He's gone to the great paragraph 400 in the sky.
... I really hope you mean back into alpha
...150+ new security flaws added
Who cares if you can intercept the private encryption key (not often you get to say that) - seriously, noone with a brain is going to be uploading sensitive data to Mega and expecting them to take care of it. There are no multinationals sitting in the wings waiting to outsource storage of their customer's credit card numbers to Mega. This is just supposed to be Megaupload minus the ability for the recording industry to demand all copies of the same file get deleted and minus the ability for the FBI to be able to ask Mega a question and get an answer about what's stored.
Since you want to be the IT admin guy off the side of your desk, the short answer is - can you manage it on a NAS? If not then stick with what you know and focus on your day job - the first time you have to spend 2 days fixing or configuring something that's new you'll have blown any cost savings from getting a server anyway. I run what you're describing, though I let the router handle VPN access. If you stick with Windows Server, everything you want to try and do will have a solution you can find in 2 mins on Google, if you go onto a proprietary NAS you will end up working around a lot of things to get them how you need them - Offline files for your users will be a little bit cranky, how you do backups will be limited to the NAS' interface, if you want your security settings 'just-so' (presumably important in your industry) you'll need to make sure the NAS software can cope with that.
Not enough information, you'll have something like failure possibilities in: the physical server, the VMs, the SQL Server instance, the Hard Disks, the hypervisor, the POS application, the queries, the backup process, the restore process, etc. All of them have tried and trusted solutions, but you need to establish what you're tackling first. If the answer is 'all of them' and you don't want to break it down and think about each item then you're better off pushing the problem out to an expert to manage it for you, you can take a range of hosted solutions or get someone to remote or local manage your infrastructure for you.