[jerf]

It's hard to have independence without independence. You want separate, you're going to have to deal with separate.

[unethical_ban]

It's not about avoiding bugs or vendor vulns when you talk about HA in a network config. It's about hardware failures or individual crashes.

[_yy]

Yeah but no sane organization is going to do that. It would create so much headache.

[jerf]

A sane organization will do it if the benefits outweigh the risks. An organization with sufficient risks will chose it. Most won't, because the risks (specifically, hard cash) won't be outweighed by the benefits.

But that's incidental to what was my real point, which is that if you do want a separate network, it has to be separate. Tie your two "separate" networks together with integration and you're returning single-points-of-failure back into the mix. Granted, practicality may dictate a couple of those... integrated authentication comes to mind... but you don't want the two separate networks to be all slickly and smoothly integrated for the most part.