But using Tails in VMs isn't recommended. Better is using Whonix, because it isolates the Tor client and userland in separate VMs. It also has a LiveCD mode. And for added security, you can run it in Qubes.
Funny that you namedrop like three security products but fail to evaluate which hypervisor should be used, which is probably the most important part of a secure environment if unauthorized code execution fits in your threat model.
Sorry. Whonix, by default for non-expert users, runs in VirtualBox. You can also use KVM. And Qubes basically uses Xen.
My threat model is mainly about preventing potential adversaries from learning my ISP-assigned IP address. I don't care all that much if a VM, or even a host machine, gets pwned. My stuff is well enough compartmentalized that I'd at most lose some work. But not my privacy.