Solved

Use a Virtual Machine on an existing Server to process Credit Cards?

Posted on 2011-03-17
10
403 Views
Last Modified: 2012-05-11
In my question
ID:26885566
Author:ri95Date:03/14/11 10:11 AM Question

I thought I had everything under control - I have a curve ball....I cannot have a separate PC for processing credit cards.

My big concern is that we are not able to use just one standalone computer to process credit  cards.

roomMaster, the hotel reservation database requires its processing to be on the same server as its application.
So that stays on the NAT Server.

POSI Touch has a PCI compliant processing application which also stays on the NAT Server.

Both of these require Internet Access.

The fact that the POSI server needs to transmit (encrypted cc data) to the NAT Server means I have a live TCP/IP connection between the NAT network and the POSI network.

Could I make a Virtual Machine on the Server and have it on the same network as POSI (192.168.2.x) and have only the POSI Credit Card Transaction running on that Virtual Machine?

Then I could leave the roomMaster as it is. It needs to be on the same network as the hotel computers.

Does this sound ok?
I have attached a PDF of network using this implementation.

0
Comment
Question by:ri95
  • 5
  • 5
10 Comments
 

Author Comment

by:ri95
ID: 35157254
Forgot to attach the PDF - here it is...
VirtualPCPlan.pdf
0
 
LVL 10

Accepted Solution

by:
akhalighi earned 500 total points
ID: 35157332
Technically Yes . If POSI works on TCP/IP , you will be able to use it in a VM hosted on your current machine or anywhere else in your network.

If it's using a hardware piece to transmit data ( like serial port , etc ) you will have challenges with VM.
0
 

Author Comment

by:ri95
ID: 35157420
It does use TCP/IP for this part of its operation. So do you think it would make it secure? I think it is like setting a separate machine on the POSI network...is that correct? since it will be connected to the Internet though - I thought maybe I would have an issue there.  Should I put XP, Win2k, or Win7 on there?
0
 
LVL 10

Expert Comment

by:akhalighi
ID: 35157682
I am looking into the diagram , a couple of questions for you , as I am a bit confused .

-Your both NAT server and Posi servers are in the same network . 192.168.2.x . is that right ?
- They are connected to each other by network . not a serial cable or anything else.
- You have a database on NAT server
- You have some applications running on POSI server

You have another software for credit card transaction .
- How does this software work ? does it need access to POSI server or NAT ? or both ?
- Does Credit Card application depend on any local service (from NAT or POSI ) or it just connects through TCP/IP ?
- Does it use any devices (e.g credit card readers ? )


0
 
LVL 10

Expert Comment

by:akhalighi
ID: 35157693
BTW , what is the Operating system of NAT and POSI servers ?
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 
LVL 10

Expert Comment

by:akhalighi
ID: 35157813
Alright .. sorry about my confusion . I think I get it now. Dude .. you need a better network diagram :)

Okay , it looks like that NAT Network  is 192.168.1.0/24  and POSI Network is 192.168.2.0/24

and it looks like that your credit card application needs access to both servers , right ?

If you are sure that POSI network has TCP/IP access to NAT network , AND your CreditCard application ONLY uses TCP/IP , then VM will be a good solution
for you.

As for the operating system , I'd go with windows 7 if you don't have any server product. make sure that you have a good Anti-virus on it. also configure windows firewall to maximized the defense level. (make sure your NAT server has access to it though , so make exceptions in the firewall)



0
 

Author Comment

by:ri95
ID: 35157923
Sorry I made an error -
NAT network is 172.16.1.xxx
POSI is 192.1682.xxx

POSI runs a Win2K Server - it is the application we use for Restaurant and Bar - only that application runs on the terminals and POSI Server, except for Anti-Virus app.
NAT Runs Server 2003

POSI would access via TCP/IP

Credit card Processing for POSI is separate from the NAT - it requires access to POSI Server and  the Internet to process. (It is PCI compliant).

The NAT processes on the NAT server - different CC processor...everything different.

so, sounds like you think Win7 would be ok on a VM. I think so also. NAT Server does not need access to anything about POSI except for Room Charges - which are delivered by a serial connection and does not carry any sensitive cc information.



0
 
LVL 10

Expert Comment

by:akhalighi
ID: 35158044
Alright , then your credit card application ONLY needs access to POSI server and Internet .
VM should be fine. as I stressed before , it exactly acts like a physical machine . the only difference is if you wanted to attach a device ( like a Credit card reader)  to a VM . that could be challenging.  
0
 

Author Comment

by:ri95
ID: 35158067
Thanks so much...you were right on the same page and followed through..
I am absolutely positive nothing needs to be on that machine except for the Credit Card Processing software.
0
 

Author Closing Comment

by:ri95
ID: 35158087
Grasped my situation and followed through for detail. We need more like this fellow!
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Tagging ports on a managed switch 6 51
Question about Authentication Domain 6 71
P2P and MPLS 3 42
Transfering files via a single Cat5 between two DOMAIN computers. 14 76
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now