I agree that it is best to separate them because if you have to scale your cluster later it will be helpful. I also personally recommend putting nginx or apache in front of Kibana and proxy passing 80 -> 443 -> whatever internal port and IP you use for kibana to make it easier for you users to just type the url in their browser. This also allows you to use htaccess (although htaccess is unnecessary now for logins since they added users and roles to the basic license recently) and set up SSL in nginx or apache. Doing so also gives you an opportunity to try out all the beats on your kibana box so you can enable metricbeat and filebeat modules for apache to see the dashboards.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.