So I know this is not the forum for it but just briefly if you don't mind: You have a VM that runs (a) your work environment and ( a server? Or seperate machines?
I have built PCs and know my way around them somewhat but virtualization and networking (a.o VPN, proxies) are simply not my forte.
Well, if you check my "rackmount" link ....
I have a storage server, and I have a separate VM server (HyperV). My work VM is a dedicated VM on HyperV that is running all the time, and joined to the storage server's domain. Since the storage server is using Essentials, and I have the website configured, that means that "Remote Desktop Gateway" is setup automatically. Remote Desktop Gateway is basically like a VPN for RDP, so it's as secure as your SSL certificate is.
And I'm running Windows 10 in the VM.
As for Essentials, it does support Hyper-V but only in very specific configuration, for a specific reason. using it outside of that is outside the scope of it's license.
As for Server Standard, you get the "rights" for 2 VMs, so you could use Server for one of the work environments. But I HIGHLY recommend against this, as some applications/programs will not run on a Server OS.
IIRC, you also get "downgrade rights" to essentials, so you could run Essentials in one VM, and Standard as the host and another VM. Then if you have additional WIndows licenses, you can run those in VMs as well.
But this all gets expensive quickly.
As for SQL Server ... I would highly recommend dedicated hardware for it. It may not be necessary for home use, but ... SQL servers are resource expensive. A seperate VM with just it would be a good idea, and running it on a dedicated SSD would be a good idea, as well.
As for VPN, if you have your router/server connecting to a VPN, it can make hosting services a nightmare....
As for WHS2011... WSE (essentials) can be configured the same way, just look up the "skipdomainjoin" stuff.
As for dual NICs, yes, at least with HyperV. You should have a "management" NIC that is only meant for connecting the host to the network, and then a second NIC to dedicate to VMs (eg, don't enable "allow management OS to share this network adapter)
As for licensing ... yeah, this stuff gets complicated. It's why having an MSDN account suddenly becomes a huge asset. It's expensive, but ... man does it make things easier.
As for CAL's .... yes. At least for Server Standard or DataCenter. Essentials doesn't require CALs, which is why it's so nice. And I mean the SKU, not the role. If you install the "Windows Server Essentials Experience" role on standard or datacenter, you're still supposed to use CALs...
And these are very expensive. But not strictly "required". It's more of those "on faith, until your audited" things.