We currently have `iron` as the "ops-only" bastion. I'm not sure why! I've inquired a number of times and I don't remember ever hearing a satisfactory answer.
I personally don't use it, relying on the other bastions instead. I have never have done so. I guess it did make some sense when people used SSH agent forwarding (I never did that) but nowadays that's blocked across the fleet. I tend to use the local-to-the-DC bastion, as a) I get annoyed by the lag introduced by crossing the atlantic twice when I'm operating on esams machines, b) I need to have a workflow to deal with network-level issues (packet loss and outages) and relying only on iron is a bad idea for that.
So… is there any reason to keep having it as a distinct box? I am aware we have the password store there but now that's also gpg-encrypted, so we can use any other server, ops-specific (e.g. puppetmaster) or even the public bastion(s).