I am working with a customer needing to complete form D of PCI's SAQ.
Question 2.2.1 says is there only one primary function per server? It gives the example, are web servers, database servers and DNS servers all on separate servers.
Does this mean that a SBS would not be PCI compliant as it hosts DHCP, DNS, AD, File Server, SharePoint and Exchange all on one box?
How deep does this go? Take Exchange for instance. Exchange has a mailbox db server, a web front end and its back end.. does all this need to be separated too?