yes,
I thought of writing about creating and managing Managment server list, but thought i would be making it more complicated.
what you said is right, if you want one single sepm wich takes care of dmz and local area then you need replication..MSL.
if there is two then you need to put one in each region.no replication only LU policy needs to be changed.
for liveupdate all you have to do is to put laptops in one group and make the policy change for liveupdate.
for our roaming user put a lu scheudle, when they have internet at home, it wil connect to symantec and download updates.
Creating and assigning a management server list for a Symantec Endpoint Protection Manager
http://www.symantec.com/business/support/index?page=content&id=TECH103175&locale=en_US