>Yes, my goal is to secure the >infrastructure as much as possible. I don't know details but it sounds overly complex. And complexity may cause other issues, without any benefit for security.
Example, you don't have to encrypt your whole hard disk if the hard disk is located in guarded bunker. But if you do that, it will increase security in theory but that may cause service outtage if you have to always locally type your crypt password if machine crashes. I would put this effort to ease maintainability, ease monitoring, use stateful firewall, deploy honeypot etc. and avoid complexity.
