The NTP algorithm includes information to allow you to calculate and fix the drift in your server's clock. NTPD includes the ability to use this to keep your clock in sync and will run more accurately than a clock on a computer not running NTPD. NTPD will also use several servers to improve accuracy.
ntpdate does not keep any state to perform this service for you so will not provide the same kind of accuracy. It will allow you to provide it with a list of servers which it will use to attempt to provide you with a better result but this is no substitute for the sophisticated algorithms provided in NTPD that track your drift from each of the servers over time.
NTPDATE corrects the system time instantaneously, which can cause problems with some software (e.g. destroying a session which now appears old). NTPD intentionally corrects the system time slowly, avoiding that problem. You can add the -g switch when starting NTPD to allow NTPD to make the first time update a big one which is more or less equivalent to running ntpdate once before starting NTPD, which at one time was recommended practice.
As for security concerns, ntp servers do not connect back on uninitiated connections, which means your firewall should be able to tell that you initiated the ntp request and allow return traffic. There should be no need to leave ports open for arbitrary connections in order to get NTPD to work.
From the ntpdate(8) man page:
ntpdate can be run manually as necessary to set the host clock, or it
can be run from the host startup script to set the clock at boot time.
This is useful in some cases to set the clock initially before starting
the NTP daemon ntpd. It is also possible to run ntpdate from a cron
script. However, it is important to note that ntpdate with contrived
cron scripts is no substitute for the NTP daemon, which uses sophisticated algorithms to maximize accuracy and reliability while minimizing
resource use. Finally, since ntpdate does not discipline the host clock
frequency as does ntpd, the accuracy using ntpdate is limited.
Additionally, NTPDate is not a service/daemon. It's a one-time command tool that immediately synchronizes the software clock. It's packaged with NTP on some Linux distributions, but not necessarily all.
I would not recommend its use on a system that is running a database. Historically, many database products don't deal well with abrupt changes in system time.
Best Answer
ntpdate
andntpd
are different tools, but one of them helps another.ntpdate
is used to synchronize the system clock at once immediately. It takes time from antpd
server, which has synchronized status (stratum 1 - 4).ntpd
service sets system clock softly. It can spend several hours to eliminate the lag of system clock for several minutes. All this time it has synchronized statusstratum 16
- it means the system clock isn't synchronized. The service restart commandservice ntpd restart
is used only to apply changes in its configuration file.ntpdate
is usually used to synchronize the system clock of personal computer at startup.ntpd
service is usually used to synchronize the system clock of server all-time.