DMZ VLANs in the Data Centre - Physical or Logical Seperation
I am building a new DMZ in my Data Centre and I'm looking at the merits of Logical Seperation rather than Physical Seperation.
Instead of putting in some new DMZ Switches and then physically cabling all the DMZ devices and Servers to these switches so that these are physically seperate from the rest of the DC, I'm thinking of connecting them up to the existing DC Switches and just use a different set of VLANs with the routed interface for these on Physical Firewalls.
Can people please appraise me of the concerns or issues with this? Are there any articles or design papers on this?