I both understand and can see the value in the eventual connecting of the dots between LEM and NTA/Orion. The value is for the correlation/thresholds/alerting of such data. However, with that said I think there is also significant value in having LEM be a stand-alone virtual appliance. We have and use Orion and it's not an insignificant product to manage requiring multiple windows systems, SQL Server, etc. LEM is a self-contained appliance and having it remain a self contained security appliance represents a significant value; even if it were eventually to be of a more modular design where you had multiple virtual-appliances where some of the roles were broken out.
On a separate note: I also see this being a more difficult pitch to people that don't already have Orion in place because you need NPM to have NTA so now to get flow data into your security solution you would need to purchase two more products not to mention SQL Server (which is not cheap); as a consumer I would likely look for a different solution in this situation.