Yeah using a dedicated box is definitely the best way to do it. You can also virtualize the same thing with VM's , however it does come at a trade off of decreased security of the guest OS versus running it on baremetal. Although you also need to take into consideration that the attacker probably just passively watches destinations of interest, so in practice they don't likely need to own your exit node, only your entry guard. If there are 900 entry guards and the attacker owns 100 of them, they own 1/9 entry guards. You select three entry guards every month to two months, and every time you do the chances the attacker owns one of them is 1/3.