Ryan, I would never put my SQL Server in the DMZ, just the webservers and have them point to the SQL Server in the internal zone. If you have no choice then I understand, but your surface area for attack is quite large that way. The sites will go down when you bring down SQL. You need two boxes to do it correctly. I guess you could run 2 SQL Server Hives on the one box and just update the hives independently when you do updates. But if you update OS then obviously everything will go down.