It sounds like you're caught between "a rock and a hard place"; either way
you turn, the prospects don't look good. If I understand correctly,
corporate legal will not allow you to run HTTP workloads on your IBM i
server (that's the rock). But if IBM i is never used for Web workloads -
the platform will likely fade into irrelevance (that's the hard place).
If I were in your position, I would try to "reason" with corporate legal.
IBM i too good of an application server to be relegated to only database
While PCI compliance is relevant - my gut feel is that more folks may be
partitioning their servers for other reasons, which we have not discussed.