Guys please share with me your expirience
What is recommended deployment architecture for Exchange distributed environment?:
Mailbox, HUB/CAS, Edge roles are on the separate servers servers.
Does it makes sense to install Group Shield on each of the listed servers or maybe there are any specific recommendadtions on this case?
If we concretize: we need to know on what exchange role we need to install the Gateway component, and on what role we need to install the Mailbox component of the GroupShield(McAfee Security for Microsoft Exchange)?
make sure that you install msme 7.6 with patch1. that is the latest version of groupshield.
for the installs you will want to have msme on the edge and hub servers as a minimum. msme can also be installed to the mailbox server but it isn't a must. the reason for this is that all mail has to go through the hub before going to another mailbox. if you don't install on the mailbox server you would lose being able to run on demand scans and mail wouldn't get removed from the users mailbox if it triggered a detection. however, it would still get picked up by the hub so no infected email would be able to spread.
i would suggest to look at our best practice guide for msme.
also with msme the install will detect the exchange role that is installed and install the necessary scanning components for that role.