If you read the specifications for pci compliance and interpret them literally, it does appear that you need a separate server.
Quote:
2.2.1 Implement only one primary function per server to prevent functions that require different security levels from co-existing on the same server.
(For example, web servers, database servers, and DNS should be implemented on separate servers.)
Note: Where virtualization technologies are in use, implement only one primary function per virtual system component.
|
Though for some reason, several members of this forum disagree with this standpoint.