Hi Sebastian,
Thank you for your question, indeed this is an important topic.
Lei asked to our Product Management team but since this is holiday time in US, let me just give you some inputs regarding your question:
Service insertion was initially planned to embed 3rd party security features within VMC, it was 2 or 3 years ago as the AWS article is showing. But in the meanwhile some events appeared: we switched from NSX-V to NSX-T and we acquired companies and enhance NSX features.
So, based on these events, VMware has decided to choose another option, at least for the mid-term:
- Enhance NSX features into VMC (like in the latest release with L7, IDS-IPS, identity firewall)
- let our customer choose another security vendor by leveraging AWS services (ALB, ELB, 3rd party firewall in marketplace) https://cloud.vmware.com/community/2020/06/08/integrating-aws-application-load-balancing-vmware-cloud-aws/
- or for larger environment including many VPC's or SDDC's, leverage in 1st case a Transit Gateway: https://blogs.vmware.com/networkvirtualization/2020/06/vmware-cloud-on-aws-with-transit-gateway-demo.html/ or build a Transit Connect in 2nd case: https://blogs.vmware.com/networkvirtualization/2020/09/vmware-transit-connect-simplifying-networking-for-vmc.html/
Hope these details are clear and are fully addressing your question!
Cheers