DLP 11 and Exchange 2010 aren't going to get you far in this situation with regards to cutting out any of these devices, unfortunately. The only real architecture type change that V11 introduces for Prevent is the ability to put that device in the cloud, which is not your case here.
You need those Ironport devices in there to perform any mail routing based on what Prevent tells it to do (send to Tumbleweed to encrypt, or send to the mail gateways in the DMZ). You may even be doing you block on Ironport now, which gives you some additional options/functionality.
I'm not sure you need the two mail relays before going to the Ironport devices, but there's probably a reason you did this. You could go right from Exchange to Ironport. Or if you want to simplify the mail flow a little, you could put Prevent in forwarding mode instead of reflection. Typically how I recommend that configuration:
Exchange --> Load Balancer ---> Prevent 1 or Prevent 2 --> Ironport 1 or 2 --> Tumbleweed or final mail gateway.
With the load balancer, you can specify to fail open direct to Ironport if Prevent 1 and 2 are not up, hence you still have fail open capabilities. This has the added benefit of reducing your load on Ironport if that happens to be an issue.
~Keith