1) Ok
2) No, based on your topology you would need 2 x 2 Mbps. At a minimum one server running ESXi, one virtual fw would be required and one Wanos VM. Number of public IPs would probably be two, but depends if the firewall/router can route on the same interface on which the L3 VPN terminates.
3) Private cloud. Details emailed.