Just to confirm: the DLL runs on the LAN workstation and needs nothing other than the OS and MTS (plus a connection to the LAN server, of course) to enable it to accept requests and return responses via ASP. What is the optimal hardware for this workstation?

I believe the company's impression that IIS security is a "hole big enough to drive a truck through" (their words) comes largely from articles in the technical press. Their concern that security breaches into this workstation could compromise their entire LAN are not unfounded. It's generally accepted that Novell security is less robust than NT; upgrading to NT Server is a couple of years off. If I could find a comprehensive rebuttal for thier viewpoint or even a straight-forward description of properly implemented security for a case such as theirs, it might be worthwhile to attempt to change a few minds.