As we were preparing to go live with our solution, we realized we should write it all down so we wouldn't forget anything. Then we realized it might be good to share the process with anyone who might be following this story.
Our environment complicates our solution a bit, so it might help to explain it. Many of the steps below can be eliminated in a more "typical" situation.
The first installation was for a support group whose site is pretty much only available to members. The "expert" was someone who had made some presentations to the group, but does not, herself, meet membership requirements. So the expert had to be kept out of most areas of the site, yet allowed to get to enough to be able to answer the questions. This required a new role be defined and locked down.
Some of these steps may seem obvious, but I'm including them because this article stemmed from my own planning sheet.
Add "ask question" to "authenicated users" so members get it too.
The process is really not that different than most new module installations. We needed to be careful here because of the security concern. You probably already do most of the steps above anyway; you've just never written them down.