Tracy Reed <[email protected]> writes: > They also take credit cards to the tune of around 65,000 transactions > per year. PCI compliance is an issue and they want to aim towards > being PCI compliant.
PCI is a fairly big ball of wax. It may be my bias here, but I suspect a having an outsourced PCI environment is going to be fairly expensive. I'd turn this around, and ask if you need to keep processing your own credit cards, or if you can start using an external CC processor. (I believe authorize.net is common here, but I don't really know the space) If you can get away from the PCI requirement, you needs start getting a lot simpler. seph Right now they are far from > it. They will need firewalls, separate network segments, a NIDS, > logfile monitoring, the whole works. They also want some shared > storage behind the virtual environment so they can do vm migrations > etc. They currently have two developers who have been doing the > sysadmin work but a lot of necessary work has been deferred and they > do not have much experience in building a scalable/secure system. > > Pros for moving to Rackspace: > > 1. Fully managed so sysadmin is someone else's headache/no need to > hire a full-time sysadmin. > > 2. Potentially lower cost. > > 3. Economies of scale might make things cheaper. > > 4. They claim to have domain experts in all of the applicable fields. > > 5. They claim to have some PCI services which we could leverage. > > 6. No more owning hardware, paying colo, trips to colo, etc. > > Cons against moving to Rackspace: > > 1. Maybe they can't really provide the level of service that is > required or if they can it might be quite extensive. > > 2. Don't have the attention of your own full-time sysadmin. > > 3. If it is really a full-time sysadmin worth of work it will probably > be more expensive to pay for all of that sysadmin time from Rackspace > plus their overhead. > > 4. Once we are migrated over they've got us by the short and curlies > as migrating out is far from trivial. > > 5. No one person with full knowledge of the whole operation who can be > called 24/7. > > 6. If they can't really implement full PCI we are stuck. > > I'm sure there are many others, these are just the things I can think > of off the top of my head. I am about to place a call to > Rackspace and discuss these issues with them and get their take on > it. > > I must approach this with a completely open mind and put aside my own > biases and personal opinions. Whichever way I go I have to be prepared > to make a good case for it. > > I wanted to see if anyone out there has experience in this area and > might be able to help my research by suggesting based on their > experiences whether this is a realistic strategy which might actually > save money/improve reliability or whether it is unreasonable to think > that someone like Rackspace could really provide such an extensive > level of service cheaper/better than a very good in-house sysadmin > might. > > Thoughts? > > -- > Tracy Reed > http://tracyreed.org > _______________________________________________ > Tech mailing list > [email protected] > http://lopsa.org/cgi-bin/mailman/listinfo/tech > This list provided by the League of Professional System Administrators > http://lopsa.org/ _______________________________________________ Tech mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
