[PCI DSS 3.0] 2.2.1 Implement only one primary function per server to prevent functions that require different sec

2.2.1 Implement only one primary
function per server to prevent functions
that require different security levels
from co-existing on the same server.
(For example, web servers, database
servers, and DNS should be
implemented on separate servers.)

Note: Where virtualization technologies
are in use, implement only one primary
function per virtual system component.

2.2.1.a Select a sample of system components and inspect
the system configurations to verify that only one primary
function is implemented per server.

2.2.1.b If virtualization technologies are used, inspect the
system configurations to verify that only one primary function
is implemented per virtual system component or device.

If server functions that need different security
levels are located on the same server, the security
level of the functions with higher security needs
would be reduced due to the presence of the
lower-security functions. Additionally, the server
functions with a lower security level may introduce
security weaknesses to other functions on the
same server. By considering the security needs of
different server functions as part of the system
configuration standards and related processes,
organizations can ensure that functions requiring
different security levels don’t co-exist on the same
server.