IDENTIFIER

560 SecureSync 2400 User Manual

APPENDIX

BIT No. CF ELEMENT No.

80

81

82

83

76

77

78

79

84

85

86

87

72

73

74

75

68

69

70

71

64

65

66

67

60

61

62

63

32

33

34

35

28

29

30

31

25

26

27

PID P8

21

22

23

24

18

PID P7

19

20

14

15

16

17

10

11

12

13

FUNCTION

YEAR UNITS Y1

YEAR UNITS Y2

YEAR UNITS Y4

YEAR UNITS Y8

SPACE

YEAR TENS Y10

YEAR TENS Y20

YEAR TENS Y40

YEAR TENS Y80

POSITION IDENTIFIER

SPACE

SPACE

SPACE

SPACE

SPACE

SPACE

SPACE

SPACE

SPACE

POSITION IDENTIFIER

SBS 20

SBS 21

SBS 22

SBS 23

SBS 24

SBS 25

SBS 26

SBS 27

SecureSync 2400 User Manual 561

APPENDIX

BIT No. CF ELEMENT No.

92

93

94

95

88

89

90

91

96

97

98

99

36

PID P9

37

38

39

40

41

42

43

44

45

PID P0

FUNCTION

SBS 28

POSITION IDENTIFIER

SBS 29

SBS 210

SBS 211

SBS 212

SBS 213

SBS 214

SBS 215

SBS 216

SPACE

POSITION IDENTIFIER

5.5.5

IRIG Output Accuracy Specifications

The IRIG outputs deliver signals with the following 1PPS accuracy:

IRIC DCLS

Signal Category

Measured

Accuracy

IRIG A

IRIG B

IRIG G

IRIG NASA

IRIG E

30 ns

30 ns

30 ns

30 ns

30 ns

562 SecureSync 2400 User Manual

APPENDIX

IRIG AM

Signal Category

Measured

Accuracy

IRIG A

IRIG B

IRIG G

IRIG NASA

IRIG E

200 ns

800 ns

200 ns

800 ns

1.5

μ s

5.6

Technical Support

To request technical support for your SecureSync unit, please go to the

"Timing

Support" page

of the Orolia website, where you can not only submit a support request, but also find additional technical documentation.

Phone support is available during regular office hours under the telephone numbers listed below.

To speed up the diagnosis of your SecureSync, please send us: the current product configuration (see

"Option Card Identification" on page 18

to find out which option cards are installed in your unit), and the events log

"Saving and Downloading Logs" on page 310

).

Thank you for your cooperation.

5.6.1

Regional Contact

Orolia operates globally and has offices in several locations around the world. Our main offices are listed below:

Country

France

USA

Location

Les Ulis

West Henrietta, NY

+33 (0)1 6453 3980

+1.585.321.5800

Phone

SecureSync 2400 User Manual 563

APPENDIX

Table 5-32: Orolia contact information

Additional regional contact information can be found on the lia website.

Contact Us page

of the Oro-

5.7

Return Shipments

Please contact Orolia Technical Support before returning any equipment to Orolia. Technical Support must provide you with a Return Material Authorization Number (RMA#) prior to shipment.

When contacting Technical Support, please be prepared to provide your equipment serial number(s) and a description of the failure symptoms or issues you would like resolved.

Freight to Orolia is to be prepaid by the customer.

Note: Should there be a need to return equipment to Orolia, it must be shipped in its original packing material. Save all packaging material for this purpose.

5.8

List of Tables

Table 1-1: Common light patterns

Table 1-2: Legend for Status LEDs

Table 1-3: Ethernet status indicator lights

Table 1-4: Option cards identification

Table 1-5: Option cards listed by their ID number

Table 1-6: Option card connectors

Table 1-7: 10 MHz output — oscillator types and accuracies

Table 1-8: 10 MHz output — oscillator stability

Table 1-9: Multi I/O connector signal pinout

Table 1-10: Multi I/O signal defaults

Table 1-11: 1PPS output accuracies

Table 2-1: Safety symbols used in this document, or on the product

Table 2-2: Subnet mask values

Table 2-3: System Time Message format

27

27

39

55

22

24

25

26

13

16

5

5

19

95

564 SecureSync 2400 User Manual

APPENDIX

Table 2-4: System Time Message field descriptions

Table 2-5: DCLS Output Options

Table 2-6: Multi I/O Input and Output Options

Table 2-7: Signature control output-presence states

Table 3-1: Reference priority titles

Table 3-2: Receiver dynamics, ~modes, ~ dynamics, ~ types

Table 3-3: Estimated Phase Drifts

Table 3-4: Typical Holdover lengths in seconds

Table 3-5: TFOM to ETE conversion

Table 4-1: Default and recommended configurations

Table 5-1: Troubleshooting using the Web UI Status indications

Table 5-2: Troubleshooting outputs not being present

Table 5-3: Parts list, Ancillary Kit [1204-0000-0700]

Table 5-4: Model 1204-03 1PPS/Freq Input: Connector pin assignment

Table 5-5: Model 1204-30 terminal block pin assignments

Table 5-6: DB-9 pin-out

Table 5-7: RJ-12 pin assignments

Table 5-8: CTCSS exact (1/3 Hz) tones

Table 5-9: CTCSS exact (1/10 Hz) tones

Table 5-10: Data Clock Signals

Table 5-11: 1PPS Duty Cycle

Table 5-12: 1204-0A option card pin assignments

Table 5-13: 1204-4C option card pin assignments

Table 5-14: 1204-22 terminal block pin-out

Table 5-15: Accepted IRIG reference formats

Table 5-16: Models 1204-11, -25: DB-25 pin-out

Table 5-17: 1204-1D, 1204-24 option cards: DB-25 pin-outs

Table 5-18: 1204-1B terminal block pin-out

Table 5-19: Pin-out, OUTPUT connector "J1"

Table 5-20: Pin-out, INPUT connector "J2"

Table 5-21: Pin-out, RS-485 terminal block connector J1

Table 5-22: Clock class definitions

Table 5-23: NENA module specifications

Table 5-24: ASCII RS-232 Output connector pin assignments

Table 5-25: Relay/RS-485 outputs pin assignments

Table 5-26: Output connector DB-9: pin-out

Table 5-27: Quality indicators

Table 5-28: Available IRIG output signals

Table 5-29: IRIG B control function field

Table 5-30: FAA Time Error Indicators

Table 5-31: IRIG E control function field

394

399

409

420

427

436

448

448

376

383

384

388

389

389

389

392

227

227

232

323

328

330

341

364

95

136

137

162

184

213

449

471

492

495

496

506

528

547

553

556

560

SecureSync 2400 User Manual 565

APPENDIX

Table 5-32: Orolia contact information 564

5.9

List of Images

Figure 1-1: SecureSync front panel layout

Figure 1-2: Front panel LEDs

Figure 1-3: Status LED menu buttons

Figure 1-4: Standard rear panel

Figure 1-5: Option Card ID number

Figure 1-6: Multi I/O connector, viewed in mating direction on front of unit

Figure 2-1: Hot Swap Power Supply installation (rear view)

Figure 2-2: SecureSync front panel

Figure 2-3: Front panel keypad and menu buttons

Figure 2-4: All NTP Servers are synchronized

Figure 2-5: NTP Server 1 is out of sync

Figure 2-6: PTP setup screen

Figure 2-7: Edit PTP Settings panel

Figure 2-8: PTP Statistics Panel

Figure 2-9: Multi I/O 15-pin connector, in mating direction from front

Figure 3-1: How the System Time is derived

Figure 4-1: SecureSync front panel

Figure 4-2: Locked Front Panel Display

Figure 4-3: Login banner (example)

Figure 4-4: Front panel layout

Figure 4-5: Status LED menu buttons

Figure 5-1: Option card navigation

Figure 5-2: Unit rear view

Figure 5-3: Unit internal view (from rear)

Figure 5-4: Standoffs location

Figure 5-5: Connector installation

Figure 5-6: Washers & standoffs secured to chassis screw holes

Figure 5-7: Ribbon cable installation

Figure 5-8: Bottom card with standoffs installed

Figure 5-9: Ribbon cable installation

Figure 5-10: J Connectors

Figure 5-11: Model 1204-18 option card rear plate

Figure 5-12: Model 1204-19 option card rear plate

Figure 5-13: Model 1204-21 option card rear plate

276

279

279

333

343

343

345

347

118

130

131

133

138

168

238

275

349

349

350

351

352

354

355

355

4

4

46

47

51

118

7

12

19

26

566 SecureSync 2400 User Manual

Figure 5-14: Model 1204-2B option card rear plate

Figure 5-15: Model 1204-28 option card rear plate

Figure 5-16: Model 1204-01 option card rear plate

Figure 5-17: Model 1204-03 option card rear plate

Figure 5-18: Model 1204-1C option card rear plate

Figure 5-19: Model 1204-08 option card rear plate

Figure 5-20: Model 1204-26 option card rear plate

Figure 5-21: Model 1204-13 option card rear plate

Figure 5-22: Model 1204-2F option card rear plate

Figure 5-23: Model 1204-30 option card rear plate

Figure 5-24: Model 1204-17 option card rear plate

Figure 5-25: Model 1204-14 option card rear plate

Figure 5-26: DB-9 connector pin-out

Figure 5-27: RJ-12 connector pin-out

Figure 5-28: Simulcast Alarm Output Status window

Figure 5-29: Model 1204-09 option card rear plate

Figure 5-30: Model 1204-0A option card rear plate

Figure 5-31: Model 1204-53 option card rear plate

Figure 5-32: Model 1204-4C option card rear plate

Figure 5-33: Model 1204-15 option card rear plate

Figure 5-34: Model 1204-1E option card rear plate

Figure 5-35: Model 1204-22 option card rear plate

Figure 5-36: Model 1204-05 option card rear plate

Figure 5-37: Model 1204-27 option card rear plate

Figure 5-38: Model 1204-11 option card rear plate

Figure 5-39: Model 1204-25 option card rear plate

Figure 5-40: Model 1204-1D option card rear plate

Figure 5-41: Model 1204-24 option card rear plate

Figure 5-42: Model 1204-10 option card rear plate

Figure 5-43: Model 1204-1B option card rear plate

Figure 5-44: Model 1204-29 option card rear plate

Figure 5-45: Model 1204-02 option card rear plate

Figure 5-46: OUTPUT connector J1

Figure 5-47: INPUT connector J2

Figure 5-48: Model 1204-04 option card rear plate

Figure 5-49: 1204-4A option card rear plate

Figure 5-50: 1204-49 option card rear plate

Figure 5-51: Model 1204-32 option card rear plate

Figure 5-52: Model 1204-3E option card rear plate

Figure 5-53: Model 1204-3E option card rear plate

Figure 5-54: Model 1204-0F option card rear plate

SecureSync 2400 User Manual

APPENDIX

404

405

419

419

426

426

434

435

385

391

392

393

394

397

398

398

372

374

375

376

378

382

383

384

357

359

363

363

371

371

439

447

447

448

449

458

459

462

480

487

488

567

APPENDIX

Figure 5-55: Contact closure relay pinouts

Figure 5-56: Rear plate of NENA-compliant module

Figure 5-57: DB-9 connector "J2"

Figure 5-58: RS-485 connector "J3"

Figure 5-59: Model 1204-2E option card rear plate

Figure 5-60: Location of jumper switches

Figure 5-61: Model 1204-23 option card rear plate

Figure 5-62: IRIG B time code description

Figure 5-63: FAA modified IRIG B

Figure 5-64: IRIG E time code description

5.10

Document Revision History

Rev ECO

1

1

2

DOC-

340

Description

First generation SecureSync 2400 product manual

DOC-

367

2400-5000-0050p release for special configuration

Updated option card availability, added security pages for LDAP, RADIUS, and TACACS+. New oscillator availability and Hot Swap Power Supply added. Corrected CLI Commands page. Newest generation hardware images added. Numerous editorial and document maintenance changes.

Date

September

2019

December

2019

February

2021

489

493

494

495

504

505

506

551

557

559

568 SecureSync 2400 User Manual

1

10 MHz

159

15 pin

25

A

Access control

59

Alarm threshold, GPS Notification Alarm

245

Ancillary kit

37 ,

42

Anycast

Configuring

118-120

NTP over ...

117

Anycast, Advanced Configuration via NTP Expert

Mode

122

Authentication

250

Authorized keys file

80

B

Battery

174

Battery Backed Time

173

BBC Message Formats

537

BGP (Border Gateway Protocol)

121

Border Gateway Protocol

(BGP)

121

Browser support

327

C

Cable delay

216

Certificate, HTTPS

73

CLI

514

Command-line interpreter

513

contact,

Orolia

563

Cookies

57

Spectracom,

D

Daylight Savings Time

180

Desktop operation

41

disk status memory status

327

DST

180

Duplex, FULL, HALF

286

E

EMC compliance

33

SecureSync 2400 User Manual • INDEX i

INDEX ii

Emissions

Electro-magnetic compliance

33

EndRun Formats

544

Engine Id

EST API

92

274

Estimated Time Error

231

ETE

231

Ethernet configuration

58

Expert Mode, Anycast

122

extension board

13

F

FCC compliance

33

Frequency band

Signal type

195

Front panel information display

3

,

6

keypad

3

,

6

layout

4

status LEDs

4

time display

3

G

GNSS

Connecting

43

GNSS receiver modes

210

GNSS reference, about

209

GPSD

134

GSSIP Message Format

543

H

HALT command

239

HD15

25

Holdover

5

,

27

,

91

,

105

,

119-121 ,

125

,

160

,

162

,

172

,

183

,

188-189

,

195

,

224

,

229

,

231

,

235

,

241

,

243-244

,

281

,

291

,

304

,

326

,

328-330 ,

332

,

468

Host disciplining

Host keys, SSH

126

77

HTTPS

65

I

IP tables iptables

62

62

IPv4

61

IRIG output accuracy

562

Standards

546

IRIG Carrier Frequencies

546

IRIG output resolution

402

K

Keys, host

78

L

LDAP

260

Leap second

134

,

147 ,

158

,

176

,

401

,

410

,

457

,

473

,

512

,

526

,

529-

530 ,

532

,

535

,

539

,

544

license file applying

Local clock

315

179

SecureSync 2400 User Manual

INDEX

Local System Input Reference

187

Log entries

327

Logging into the Web UI

57

Login banner

59

Login Web UI

57

M

Main Screen of Web UI

30

Manual time, setting (User)

169

memory status disk status

327

MIB files

86

Mobile GNSS receiver mode

211

Mobile mode dynamics

212

Moving, unit

218

N

Netmask

61

Network port, enabling

60

Network services

62

Network setup

58

NMEA

519-521

Notifications

241

NTP

96

,

117

Expert Mode

Peers

126

105-106 ,

109

Servers

105-107

Setup screen

97

stratum

102

Symmetric Keys

111

time stamp

101

timescale

101

NTP Peer Preference

110

O

Offset

150

Offset, GNSS receiver

215

On-time point

150

Option card

18

identification

18

Option card installation

339

Oscillator accuracies

24

Oscillator configuration

230

OSPF IPv4

OSPF IPv6

119

120

P

Phase

194 ,

285

Phase error limit

231

Phase Offset

PLL, external

195

,

285

230

Port, network, enabling

60

Power connecting

45

connector, DC, AC

11

consumption

23

DC connector, pin-out

45

Preferred NTP Peer

110

Preferred NTP Server

109

Primary Navigation menu

30

Private keys, SSH

79

PTP one-step mode

472

two-step mode

472

Public keys, SSH

80

SecureSync 2400 User Manual iii

INDEX iv

R

Rack mounting

42

RADIUS

267

Real Time Clock

173

Rear panel

12

Recalibrate oscillator

231

Reference Priorities

Configuring

184

Reference Priority, examples

191

Registration, product

278

Regulatory compliance

33

Relocating, GNSS receiver

218

Resetting GNSS receiver position

217

Route, static, add

63

Routes, static

59

S

Safety instructions symbols

39

Symbols

39

Sanitization

218

SCP

82

Screen clock

277

Self survey

218

Self survey, GNSS position

217-218

Self survey, GNSS receiver

218

SFTP

82

Shipment, return

564

Show Clock

277

Signal type

Frequency band

386

,

411

Signature control

161

139

,

148

,

379

,

Single satellite GNSS receiver mode

211

SNMP

83

SNMP traps

83

software version version number, software

327

Specifications

22

,

363

Spectracom Format

522

SSH

76

SSH clients

SSH timeout

83

83

Standard GNSS receiver mode

Standards compliance

33

210

start getting started

2

Static Route, add

63

Static Routes

59

STL

479

Subnet mask values

55

Subnet, default

Summer Time

61

180

Survey, GNSS

210

,

214 ,

217

Symmetric keys

98

Synchronizing computers

278

System on-time point

System Time

105

,

169

150

Windows

T

TACACS+ Authentication

271

SecureSync 2400 User Manual

INDEX

Technical support

563

Temperature

234

,

291

operating, range

22

Terminal emulator

513

TFOM

230

Timeout

58

Timeout, Web UI, automatic

259

Troubleshooting

326

U

Unicast

96

Update, software

313

Upgrade, software

313

User time, manually setting

169

Usernames, rules

252

V

VLAN

93

W

Web Interface Settings

259

Web UI, opening

56

Z

Zero Configuration Setup

48

zeroconf

48

SecureSync 2400 User Manual v

advertisement

Was this manual useful for you? Yes No
Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

Key Features

  • Provides time and frequency synchronization for critical infrastructure
  • Supports multiple GNSS constellations
  • Offers a variety of input and output options
  • Includes a web-based user interface for easy configuration and monitoring
  • Provides advanced security features to protect against unauthorized access

Related manuals

Frequently Answers and Questions

What protocols are supported by the SecureSync 2400?
The SecureSync 2400 supports a variety of protocols, including NTP, PTP, and IRIG-B.
What is the accuracy of the SecureSync 2400?
The SecureSync 2400 provides time and frequency accuracy of better than 10 nanoseconds.
What are the dimensions of the SecureSync 2400?
The SecureSync 2400 measures 1.75 inches (4.4 cm) in height, 19 inches (48.3 cm) in width, and 10.5 inches (26.7 cm) in depth.
Download PDF

advertisement

Table of contents