Re: streaming rep setup in PCI compliance environment

Thank you, John.

I am also trying to find from our PCI representative as well. In our case
slave will be used for reporting purpose not for failover.
I guess the biggest dilemma from PCI perspective is tier 2 initiating
connection to tier1, but it is just a db user with replication role, which
is a pretty controlled role.

Dinesh

On Fri, Oct 9, 2015 at 10:50 AM, John Scalia <jayknowsunix(at)gmail(dot)com> wrote:

> I spoke with my PCI compliance officer here, and provided you've
> documented what you're doing here and why, you should be compliant. We had
> a fairly long discussion about this and I had to explain to him that I was
> referring to the slave as being a hot standby, ready to take over in the
> event of an issue with the primary. If you're doing this for some other
> reason, so long as it's explained, you could still be OK.
> --
> Jay
>
> On Fri, Oct 9, 2015 at 11:48 AM, dinesh bhandary <dbhandary(at)gmail(dot)com>
> wrote:
>
>> Hello Everyone:
>>
>> I am trying to setup streaming rep between master ( which is in PCI tier1
>> zone) to slave ( PCI tier 2 zone). However, I am told that PCI tier1 can
>> only initiate connection to lower security zone, in our case slave
>> environment ( PCI tier 2). However, for streaming rep to work, slave needs
>> to connect to Master. Does this violate PCI requirement. Anyone has
>> experience setting up master-salve in PCI compliance environment?
>>
>> Please let me know.
>>
>> Thanks
>> Dinesh
>>
>
>