With our Policy Servers we have split them so that most serve only auth/az traffic from agents. We then have a few that are used exclusively for admin activities like policy management and migration. I expect this is a pretty standard pattern as it is recommended by CA.
For the SPS is a similar pattern also worthwhile? i.e. specific servers to host /proxyui/ and different servers to host client requests? Or would it be deemed too much overhead for minimal gain?
The question asked is a bit general and I would recommend to run some load test to determine what you need. I believe is good idea to have /proxyui server separate from the servers to host client request.
This is the best approach when we talk about load and performance. Alternatively, CA Services might able to help for the load and performance tuning.
Apologies, I was actually thinking about the segregation from a security perspective rather than load related but you make a very valid point. Deploying /proxyui will have a resource footprint so removing that from client serving hosts makes a lot of sense.
Taking security and load into account this is becoming a no brainer. I'm also curious as to what others have done.