Well played. This is, in fact, the best way to do it. The only thing I would alter in your approach, is to have each instance on a server go by a standard naming convention, I use the following: server_X_instance. Then you make your "all servers" smart group exclude all servers where "_X_" is in the name. This way your routine jobs such as "push acls" and "update server properties" (etc.) only run once on a host.
This is the best way to do it until bladelogic introduces the ability to deploy to component templates.
Thanks Adam! I hadn't considered that the routine jobs would run multiple times. I've requested my DNS aliases be created with a tag for easy filtering now.