Ok, so let's say you've decided to implement Sovereign Stack. The first place to focus your attention is on your network setup.
You can always buy new equipment for a new deployment, or you can simply apply the concepts of this website to your existing network infrastructure.
Typically each Data Center has a unique public IP address that terminates on the WAN side of the firewall. The Firewall, Switch, and DMZs collectively are referred to as the "network underlay" as these devices provide the most basic networking functions. Functions on the network underlay include DHCP (for creating reservations) and DNS names for your various deployments VMs.
Each data center also contains AT LEAST ONE VLAN-capable managed switch.