Wow, you continue to make incorrect assumptions about me. Having systems with security vulns is a terrible idea even if you try to segment on their own vlan. Always assume your network has already been compromised. Furthermore, I don’t like the idea of having a dedicated vm just for this purpose...