diff --git a/tex/part-practical.tex b/tex/part-practical.tex
index f83337b..3de74f4 100644
--- a/tex/part-practical.tex
+++ b/tex/part-practical.tex
@@ -1164,13 +1164,34 @@ checking of all paths, not just the \emph{happy path} where there are no
 issues.
 
 
-\n{2}{Testing environment}
+\n{2}{Test environment}
 
-The application has been deployed in a testing environment on author's modest
+The application has been deployed in a test environment on author's modest
 Virtual Private Server (VPS) at \texttt{https://testpcmt.dotya.ml}, protected
 by \emph{Let's Encrypt}\allowbreak issued, short-lived, ECDSA
 \texttt{secp384r1} curve TLS certificate, and configured with strict CSP. It is
-a testing instance; therefore, limits to prevent abuse might be imposed.
+a test instance; therefore limits (and rate-limits) to prevent abuse might be
+imposed.
+
+The application in the test environment is available over both modern IPv6 and
+legacy IPv4 protocols, to maximise accessibility. Redirects have been set up
+from plain HTTP to HTTPS, as well as from \texttt{www} to non-\texttt{www}
+domain. The subject domain configuration has been hardened with a \texttt{CAA}
+record limiting certificate authorities (CAs) that are able to issue TLS
+certificates for it (and let them be trusted by validating clients).
+Additionally, the main domain (\texttt{dotya.ml}) had enabled \textit{HTTP
+Strict Transport Security} (HSTS) including the subdomains quite some time ago
+(consult the preload lists in Firefox/Chrome), which mandates that clients
+speaking HTTP only connect to it (and the subdomains) using TLS.
+
+The whole deployment has been orchestrated using an Ansible\footnotemark{}
+playbook created for this occasion, with the aim to have the whole deployment
+process reliably automated. At the same time, it is now described reasonably
+well in the code. An effort has been made to make the playbook idempotent. Its
+code is available at \url{https://git.dotya.ml/mirre-mt/ansible-pcmt.git}.
+
+\footnotetext{A Nix-ops approach was also considered, however, Ansible was
+pickes as more suitable since the existing host runs Arch.}
 
 
 \n{3}{Deployment validation}