Nextcloud best practice

I had one UCS as LDAP Server with Kopano and Z-Push.
I want to install nextcloud with kopano files to share big files with external users.

What is the best practice installation for this?
Should I install a separate univention nextcloud appliance or can I install the nextcloud app on my UCS LDAP with Kopano server?

Is it best for security to use a separate nextcloud appliance with defined firewall rules?

best regards