Always use procr, you don't need CLANs anymore.
Far end domain is because SM's dial plan can factor in what domain the call was for - like 1234@ivr.customer.com or 1234@pstnsiptrunks.customer.com.
SM can use one entity for CM and have one entity link to it, but CM can have multiple signaling and trunk groups to that same SM. So, you'd ideally have a different trunk per application in CM for every application hanging off SM - and if you use different domains in the sig groups, when CM gets a SIP invite from SM, say @ivr.customer.com, it will pick the signaling group with that far end domain name.
You can also use different ports in SM/CM, but CM has a max of 16 TLS links - which is a IP/port combination - so 100 trunks to the same SM on the same TLS port would count as 1, but connecting 16 TLS sig groups on 16 different ports to one SM would max out your CM. Port based routing is just easier to segregate traffic because you'll have different entities/entity links for those ports to manage.
Poke around the "implementing end to end sip" doc!
