I am in the process of deploying vShield Manager in our test and dev environment (before we implement in production).

I have been reading the documentation "vShield Installation and Upgrade Guide - vShield Manager 5.1". On page 20 the following statement is made:

NOTE Do not place the management interface of the vShield Manager in the same port group as the Service Console and VMkernel.

Question:

Is it OK for the vShield Manager to be in the same subnet and VLAN as the Service Console and VMkernel, using a dedicated port group?

For example I create another port group that has the same VLAN as the Service Console and VMkernel and the vShield Manager uses this?

Let me elaborate with an example.

On page 19 the following statement is made:

With vShield 5.0 and later, you can install the vShield Manager in a different vCenter than the one that the vShield Manager will be interoperating with. A single vShield Manager serves a single vCenter Server environment.

vCenter1

• This is the vCenter that the vShield Manager will be deployed to
  
• It is using the portgroup "Management Network" with the VLAN 18 for the Service Console and VMkernel
  
• It is on the subnet 192.168.10.0/24
  

vShield Manager

• This vShield Manager is running under vCenter 1
  
• It is using the portgroup "Management Network for vShield Manager ONLY" with the VLAN 18
  
• This is where the management interface of the vShield Manager will be running
  
• It is on the subnet 192.168.10.0/24
  

vCenter2

• This is the vCenter that the vShield Manager will be interoperating with
  
• It is a VM running under vCenter1
  
• It is on the subnet 192.168.10.0/24
  
• It is using the portgroup "Management Network" with the VLAN 18 for the VM traffic
  

So my question again:

Is it OK for the vShield Manager to be in the same subnet and VLAN as the Service Console and VMkernel, using a dedicated port group?