Tom,

I have multiple customers who like you have credit card information flowing through and on their i. Like you they accept credit cards from customers on a near continuous basis and have many workstations directly connected their i. All of them consider themselves PCI compliant and none have gone to the trouble of using SSL with user certificates on their PCs nor have they inserted another machine, proxy, or other device in the middle of the connection.

I think you might be chasing a requirement that doesn't exist.

- Larry "DrFranken" Bolhuis

On 1/10/2011 5:44 PM, TDuncan@xxxxxxxxxxxxxxxxxx wrote:
We currently have credit card info on our i (yes, they are encrypted) and
are preparing for a PCI audit. Currently all of our users connect directly
to the i via telnet (green screen) using a common group SSL cert. We have
been told that if we maintain that connectivity then all of their
workstations would be in scope and we would need to use personal
individual SSL certs for each workstation. This is the IBM recommendation
and it would be a logistical nightmare to implement and administrate. An
alternative would be to have them connect to another server than then
connects to the i, like a telnet proxy server or Citrix, which would no
longer have them connecting directly to the i and as such the workstations
would not be in scope. The Telnet proxy option could cause us function key
mapping issues and the Citrix solution is simply too slow and complex for
our user base. I am looking for other alternatives that would meet PCI
standards. Anyone got any experience with anything else ?

Tom Duncan
Senior iSeries Administrator
Winston Brands Inc.
(847) 350-563

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.