If you run a private index (ex. index.mycompany.com) docker will automatically fetch it just like the public index. Protecting this index/registry with authentication is an entirely different beast though...
In a unit file, you would substitute `docker run coreos/subgun` with docker run index.mycompany.com:1234/subgun`. Docker handles the rest as long it can communicate with that network address.
How are (non-public) Docker images handled (as in where are they stored)?
Do they need to be built on each machine before use?