Hi All,

As you can see in my  diagram below, this is my plan;  Create a completely isolated vSwitch with dedicated NICs for my DMZ portgroup, which is separated from the vSwitchs that contains my Service Console, VMKernel and other Virtual Machine portgroup.

But could this cross talk to the other portgroups on other vSwitches in this system?

How wuold shared storage be utilized between trusted/internal VMs on switch 0-3 and DMZ VMs on switch 4?

Do i need a firewall?

Can this Vmotion and DRS ?

AS

But could this cross talk to the other portgroups on other vSwitches in this system?

If it is restricted from the physical network layer with a firewall, then its not possible to communicated with other portgroups on other vswitches.

based on the rules in the physical firewall, required port may be open to required vms for DMZ server to other server in other portgroups.

or based on the network configuration in switch like layer2 can communicated only internally with in vlan etc.. discuss with your network expert,, its more in network side than in virtual side for network isolation.

Do i need a firewall?

Depending on the physical network architecture and segregation made for DMZ, hardware or software firewall will be required, discuss with your network expert or you can go for vcloud network and security to use vshield edge as internal vmware firewall.

Can this Vmotion and DRS ?

yes its possible, required ports for motion has to be open that is 8000 between source and destination esxi hosts, refer link

How would shared storage be utilized between trusted/internal VMs on switch 0-3 and DMZ VMs on switch 4?

Storage utilization is common to all vms regardless to vms in any vswitch\port group.

Thanks,

  To setup DRS and Vmotion need extra vswitch?

AS

Not required, as already vmotion network is configured.