Awesome post!
I just have some tips to adding. When you really close your network with database + app adding an extra layer of protection with password are maybe redundant.
You database is only access by your private network, no internet connections are available (particularity, I prefer accessing the database instance just by accessing other secure instance and then accessing that).
I'm not entire sure about the 3.0 version of mongodb, but the previous versions, the authentication mechanism is ver simple and not much efficient.