[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] PCI DSS 2.0 Good News

Hi Everyone,

I may be a bit late to the game announcing this here, but I've found out some good news for PCI DSS compliance and virtualisation.

We are now allowed to use virtualisation in a PCI DSS environment, as long as we don't give each VM (DomU) more than one primary function.

A good extreme example: We could have a single physical box with 2 NICs which could be the "Cardholder Data Environment" (CDE) all by itself, along with a thin client. The Xen physical server could run DomUs for a firewall, DB server, and Windows Terminal Server. The external network would connect to NIC1, then the thin client (or a switch with lots of thin clients) would connect to NIC2 of the physical server and connect to the terminal server DomU via RDP.

Now we're talking!

Thanks to the guys at VMWare with deep pockets for lobbying the PCI SSC this way!

Now, the only question left: can you run a DMZ and CDE on the same physical server??....

Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.