Hi,
Were slowly moving through PCI compliance, and I've come across section 6.4.1
The PCI Guidance documents guide for virtualisation states that "The implementation of a virtualised environment must meet the the intent of all requirements, such that the virtualised systems can effectively be regarded as seperate hardware..."
I thought we had pretty much done this, as our Test database server, seat server, credit card server etc are all implement as completely seperate VM's. However I recently read an article on TechTarget that gave me some worry.
This seems to indicate that I need a seperate SAN to host my test environment or partition it off some how. As anyone else faced this problem who has virtualised their infrastructure and has anyone had any advice from a QSA?
Thanks
I wonder if the storage array is partitioned, can this be considered compliant?
I was hoping we could partition the storage array and host the test environment seperately. But it also raises the question, do I have to implement a seperate VLAN to achieve the "adequate seperation" component. And then you could take it a step further, do I need to host it on its own AD forest with its own Domain controller that has trust setup between the main forest.
I'm hoping that example is taking it to the very extreme, and trying to find out what other people have implemented.....