When architecting systems to run applications I take the approach of writing a configuration script before I even start deploying the operating system for the first time. Once I have put together what will be the required configurations that I will need to make in a configuration script I will then start testing this configuration by deploying a VM and running through the scripts by hand until the system is configured how I need it. Then I deploy it again on an new OS installation and test some more.
Understanding what to configure can take some time. A good place to not only start learning but to also keep your information up-to-date is the Center for Internet Security website.
The CIS is a non-profit organization which does neat things such as publish configuration benchmarks which can be applied to help secure your production servers. The benchmarks make great configuration guides and when implemented in configuration management scripts you will be able to version control, change, and re-apply these configurations at ease, a key to DevOps.
By spending effort up front on creating and maintaining these configurations you will be able to build a better, more secure application and will ultimately save a lot of time when you get to your production deployments.
Have a great day!
Paul
