There are lots of ways this can go. A lot depends on the number of branch offices, how they communicate internally, how they connect externally, the number of extensions at each off, the total number of extensions, etc.
For small numbers and good interconnectivity, the VPN is a good solution. For large numbers of offices with a small number of phones, the VPN configuration at the head end might get a little intense. If you already have VPNs running, or want to implement VPNs, this is a good way to justify that decision.
If you have poor interconnectivity or poor internet service at one or more location, a stand-alone system might be the right choice.
If your locations have static IP address (as most commercial spaces should), you could also (I can’t believe I’m saying this) consider cloud services for all of your phones. Of course, that depends on good connectivity again, but is a good option.
If you have mobile users (phones that travel), setting up a system that relies on VPN is another good solution. If you go that route, you can implement it with a single server or multiple servers (depending on how your outbound caller ID needs to look).
In other words, there are many factors that go into this decision. If you can use a stepwise approach (do the main office first, then implement whatever solution you want at one of the branches and repeat) you might find that a hybrid of these solutions ends up being the way to go.