Currently, I have vCenter and 2 esxi hosts on the LAN, and I have to VPN into the firewall to access either (vCenter is actually a VM on one of the esxi host). However, console performance is terrible with this setup, and I'm thinking that it's because of the VPN overhead. So, my question is, should I move vCenter into the DMZ so that I can access it sans VPN, and open the necessary ports so that it can connect with the esxi hosts on the LAN? Note that, despite the virtualization, the DMZ and LAN networks are separate physical networks using multiple NICs on the hosts. Well, kinda...the NICs are connected to a single switch, but the switch is segmented using VLAN.