I'm trying to determine if its more simple to put the UM VM in the DMZ and allow access to vSphere through the Firewall from the UM or to put the UM VM behind the firewall and allow the access ports open to it, 443, 8443 etc?
I couldn't find any kind of network diagram or best practices.
UM is put inside the firewall, where it is usually on a management network.
A lot of partners create a common management network, which if they have multiple dedicated vCenters or just run all shared environments means that you can reach management in one network segment. UM is best on this segment, along with vCenter, NSX Manager, vROps, vRLI and other management tools.