The Enterprise Security (ES) search head should be installed on a server with a new install of Splunk. This ensures that the ES application has a dedicated Splunk instance, free from any existing configurations or data that could interfere with its operation. This setup is optimal for performance and stability, as ES requires significant resources and specific configurations that are best managed in a fresh installation.