tag:blogger.com,1999:blog-2511631377600597263.post1502473881719206..comments2023-10-29T14:05:00.630-05:00Comments on Nick Coblentz: Mosso - First PCI Compliant Customer Through Self Evaluation and ScanningNick Coblentzhttp://www.blogger.com/profile/02039723015167872217noreply@blogger.comBlogger3125tag:blogger.com,1999:blog-2511631377600597263.post-30622828267508812722009-08-17T02:47:55.818-05:002009-08-17T02:47:55.818-05:00great post,thanksgreat post,thankspci compliancehttp://www.hostingbay.com.au/newsite/html/pci_compliance.htmlnoreply@blogger.comtag:blogger.com,1999:blog-2511631377600597263.post-664501349136514662009-03-05T18:00:00.000-06:002009-03-05T18:00:00.000-06:00Since Mosso uses VMware ESX (Amazon uses a modifie...Since Mosso uses VMware ESX (Amazon uses a modified Xen), I am curious as to how virtualized RAM is met by requirement 9?<BR/><BR/>As far as I understand, virtualized RAM for guest VM's is not encrypted, nor is ESX capable of providing an encrypted filesystem where the vswp and potentially memory balloon driver could be protected.<BR/><BR/>While Xen and Hyper-V Role/Server are capable of providing an encrypted filesystem, they also cannot prevent hypervisor access to unencrypted VM guest virtualized RAM.<BR/><BR/>This only becomes much more of an issue when VMsafe in vSphere 4.0 becomes available, as well as via the XenAccess hypervisor introspection Sourceforge project for Xen.<BR/><BR/>I know that hyperjacking has not yet been a public issue for ESX -- it has been a problem for Xen in the past. Regardless of hyperjacking, the virtualization administrators for Mosso and Amazon clearly step beyond the boundaries, and should be at least viewed in a similar light as network monitoring that has access to VM guest RAM -- where all requirements would apply.drehttps://www.blogger.com/profile/17414510788948258195noreply@blogger.comtag:blogger.com,1999:blog-2511631377600597263.post-70359015750957343082009-03-05T14:36:00.000-06:002009-03-05T14:36:00.000-06:00Nick, we continue to work towards what you describ...Nick, we continue to work towards what you describe. But this is an important first step towards achieving that.<BR/><BR/>Thanks for the post -<BR/><BR/>Rob La Gesse<BR/>Director of Customer Development<BR/>Mosso|The Rackspace CloudAnonymousnoreply@blogger.com