Much media attention goes to the perceived competition between VMware and Cisco in regards to network virtualization. I’ve never really understood the competition. Cisco ACI and VMware NSX seem to solve two different problems with some overlap.
Recently, VMware sponsored an episode of The PacketPushers Podcast. During the podcast, one of VMware’s early customers talked through their experience. One of the many interesting points was the use of both Cisco ACI and VMware NSX.
Similar but not the same
VMware and Cisco both use the term software-defined networking (SDN) to categorize their solutions. However, the products seem more complementary than competitive.
As companies look to re-platform to a simplified operating model, Cisco offers a centralized, policy-driven solution in ACI. For instance, if the intent of a network administrator is to ensure a QoS policy follows an application such as voice, an ACI policy is applied. Network administrators manage QoS configurations centrally via ACI policies opposed to manually across every access switch that may handle voice traffic.
Similarly, NSX allows for intent-based management of a virtualized network infrastructure. An example is the flexibility of the NSX firewall rule base. As opposed to creating access based on IP address and port, NSX uses the vCenter database as the source for security objects. The result is the power of setting up a rule that prevents any server in an Oracle cluster from communicating with a device on a logical switch on the DMZ.
SEE: VMware NSX: 3 different use cases (TechRepublic)
Customer use case
The PacketPushers episode focused on the Hutto Independent School District’s experience installing and leveraging NSX. Near the end of the podcast, the client shared the ACI and NSX use case.
The school district investigated upgrading their Cisco 4500 series data center switches. Data center services span two physical locations. A traditional solution calls for dual core data center switches at each data center. The school district chose a Cisco ACI designed with Cisco Nexus 9000 switches. The design allowed the network managers to create a single logical data center.
The ability to couple ACI with NSX provides a powerful abstraction. The team created a physical data center that spans two data centers, and it laid the foundation for further capability with an abstracted virtual network. NSX eliminates the constraints of physical network gear. For example, customers have the ability to create virtual layer-2 networks that break several physical rules. An example is a single layer-2 network with 2000 or more nodes.
With NSX, the customer creates a single layer-2 network that is capable of providing zero trust security. Built on top of an ACI fabric, that same layer-2 network spans two physical data centers. Couple the concept of vMotion with Cisco UCS infrastructure that integrates with ACI, and an environment for unparalleled high availability is created.
SEE: Network Security Policy Template (Tech Pro Research)
There’s plenty of unchartered waters here, however. Both NSX and ACI are considered the bleeding edge of network technology. Enterprises with a conservative approach to technology should tread carefully. I’ve heard stories of companies quickly pulling back from each technology after spending months on proof of concepts before going into production.
For customers looking to implement the state of the art in data center infrastructure, or aggressively pursuing a software-defined data center architecture, Cisco ACI and VMware NSX seem very complementary.
What do you think?
Do you consider VMware and Cisco competitors or potential partners? Share your thoughts in the comments section.