Host Arc Services On-Prem

It seems to me you are in the market for ArcGIS Data Appliance | Documentation

ArcGIS Data Appliance is a content solution with much of the same data that is available through ArcGIS Online services

You could install ArcGIS Enterprise with portal, but that doesn't give you all of the data and services you describe wanting from ArcGIS Online.

Living Atlas and the basemaps are online services. If you are not going to allow ANY Internet access then it does not matter if you have Enterprise or Server, those can host your own data but when you add a basemap from Living Atlas it still pulls from the Esri Internet servers; it bypasses the local server.

I use a proxy service, but I bet getting it to work with licensed LivingAtlas services would be a walk through the fiery perils of authentication and authorization and not worth the effort. I proxy services that run open and wild on the Internet like state-level aerial photos. A proxy could run on your DMZ and keep a cache of tiles accessed so there would be no direct Internet access, would that be legal for you? I've been working with MapProxy. (see Mapproxy.org) and it works fine for web maps but not with Pro! I am not sure about vector tiles, I use it for raster imagery to add reliability and reduce load times. Frustrating that Pro does not work when Web App Builder is fine, but it could be my set up?  GeoWebCache looks promising too (it is part of Geoserver.org) but the docs are so bad I've never gotten it working (except with Geoserver, which is simple). (The developers basically just say "works for me!" and offer no other suggestions and their samples reference defunct services.)  Please get it going and tell me how.

For sharing your own data internally you can use file geodatabases on a local file server if you don't need concurrent editing.  With Enterprise you get what they call "version control", really it's for concurrent editing so it depends on your use cases. If you don't have 2+ people editing for example tax parcels at the same time then you can just use file geodatabases.

You will want to run a local license manager and use concurrent licensing; the default "named user" licensing will want to use the Internet to phone home every time you start a copy of Pro and periodically thereafter. I run ours in a virtual machine running CentOS. I have some detailed notes on that if you want. I tried to Dockerize it with no success. Esri products heartily resist Dockerization, as does Esri support when you ask for help with Docker. ("Don't do that" was their answer to me, then later "look at this cool Kubernetes thing that you can't use!")

The "Data Appliance" thing looks like it's just selected data that you can install locally, for example, a basemap for North America. Sounds like you don't want to manage large collections of files on your local server? I think this could be for an air-gapped server or for a laptop in Antarctica that needs to work all the time. In the olden days they shipped ArcGIS software on things called "discs" 🙂 and you could install the included data and then discover it required a license key to unlock most of it. This is probably the same product, rebranded?

Data Appliance isn't cheap. In a very similar situation as the original poster, we very carefully opened the necessary ports on the firewall so our ArcGIS Portal server and Pro desktops could get to the basemaps at ArcGIS Online. This had the added benefit of allowing Pro's named user authentication through ArcGIS Online to also work for the clients also behind that firewall, so no need to install LIcense Manager locally.

I see this https://enterprise.arcgis.com/en/server/latest/deploy/windows/using-a-forward-proxy-server-with-arcg... but that looks like it's telling Server to use a proxy for outside services it needs, not how to proxy for its clients. I've always assumed when I add a WMS based service to Portal that it would hand a URL to Pro and Pro would talk to the original service. My set up would get a lot simpler if I could get it to act as a proxy and cache.