It outlines the three main implementation routes and discusses the advantages and disadvantages below:

Partially Collapsed DMZ with Separate Physical Trust Zones

Advantages

• Simpler, less complex configuration
• Less change to physical environment
• Less change to separation of duties
• Less change in staff knowledge requirements
• Less chance for misconfiguration because of lower complexity

Disadvantages

• Lower consolidation and utilization of resources
• Higher costs because of need for more ESX hosts and additional cooling and power
• Incomplete utilization of the advantages of virtualization

Partially Collapsed DMZ with Virtual Separation of Trust Zones

Advantages

• Full utilization of resources
• Full utilization of the advantages of virtualization
• Lower cost

Disadvantages

• More complexity
• Greater chance of misconfiguration requires explicit configuration of separation of duties to help mitigate risk of misconfiguration
• requires regular audits of configurations

Fully Collapsed DMZ

Advantages

• Full utilization of resources, replacing physical security devices with virtual
• Lowest-cost option
• Management of entire DMZ and network from a single management workstation

Disadvantages

• Greatest complexity, which in turn creates highest chance of misconfiguration
• Requirement for explicit configuration of separation of duties to help mitigate risk of misconfiguration
• Requires regular audits of configurations
• Loss of certain functionality, such as VMotion, if current virtual security appliances are not properly configured and audited

Download it here as there is a lot of information here, to get your teeth into.

It points out how to resolve some of the issues that you may be having with VLANs and ESX. The crux being that by default the Nortel Switch will tag the default VLAN so unless the Service Console is configured with the same VLAN tag, then things get messy. A simple checkbox is all that is required to fix this problem, but check out the article for more information.