I'd go with option 1.
Some reasons:
- with a separate vSwitch for the DMZ connected to a dedicated DMZ switch the VM has no network connection to the production system
- if you have a vSphere Cluster you can provide high availability for the DMZ virtual machine
- you can place the VM on your production storage system, since the VM doesn't "see" it's physical storage
- you can safely include the VM in your backup (assuming you are running an image based backup)
- no need for a dedicated host (hardware, power and cooling savings)
André