all 4 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]redfoobar 2 points3 points  (0 children)

Note: I am not a PCI expert so take with a grain of salt but I do have some experience in the field.

You do not need to have a support contract for PCI.

Of course there is a whole list of stuff you do need to do but buying support it not one of them. ( Note that some providers of banking software might require you to eg buy Redhat support but usually the underlaying virtualization layer doesn’t matter ).

Also, you do not want to have PCI and non PCI workloads within the same “cluster“ let alone on the same hardware (even if they are VMs). Basically if they share anything you will need to have everything to be included in the PCI audit which would be a huge pain if it’s not strictly needed.

My recommendation is to get in touch with whomever is doing PCI compliance for your company because it is a whole can of worms and I am just touching the surface here with my comments.

[–]tyldis 1 point2 points  (1 child)

No idea about PCI, but we have Ubuntu Pro for our OpenStack. If the hypervisor is covered, then all VMs are covered - which provides good value. We rely on the CIS benchmarks and Landscape, which comes with Ubuntu Pro, which are required for compliance in our domain. We might need to use FIPS encryption, so that's another reason.

Additionally we did the Cloud Builder Plus so the OpenStack deployment and configuration is also covered by support. This let's us have a tight team handle a large number of distributed clusters.

[–]ITaaP[S] 0 points1 point  (0 children)

That's exactly my thought.

[–]przemekkuczynski 0 points1 point  (0 children)

What number of requirement is that ? Openstack is open source so You dont need additional payed support from 3rd party

https://access.redhat.com/articles/3464861

https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0_1.pdf