If the version is 3.0 with vSphere 7.0 ,VDS 7.0 . You can follow below approach
2 for - VDS01 (mgmnt,vmotion)
2 for - VDS02 - for workload VM's with Edges
2 for - VDS03 - for DMZ workload with DMZ edges
As far traffic segregation , above design is not enough .They would need unique uplink connectivity to unique TOR L3 and FW, sometimes people collapse the physical layer (DMZ&DC) with micro segmentation on DMZ workloads which is also fine. On a side note, uplink utilization of NIC totally depends on DRS nature of movement that will kick Edges or VM to different host, something which we ideally don't control it ( exceptions are DRS rules) , so i'm unsure why we should worry about this point. If you have equal number of servers and tenants with Edges with A-A and A-S config , for sure utilization will there on all PNICS for all servers.
