The design sounds familiar. I've a couple of little thoughts, neither specific to your design sketch.
Maintaining perfectly consistent distributed configuration without any risk of race conditions is hard; I try to design away from that requirement. So, for instance, I've avoided having servers with externally visible differences in behavior within a load balancing / sharing pool. And, with anything this complex, debugging is hard, so I'd try to set up a test harness, both to debug the configuration as you develop it, and then again for confirming any substantial change you make; thus the test setup, with test data, instrumentation, and verification, should be documented and maintained as part of the production system. Perhaps needless to say, the test harness would include the VM configuration of a test environment. And I'd find it comforting to have bro network monitoring for a distinct perspective on what the plant is doing.
