I think what the originator is trying to get is, is that there is no way to monitor the virtual switch. while moving to seperate port groups does help in sending the traffic back out to the real switch, it does increase operational overhead and moves the problem away from VMware.

what is happening in the Cisco relationship is maybe a better question? Will we get a Cisco virtual switch and if so will we get the logging we crave and need. Vmware always promote using internal virtual switches in security setups and DMZ, to make that a reality we need logging at the v switch layer.