I'll summarise a very nice article here:
- Always use public firewall and:
- only expose 80, 443 ports;
- do not open FTP;
- do not open file sharing ports;
- Use two Ethernet ports: one for to serve external requests, one for local access.
- "Keep your load balancer dead simple – use basic round robin".
- Each router and firewall has a standby one.
- Get moderately powerful Web servers with enough storage.
- Run 64bit version of Windows.
- The whole internal network is fully 1Gbit (network cables, routers/switches, NICs etc).
- Only use VPN to access your server.
- Database servers must be the most powerful (RAID 10 Disks, Memory, CPU).
- Store Database files on a separate physical disk.
- Always perform backup and log shipping to different physical disks, preferably on RAID 1.
- Use Windows Clustering for high availability with Storage Area Network.
- RAM, lots of RAM for Database servers (2 GB + 60% of MDF size).
- Get Dual Path Fiber Channel connection to SAN from your servers.
- Have a separate server for moving IIS logs from webserver.
- Have a large detachable external storage like External USB drives.
- Use fast SCSI RAID 1 disks.
- Use separate NIC on all servers that is connected to a separate private network via separate switch for bulk operations.