Chathura Ariyadasa, Author at Chathura Ariyadasa (He/Him/His)

Data Center Areas (MDA,IDA,HDA,ZDA,EDA)

Data Center Areas are to facilitate telecommunication cabling and equipment. Those areas can be categorized as below;

  • Entrance Room
  • Main distribution area (MDA)
  • Intermediate distribution area (IDA)
  • Horizontal distribution area (HDA)
  • Zone distribution area (ZDA)
  • Equipment distribution area (EDA)

[image credits: http://www.commscope.com/]

Those areas have been logically defined. Physically, those areas could be either separated or within the same spaces. Will discuss bit more in detail

 

Entrance Room
The entrance Room may include both access provider (SP) and customer (CE) owned cabling. SP demarcation hardware and equipment are being placed in this area. When using multiple entrance rooms, those should be at least 20m apart from each other. Further, entrance rooms should be outside the computer room in order to improve security.

 

Main distribution area (MDA)
MDA includes the main cross-connect (MC), which is the central point of distribution for the data center cabling system. Below devices are being placed within the MDA

  • Core Routers
  • Core, Spine, and SAN switches
  • High-end network switches
  • PBX, Voice/VOIP Gateways
  • Multiplexers

Every data center should have at least one MDA.

 

Intermediate distribution area (IDA)
IDA is to support intermediate cross-connects. The IDA is optional and can include LAN or SAN switches.


Horizontal distribution area (HDA)
HDA is the distribution point for cabling to the EDAs. The main purpose is to provide network connectivity to the end devices located in EDA. EDA area consists of below devices/hardware.

  • LAN switches
  • SAN switches
  • KVM switches


Zone distribution area (ZDA)

ZDA is an optional interconnection point within the horizontal cabling between the HDA and EDA


Equipment distribution area (EDA)
EDA is the area allocated for end devices/equipment. These devices could be Computers, Collaboration devices &, etc.

Understanding SAQ types for PCI DSS

The PCI DSS self-assessment questionnaires (SAQs) are validation tools intended to assist merchants and service providers to report the results of their PCI DSS self-assessment. The different SAQ types are shown in the table below to help you identify which SAQ best applies to your organization. Detailed descriptions for each SAQ are provided within the applicable SAQ.

Type Description
SAQ A Card-not-present merchants. For merchants that outsource their entire card data processing to validated third parties. This includes e-commerce merchants and mail/telephone order merchants. Nearly all online merchants aim for SAQ A, because it is the simplest, least time-consuming assessment.
SAQ A-EP E-commerce merchants who outsource all payment processing to PCI DSS validated third parties, and who have a website(s) that doesn’t directly receive cardholder data but that can impact the security of the payment transaction. No electronic storage, processing, or transmission of any cardholder data on the merchant’s systems or premises. Applicable only to e-commerce channels.
SAQ B Merchants using only:
• Imprint machines with no electronic cardholder data storage; and/or
• Standalone, dial-out terminals with no electronic cardholder data storage.
Not applicable to e-commerce channels.
SAQ B-IP Merchants use only standalone, PTS-approved payment terminals with an IP connection to the payment processor, with no electronic cardholder data storage.
Not applicable to e-commerce channels.
SAQ C-VT Merchants who manually enter a single transaction at a time via a keyboard into an Internet-based virtual terminal solution that is provided and hosted by a PCI DSS validated third-party service provider. No electronic cardholder data storage. Not applicable to e-commerce channels.
SAQ C Merchants with payment application systems connected to the Internet, no electronic cardholder data storage.
Not applicable to e-commerce channels.
SAQ P2PE-HW Merchants using only hardware payment terminals that are included in and managed via a validated, PCI SSC-listed P2PE solution, with no electronic cardholder data storage.
Not applicable to e-commerce channels.
SAQ D SAQ D for Merchants: All merchants are not included in descriptions for the above SAQ types.
SAQ D SAQ D for Service Providers: All service providers defined by a payment brand as eligible to complete a SAQ.

[source: pcisecuritystandards.org]