Hardware and server requirements are primarily dependent upon the required reliability and capacity of the business function. It will determine:
The processing power required by the servers.
Whether redundant servers should be provided in case one fails.
Whether servers should have fault tolerant hardware.
Whether backup power should be provided and the capacity of the backup power.
Security and availability needs will dictate how close the servers should be monitored for errors or intrusions.
Where backup media should be stored.
Questions that will help determine these requirements include:
How many systems will be required? Do systems such as web servers, application servers, or database servers support the system? Is the database on the same server as the web server?
Are the servers supporting the system redundant? Is there only one server providing the functionality? Does the business need require more redundancy?
Do the servers supporting the system have failure tolerant hardware such as RAID for disk storage and redundant power supplies?
Is there a documented installation process for servers including a hardening process?
Is anti-virus installed on the servers and is it kept updated?
Are system updates applied in a timely fashion? Is there an update process?
Are updates tested in a test environment to be sure they will not break server services in production?
Are servers monitored daily for errors or attempts to compromise the server? Are relevant logs, transaction logs, records, and reports monitored regularly?
What operating system and version will operate on each server?
Are servers and their data backed up? How often and what type of backup? (full, incremental)
What media are backups stored on? Is the media kept in a secure location?
Are backups tested to be sure data can be restored from them on a periodic basis such as monthly? How often?
Are the servers located in an environment with environmental controls, physical access control (require ID to enter and log access), and backup power?