A bastion host is a jump-host that the orchestration engine uses to access all compute nodes in a private network. An admin network is a private network connecting to all compute nodes. The orchestration engine uses the admin network for provisioning. The following tutorial shows how you can define a bastion host and an admin network in the topology.
In the previous tutorial design your first application, we did not define a bastion host because the designer chooses one for you automatically. In best pratice, you should define a bastion host and an admin network so that you can fully control which compute node and over which private network the provisioning is done.