The SDAIA security appliance is designed to be deployed on a campus network perimeter or DMZ.  While the target user base are open science networks that employ the Science DMZ model, the appliance can be deployed in any number of suitable locations.  It's primary purpose is to be "visible" to outside attackers and collect intelligence on their activities, whether they be automated or targeted.  To that end we recommend that the appliance have large number of allocated but unused IPs routed to it.  This allows the appliance's "honeypot" capabilities to react and gather data from illegitimate activity.  Alternatively, the appliance's honeypot can be assign IPs individually up to 32 (which hits a Linux kernel limit)–although typically this kind of network setup only uses 2 or 3 interfaces for the honeypot.