Therefore, the download is only the first step of a rigorous security protocol. Responsible guides accompanying the download emphasize that Expedition should never be placed on a public IP, should be strictly firewalled from all but authorized management hosts, and should have its OS and application components regularly updated. Furthermore, after migration, best practice dictates that the Expedition VM be powered off or destroyed, as it retains sensitive configuration data. The download is not an end, but a temporary, privileged window into the network’s defensive logic.