Hi Everyone,
I may be a bit late to the game announcing this here, but I''ve found
out
some good news for PCI DSS compliance and virtualisation.
We are now allowed to use virtualisation in a PCI DSS environment, as
long as we don''t give each VM (DomU) more than one primary function.
A good extreme example: We could have a single physical box with 2 NICs
which could be the "Cardholder Data Environment" (CDE) all by itself,
along with a thin client. The Xen physical server could run DomUs for a
firewall, DB server, and Windows Terminal Server. The external network
would connect to NIC1, then the thin client (or a switch with lots of
thin clients) would connect to NIC2 of the physical server and connect
to the terminal server DomU via RDP.
Now we''re talking!
Thanks to the guys at VMWare with deep pockets for lobbying the PCI SSC
this way!
Now, the only question left: can you run a DMZ and CDE on the same
physical server??....
_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users