We performed a comparison between Cisco ACI and VMware NSX based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Cisco ACI is a solid, robust solution but can be complex to understand and manage for users not familiar with the Cisco ecosystem. VMware is considered a solution that is easy to learn and manage and offers great security with a distributed firewall. This added security and micro-segmentation make VMware NSX a trusted, complete value-added solution.
"The integration with vCenter means that when I create something on the network, it only has to happen one time instead of many times for our many virtual hosts."
"In legacy networks, managing changes requires individual tickets for each device. ACI's single pane of glass management through APIC is a big advantage. So, single-tenant management is a plus."
"The most valuable features are the automation with the different systems for the software development and the ability to provision switches in hours rather than days."
"The best part of Cisco ACI is the server deployment and integration."
"We are doing automation from ACI and we have integration with Azure. With the Azure stack integration we can have total automation. We can configure the EPGs from there, and we can configure load balancing functionalities from there as well. The most useful feature is that you don't need to configure anything on ACI itself. You can configure on Azure and it will provision your application."
"This solution allows you to do everything quicker and more efficiently."
"It scales very well. When you increasingly scale with it, it makes the product easier to work with."
"The flexibility of adding new components with minimal impact on existing services running in the data center is a key benefit of this ACI-based solution."
"This is a good firewall and overall it is rich in features."
"The solution's customer service is good."
"The solution is robust as it covers everything we want to do and is stable, so we're happy enough with it. We have had no problems so far. Everything is great."
"The most valuable feature is the integration with the firewall."
"It gives more security and micro-segmentation. It helps to set network configurations in an easy way."
"I have found the system to be very intuitive, functional, and they have great technology."
"It's very important for them to have small footprints and have as much services in their servers, as possible."
"The installation is straightforward, it took a couple of hours."
"Better troubleshooting features would be helpful. In ACI, it can be a big mess, a real headache to troubleshoot a single issue... The troubleshooting part, and the information that ACI gives you, sometimes don't give you a proper, inside picture of what's going on within the fabric."
"Its graphical user interface (GUI) is not as user-friendly as it could be."
"I would like them to simplify the way you configure the Fabric. The process is quite complex. This can be a barrier to entry. For anything, where it should take two or three steps, you have ten steps"
"Cisco SDN will only work with its own devices, so that's a downside."
"ACI's blade servers could be more flexible, and its storage interface is a little too complex because they use some third-party storage solution."
"An area for improvement in Cisco ACI is security, which Cisco needs to enhance in the solution. Though Cisco ACI uses a whitelist model, you must purchase an external product, such as a security firewall solution, to make whitelisting work, which the customer could find expensive. For example, you're a customer who has Cisco ACI, and the solution doesn't have IP-based filtering, so as a customer, you've purchased Cisco ACI. However, you still need to buy another product for security, and some customers wouldn't like that. However, some customers prefer to go with Cisco ACI because of its scalability and flexibility versus other solutions such as Juniper and Aruba. Technical support for Cisco ACI also needs improvement, particularly in product knowledge."
"The first setup was difficult because it is a very different discipline than other traditional network deployments. The terminology is very different, so the first time can be difficult."
"Technical support needs to be more helpful. It's rare that you get a knowledgeable person."
"Since most people are very much used to physical networking, they find it difficult to use VMware NSX in the initial stage."
"I would rate NSX's stability eight out of ten - there's room for improvement."
"We had some complexities implementing into the other parts of a network."
"They have to work more and more on the integration for public cloud services and have cyber security platform integration."
"In the future, the solution should be compliant with internet NIC."
"The solution can improve by making it more straightforward, easier to install and maintain in the environment."
"I would like to have automating reporting built into common service management platforms, such as JIRA, Serviceaide, and ServiceNow."
"They need to enhance their technical support."
Cisco ACI is ranked 1st in Network Virtualization with 96 reviews while VMware NSX is ranked 2nd in Network Virtualization with 93 reviews. Cisco ACI is rated 8.0, while VMware NSX is rated 8.0. The top reviewer of Cisco ACI writes "Stable, easy to extend, scalable, and has a host-based routing feature". On the other hand, the top reviewer of VMware NSX writes "Works well and allows us to do micro-segmentation and create policy rules". Cisco ACI is most compared with Cisco Secure Workload, Nuage Networks, Akamai Guardicore Segmentation, Juniper Contrail Networking and Cumulus Networks, whereas VMware NSX is most compared with Nutanix Flow Network Security, Illumio, Akamai Guardicore Segmentation, Cisco Secure Workload and Cisco DNA Center. See our Cisco ACI vs. VMware NSX report.
See our list of best Network Virtualization vendors and best Cloud and Data Center Security vendors.
We monitor all Network Virtualization reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
There are some very major differences between both the Products and to name a few.
-Cisco ACI have physical network gear (9K Switches) where the Code runs in ACI Policy Mode & the UCS server where APIC software runs.
-VMware NSX doesn't have any physical network gear of its own, VMware NSX software runs on ESXi hosts(Any Vendor) & even NSX Bare Metal Edge runs on any Vendor hardware(check compatibility)
-Cisco ACI offers both Underlay & Overlay functionality
-VMware NSX is a software and it builds an Overlay tunnel for (VM/Container) communication on top of an already established IP network which can be build on hardware network gear (Cisco Legacy/ACI/Juniper etc.)
-Cisco ACI: To use micro-segmentation on a VM or Container level you will need some other Cisco products
-VMware NSX: Micro-segmentation can be done Out of the Box because DFW Distributed Firewall are applied on the vnic of a VM i.e. on the ESXi kernel.
Being different in many manners but they still define the SDN realm with L2-L7 Network services and what you choose over the other may depend on many other factors like what network gear you already have or if its Green or Brownfield deployment. For example if your infra already have something other than Cisco 9K switches and is well configured then it will make more sense to use NSX to make use of all the SDN functionalities. This is just an example not a recommendation.
Once you know your way around the Cisco ecosystem, using Cisco ACI is not so difficult. It is a global product, so when you change one interface, changes are automatically reflected on every switch. Cisco ACI can connect with both virtualized networks and physical networks.
As with many Cisco solutions, Cisco ACI has a steep learning curve. It is not user-friendly and most of our team would like to see a better GUI. It would be great if we could test upgrades in a simulation before implementing; this could save a lot of rework and downtime.
The key component for us with VMware NSX is the distributed firewall. VMware NSX can segment every application and server based on the ports with which they need to communicate. We can activate the ports we need and disable the ones we don’t. This really helps to keep things very secure and makes VMware NSX very flexible.
We would like to see VMware NSX integrate better with other open-source solutions; integration can be very complex leading many to simply choose not to use VMware NSX at all. We found some maximums can be very limiting, especially with very large environments. VMware can only be used with virtualized networks.
Conclusion:
Cisco ACI and VMware have many similar qualities and features. The fundamental difference is that Vmware NSX’s primary focus is on virtualized networks, while Cisco ACI can connect to both virtual and physical networks.
Vmware NSX can provide better levels of granularity and visibility into how your workload performs and functions. Cisco ACI does not provide this.
Because Cisco ACI is more robust and can handle both physical and virtual networks, Cisco ACI might be a more appropriate solution. At the end of the day, it really depends on your organization’s ecosystem and applications, features and utilities needed, and, of course, cost of implementation. You may need one of these solutions or both.