A PKI is only fully functional if all the services provided by it are fully operational. This include not only things like OCSP and SCEP but the public gateway as well. Many people think it is enough if the OCSP and one CDP keeps working but this is not sufficient. The first reason being that most applications don't understand OCSP. The second problem is that the last running CDP might only support LDAP, regardless of the fact that there are applications which only support HTTP. Even more problematic is a single running HTTPS CDP. The core mistake in the assumption is the meaning of fully operational. A PKI is not fully operational if only the CDPs still work. Nobody can download a new certificate or the certificate of an existing user in such a state. The PKI would still be secure but it would not be operational!
In a time of server consolidation and omnipresent networks it is important to understand that all public PKI services must be available after a single failure. This includes network and power outages. A second fiber only helps if it is not in same pipe like the other one. Digging crews don't differentiate between the fibers if they accidentally cut a pipe! I know this situation really well :( If you have big distributed unit then it is recommended that at the minimum two of these units run the public interface. In this case you should also have independent interconnects.