...running each app in a separate VM can't be efficient...
As far as I know, that is "server tactics". For a machine that has to be as reliable and robust as possible, use of resources is not the governing issue.
Placing each application in a seperate VM means that any given application can crash and be restarted without affecting anything else that is running in any way at all. That no doubt uses more resources, but makes the machine overall very robust.