To answer your question, I would look to make sure I am looking at the
newest stuff on Technet and MSDN as a lot of documents are best
practices for a particular version of software.
In general you would separate the database and web application as both a
security and performance concern, so it would depend on the needs of
your organization. If you expect a lot of traffic or need to make sure
that the compromise of the IIS server does not compromise the DB, then a
dedicated database server would be the way to go.
-- Mike Burr
Microsoft is conducting an online survey to understand your opinion of the Technet Web site. If you choose to participate, the online survey will be presented to you when you leave the Technet Web site.