Cisco’s ACI or VMware’s NSX… Which way should I go?

April 25th, 2016

Chris Minnis
Enterprise Architect

Network Virtualization… the Software Defined Network… both terms are touted as goals for all of our data centers to aspire to. Cisco is a beast in both the networking and server business, and VMware literally invented the X86 virtualization business. Are we to believe these two are now competing face to face with products? I say, “not so fast, my friend.” Each company, and its corresponding product, is trying to take an evolutionary step… a step based on that company and its product lines’ perspective. So, while the internet press would have us believe there’s a head to head competition here, there really isn’t. At least not yet.

We have to start with a brief summary of each product:

VMware NSX:

Networking policies become virtual machines. Load-balancers, firewall… these can be virtual machines as well. VMware has had the concept of virtual switches for some time. Think of NSX as VMware’s next logical step of virtualizing, with more switch features and more networking concepts that can be combined to better work for you.

Many focus on ‘micro-segmentation’ as a great feature of NSX. I would explain this by saying firewall controls are moved from where they’re often found (the network edge or boundary) into potentially each individual virtual machine. This can benefit security configuration. But, this is a networking product. So, I will add that firewalling is just one feature. With NSX, many other features gain a control granularity at the virtual machine layer.

Cisco ACI:

Applications rule here. Cisco has cut to the chase and enabled us to manage our networks based on the needs of the individual applications. ACI can allow you to manage both the physical and virtual network from one point. Components of the solution will also be a combination of physical and virtual, with each playing their best role in solving application issues (hardware has the lowest latency, the highest speed – software has the advantage in ease and flexibility).

So far, these products don’t look that similar. I’ll put a stake in the ground by saying this:

  • Cisco is enabling its software and hardware to support application-focused configuration across networking infrastructure. If your environment is still heavily reliant on non-X86 workloads, ACI will allow you to focus on the applications in your infrastructure and allow you to configure your network in new ways, which may provide a level of control and flexibility you’ve not seen before.
  • VMware is bringing networking features in from the edge, and all the way to the virtual machine, if possible. Micro-segmentation can be a savior in creating a detailed, controlled and secure solution. If your environment is or is almost fully virtualized, you likely have a significant investment in VMware for your infrastructure. NSX is the next logical step, especially with VSAN… all infrastructure resources can now be virtualized. All control and management is centralized. Just remember, if it isn’t a VMware workload, NSX doesn’t effect it.
  • It is conceivable that the right choice for some customers will be employing both products. We’re not all the same! These products are different enough in scope and feature to use side by side, especially in larger environments.

The choice is yours. Every environment being unique, we’re always available for further discussion.

Mainline