All hardware no exceptions will be behind our Palo Alto firewall. Access to hardware even within the libraries network will be by request. By default no ingress is allowed.
Furthermore applications are encouraged to use Kemp Application Delivery Service (generically referred to as a Load Balancer) The value of this is determined as the project embarks.
All our new Operating Systems will run Ubuntu Xenial LTE unless an upstream project insists on another distro/version.
We use a sudo enabled user that uses keybased authentication. Place your keys on github to be added to the authorized_keys of this user.
The Operating System for virtual machines will be created using Packer and will ship with:
Configuration and management of software is done using Ansible