We usually find the performance is degrading because the hardware is not up to scratch. It may have worked fine, when first implemented, but as the database and number of users grew, their hardware didn't scale so well.
The first and most important rule is to have a dedicated SQL Server. This means that the machine is running SQL Server and nothing else. By doing so, you're able to tune the hardware in a much more granular and effective fashion than if the machine was acting as a mail, web, kitchen sink, etc server.
Now, what hardware specifications should the SQL server machine have ? This depends largely on the expected number of concurrent users, the size of the database, and the typical loads the server will face. The following recommendations are based on meeting the requirements of almost all our customers – 25 to 50 concurrent users, with a 10GB database size – and being used in loads that are typical of Jiwa customers – 25% sales order entry, 25% warehouse operations, 25% reporting, 10% Purchasing, 15% other.
CPU - As a general rule, the CPU doesn't need to be cutting edge - whilst your typical desktop class CPU would normally suffice, they don't suit the server class motherboards which have essential features such as ECC memory. So, we would recommend an Intel Xeon (single would suffice, but if you've got a budget to consume, dual socket would be a bonus).
Memory - As mentioned above ECC memory is recommended, and 4GB or more would be ideal. Keep in mind to access anything above 3.5GB, you would need Windows Server 2003 (or 2008) 64 bit and SQL Server 2005 (or 2008) 64 bit.
Disk - SCSI RAID. A good, caching SCSI raid controller. For best performance 15K drives. Probably several drives in RAID 1+0 for getting the most out of performance and redundancy.
EDIT : As per the post below by Hyperus, the disk configuration ideally would be :
C: - Raid-1 - (System, Swap, TMP, boot) - easy to snapshot for DR
D: - Raid-1 - (Databases, General Data)
E: - Raid-1 - (DB transaction Logs, System State Backups)
If you really want performance, make 3 raid 1+0 arrays instead
Don't be cheap and use a single disk. Don't expect performance from desktop class drives or raid controllers.
Power - Redundant power supplies aren't essential, but you'd be glad you opted for them when a power supply fails (they all fail, given time).
Backup strategy - This is often overlooked, and always regretted. Formulate a backup strategy for the data and the machine. Consult your system engineer to devise a backup and disaster recovery strategy that would work for your business.
Make sure that your strategy includes regular tests. About every 6 months or so, we hear from a customer who discovers - after their server is stolen, burnt to the ground, or simply failed - that the backups they have dutifully been making do not actually contain the files they need to recover.
Maintain a healthy sense of paranoia when it comes to your backups - check them once a month to ensure you could recover your data, if your server suddenly went away one day.
If anyone else has some recommendations, feel free to make them!