You can use RSA authentication with a single View connection server, there's no technical need to set up an additional security server - though you should have one set up anyway if you're using View for direct external access. RSA authentication is configured per connection server, so if you want some users to continue to use only their AD credentials you will need to set up a replica, configure only one for RSA, and point users to the correct instance.