Firstly, i'm fairly new to VMWare so apology's if this is a dumb question. We have a couple of new boxes that will be carved up into VM's, some of these VM's will need to sit in the DMZ and others in the protected network. I'm thinking of having one machine operating on both networks, setting up 2 virtual switches within the box, one for DMZ and the other for the protected NW, assigning them to unique NIC's then assigning the VM's to their respective virtual switches. Naturally, the management shit would be in the protected network etc A guy here who's had experience in VMWare says it's against best practice to do this, but i'm not convinced. On the surface, it would seem he'd be right but I suspect that's a bit of old school thinking. Whats the current thinking out there from a network admin and security admin POV?