I have been reading the security design architecture white paper to help me construct the network elements of my VI and as this is my first stab at VI I would be grateful for some feedback on my proposed implementation before I spec the hardware. Some of my questions may be very basic but hopefully they don't sound too daft.

I hope to host a number of machines from different sides of the DMZ on the same host and my current thinking is to seperate the traffic using vSwitches so that I can easily add vm's to either switch depending on which side of the DMZ I want the machine to be located.

• 1 vSwitch for machines outside the DMZ

• 1 vSwitch for machines inside the DMZ

• 1 vSwitch for service console

If I have 1 Intel quad port physical NIC can I still use vSwitches to separate the traffic, the white paper mentioned virtual switches cannot share physical Ethernet adapters, so there is no way to fool the Ethernet adapter into doing loopback or something similar that would cause a leak between virtual switches (pg8) and I was wondering does ESX 3.5 treat quad port nics as 1 or 4 NICs?

If I add a second quad port can I use NIC teaming across the different cards to add some redundancy to the vSwitches i.e. can I pair NIC 1 Port 1 with NIC 2 Port 1?