| From: | Scott Ribe <scott_ribe(at)elevated-dev(dot)com> |
|---|---|
| To: | dinesh bhandary <dbhandary(at)gmail(dot)com> |
| Cc: | pgsql-admin(at)postgresql(dot)org |
| Subject: | Re: streaming rep setup in PCI compliance environment |
| Date: | 2015-10-10 00:49:56 |
| Message-ID: | 34DA3A67-CED4-48D1-83D9-DF70BB3AA3A7@elevated-dev.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
On Oct 9, 2015, at 10:48 AM, dinesh bhandary <dbhandary(at)gmail(dot)com> wrote:
>
> I am trying to setup streaming rep between master ( which is in PCI tier1 zone) to slave ( PCI tier 2 zone). However, I am told that PCI tier1 can only initiate connection to lower security zone, in our case slave environment ( PCI tier 2). However, for streaming rep to work, slave needs to connect to Master. Does this violate PCI requirement. Anyone has experience setting up master-salve in PCI compliance environment?
I have a simliar situation in which I do not want anything in my replica's zone to be able to initiate connections into the data center where the primary is. I have the master set up an SSH reverse tunnel to the slave, and then the slave connects to that tunnel end locally.
--
Scott Ribe
scott_ribe(at)elevated-dev(dot)com
http://www.elevated-dev.com/
https://www.linkedin.com/in/scottribe/
(303) 722-0567 voice
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Joshua D. Drake | 2015-10-10 02:54:25 | Re: streaming rep setup in PCI compliance environment |
| Previous Message | Peter Eisentraut | 2015-10-09 20:45:36 | Re: a new standby server promotes itself to primary without cause |