Instead of replicating data to our DMZ, we have only one server there: A reverse proxy. The public hits it, and it then fetches pages from web servers on the trusted network. I see several advantages to this model (below). I would like to hear from others about any possible disadvantages.
1. No need to have a potentially vulnerable database server that may store sensitive information in the DMZ.
2. No need to poke a TCP hole in the firewall for the web server(s) to communicate with database servers in the trusted zone (as some do as an alternative to #1, above).
3. One reverse proxy can point to multiple web servers using subdomains and/or subpages.
4. Only one third party SSL certificate is required. External user data is encrypted between their browsers and our reverse proxy. The reverse proxy can safely talk to the web servers in the clear (traffic sniffing this traffic would require physical access to our data center), or for the extra paranoid the reverse proxy can be configured to trust our self-signed certificates on the trusted network.
5. Adds an extra layer of security (in addition to points 1 & 2) because in order to compromise our actual web servers, an attacker would first need to gain control of the reverse proxy, and then find a vulnerability to exploit from there.