We’ve been looking at a VPS as a good start to meet PCI compliance.
Does anyone know if having the MySQL server running on the same VPS as the web server make the environment PCI non-compliant? For that matter, what if the mail server ran in on the same VPS?
A VPS might work, but there are extra PCI requirements for shared servers. And, you have to separate the database and web servers by putting the web server in a DMZ. You also have to have intrusion prevention/detection, web application firewall (or code review), log monitoring, and file integrity monitoring.