Hi Eero, On Sat, May 26, 2012 at 1:12 AM, Eero Volotinen <eero.volotinen at iki.fi> wrote: > 2012/5/25 Arun Khan <knura9 at gmail.com>: >> I have a client project to implement PCI/DSS compliance. >> >> The PCI/DSS auditor has stipulated that the web server, application >> middleware (tomcat), the db server have to be on different systems. > > requirement "one primary function per server". > >> In addition the auditor has also stipulated that there be a NTP >> server, a "patch" server, > > true also. ... snip ... Thanks for your input on each points in OP. I appreciate it. -- Arun Khan