I'd have to think about it more, but if feels overly complex. You've essentially taken the idea of a DMZ network and put it in an individual computing device.
DMZ networks are hard to get right and hard to admin, and almost always end up getting some sort of exception for certain business needs.
Asking a user to admin that, or having no admin at all, feels almost impossible.
DMZ networks are hard to get right and hard to admin, and almost always end up getting some sort of exception for certain business needs.
Asking a user to admin that, or having no admin at all, feels almost impossible.