I am just deploying a DMZ zone defined in my firewall. Ideally I would like to only have lan traffic go into the DMZ zone. I would like to run a host with VMware in the zone but have conflicting info with regards to how to operate the DMZ environment. Is the best practice to create a tunnel (maybe timed intervals) to the lan in order to operate and administer the zone. What is the best practice to backup the non domain computers in the DMZ, ideally I do not want to reference back to my main backup repository. Let me know if you have any good ideas or practices that work best.
There is a discussion here on this: ESXi and DMZ
The conclusion is to keep the ESXi host internal while setting up the networking to create a DMZ zone.
More information if you go this route: VMware vSphere 5.1