Most of the hardening recommendations would be pretty standard. Use an SSL certificate on the sites. Specify Windows Authentication for the personalization and management sites when setting them up in the SCP (Server Configuration Portal).
If you specify Windows Authentication and you're doing load balancing, you'll want to check out the load balancing best practice guide here: BP01 - Load Balancing Best Practice Guide
Thanks and I have already specified the use of SSL, load balancing and Windows authentication.
This is a new design for a particularly secure environment and we have to harden every server over and above the default installation, and this includes IIS hardening. Some vendors include recommendations for this such as disabling IIS features not required and disallowing unlisted file extensions and verbs in http request filtering settings etc. If there are no specific guidelines from Ivanti, I guess we will have to apply the MS security baselines and see if this breaks any functionality.
In regards to disabling the IIS features, the installer only installs the necessary features needed for the Management Server or Personalization Server depending on what you installed when running setup.exe. If you run the MSIs direct you have to install the features manually. That being the case its already a minimal installation as far as features go.
I was literally going to say the same thing Landon did. Also, if you do lock down the system any further, be sure to run the SCP and check for variances to make sure nothing is broken.