Hi,
"test lab" means that Symantec Support team does not support such architecture. It is only for testing the software.
"could Network Discover/Prevent components be installed in virtual invironment on the same physical server where the Enforce-Endpoint-Oracle are set up in single-tier installation" - yes, I have such architecture in VMware environment.
"Will this work for one physical server with one NIC?" - yes, as deniskattithara said only Network Monitor required two NIC.
Regards.