This isn't a million miles from how our setup is. We went for the 'mashup' option using separate apache virtual hosts on discrete sites for things like room bookings and VLE. all the services authenticate to the same LDAP (apache provides layered auth to AD). it's tied together with drupal (similar to joomla). Some of the sites appear as one as they share similar themes. things like zimbra email and the helpdesk are just a link to another server.
|______ Staff Intranet (via ldap auth)
| |__________ Room Booking
| |__________ Helpdesk
| |__________ Other stuff to do with staff only
|______ Student Intranet (via ldap auth)
|__________ Stuff to do with pupils only (i.e. Announcements)