This is what I know about the remote management service. To put things straight first, the RMS is not really a service. You just configure an RMS client on one server (the Prod machine) to reach out for another server (in your case the Dev machine) and pull ("import") tasks from Dev to Prod.
- AFAIK RMS only uses port 4799.
- TCP is the one.
- Unidirectional or bidirectional? This is an ambiguous question. Allmost all protocols on the net are bidirectional, meaning that they use handshake mechanisms to reliably talk to each other = data flying in either direction. If you mean "do I have to open both firewalls", then the answer is no if you only want the Prod machine be the client. In that case the firewall on Dev must be properly configured to allow access to tasks and configurations. And all of this only applies if IT doesn't block outgoing traffic on your server machine(s).