Re:How to secure server
I haven't received an official secure setup recommendation from HC regarding this but I can let you know how I have configured my servers. I feel that it is secure enough for my purposes.
I have an ISA 2006 server in the DMZ with an SSL certificate that has an HTTPS listener. When the ISA Server receives any HTTPS requests it forwards the request via HTTPS to the internal HC web server. In this way the ISA server takes care of any requests from the internet and the HC web server is not open to the Internet at all. Simple to setup too.
There are a couple of simple registry changes to make within the ISA Server as there is a potential security hole that needs to be closed. I know of this because a previous implementation I did with ISA server was scanned by a security company to receive a security compliance certificate. Once the registry changes were made the security scan passed.
If anyone is interested and wants more technical detail I am happy to help.