We performed a comparison between Cisco ACI and VMware NSX based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Cisco ACI is a solid, robust solution but can be complex to understand and manage for users not familiar with the Cisco ecosystem. VMware is considered a solution that is easy to learn and manage and offers great security with a distributed firewall. This added security and micro-segmentation make VMware NSX a trusted, complete value-added solution.
"With Cisco ACI, I can deploy things with a script, then run it in five minutes."
"We use Cisco ACI for perimeter security and threat detection."
"In legacy networks, managing changes requires individual tickets for each device. ACI's single pane of glass management through APIC is a big advantage. So, single-tenant management is a plus."
"What's most valuable in Cisco ACI is that it isn't like the legacy infrastructure where you have a lot of complexity in a TTR architecture. What I like most about Cisco ACI is that you can control those devices from a single console, even if you have three hundred devices. You can manage the entire infrastructure from a single point of contact, so Cisco ACI is a time saver. Another exclusive feature of Cisco ACI is its API interface that lets you enhance automation within the environment. You can manage your entire data center from a single interface through Cisco ACI. If you want to upgrade three hundred devices in one click, you can do that, and within one hour, all three hundred devices will be upgraded. I also like that Cisco keeps enhancing the product by adding different features, so there have been five major releases of Cisco ACI. Another valuable feature of the solution is that it's more user-friendly than Aruba and Juniper."
"Having a lot of racks and switches with a single point of configuration which can be done with automation on one platform using one API. This makes everything work faster."
"All the features provided by Cisco ACI including orchestration to layer seven, service training, load enhancements and firewalls."
"With ACI, if you need more capacity you can just buy more and plug them in without needing to do anything else. All of the sudden that infrastructure is there for me to use, configure, and add stuff to."
"Cisco ACI's best features include its network-centric approach and micro-segmentation."
"The interface is intuitive enough."
"This solution comes with an API that can easily integrate with other solutions."
"The solution is robust as it covers everything we want to do and is stable, so we're happy enough with it. We have had no problems so far. Everything is great."
"Their technical support is very good. They help us figure out solutions when we have problems."
"The microsegmentation allows me to sleep at night. My job is reducing risk, plugging security holes, and working with the automated layer security. Even if somebody spins up a new server, it has to have a tag in NSX."
"From a distributed firewall perspective, it's a solid solution."
"The initial setup was straightforward. You just have to click it and follow the manuals."
"Provides flexibility to deploy and have network virtualization on different types of firewalls."
"Figuring out how to implement the product for clients is the area we struggle with the most every day. Perhaps an enhancement would be artificially intelligent solutions, but that would be further down the road."
"The product needs to be simpler. There is too much complexity in ACI. 80 percent of its features are of no use to us. We could do with a simplified version."
"The ability for us to figure out the traffic flows, to enable some of the more segmentation parts of it, is really tough with what is built into ACI."
"The initial setup was a bit complex. ACI was just out at that time, and there wasn't support at that time."
"ACI's blade servers could be more flexible, and its storage interface is a little too complex because they use some third-party storage solution."
"Cisco ACI would be improved by providing a cloud offering; otherwise, it risks becoming a niche product."
"Cisco ACI would benefit by providing the option to integrate easily with DNAC in their next release."
"The learning curve is long. It's very difficult to learn Cisco ACI. As a result, our customers usually have difficulty working with this solution."
"The initial establishment can be complex."
"If you're worried that NSX is too complex, I would tell you to take another look. If you compare NSX to a similar solution you might find it to be a bit more complex. Usually, the guy that comes in to implement NSX isn't the network guy and will lack the knowledge for the program. He can lack the knowledge for this program and will therefore think it's complex. You need somebody with network experience."
"We've have had good and bad experiences with them. We don't always find them to be so impactful. Sometimes the support guy isn't so on top of resolving the issue and it can take a while to sort out."
"We have been satisfied with the technical support. They were able to solve our problems. However, they could be faster."
"One drawback is this solution requires a lot of other products in the VMware ecosystem to have a full end-to-end operation orchestration monitoring. You have to buy a lot of add-ons to fully utilize the functionality."
"It could be more user-friendly, but it's manageable. When we add a specific node to this particular NSX and the configuration changes, it won't push through the errors where required, but it'll accept it. However, while using it, we will have issues. It can also be more stable."
"If there are other solutions already in place, it can be difficult to implement."
"The network-extending capabilities for the physical environment need improvement."
Cisco ACI is ranked 1st in Network Virtualization with 96 reviews while VMware NSX is ranked 2nd in Network Virtualization with 93 reviews. Cisco ACI is rated 8.0, while VMware NSX is rated 8.0. The top reviewer of Cisco ACI writes "Stable, easy to extend, scalable, and has a host-based routing feature". On the other hand, the top reviewer of VMware NSX writes "Allows for seamless micro-segmentation and the support is exceptional". Cisco ACI is most compared with Cisco Secure Workload, Akamai Guardicore Segmentation, Nuage Networks, Juniper Contrail Networking and HPE SDN, whereas VMware NSX is most compared with Nutanix Flow Network Security, Illumio, Akamai Guardicore Segmentation, Cisco Secure Workload and Cisco DNA Center. See our Cisco ACI vs. VMware NSX report.
See our list of best Network Virtualization vendors and best Cloud and Data Center Security vendors.
We monitor all Network Virtualization reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
There are some very major differences between both the Products and to name a few.
-Cisco ACI have physical network gear (9K Switches) where the Code runs in ACI Policy Mode & the UCS server where APIC software runs.
-VMware NSX doesn't have any physical network gear of its own, VMware NSX software runs on ESXi hosts(Any Vendor) & even NSX Bare Metal Edge runs on any Vendor hardware(check compatibility)
-Cisco ACI offers both Underlay & Overlay functionality
-VMware NSX is a software and it builds an Overlay tunnel for (VM/Container) communication on top of an already established IP network which can be build on hardware network gear (Cisco Legacy/ACI/Juniper etc.)
-Cisco ACI: To use micro-segmentation on a VM or Container level you will need some other Cisco products
-VMware NSX: Micro-segmentation can be done Out of the Box because DFW Distributed Firewall are applied on the vnic of a VM i.e. on the ESXi kernel.
Being different in many manners but they still define the SDN realm with L2-L7 Network services and what you choose over the other may depend on many other factors like what network gear you already have or if its Green or Brownfield deployment. For example if your infra already have something other than Cisco 9K switches and is well configured then it will make more sense to use NSX to make use of all the SDN functionalities. This is just an example not a recommendation.
Once you know your way around the Cisco ecosystem, using Cisco ACI is not so difficult. It is a global product, so when you change one interface, changes are automatically reflected on every switch. Cisco ACI can connect with both virtualized networks and physical networks.
As with many Cisco solutions, Cisco ACI has a steep learning curve. It is not user-friendly and most of our team would like to see a better GUI. It would be great if we could test upgrades in a simulation before implementing; this could save a lot of rework and downtime.
The key component for us with VMware NSX is the distributed firewall. VMware NSX can segment every application and server based on the ports with which they need to communicate. We can activate the ports we need and disable the ones we don’t. This really helps to keep things very secure and makes VMware NSX very flexible.
We would like to see VMware NSX integrate better with other open-source solutions; integration can be very complex leading many to simply choose not to use VMware NSX at all. We found some maximums can be very limiting, especially with very large environments. VMware can only be used with virtualized networks.
Conclusion:
Cisco ACI and VMware have many similar qualities and features. The fundamental difference is that Vmware NSX’s primary focus is on virtualized networks, while Cisco ACI can connect to both virtual and physical networks.
Vmware NSX can provide better levels of granularity and visibility into how your workload performs and functions. Cisco ACI does not provide this.
Because Cisco ACI is more robust and can handle both physical and virtual networks, Cisco ACI might be a more appropriate solution. At the end of the day, it really depends on your organization’s ecosystem and applications, features and utilities needed, and, of course, cost of implementation. You may need one of these solutions or both.