I am working on a PCI compliance project for our new SAP implementation we are about to stand up. I'm trying to limit the scope of systems that are in scope for PCI and cannot find an answer to my question anywhere including the security library.
Basically, we are trying to understand the feasibility of firewalling off our ECC, Internet Sales, XI and Payer Direct servers from our BI, SLD, SRM, SCM, LiveCache, GTS, EP, Trillium, Sabrix, Sabrix Report, MDM, xMAM and GRC servers. The alternative is to include all the servers within our PCI segment which triples the size of our environment.
We intend to do a full traffic analysis to lock down the traffic to only that which is necessary but are concerned about the potential issues in delaying the packets as they traverse the firewall, especially between the ECC and BI servers among others.
Does anyone have any experience with segmenting off their servers along these lines?