Should I publish http://x.x.x.x/MsDeployAgentService for a public IIS server?

Webdeploy is very convenient from Visual Studio 2010. Today I am using it to publish my project via a remote deploy agent (http:开发者_StackOverflow//x.x.x.x/MsDeployAgentService) to a production web server facing Internet.

Although administrator password is required, is it a good practice to leave http://x.x.x.x/MsDeployAgentService accessible to everyone or should I care more about the security of this subpath so that it cannot be accessed from Internet?

If I need to allow deployment only from certain internal URLs, how do I secure the deployment agent service?

---

It seems pretty secure as a few shared hosts are using it for their clients.

Security note

Set it up so that you are using IIS managers and not Windows Logins. There is an implicit restriction on what IIS managers can do, rather than Windows, and passing out Windows logins means access via RDP to the server (usually)