bill001g :
Before you get to far buying firewalls and setting up vlans etc I would check the pricing on hosting. They handle a lot of this stuff for you. This is especially true if you have a critical business server, you still only have 1 internet connection and I suspect you do not have a generator to backup your UPS if you have them.
It seem every company large and small is going to hosting rather than running their own servers. I suppose it partially depends on if you paying someone to maintain your server or how much you value your own time doing that than other revenue generating work.
I believe while hosting is a better option for those without knowledge. In most cases it is not a cheaper option for someone with knowledge.
With knowledge, you can make a business grade firewall for under $300 that will last for years. With knowledge you can host your own website. With knowledge you can use free services like Cloudflare with your website to protect from DOS\DDOS attacks and lesson the resources required from your network with caching from another provider etc...
I run 4 wordpress sites from home. Which I also have cached and protected with Cloudflare free services. It has been enough to protect my system for last two years without issues... and I pay nothing other then my power costs and the domain name. To host 4 sites with a decent provider would for sure cost more.
So it really depends on if he want's to learn how to do all this himself or if he wants to take the easy route use a hosting provider.
I personally took the self hosting option and learned so much doing so. For anyone interested in technology. I'd suggest they at least try it for themselves to find the pros and cons on their own. You can always move to a hosted service later if the cons become to great to manage on your own.