Brad Hedlund points out a common misunderstanding in the virtualization networking world – you can segment and isolate all you want, but it is simply a logical construct.

From a risk perspective, I equate this type of virtual segmentation (for DMZs) to connecting the physical DMZ components all to the same switch.

There is lots of other goodness in Brad’s post. Check it out.