In previous company, we had to design SOX and PCI compliant environment
that leverage CloudStack.
Cant go into greater details as it was sometime back, but here several
things i recall
1) Only open communication to specific hosts on specific ports (yes i
know it was obvious), we have documentation that describes what ports
are used, i have a slide that breaksdown the communication - i can try
to find it
2) Only specific group of people (admin) could access cloudstack
management server only (via vpn profile). CloudStack management server
resides on separate VLAN and could only talk to its system vms and
management hosts.
3) Dual homed nics for sysvms usually had multiple interfaces, the
solution was to put them all on 1 isolated network
4) Abstract frontend with another in home dashboard and have 2 form auth
5) Use router VM only for dhcp listening on port 67udp, metadata is
served by another services (small custom written java app)
etc...
Regards
ilya
On 4/22/14, 2:52 AM, Uwe Kastens wrote:
Hi there,
That would be interesting for me as well
Kind Regards
Uwe
2014-04-21 19:31 GMT+02:00 Upendra Moturi <upendra.mot...@sungardas.com>:
Hello Team,
Has anyone worked on making cloudstack PCI compliant.
Can you please point me some documentation.
