I recently posted this in the TechNet forums and thoguht that it needed a bit longer life.
Mostly, this is about understanding virtual machine networking under a hypervisor (ESX, XenSERver, Hyper-V, etc.) and that they all basically work the same.
The simplest way to accomplish isolating VM traffic into a DMZ is to do a form of physical network isolation.
Your Host has two physical NICs.
Connect NIC 1 to the management network. Connect NIC 2 to the DMZ network.
Create two External Virtual Network Switches - one per physical NIC and name them appropriately.
Connect your VMs only to the DMZ virtual network switch (using the VM settings).
Login to your Hyper-V Host console - check the network connections. You most likely have a Virtual Network Adapter (possibly two).
You may end up with one for each virtual network switch. If this is the case, open the properties of the Virtual Network Adapter that is attached to the DMZ virtual Network switch and remove (uncheck) all protocols - this will prevent any traffic from the Host into the DMZ and vice versa.
The alternative is VLAN IDs.
Looking at network connections within the Hyper-V console can be confusing.
When you first install the Hyper-V role you have Physical NICs and properties just like you know and love from any Windows server. As soon as you create an external virtual network switch the physical NIC only has the virtual network protocol bound to it (it is no longer 'owned' by the Host, but instead by the Hypervisor) - leave this NIC alone.
If your Host was using this physical NIC it is now given a new virtual network adapter that is attached to the virtual network switch which is in turn using the physical NIC - therefore keeping the host on the same physical network.
The part that makes this confusing is that we CAN look at the network connections, and we CAN play with things just like we have with Windows Server for years. However, now we have to realize that the architecture is different - a mix of what we knew, a dash of what we saw with Virtual Server on Server 2003, and parts that are totally new becuase we have a hypervisor and a virtualization stack.