You have options regarding segmenting the VxRail network traffic at the virtual-distributed switch level. You can configure all the required VxRail networks to a single virtual-distributed switch, or you can deploy a second virtual-distributed switch to isolate the VxRail management network traffic and the VxRail non-management network traffic.
If your company or organization has stringent security policies regarding network separation, splitting the VxRail networks between two virtual-distributed switches will enable better compliance with those policies, and simplify redirecting the VxRail management network traffic and non-management network traffic down separate physical network paths.
You can choose from the following options to align with your company or organization networking policies:
VxRail supports either a single virtual-distributed switch or two virtual-distributed switches as part of the initial implementation process. If your security posture changes after the VxRail cluster initial implementation has completed, a second virtual-distributed switch can still be deployed, and the VxRail network traffic can be redirected to that second virtual-distributed switch. Any additional virtual-distributed switches beyond two switches, such as those for user requirements outside of VxRail networking can be deployed after initial implementation.