We performed a comparison between Cisco ACI and VMware NSX based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Cisco ACI is a solid, robust solution but can be complex to understand and manage for users not familiar with the Cisco ecosystem. VMware is considered a solution that is easy to learn and manage and offers great security with a distributed firewall. This added security and micro-segmentation make VMware NSX a trusted, complete value-added solution.
"The most valuable features are the ease of setup for redundancy, as well as centralized control."
"The most valuable feature is the unified fabric."
"It has reduced our day-to-day operations by at least half."
"I like using WebEx Board."
"The centralized management of the entire network data center, in this case with ACI, is the most valuable feature. By having access to some powerful APIs you can build your own tool to speak to the ACI controller, then with that, you can deploy things really fast. Having the option to build your own tools and then using the centralized management of the ACI to push the configuration to the network devices is very valuable."
"It has saved me a couple of times, as just a backup feature. It can easily do a snapshot before you do any change, and if something goes wrong, you can just rollback."
"In a very general way, the ease of access, ease of use, and ease of connecting the system is a valuable feature in itself. The solution doesn't really increase detection rates as that is not what it was created for. Threat prevention comes in from other devices that might be connected into the Cisco ACI that monitors external traffic. It maintains what end-of-life products would be doing and offers other opportunities to unify solutions."
"This product improved the way our company functions by enabling us to establish our goal of moving to a zero-trust model. That's how Cisco ACI helps us the most."
"The most valuable features are the micro-segmentation and integrated security options."
"The installation is straightforward, it took a couple of hours."
"The most valuable features for us at this early stage are the interface and the integration with existing VMware solutions."
"NSX gives us the ability to put our network, NSX, onto any network there is, which allows us not to have to go to the network team to create networks our VLANs for networks."
"The microsegmentation allows me to sleep at night. My job is reducing risk, plugging security holes, and working with the automated layer security. Even if somebody spins up a new server, it has to have a tag in NSX."
"The microsegmentation is great, and the security team thinks it is great."
"During our experience, the solution has been stable."
"Any administrator with basic networking knowledge, in a couple of days, can be in full control of their networking without going through a networking engineer."
"My complaint about this is: We purchased the ACI gear, but to do monitoring, to do stats, to do telemetry statistics, etc. we have to purchase another product from Cisco."
"We're still in the process of doing the migration. We haven't migrated completely all of our applications out of our legacy into it yet. It was challenging at first, but getting easier now that we're starting to get into it."
"The ACI user interface is complex and Cisco should improve it."
"Our company had a lot of issues with the starter kit."
"The only drawback that we are seeing is the user interface is still a little complex and difficult to use. It needs a more user-friendly interface."
"We had issues in the first deployment when we tried to finish the migration from traditional networking to Cisco ACI."
"I would like for there to be more information about it available. While using the ACI in the graphical interface, I would like if there was something that explained every step that you can click and it will tell you what you are doing in more detail."
"The integration has room for improvement. There should be a drag-and-drop interface for configuring the integration where you connect some arrows to boxes, and the system takes care of the configuration. Right now, they have something similar, but it's limited. You have to take care of some things yourself. That is one area that the solution can work on. It's easy now, but it's much easier in other solutions."
"There are sometimes mismatch in the control, the details and what you actually see on the transport note."
"The price could be better. The non-enterprise version of the product should also be improved. I would like VMware to expand beyond the network and provide some VLAN technologies and more. I think we have one, but it's more on the distribution side because it's more on the upper side of the network. I'm looking forward to that."
"One aspect that needs improvement is the need for further automation."
"It takes time to do the initial setup. It is a bit slow, which is surprising."
"The network-extending capabilities for the physical environment need improvement."
"We would to have a reverse proxy. This would add great value to the solution."
"Some configuration maximums are limiting to the user, especially when it comes to the deployment of very, very large environments."
"It needs to be cheaper."
Cisco ACI is ranked 1st in Network Virtualization with 96 reviews while VMware NSX is ranked 2nd in Network Virtualization with 93 reviews. Cisco ACI is rated 8.0, while VMware NSX is rated 8.0. The top reviewer of Cisco ACI writes "Stable, easy to extend, scalable, and has a host-based routing feature". On the other hand, the top reviewer of VMware NSX writes "Allows for seamless micro-segmentation and the support is exceptional". Cisco ACI is most compared with Cisco Secure Workload, Akamai Guardicore Segmentation, Nuage Networks, Juniper Contrail Networking and HPE SDN, whereas VMware NSX is most compared with Nutanix Flow Network Security, Illumio, Akamai Guardicore Segmentation, Cisco Secure Workload and Cisco DNA Center. See our Cisco ACI vs. VMware NSX report.
See our list of best Network Virtualization vendors and best Cloud and Data Center Security vendors.
We monitor all Network Virtualization reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
There are some very major differences between both the Products and to name a few.
-Cisco ACI have physical network gear (9K Switches) where the Code runs in ACI Policy Mode & the UCS server where APIC software runs.
-VMware NSX doesn't have any physical network gear of its own, VMware NSX software runs on ESXi hosts(Any Vendor) & even NSX Bare Metal Edge runs on any Vendor hardware(check compatibility)
-Cisco ACI offers both Underlay & Overlay functionality
-VMware NSX is a software and it builds an Overlay tunnel for (VM/Container) communication on top of an already established IP network which can be build on hardware network gear (Cisco Legacy/ACI/Juniper etc.)
-Cisco ACI: To use micro-segmentation on a VM or Container level you will need some other Cisco products
-VMware NSX: Micro-segmentation can be done Out of the Box because DFW Distributed Firewall are applied on the vnic of a VM i.e. on the ESXi kernel.
Being different in many manners but they still define the SDN realm with L2-L7 Network services and what you choose over the other may depend on many other factors like what network gear you already have or if its Green or Brownfield deployment. For example if your infra already have something other than Cisco 9K switches and is well configured then it will make more sense to use NSX to make use of all the SDN functionalities. This is just an example not a recommendation.
Once you know your way around the Cisco ecosystem, using Cisco ACI is not so difficult. It is a global product, so when you change one interface, changes are automatically reflected on every switch. Cisco ACI can connect with both virtualized networks and physical networks.
As with many Cisco solutions, Cisco ACI has a steep learning curve. It is not user-friendly and most of our team would like to see a better GUI. It would be great if we could test upgrades in a simulation before implementing; this could save a lot of rework and downtime.
The key component for us with VMware NSX is the distributed firewall. VMware NSX can segment every application and server based on the ports with which they need to communicate. We can activate the ports we need and disable the ones we don’t. This really helps to keep things very secure and makes VMware NSX very flexible.
We would like to see VMware NSX integrate better with other open-source solutions; integration can be very complex leading many to simply choose not to use VMware NSX at all. We found some maximums can be very limiting, especially with very large environments. VMware can only be used with virtualized networks.
Conclusion:
Cisco ACI and VMware have many similar qualities and features. The fundamental difference is that Vmware NSX’s primary focus is on virtualized networks, while Cisco ACI can connect to both virtual and physical networks.
Vmware NSX can provide better levels of granularity and visibility into how your workload performs and functions. Cisco ACI does not provide this.
Because Cisco ACI is more robust and can handle both physical and virtual networks, Cisco ACI might be a more appropriate solution. At the end of the day, it really depends on your organization’s ecosystem and applications, features and utilities needed, and, of course, cost of implementation. You may need one of these solutions or both.