Any reason you couldn't point the data center NTP servers at the one's in the corporate office? --- Jeremy Page
From: tech-boun...@lists.lopsa.org [tech-boun...@lists.lopsa.org] on behalf of Matt Butch [apple4e...@me.com] Sent: Friday, September 25, 2015 11:54 AM To: tech@lists.lopsa.org Subject: [lopsa-tech] Time and PCI Anybody here know about PCI and Time servers? I'm fighting a battle with our security guy about it. Background: we have two e-commerce datacenters (active/failover type) located on opposite sides of the country that host our web stack, and two corporate offices near each other that host the business stack (ie email, file server, AD, warehouse/shipping database system). We also have a host of stores and warehouses. PCI requires that "Critical systems have the correct and consistent time." (10.4.1). However the testing procedures in that section say "Only the designated central time server(s) receives time signals from external sources". He is hung up on that "central" part. I want to put time servers in the two e-commerce datacenters as well as the two corporate offices and peer all of them together, and point our servers to all of them. He wants to only put them in the two corporate offices. His argument is that they are then central there. Mine is that they aren't central to the web stack, and that the web stack will not maintain correct and consistent time. Thoughts? -Matt -- I follow the System Administrators' Code of Ethics: https://lopsa.org/CodeOfEthics LOPSA Member Please be advised that this email may contain confidential information. If you are not the intended recipient, please notify us by email by replying to the sender and delete this message. The sender disclaims that the content of this email constitutes an offer to enter into, or the acceptance of, any agreement; provided that the foregoing does not invalidate the binding effect of any digital or other electronic reproduction of a manual signature that is included in any attachment. _______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
