This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-users] PCI DSS 2.0 Good News

To: Xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] PCI DSS 2.0 Good News
From: Jonathan Tripathy <jonnyt@xxxxxxxxxxx>
Date: Fri, 29 Oct 2010 18:21:15 +0100
Delivery-date: Fri, 29 Oct 2010 10:21:50 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv: Gecko/20100713 Thunderbird/3.0.6
Hi Everyone,

I may be a bit late to the game announcing this here, but I've found out some good news for PCI DSS compliance and virtualisation.

We are now allowed to use virtualisation in a PCI DSS environment, as long as we don't give each VM (DomU) more than one primary function.

A good extreme example: We could have a single physical box with 2 NICs which could be the "Cardholder Data Environment" (CDE) all by itself, along with a thin client. The Xen physical server could run DomUs for a firewall, DB server, and Windows Terminal Server. The external network would connect to NIC1, then the thin client (or a switch with lots of thin clients) would connect to NIC2 of the physical server and connect to the terminal server DomU via RDP.

Now we're talking!

Thanks to the guys at VMWare with deep pockets for lobbying the PCI SSC this way!

Now, the only question left: can you run a DMZ and CDE on the same physical server??....

Xen-users mailing list

<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-users] PCI DSS 2.0 Good News, Jonathan Tripathy <=