Many organizations struggle with networks that are increasingly complex and hard to manage. Due to uncontrolled cloud adoption, shadow IT, and a rapid surge in connected devices—think sensors, mobile phones, and internet of things (IoT) equipment—ecosystem sprawl creates a complex and tangled web of intricate (and often unmapped) network connections.
To handle all of this complexity, IT departments are spending too much time on manual network configuration tasks, while physical hardware cannot keep up or adapt to fast-paced business demands.
Many organizations have started turning to network virtualization as a way to simplify network management and increase agility in the face of rapidly changing needs. Using software-defined networking (SDN) solutions promises to simplify network management and make networks more agile and responsive to changing business needs. That’s because virtualization lets IT staff provision and manage virtual networks completely independently of any physical network infrastructure.
In SDN, routing information is transmitted from virtual machine to virtual machine without involving the physical network. This creates the ability to instantly provision new network resources like VMs and firewalls with zero manual configuration. A side benefit of this newfound agility is tighter security, thanks to the ability to isolate departments and workloads to hinder unauthorized access. Virtualization can also lead to cost savings, since the physical network can support multiple virtual networks, potentially reducing hardware costs.
Plus, virtualized networks are more efficient for IT teams to run because they provide a natural opportunity for automation in configuration and management.
Two of the biggest players in the field of network virtualization solutions are VMware NSX and Cisco ACI. Yet there are big differences between these solutions, and it can be difficult to decide which is right for an organization’s needs.
In this post, we will compare the strengths and weaknesses of these two leading virtualization technologies. Then, we will examine the possibilities of a hybrid solution to provide flexibility and ensure maximum benefits from the virtualized network.
Table of Contents
ToggleWhat Is VMWare NSX?
Initially developed by Nicira Networks in 2007 and later acquired by VMware, NSX virtualizes the network across data centers, clouds, and apps. VMWare NSX lets organizations deploy key services like firewalls, load balancers, and VPNs as virtual appliances for instant scalability and simplified management.
NSX works by abstracting the underlying network hardware, then providing a software-driven overlay network. This abstraction simplifies network management, enhances security by permitting workloads and applications to be isolated through microsegmentation, and enables flexible and agile network provisioning.
The centralized management console of VMWare NSX provides full visibility into the virtual network, streamlining network operations and reducing errors by integrating with automation and orchestration tools.
Pros of VMWare NSX
- Distributed firewall for granular security
- Ability to segment every application and server
Cons of VMWare NSX
- Complex integration with open-source solutions
- May struggle with very large-scale environments and workloads
- Can only be used with virtualized networks
What Is Cisco Application Centric Infrastructure (ACI)?
Launched in 2013 by Cisco, ACI was built to streamline data center networking. ACI allows IT teams to define and configure the network through policies rather than hardware and to simplify app deployment across data centers. Cisco ACI enables IT to optimize operations and boost network agility through automated network configuration.
The approach of Cisco ACI is policy-driven to enable consistent and secure connectivity for all applications. Like VMWare NSX, it provides a management console for centralized control and a clear view to identify and troubleshoot problems. It also provides analytics and reporting tools to help IT staff optimize network performance and resource utilization.
Pros of Cisco ACI
- Global product with automatic changes across switches
- Connects with both virtualized and physical networks
Cons of Cisco ACI
- Steeper learning curve than VMWare NSX
- GUI isn’t user-friendly
- No simulation environment for testing upgrades
NSX vs. ACI: Key Differences
Both Cisco ACI and VMware NSX have similar qualities and features. The main difference is that VMware NSX focuses on virtualized networks, while Cisco ACI can connect to both physical and virtual networks.
The following table summarizes key features of both solutions:
Feature | VMware NSX | Cisco ACI |
Technologies & Protocols Logical network abstraction Communication Management | Overlay network VXLANNSX Transport Zones | Fabric-based EVPN ACI Fabric |
Network Overlays and Integration with Physical Networks | Overlay network, supports hybrid and multi-cloud environments | Fabric-based, tightly integrated with Cisco hardware |
Policy Enforcement and Control Mechanisms | Distributed policy enforcement, microsegmentation | Centralized policy enforcement, policy-driven automation |
Scalability and Performance Aspects | Highly scalable, supports large-scale deployments | Scalable within Cisco hardware ecosystem, scaling across multi-vendor environments may be complex |
Security Features | Microsegmentation, firewalling, intrusion detection and prevention (IDS/IPS) | Microsegmentation, firewalling, intrusion detection and prevention (IDS/IPS), deep packet inspection (DPI) |
Ultimately, the best choice will depend on an individual organization’s ecosystem, applications, features, and budget. But the following summaries will help guide organizations to choose the most appropriate solution based on their unique needs:
Cisco ACI
Cisco ACI offers excellent robustness and the ability to handle both physical and virtual networks. Organizations should choose ACI if they are looking for a solution that is strong at policy-driven automation, especially if they are using mostly Cisco hardware.
VMware NSX
VMware NSX provides powerful granularity and visibility into workload performance. Organizations might want to choose NSX if they’re looking for a solution that is strong at network virtualization and microsegmentation, especially if they are using a mix of Cisco and non-Cisco hardware.
NSX and ACI: Do Organizations Have to Choose Just One?
The short answer is simple—absolutely not! Organizations are not confined to just one choice. For example, an organization might choose to run VMware NSX on top of the Cisco ACI fabric using its own overlay for networking while using ACI’s overlay as the transport.
This is just one of a number of possible permutations for using VMware NSX and Cisco ACI together. Other possibilities might include:
- Using NSX to virtualize the network and ACI to manage the policy. This works especially well for using NSX to virtualize a network running on primarily Cisco hardware, simplifying network management and making it more agile.
- Using NSX to microsegment workloads and ACI to enforce security policies. This can improve security and prevent breaches. In this case, NSX creates and enforces microsegments (isolating workloads and enforcing granular security policies), while Cisco ACI defines and translates security policies.
- Using NSX to provision and manage network resources in the cloud and ACI to manage the policy. This can streamline cloud deployments and reduce operational costs. In this case, NSX handles cloud resource provisioning and management (simplifying and automating cloud network management), while Cisco ACI centralizes policy creation and enforcement across cloud and on-prem environments.
Ultimately, NSX and ACI actually complement each other’s strengths. NSX is strong at network virtualization and microsegmentation, while ACI is strong at policy-driven automation. By using both solutions together, organizations can enjoy the best of both worlds.
Of course, there are also some challenges to using NSX and ACI together and deployment will require careful planning to avoid conflicts between the two solutions, as well as staff training on both solutions.
In fact, regardless of the chosen solution, the transition to network virtualization, along with maintaining virtual networks, can be a daunting project.
Avoiding the Biggest Pitfall
Before beginning any IT transformation of this size and scope, organizations need to get the big picture of their network. An application dependency mapping (ADM) tool can provide comprehensive visibility into the relationships between applications, servers, and network devices to help plan and execute a successful network virtualization rollout.
Without ADM, crucial dependencies may break during the transition, leading to failed applications and inaccessible data—all of which could impact customers.
Faddom is a cloud-independent application dependency mapping (ADM) tool, ideal as part of the network discovery process prior to transitioning to any network virtualization solution.
Its automated features offer valuable insights for cloud integrators, aiding in preventing downtime, resolving network issues, and optimizing infrastructure. With easy installation and responsive customer support, Faddom is a reliable choice for organizations that are ready to make any improvements to their core business applications and infrastructure.
With Faddom, organizations can map their entire environment quickly and securely with no agents and no configuration changes—all in as little as 60 minutes.
On-premises and in the cloud, Faddom helps organizations stay on top of network configuration and ensure that nothing falls through the cracks during IT migrations. To see how easy it is, just start a free trial by filling out the form on this page.