Re: Why not just request the center to install it 
I appreciate your continued patience in the following for those of us in IT that are research-facing but with limited, if any, HPC privileges.
I’m trying (perhaps naively so - to the extent that every datacenter is different) here to…
- Justify the resource expenditure for yet another VM web server and
- Anticipate that the datacenter will prefer if not expect that I alone perform all the due diligence and discovery up front before I even broach the subject of deployment of OOD for the institution.
In particular in the interest of security, IMHO it would be nice if there were a single place to go in the docs or otherwise to address the datacenter’s anticipated security concerns for introducing the additional attack surface presented by deploying OOD.
Arguably, I would be remiss if I failed to anticipate the above argument.
In just a cursory search at the documentation and support issues, I see the following.
Docs:
2. Authentication
3. Secure Apache httpd
Support: Preventing a JS Attack?
Comments welcome, and thanks again.