Planning to set up a terminal server for a customer. They have a small LAN with 3 or 4 users and is running an application (CRM) with sensitive data. The idea is to put this application on a terminal server (Win 2008 server) and give access to the users. The open part of the LAN could be a simple workgroup where they have Internet access and email only.
I've been told that I need a separate domain controller in order to take care of the therminal server security, and also that the terminal server services should not run on the domain controller. This means 2 servers in this small LAN. Is this so? Is it possible to get proper security without a domain controller?