That's an interesting problem. For PCI - at least in my interpretation (please correct me if you do these assessments for a living) - as long as the VM parent, or the linux VM children are not controlled or accessed by other customers and you as the provider (or whoever manages the box) adhere to the DSS requirements, it should audit well. It's about segregation, logical or physical, as long as a client doesnt have access to break out and tamper with config which could alter their segregation, I think it's fine.
Now, if you're going to host multiple customers behind those firewalls, you'll want to VLAN each of them and probably not share a netblock among them - again for isolation purposes.
But again.. I'm not specialized in this area. If you find the answer to this, please let me know. I'd love to get this straight as well.
On Thu, May 8, 2008 at 3:37 PM, Terry <
td3201@...> wrote:
Hello all,
I am throwing around the idea of using linux firewalls in vmware for
customer environments. The customers may or may not have
HIPAA/PCI/sOX/etc requirements. This is in the planning stages. Any
of you have experience heading down this route? PCIDSS doesn't
explicitly state problems with virtual firewalls, it seems to focus on
the logic of the rules.
Thanks!
