To go on prem you have to install an agent behind your firewall. The only requirement is that the agent needs to be able to reach out to Azure DevOps (formerly known as VSTS) and the agent needs to be able to reach whatever machine it is deploying to. You can even install the agent on the machine you want to deploy to, but that is not required.
Independent of the tools you end up using, your changes to your DB should sit alongside your code changes so everything gets PR'ed together and versioned together. SSDT uses state/model based to manage db changes. Some other tools, like RedGate uses migrations based (from one version to the next). Either one of these approaches work. I'm kind of a fan of migrations based changes as it gives me finer grained control over how I manage my data from one version change to the next.