1 person found this helpful
The short answer:
define DMZ IP subnet
define DMZ VLAN
configure VLAN on switches
configure IP routing on firewall
configure firewall rules on firewall
create DMZ portgroup on distributed switch and assign DMZ VLAN
The complex answer:
depends on budget and paranoia.
When you look at the recent spectre/meltdown desaster: do you want DMZ VMs running on the same hosts as your internal VMs ? So you may want a dedicated cluster for DMZ VMs.
Thank you so much