Have you considered firewall and IDS/IPS as it relates to moving IT applications onto a virtualized environment (such as IaaS other than Amazon)? Would the deployment consist of an appliance-based firewall effectively "sliced up" for multi-tenancy/multi-domain in case of single-tenant, or would deployment as a virtual firewall be an option to consider?