The VMCI (Virtual Machine Communication Interface was a high-speed interface that virtual machines (VMs) on the same host could use to communicate with each other and the host kernel modules) has been depreciated in version 5.0 and removed from version 5.1 onward, so no longer exists in version 6.5.

This means from your perspective all traffic between VMs will need to flow through provisioned vSwitches.  Where you can then isolateand route traffic based on port group, vSwitch etc.. as you require.

https://docs.vmware.com/en/VMware-vSphere/6.5/vsphere-esxi-vcenter-server-65-networking-guide.pdf

The above document provides a complete overview of vSphere networking, and how it can be configured to achieve exactly what you require.

If you wanted to go further and place physical rather than logical controls for your DMZ servers, you could create a new DMZ cluster within vCenter from the two nodes you have identified.  When doing this consider your capacity, HA and affinity requirements.  For example if you are load balancing to multiple VMs you might consider creating anti-affinity rules to run those VMs on separate hosts.  With HA you need to consider what happens in the event of a host failure, is there enough capacity in you two node cluster to run all VMs?

With both solutions you keep one vCenter as a single administration point.

Hope this helps

Simon

Yes you can, for this you have to create different cluster for DMZ then putting up ESXi hosts into it. Moreover DMZ means you will be in different subnet/network then you are in currently, this all needs new vlans and port groups, different firewall policies, major work here is need to be done from networking end.

And after all setup you need to migrate the VMs to DMZ cluster proceeding with downtime because IP will change. Make sure to check the required application or OS ports, so that Servers will be accessible from DMZ environment as well. Because in DMZ environments there are strict firewall policies.

Good Luck.