The risk for such a venture is proportionate to the amount of trust you place in VMware ESX's networking stack. If you place the Internet and Intranet hosts on a separate Virtual Switch (or port group) and turn off promiscuous mode, IP spoofing, and MAC spoofing, then you will have architected the most secure networking design possible with ESX. However, if you are wary of the goings-on of how VMware has implemented all of this under the covers, then an alternative design would be to segregate ESX servers not just by access to shared storage (the typical segregation decision), but also by role (Internet, Intranet). If you would like to know more please feel free to email me. Hope this helps!
Dig Deeper on Network virtualization
Related Q&A from Andrew Kutz
A user wonders how well Ubuntu will serve him/her in terms of stability, and gets release recommendations from an expert. Continue Reading
This expert's insights will help you make a decision whether to use Ubuntu remote backup. Continue Reading
Learn about an emerging product that aims to decrease time spent fixing dependencies. Continue Reading