I have multiple port groups on a distributed switch for different kinds of production traffic. The distributed switch is attached to an ESXi 5.1 host. I don't want an administrator to be able to accidentally attach a virtual machine's network adapter to a port group with sensitive or critical traffic. Is there a way to "mask" critical or sensitive port groups from a group of vms so that they cannot see those port groups? I don't want to have to separate port groups for production traffic onto separate distributed switches.
Any input appreciated. Thanks!
