Where do virtual switches reside? Inside the hypervisor. It interconnects all the VMs together. In case, a hypervisor is hosting VMs from different security zone together, then they may have to be segmented with VLANs inside the virtual switch.
A small note about this virtual switch – it does not participate in the STP protocol with outside world. It distinguishes between VM facing ports and outside facing ports (uplink ports – that is those that are connected to the NICs). It will never allow a loop to form by making sure that – traffic from uplink ports are not redirected again to uplink ports. It will also not allow incoming traffic from uplink ports with a source MAC of that of one of the residing VMs. VMWare’s vSwitch is stringent about this.
Once we get VLANs into picture, then the NICs on the physical server will have to have trunked ports. Which means VLAN trunking configuration is not clearly delineated at the border network switch of the data center, but it comes into the hypervisor as well. The vSwitch needs to be configured with all the VLANs that it may carry traffic for. This entails server and network admins to talk to each other and get to an agreement about which VLANs to use.
Apparently, Nexus 1000V virtual switch is released by Cisco to cater to this need. It sits inside the hypervisor and replaces the VMWare’s vSwitch (?). So, the network admin who is already familiar with the Cisco CLI will have no learning curve to configure and manage the vSwitch inside the hypervisor.