For the "secure hosting" issue, most likely only pages related to private information (e.g., checkout forms) need to be processed through https. All the other pages can continue to be processed through http. (I assume that you already have this differentiation since you are running both an eCommerce and non-eCommerce site).
If their existing site is PHP, it *may* be Apache instead of IIS. I think you can get ASP pages to run on Apache, but it's not always a perfect match.
I think that a serious discussion with the new company's IT staff is in order. The "want to remove that separation" sounds like a want and not a need. It may make sense to try to change their "want" into a "don't want." Try to find out why it is so important for them to do it that way.