Posted by: Colin Smith
Right now we have a big push for PCI Compliance. They require us to encrypt all network traffic that is coming to or from any server with protected information. This is fine and makes sense, I mean we do not want sensative information flowing across the wire in plain text. I have to hand it to the architects at my office. They have come up with a nice solution to a big part of the problem. Still have some issues like how to encrypt FTP but for the most part they solved it. They are moving all these systems into a new VLAN that is segmented from the rest of the world, even our internal network can not get to it. Then they can all talk as normal since they are segregated. Then when internal customers need to connect to the server the network will automatically create an ssl vpn tunnel for all that traffic to move over. I think that is pretty cool but it is a big hassle having to move a lot of my DB Servers into this new segment. It will be nice when it is done.