Regarding the hub there are a few considerations you may have. You can configure it either as VPN Concentrator or in Routed mode and locate it inside you DC somewhere, or you can configure it in Routed mode, and place it as an Edge firewall. Both will work in terms of the Meraki SD-WAN.

Routed mode, Edge Firewall

If you place the Hub MX as an edge firewall (routed mode) you will need a separate Public IP address for it. If you need redundancy in terms of Warm Spare (VRRP) you'll need two IP addresses (perhaps even three, if you go for a Virtual IP, which is prefererable).

As mentionend first, you also have the opportunity to place it inside your DC, as either Passthrough/VPN Concentrator or Routed mode. What to choose really depends on preference and current Topology.

Routed mode, Inside DC

In Routed mode, you have the opportunity to segment networks in VLANs inside you DC, and advertise each vlan/subnet you wish to the rest of the SDWAN topology (spokes/branches). What ever VLAN you configure in the Hub to be advertised, each spoke will learn of it. On the DC side, this means you'll have to manage the VLANs, route traffic appropiately, etc.

Concentrator, Inside DC

With regards to the Concentrator mode, you just have to think of it as a single endpoint device, which terminates a series of Site-to-Site VPN connections. It's only connected on its Internet port, and all traffic is routed in and out of that interface. You have a single VLAN, so you'll have to route everything internally in your DC. Typically the MX will have a Default Gateway, and the device where this relies will have routes for Spokes subnets pointing towards the MX Hub. In conecntrator mode, you have the added benefit of OSPF support, so instead of routing statically back and forth, the MX Hub can advertise its spoke subnets upstream. But the MX Hub will not learn subnets.

Really, there's not right or wrong. But it depends on the current topolgy and your own preference.