PCI DSS - VDI (vmware) SAQ-C-VT question

[Oscar Knight <knightod () APPSTATE EDU>]

Hello Everyone,

I have several PCI DSS questions.  They all revolve around processing
transactions with a web browser where the web service is external, ie
we only touch the card data with the web browser ...   I believe this
to be SAQ-C-VT.  Please comment on any or all of the following:

1) We are considering using a separate VMware VDI which users
connect to via dedicated PCoIP devices.  Connecting via general
desktop would not be allowed.   Comments?

2) With respect to the VDI solution, IF we allowed users to use
their general use desktop, is there a way to configure their
desktop such that it would NOT be part of the CDE?  For the
record the desktops would be Windows 7 machines.

3) What's your solution for this case?

I know, I know, if we would just listen to our users and allow
'square' all would be OK :)

Thanks in advance!
odk
--
NOTE: ASU ITS will NEVER ask you for your password in an email!
Oscar D. Knight                           knightod at appstate dot edu
ITS                                                Voice: 828-262-6946
Appalachian State University, Boone, NC 28608        FAX: 828-262-2236