I have moved your post to the ePO forum for better attention.
I have PCs that are not part of the domain that have the agent installed on them and they get policies and updates etc fine.
While these are local (we have no remote sites) i'm sure there shouldn't be too many issues. What you will have to worry about are things like connection rates (do you need a remote repository, Agent Handler etc) and how to get the agent installed (account rights etc)
Maybe someone else with more experience in this area can provide some guidance.
If I recall correctly, ePO is not domain dependent. For example, my ePO server is not joined to the domain. As long as there is a valid agent on the workstation that is controlled by your ePO server, and communications work, you should be able to do what you normally do with the agent.
Yes, that's correct - about the only time credentials are required is for the initial installation of the agent. So, for example, if there is no trust between the domains, you won't be able to send the agent install (or "push" install) from the ePO server. But if you can install the agent via some other method then the clients should be able to communicate with, ande be controlled by, the ePO server without problems.