Ideally, Security for Microsoft SharePoint should be installed on all servers where SharePoint is installed. But, this action isn't desirable in all instances, such as on indexing servers where each indexed file is scanned by the On-Access Scanner. This continual scanning can have a severe negative effect on performance.
We recommend that you install Security for Microsoft SharePoint on the following servers within the server farm:
- All Web Front-End (WFE) servers that host Portal sites.
- All WFE servers that host Windows SharePoint Services team sites.
- Any WFE server that redirects traffic to another SharePoint role in the farm, and on the destination SharePoint role to which traffic is redirected. This action is needed because the redirected traffic doesn't pass through Security for Microsoft SharePoint on the WFE.
Security for Microsoft SharePoint isn’t needed on the server types below:
- Application servers
NOTE: When you configure on-demand or scheduled scans in an environment where Security for Microsoft SharePoint isn't installed on the application servers, the entire database contents are retrieved from the application servers and streamed over the network to the WFE for scanning. In such cases, it can be beneficial to install Security for Microsoft SharePoint locally on the application servers to minimize bandwidth usage.
- Search Servers
- Index Management Servers
NOTE: If you choose to install Security for Microsoft SharePoint on an indexing server, make sure that indexing is scheduled to occur during off-peak hours to minimize the impact of On-Access scanning on server performance.
- Job Servers
- Microsoft SQL Servers
