Solved

Time Clock with Proxy Configuration capability

Posted on 2016-11-03
16
57 Views
Last Modified: 2016-11-06
Hello EE,
We do not allow direct internet and have a new need for a network timeclock, but I am struggling to find a manufacturer to provide configurability of a proxy.  Any ideas?
0
Comment
Question by:operationsIT
  • 6
  • 3
  • 2
  • +4
16 Comments
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 41873401
How about a NTP/SNTP server that gets it's time via the official US radio signal? No network connection required.

http://www.meinberg-usa.com/products/network-time-server/wwvb-ntp-time-server.htm

I am not sure what kind of proxy you are thinking of, but you just need one device to be able to reach an NTP server on the Internet on UDP 123. A router or firewall could do that, or maybe your proxy server can be your local NTP server if it has a general OS that can be configured.
0
 
LVL 33

Expert Comment

by:paulmacd
ID: 41873429
I think the OP needs a device his co-workers can punch in/out on.  I may be wrong.  

May I ask why the time clock would need to access the Internet?
0
 
LVL 23

Expert Comment

by:Dirk Kotte
ID: 41873578
would suggest to use a UTM (Firewall) as NTP Proxy.
Firewall get the internet-time, internal Hosts use Firewall as NTP-Server.
if your Firewall not provide this function, you may place a sophos utm within the dmz.
0
 
LVL 13

Expert Comment

by:frankhelk
ID: 41873707
The most "straightforward" solution would be some NTP time server appliance, as suggested earlier.

The second most simple idea would be to use the firewall as "NTP proxy". If it gets its time from the internet, you'll just have to allow client access to the firewall's NTP on the "inner" network interface.

Probably that's already open ... let's check that:

Download the tool NTPMonitor from here. Configure it to watch your firewall. Run it. Wait 5 minutes ...

  • If you get data from the firewall's NTP: Bingo !
  • If not, try to enable access to the firewall's NTP server.
  • If the firewall didn't have NTP service, install it.
  • As an alternative you could config a demilitarized zone (DMZ) on the firewall (a zone that has (usually limited to the bare need) access to the internet and could be accessed from the interior zone. The place a NTP server in it (a RasberryPI would perfectly do), let it sync to some pool.ntp.org servers (see
  • my article on NTP
  • ...) and point your clients to it.
  • If you already have a DMZ, i.e. for a company web server, just hook the NTP server on it. The ressource footprint is as small as an ant's ...

BTW: That NTPMonitor tool is nice to monitor the time sync state for a bunch of machines very easily.
0
 
LVL 20

Expert Comment

by:masnrock
ID: 41873764
If you're talking time clock as in employees to punch in and out from, I'd be inquiring what company you're using for payroll. They should be able to recommend clocks for you, as those companies tend to have clocks that they prefer and recommend.

Another idea, if it's an option, is to have the timeclocks bypass the proxy. You're limited to the capability of the clock itself, and a payroll company is only going to recommend so many options.

@paul - A number of timeclocks need to be on the network so that the information can get into the payroll system. Some companies now have all the punch data go a cloud-based service, so the clocks must be able to get onto the internet. ADP is one company that does this.
0
 

Author Comment

by:operationsIT
ID: 41873792
Hello,  yes it is a payroll company and they deal with third party for punch clocks and only have two offerings of which none are proxy.  I have heard there are people behind proxy so wanted to see if anyone knows of any time/punch clock that has proxy configuration as bypass is not an option
0
 
LVL 20

Expert Comment

by:masnrock
ID: 41873827
Which payroll company? And what models did they offer?
0
 
LVL 13

Expert Comment

by:frankhelk
ID: 41873840
I've never seen any NTP configuration that works thru a proxy ... and I've seen articles explaining why it won't work. Besides of that the principle of a proxy would cripple NTP's precision.

My best guesses now would be

  • a time server appliance with NTP service (Meinberg, Hopf, etc.
  • an old PC on linux equipped with some radio clock card a classic NTP client syncing to the card (cheaper)
  • some old PC on linux, running NTP, located in the DMZ, restricted by the firewall to allow NTP traffic only.

If you don't need precision down to milliseconds, you probably could use htpdate (which would go thru proxies and take the timestamp of a http document, which is fairly accurate if the web server carries correct time).
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 20

Expert Comment

by:masnrock
ID: 41873928
I am writing this to help the discussion move the right direction...

This has NOTHING to do with NTP, so let's please kill that part of the discussion. Think of an office timeclock (or punch clock if you prefer that term) in an office, where people punch in and out so that the time they worked has been reported. The clocks sends records of those punch to a payroll system.

The proxy comes into play because of the way the network is set up. However, the OP has mentioned that bypassing the proxy isn't an option.
0
 

Author Comment

by:operationsIT
ID: 41874058
ADP
Intouch
0
 
LVL 20

Accepted Solution

by:
masnrock earned 500 total points
ID: 41874103
Check out uAttend clocks. From what I'm seeing, you can set proxy settings in them, but you need to figure out how much support you'll have from ADP, and whether they're even compatible with the service.

https://www.uattend.com/
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 41874289
What kind of proxy? Does it require authentication? Does it allow a way to bypass authentication for certain endpoints or destinations?

If you can't manipulate the proxy to do what you want, or find a punch clock to work with your proxy, there's always running a separate physical network for the punch clocks...
0
 
LVL 20

Expert Comment

by:masnrock
ID: 41874310
I would've sooner created a VLAN that doesn't go through the proxy for the hassle that this is causing. Because asking the company to change payroll vendors is not exactly a piece of cake, and you'll probably get squeezed by finance/accounting to just make the clocks work.

This type of situation is a valid business case to have the clocks bypass the proxy or to create a separate network. All those clocks do is collect the punch data from employees and transmit to ADP.

If you've ever dealt with ADP support, you'll understand very fast why it is easier to modify things on the network side than it will be to get their help. ADP's sales staff and tech support staff aren't on the same page, and even not all of their tech support staff are on the same page. I had a situation where a client had clocks that allowed Quickbooks to grab data directly, then when an additional clock was needed, ADP sent a clock that transmitted directly to ADP (but did not close this fact). So after a protracted battle with ADP on multiple fronts, they replaced all of the existing clocks and the process of data collection changed. Basically, it took over a month to get everything sorted out.
0
 

Author Closing Comment

by:operationsIT
ID: 41875091
They do!  That is awesome!
0
 
LVL 20

Expert Comment

by:masnrock
ID: 41875105
Great, hope everything works out the way you're looking for! I had noticed they claim to work with ADP, so figured those would be the units for you
1
 
LVL 61

Expert Comment

by:gheist
ID: 41876047
HTTP proxy is not symmetric, it is not valid for any sort of timekeeping. One can get clock from e.g. active directory, or pool.ntp.org
0

Featured Post

New My Cloud Pro Series - organize everything!

With space to keep virtually everything, the My Cloud Pro Series offers your team the network storage to edit, save and share production files from anywhere with an internet connection. Compatible with both Mac and PC, you're able to protect your content regardless of OS.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Fiber Patch Panel 6 42
Remotely accessing Raspberry Pi from internet 4 59
Route summarization 9 43
Network Connection 5 34
Hi there, This article summarizes what you need if you are going to set up your home or small business Network Attached Storage (NAS) to be accessible from the internet. Of course there are configuration differences based on your NAS or router ma…
Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now