Hello,
Scanner and Control Centers roles are explained very well in SMG documentation.
Scanners process inbound and outbound messages and route messages for delivery.
Scanners download virus definitions, spam signatures, and other security updates from Symantec Security Response. Scanners run filters, render verdicts, and apply actions to messages in accordance with the appropriate policies and settings.
The Control Center is a browser-enabled application that interfaces with the Symantec Messaging Gateway system.
It is posible to have a Control Center and Scanner on a sigle appliance (what I called mixed mode)..
Regarding number of the interfaces - as per SMG installation guide: "You can configure the Scanner to perform both inbound mail filtering and outbound mail filtering. You can use the same Ethernet interface for both inbound mail filtering and outbound mail filtering"