Well, that's where it gets a little tricky....
In the old days where vdtm didn't use the microdef technology it was advised to have an antivirus server at each remote site. That way instead of having a full vdb, it was vdb back in those days, download to each client you'd have one vdb download over the wan link to the server then it distributes the vdb file over the lan.
Now since they use the microdef technology, or something like it, you can actually have clients over a wan link. Actually in my design at my other job I kept all of my secondary servers at the remote sites. They were already there anyway, plus I like having a local server at the site because of all the communication that happens between the client and server (keep alive packets).
In your case it depends totally on your wan link and how fat the pipe is between your sites. If you have a large pipe between the sites and only 15 clients at the remote site it's not an issue to put them on the primary. If you don't have a large pipe I'd keep the secondary at the remote site and download definitions during the off-peak time of the day.
Of course I also say that because I'm a fan of having at least two antivirus servers in a server group for failover... :-)