I am not sure about best practices, but I always turn off auto updates on Win Server for FMS. I have had it do auto restarts in the past and that is no good.
You will generally be better better off with a cloud server than a Mac mini. SSL is easier to deal with in the cloud vs LAN. The infrastructure of a hosting company is better as they usually have backup power, backup servers, server image backups, better bandwidth...the list goes on.
I run without virus software. Some people run with it and exclude FMS folders. Hopefully you get some feedback from those people.
My company does Data Center services, but no experience with FileMaker. So I do not think that will fly. Currently I am using the developer license. It meets our limited needs. Also, it is exposing the company to what FileMaker Pro is and how we are using it.
The Data Center manager has built my virtual server but I am responsible for its operation. From the AP/Financial side, what we do is supplemental to the accounting software. Out of necessity, we have begun our Data Center billing from my FMP app to Great Plains. I actually want to move it totally into Great Plains but I have been told "what you are doing works well. Do not change anything."