Unfortunataly, I have never used SagePay, so I cant help as much. So, when you did VSP server, the checkout.php page did not have fields for the credit card data? I would think it should have. The confirm.php you sent me did have code at the top that was expecting credit card post data from checkout.php, and there were hidden variables, that were posting that data to sagePay.
Yes, that is one drawback of remote checkout, vs local checkout.
With remote checkout, you do not need an ssl certificate (which I see you have), but remote checkout makes it harder to send email receipts.
Also, remote checkout is a little harder to debug if the gateway is sending you errors, but the article I sent you the link to helps with that.