When, if ever, should I put clusters in different transport zones? If I have two ESXi clusters that belong to two different business units that are separated for security purposes, is that a good case for using separate transport zones?
Two VXLANs in different Transport Zones are not inherently more separate or secure than two VXLANs in the same Transport Zone. There used to be more use cases like if two VXLANs needed different replication types, but you can just do that per VXLAN now anyway. Nowadays, the only two reasons I ever do it:
1. One TZ in a site is Universal and one isn't. Only certain VXLANs in the scenario need to span to other site(s).
2. For whatever administrative reason, I don't want certain VXLANs showing up on certain clusters. Maybe I have a development cluster that needs VXLANs within it, but I don't want the devs who have control of that cluster attaching VMs to prod VXLANs. I might create separate TZs for Dev and Prod.