For small installations (less than 30 concurrent phone calls) a virtual server running on modern hardware is more than sufficient.
For demanding use-cases, it is recommended that any real-time processes (such as the TURN server or a soft PBX like Asterisk or FreeSWITCH) be on dedicated servers while it may still be possible for the SIP proxy or XMPP server to be on a virtual server.
Yes. Even if you don't care too much about security or privacy, TLS helps to reduce the risk of nuisance calls from spammers and the risk of impersonation and it also eliminates a range of problems caused by SIP-aware routers that try to modify SIP messages to help them through NAT.