I'm very fond of the very inexpensive network appliances. The home/SOHO appliances that are available for about US$60 provide an amazing feature set and they only use a few milliwatts of electricity. The file server appliances appear to be overpriced or lacking in features such as SSH connections to clients. (Oh. Wait. Windows doesn't have SSH either. Guess we'll have to use Unix or Linux for file servers and put SSH on the Windows clients via add on software such as Putty.)

On the other hand a server running a full featured operating system, can be much more flexible and more effective. If the operating system is NOT a Microsoft product then the server can also be more secure than an appliance. You can add software to do whatever you want to do on a server running a full featured operating system. For example a SOHO router will not include network intrusion detection. You can have a server running some IDS software that also does everything that the SOHO appliance does and much more, all in one box. The full featured operating system can provide DCHP, NAT, firewall, net packet filtering, and other goodies just like the SOHO router. On the other hand the SOHO router cannot keep an extensive log of intrusion detection attempts or even detect intrusion attempts. The SOHO appliance cannot provide a web proxy with web page caching. Nor can the SOHO appliance analyze email for viruses.

If bugs are found in net appliance firmware it is probably not going to be fixed any time soon. Software applications running on a full featured operating system are very likely to be fixed in a short time after discovery of problems.

I believe that an integrated environment built on machines using a full featured operating system at critical locations and several SOHO routers can be a very good value and provide a robust environment. For example you could have a machine running a full featured operating system between your LAN and the Internet. You could set this up as a bridge that implements firewall, web caching, intrusion detection, address blacklisting, corporate Nanny software, VPN, email spam and virus filtering, and other functions. Since it is configured as a bridge it does not need an IP address. This makes it more difficult to detect its presence. This bridge could then be attached on the LAN side to a SOHO router to provide DHCP. NAT, and other functions. If the corporate LAN is large enough to require VLANs or subnets then having inexpensive routers provide that function can be very economical. The full featured operating system machine acting as a bridge does the stuff that has to be done between the corporate LAN and the Internet while the SOHO routers provide basic router functions for each subnet at very low cost.

That's basically how I look at these choices. Properly deploying a mix of expensive + full featured with the inexpensive + basic featured boxes can provide a good environment at a reasonable cost. IMO.

The only weakness in this type of a system is that if a virus gets into the LAN then the SOHO routers won't stop it from propagating. Expensive CISCO enterprise class routers, which still qualify as being network appliances, claim to be able to do this sort of thing so you may want to use them on the LAN. You can still benefit from having a machine running a full featured operating system sitting between the corporate LAN and the Internet as described above.