USER GUIDE
Advantages of Utilizing the External BlueSky® GNSS Firewall with the TimeProvider® 4100
Introduction
The BlueSky® GNSS Firewall safeguards Global Navigation Satellite System (GNSS) receivers against spoofing and jamming threats, ensuring the integrity and reliability of time and location data. Concurrently, TimeProvider® 4100 offers a high-performance, scalable timing solution that delivers precise time synchronization across diverse network infrastructures.
Using the external BlueSky GNSS Firewall provides the following advantages: Robust Security, Network Segmentation, Traffic Monitoring and Control, Scalability and Secured Remote Access
The use cases and benefits of utilizing the external BlueSky GNSS Firewall with the TimeProvider 4100 are discussed further in the following sections.
1. Protecting and Validating TimeProvider 4100 Time with BlueSky GNSS Firewall
The BlueSky GNSS Firewall’s Time-of-Day (ToD) port 1 serves as a versatile output port, capable of serial output in various formats such as NTP4, ITU-8271 and China Mobile v2. This output delivers trusted time and the top-of-second signal. Connect the ToD output port of the BlueSky GNSS Firewall to an input port on the TimeProvider 4100 to obtain the current time information from a GPS signal that can be effectively used. ToD is used because the BlueSky GNSS Firewall cannot supply PTP or PPS+NTP input to TP4100. Therefore, ToD serves as the way to provide a time reference to TP4100.
This input from the BlueSky GNSS Firewall ToD port functions similarly to the hardened output when connected to TimeProvider 4100. From a timing perspective, the device receives a frequency reference from another source, and TimeProvider 4100 does not require position data. Therefore, both the hardened output and ToD port can provide the same timing information. Due to the low RF power of the hardened output when input into TimeProvider 4100, an amplifier is necessary to maintain the L1 AGC monitor at a reasonable level. However, using the ToD port as an alternative solution allows the devices to continue functioning without the need for an inline amplifier to increase the RF power.
The following figure shows the connection between the BlueSky GNSS Firewall and the TimeProvider 4100.
Figure 1-1. Connection Between the BlueSky GNSS Firewall and the TimeProvider 4100.
2. Using a Single BlueSky GNSS Firewall to Safeguard Multiple TimeProvider 4100s
The Time-of-Day (ToD) Distribution Panel (Part number: 090-02758-000) enables the distribution of precise time-of-day signals to multiple devices within a network. This panel includes several output ports, allowing multiple devices to receive the same accurate time signal. It is compatible with the TimeProvider 4100, TimeProvider 5000 and BlueSky GNSS Firewall. The Time-of-Day Distribution Panel can distribute signals to up to eight devices.
Using a ToD distribution panel offers numerous advantages. One key benefit is the centralized distribution of precise time signals to multiple devices and systems. This centralization simplifies the management and monitoring of time synchronization across an entire network, ensuring consistent and accurate timekeeping. The distribution panel is designed to support multiple output ports, enabling the distribution of time signals to many devices. Another advantage is the maintenance of signal integrity across all connected devices. By consolidating the distribution of time signals into a single unit, the ToD distribution panel reduces the complexity of cabling and installation. This simplification can lead to cost savings and easier maintenance, as fewer cables and connections are required. Overall, using a ToD distribution panel provides centralized time distribution, scalability, improved signal integrity and simplified cabling, enhancing the efficiency and reliability of network time synchronization. This is one of the key values of the external Bluesky GNSS Firewall as compared to the embedded Bluesky. This enables the purchase of one Bluesky GNSS Firewall device to serve multiple TimeProvider 4100s, whereas with the embedded software, a license would be needed on each TimeProvider 4100.
The following figure shows the ToD distribution panel for network time synchronization.
Figure 2-1. Time-of-Day Distribution Panel for Network Time Synchronization
3. TimeProvider 4100 Providing Trusted Time to the BlueSky GNSS Firewall
The Virtual Primary Reference Time Clock (vPRTC) architecture synchronizes network time with a highly accurate primary reference, such as GNSS time. It uses the ToD interface to continuously compare live-sky GNSS time with vPRTC-maintained network time, flagging any discrepancies for prompt issue detection. TimeProvider 4100 (TP4100) serves as a high-performance boundary clock, connecting Trusted Time™ to the BlueSky GNSS Firewall through the ToD interface. Trusted Time is a feature of the TimeProvider 4100 grandmaster clock that ensures accurate, reliable and secure time synchronization across zero trust networks. The vPRTC architecture integrates multiple time sources, including GNSS, to create a resilient time reference. Continuous monitoring of GNSS and network time alignment allows early detection and resolution of discrepancies, safeguarding the reliability and security of critical operations.
The following figure shows the vPRTC architecture.
Figure 3-1. vPRTC Architecture
4. Generate a Hardened Output from BlueSky GNSS Firewall with Phase and Time-of-Day Reference from TimeProvider 4100
By sending the ToD signal from TP4100 to the BlueSky GNSS Firewall, the firewall receives a reliable and accurate reference time. Through the user interface of the BlueSky GNSS Firewall, the device can be configured to use the ToD signal from TimeProvider 4100 as the phase reference and the ToD reference. Using a frequency reference such as a MAC, cesium or rubidium, the BlueSky GNSS Firewall can use all three of the references to create a hardened output.
The BlueSky GNSS Firewall can generate a synthesized signal using a fiber network isolated from GPS through TimeProvider 4100, as previously described. This synthesized signal is crucial for legacy timing equipment that relies solely on GPS for accurate timekeeping. By providing a reliable and secure time source, the BlueSky GNSS Firewall ensures that these legacy systems continue to function correctly without being exposed to potential GPS vulnerabilities such as jamming or spoofing.
Moreover, to accommodate multiple legacy timing devices, a splitter can be employed on the hardened output. This allows the synthesized signal to be distributed to several devices simultaneously, ensuring that all connected equipment receives the accurate time signal they require. The use of a splitter not only enhances the versatility of the BlueSky GNSS Firewall but also maximizes its utility in environments where numerous legacy systems are in operation.
The following figure shows the hardened output generated from phase and Time-of-Day reference from the TimeProvider 4100.
Figure 4-1. Hardened Output Generated from Phase and Time-of-Day Reference from the TimeProvider 4100
5. Appendix A: ToD Signal vs 1PPS Signal
A Time-of-Day (ToD) signal is a digital data signal that conveys comprehensive time information, typically used for synchronization applications. The benefits of ToD signals include synchronization, reliability and scalability.
A 1 Pulse Per Second (1PPS) signal is a highly precise timing signal that generates a pulse once every second. This 1PPS signal is typically derived from highly accurate time sources such as GPS receivers or atomic clocks. The benefits of a 1PPS signal include high precision, reliability, simplicity and versatility.
A ToD signal is advantageous due to its detailed time information. It provides a complete timestamp, including year, month, day, hour, minute and second, allowing for precise timekeeping and synchronization across systems. It can also offer a higher precision than a 1PPS signal, which is crucial for high-precision applications. The versatility of a ToD signal is also beneficial, as it can be used in a wider range of applications where detailed time information is necessary, such as logging events and ensuring time consistency across networks.
On the BlueSky GNSS Firewall, a 1PPS signal is only an input. In contrast, it serves as both an input and output for the TimeProvider 4100. Additionally, the GNSS Firewall features two RJ45 ports: one for input and the other one for output. For TimeProvider 4100, the ToD ports are I/O ports with SMA connections.
The following table and figure show a comparison between the ToD and 1PPS signals.
Table 5-1. Comparison of ToD and 1PPS Signal Functions
| ToD | 1PPS | |||
| Connection | RJ45 | SMA | ||
| Data? | Yes | No | ||
| Configuration (Input/Output) | Yes | Yes | ||
Figure 5-1. Comparison of ToD and 1PPS Signals
6. Available Documentation
Access documentation through the Microchip online support portal at: www.microchip.com/en-us/support/access-fts-technical-resources. After registering, search for “BlueSky GNSS Firewall” to find the following documentation:
- System Release Notes
- BlueSky® GNSS Firewall User Guide
- BlueSky® GNSS Firewall Quick Start Guide
Additional documentation for the BlueSky GNSS Firewall is available on the BlueSky GNSS Firewall Product Page.
Documentation for the TimeProvider 4100 can be found on the TimeProvider 4100 Product Page.
- TimeProvider® 4100 Series Release 2.4
Note: Updated documentation may be available since the release of this Application Note. Check the support portal for the most current versions.
7. Contacting Technical Support
If you encounter any difficulty installing the update or operating the product, contact Microchip Frequency and Time Division (FTD) Services and Support at:
| Region | Address | Contact Information | ||
| North and South America | Microchip, Inc. Frequency and Time Division 3870 N First Street San Jose, CA 95134-1702 |
• Toll-free in North America: 888-367-7966, Option 1 • Telephone: 408-428-7907 • E-mail: SJO- FTD.Support@microchip.com • Website: microchipsupport.force.com/s/ |
||
| Europe, Middle East, and Africa (EMEA) | Microchip FTD Services and Support EMEA Altlaufstrasse 42 85635 Hoehenkirchen-Siegertsbrunn Germany |
• Telephone: +49 700 3288 6435 • Fax: +49 8102 8961 533 • E-mail: – SJO- FTD.Support@microchip.com – sales-europe@microchip.com • Website: microchipsupport.force.com/s/ |
||
| Asia | Suite A201, 2nd Floor, West Wing, Wisma Consplant 2, No. 7, JalanSS16/1, 47500 Subang Jaya Selangor, Malaysia | • Toll-free in North America: 888-367-7966, Option 1 • Telephone: 408-428-7907 • E-mail: SJO- FTD.Support@microchip.com • Website: microchipsupport.force.com/s/ |
||
8. Revision History
The revision history describes the changes that were implemented in the document. The changes are listed by revision, starting with the most current publication.
| Revision | Date | Description | ||
| A | 06/2025 | Initial revision | ||
Microchip Information
Trademarks
The “Microchip” name and logo, the “M” logo, and other names, logos, and brands are registered and unregistered trademarks of Microchip Technology Incorporated or its affiliates and/or subsidiaries in the United States and/or other countries (“Microchip Trademarks”). Information regarding Microchip Trademarks can be found at https://www.microchip.com/en-us/about/legal-information/microchip-trademarks.
ISBN: 979-8-3371-1368-5
Legal Notice
This publication and the information herein may be used only with Microchip products, including to design, test, and integrate Microchip products with your application. Use of this information
in any other manner violates these terms. Information regarding device applications is provided only for your convenience and may be superseded by updates. It is your responsibility to ensure that your application meets with your specifications. Contact your local Microchip sales office for additional support or, obtain additional support at www.microchip.com/en-us/support/design-help/client-support-services.
THIS INFORMATION IS PROVIDED BY MICROCHIP “AS IS”. MICROCHIP MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WHETHER EXPRESS OR IMPLIED, WRITTEN OR ORAL, STATUTORY OR OTHERWISE, RELATED TO THE INFORMATION INCLUDING BUT NOT LIMITED TO ANY IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY, AND FITNESS FOR A PARTICULAR PURPOSE, OR WARRANTIES RELATED TO ITS CONDITION, QUALITY, OR PERFORMANCE.
IN NO EVENT WILL MICROCHIP BE LIABLE FOR ANY INDIRECT, SPECIAL, PUNITIVE, INCIDENTAL, OR CONSEQUENTIAL LOSS, DAMAGE, COST, OR EXPENSE OF ANY KIND WHATSOEVER RELATED TO THE INFORMATION OR ITS USE, HOWEVER CAUSED, EVEN IF MICROCHIP HAS BEEN ADVISED OF THE POSSIBILITY OR THE DAMAGES ARE FORESEEABLE. TO THE FULLEST EXTENT ALLOWED BY LAW, MICROCHIP’S TOTAL LIABILITY ON ALL CLAIMS IN ANY WAY RELATED TO THE INFORMATION OR ITS USE WILL NOT EXCEED THE AMOUNT OF FEES, IF ANY, THAT YOU HAVE PAID DIRECTLY TO MICROCHIP FOR THE INFORMATION.
Use of Microchip devices in life support and/or safety applications is entirely at the buyer’s risk, and the buyer agrees to defend, indemnify and hold harmless Microchip from any and all damages, claims, suits, or expenses resulting from such use. No licenses are conveyed, implicitly or otherwise, under any Microchip intellectual property rights unless otherwise stated.
Microchip Devices Code Protection Feature
Note the following details of the code protection feature on Microchip products:
- Microchip products meet the specifications contained in their particular Microchip Data Sheet.
- Microchip believes that its family of products is secure when used in the intended manner, within operating specifications, and under normal conditions.
- Microchip values and aggressively protects its intellectual property rights. Attempts to breach the code protection features of Microchip products are strictly prohibited and may violate the Digital Millennium Copyright Act.
- Neither Microchip nor any other semiconductor manufacturer can guarantee the security of its code. Code protection does not mean that we are guaranteeing the product is “unbreakable”. Code protection is constantly evolving. Microchip is committed to continuously improving the code protection features of our products.
Specifications:
- Model: TimeProvider 4100
- Compatibility: TimeProvider 5000, BlueSky GNSS Firewall
- Output Ports: Up to eight devices
Application Note
© 2025 Microchip Technology Inc. and its subsidiaries
FAQ:
Q: Can the TimeProvider 4100 work without the BlueSky GNSS Firewall?
A: Yes, the TimeProvider 4100 can function independently without the BlueSky GNSS Firewall, but using them together enhances time accuracy and security.
Q: How many devices can be connected to the ToD Distribution Panel?
A: The ToD Distribution Panel can distribute signals to up to eight devices simultaneously.
Documents / Resources
 |
MICROCHIP TimeProvider 4100 BlueSky GNSS Firewall Safeguards Global Navigation Satellite System [pdf] User Guide TimeProvider 4100, TimeProvider 4100 BlueSky GNSS Firewall Safeguards Global Navigation Satellite System, BlueSky GNSS Firewall Safeguards Global Navigation Satellite System, GNSS Firewall Safeguards Global Navigation Satellite System, Safeguards Global Navigation Satellite System, Global Navigation Satellite System, Satellite System |
