Different Keycloak cluster in DMZ and trust

Hi everyone. We have an idea to have different Keycloak clusters in DMZ and Trust network zones, so auth flows will not cross each other. Keycloak in the trust zone is going to be used for AD federation and Kerberos-based SSO and keycloak in DMZ for the services that live here. What are the possible drawbacks here? I will appreciate any advice, thanks :slight_smile: