Separate Secure Gateway
Have the capability to separate the Royal Server and Secure Gateway.
This serves a two-fold purpose. The first being that it allows many Secure Gateways to be connected to 1 Royal Server; as in 1 Secure Gateway and 1 optional backup Secure Gateway per managed environment. Then Royal Server can be more effectively used as a central repository in larger environments with many protected layers. This also allows for less and more precise holes in the firewalls.
The second capability would be reverse connections by having Secure Gateway make an outbound connection to Royal Server, then having Royal Server negotiate or tunnel the connection back to Royal TS. This way it eliminates open ports inbound into secure environments. That separation would allow easy management in compliance with the laws my company and many others fall under.