1 machine per role (upload, bits, text, mobile), each having a public IP
Might need one for RCStream
An internal varnish for the SOA stuff (shared one for all oid services)
An internal varnish for Parsoid cache since in prod it is a dedicated one
/!\ lot of hiera work ahead