I think you misunderstand the use of the Management Network (VMKernel port group). The management network is used by the host (ESXi) itself to connect to the network. There's no need for a VMKernel port group on each vSwitch. Just add a new vSwitch with a Virtual Machine port group for the DMZ network, that's it. All the network configuration (IP address, network mask, gateway) has to be configured on the VM's.
André