Thank you for your contribution, Simon. It is appreciated.
First of all, it is absolutely best practice to have completely separate administrator credentials between such systems. But the admin account of the destination shouldn't even be known outside of it ... here is why:
For the RPS to RPS replication using the task type "Replication to a remotely-managed RPS", we recommend that the credentials that are shared from the destination node to the source node (in order to get entered into the source UDP Console) would be a non-admin account. That way, even if the complete source site is compromised, it would not automatically mean the destination RPS is in danger. The non-admin account is not able to log into the UDP Console. It is only able to send replication traffic, but cannot modify or remove older recovery points.
It's correct that the UDP Console is visible via port 8015. That's a desired feature for some admins. Some do the UDP management from their smartphone or tablet via https. And you're correct, this access can be secured on the network level according to each individual's needs.
For additional security concerns - may I ask to keep them in individual tickets, please?
Thank you! Kai Steinbach