Just because you are given the option in the installer, doesn't mean it's correct to do it.

For a small install with a beefy server, running everything on one box is doable.

However, get above a couple dozen users, sending a couple hundred messages a day, all logged into the web client for 8 hours a day, and running an AV/AS tool all the time becomes a resource drain.

We have 2100 web client users, 50-ish Blackberry users, several dozen ActiveSync users, and a handful of IMAP users on our Zimbra install. However, we process over 5 million messages a month through our SMTP gateway, with over 4 million of those blocked as spam.

Would you really want that AV/AS scanner running on the Zimbra (or Exchange, or any mail host) box?? Or would you separate that onto a separate box, so that the main mail host just handles legitimate messages?

By separating things out like that, we're able to run Zimbra in a VM with 2 virtual CPUs and 8 GB of RAM, with 8 other VMs (including Windows XP and 2003 VMs) running on the same 4-core host system. Our mail gateway box is a dual-core box with 6 GB of RAM sitting at about 30% CPU usage and 80% RAM usage 24/7.