Once you know your way around the Cisco ecosystem, using Cisco ACI is not so difficult. It is a global product, so when you change one interface, changes are automatically reflected on every switch. Cisco ACI can connect with both virtualized networks and physical networks.
As with many Cisco solutions, Cisco ACI has a steep learning curve. It is not user-friendly and most of our team would like to see a better GUI. It would be great if we could test upgrades in a simulation before implementing; this could save a lot of rework and downtime.
The key component for us with VMware NSX is the distributed firewall. VMware NSX can segment every application and server based on the ports with which they need to communicate. We can activate the ports we need and disable the ones we don’t. This really helps to keep things very secure and makes VMware NSX very flexible.
We would like to see VMware NSX integrate better with other open-source solutions; integration can be very complex leading many to simply choose not to use VMware NSX at all. We found some maximums can be very limiting, especially with very large environments. VMware can only be used with virtualized networks.
Conclusion:
Cisco ACI and VMware have many similar qualities and features. The fundamental difference is that Vmware NSX’s primary focus is on virtualized networks, while Cisco ACI can connect to both virtual and physical networks.
Vmware NSX can provide better levels of granularity and visibility into how your workload performs and functions. Cisco ACI does not provide this.
Because Cisco ACI is more robust and can handle both physical and virtual networks, Cisco ACI might be a more appropriate solution. At the end of the day, it really depends on your organization’s ecosystem and applications, features and utilities needed, and, of course, cost of implementation. You may need one of these solutions or both.
Senior Infrastructure Engineer at a retailer with 10,001+ employees
Real User
2021-06-09T09:42:20Z
Jun 9, 2021
There are some very major differences between both the Products and to name a few.
-Cisco ACI have physical network gear (9K Switches) where the Code runs in ACI Policy Mode & the UCS server where APIC software runs.
-VMware NSX doesn't have any physical network gear of its own, VMware NSX software runs on ESXi hosts(Any Vendor) & even NSX Bare Metal Edge runs on any Vendor hardware(check compatibility)
-Cisco ACI offers both Underlay & Overlay functionality
-VMware NSX is a software and it builds an Overlay tunnel for (VM/Container) communication on top of an already established IP network which can be build on hardware network gear (Cisco Legacy/ACI/Juniper etc.)
-Cisco ACI: To use micro-segmentation on a VM or Container level you will need some other Cisco products
-VMware NSX: Micro-segmentation can be done Out of the Box because DFW Distributed Firewall are applied on the vnic of a VM i.e. on the ESXi kernel.
Being different in many manners but they still define the SDN realm with L2-L7 Network services and what you choose over the other may depend on many other factors like what network gear you already have or if its Green or Brownfield deployment. For example if your infra already have something other than Cisco 9K switches and is well configured then it will make more sense to use NSX to make use of all the SDN functionalities. This is just an example not a recommendation.
VMware NSX and Cisco ACI compete in the network virtualization and software-defined networking category. VMware NSX seems to have the upper hand in cost-effectiveness and support, while Cisco ACI stands out for its advanced feature set and performance.Features: VMware NSX offers security capabilities, micro-segmentation, and network virtualization. Cisco ACI provides centralized management, automation features, and integration with Cisco hardware, making its features more robust for complex...
Once you know your way around the Cisco ecosystem, using Cisco ACI is not so difficult. It is a global product, so when you change one interface, changes are automatically reflected on every switch. Cisco ACI can connect with both virtualized networks and physical networks.
As with many Cisco solutions, Cisco ACI has a steep learning curve. It is not user-friendly and most of our team would like to see a better GUI. It would be great if we could test upgrades in a simulation before implementing; this could save a lot of rework and downtime.
The key component for us with VMware NSX is the distributed firewall. VMware NSX can segment every application and server based on the ports with which they need to communicate. We can activate the ports we need and disable the ones we don’t. This really helps to keep things very secure and makes VMware NSX very flexible.
We would like to see VMware NSX integrate better with other open-source solutions; integration can be very complex leading many to simply choose not to use VMware NSX at all. We found some maximums can be very limiting, especially with very large environments. VMware can only be used with virtualized networks.
Conclusion:
Cisco ACI and VMware have many similar qualities and features. The fundamental difference is that Vmware NSX’s primary focus is on virtualized networks, while Cisco ACI can connect to both virtual and physical networks.
Vmware NSX can provide better levels of granularity and visibility into how your workload performs and functions. Cisco ACI does not provide this.
Because Cisco ACI is more robust and can handle both physical and virtual networks, Cisco ACI might be a more appropriate solution. At the end of the day, it really depends on your organization’s ecosystem and applications, features and utilities needed, and, of course, cost of implementation. You may need one of these solutions or both.
There are some very major differences between both the Products and to name a few.
-Cisco ACI have physical network gear (9K Switches) where the Code runs in ACI Policy Mode & the UCS server where APIC software runs.
-VMware NSX doesn't have any physical network gear of its own, VMware NSX software runs on ESXi hosts(Any Vendor) & even NSX Bare Metal Edge runs on any Vendor hardware(check compatibility)
-Cisco ACI offers both Underlay & Overlay functionality
-VMware NSX is a software and it builds an Overlay tunnel for (VM/Container) communication on top of an already established IP network which can be build on hardware network gear (Cisco Legacy/ACI/Juniper etc.)
-Cisco ACI: To use micro-segmentation on a VM or Container level you will need some other Cisco products
-VMware NSX: Micro-segmentation can be done Out of the Box because DFW Distributed Firewall are applied on the vnic of a VM i.e. on the ESXi kernel.
Being different in many manners but they still define the SDN realm with L2-L7 Network services and what you choose over the other may depend on many other factors like what network gear you already have or if its Green or Brownfield deployment. For example if your infra already have something other than Cisco 9K switches and is well configured then it will make more sense to use NSX to make use of all the SDN functionalities. This is just an example not a recommendation.