Partners: Enterprises Are Deploying Cisco And VMware's Software-Defined Networking Together And Loving It
Cisco Systems and VMware have been slugging it out for years in the software-defined networking (SDN) marketplace, with plenty of rhetoric over whose technology is best.
But according to partners that work with both vendors, customers are now deploying Cisco and VMware's SDN side-by-side and finding them more complementary than competitive. And partners say that's opening up new types of SDN deals that leverage both vendors' technologies to solve complex customer challenges.
The partners told CRN that until recently, most customers viewed SDN purchases as an either-or decision between Cisco and VMware because the vendors have different approaches to the technology. Cisco's offering, called Application Centric Infrastructure (ACI), is a software-hardware mix that includes Nexus 9000 switches and its Application Policy Infrastructure Controller (APIC). VMware's offering, called NSX, is a software-only technology.
The intense competition between the vendors, which began in 2012 after VMware beat out Cisco to acquire prized startup Nicira, has also led customers to view the SDN market as a dichotomy, according to partners. Cisco has been especially aggressive in this regard: Then-CEO John Chambers famously vowed to "crush" VMware in the SDN market during a 2014 earnings call, and his successor Chuck Robbins has also sought to cast doubt on NSX's effectiveness in enterprise environments.
But customers are now apparently ignoring the competitive static between the vendors and moving forward with projects that include both Cisco ACI and VMware NSX.
Greg Stemberger, principal solutions architect at Force 3, a Crofton, Md.-based VMware and Cisco partner that specializes in network design, said the combination of ACI and NSX already boasts some solid use cases.
"If you're a mature VMware shop with a majority of your workloads in vSphere [server virtualization], you will achieve a lot of value in using the networking services they have native in the hypervisor," Stemberger said. "If you have workloads that live outside of VMware, on another hypervisor or bare metal, ACI is likely a good fit. ACI's physical fabric supports a number of different endpoints, providing a common policy and security framework irrespective of what you connect to the fabric."
"Investing in both allows customers to evolve their SDN implementations both from a hardware and software standpoint, with ACI providing a programmable network fabric and NSX being the software programmable overlay. They each have complementary functions," said Stemberger.
VMware pitches NSX as a way to ease network management and speed service provisioning, while also protecting networks from attacks. Cisco highlights the hardware-based security of ACI, along with its ability to automate IT tasks, speed data center application deployments, and keep tabs on virtual machine traffic.
Jamie Shepard, senior vice president of strategy and health care at Lumenate, Dallas, said NSX and ACI work well together in organizations that have several sites and which use a hybrid cloud model involving a mix of private and public cloud infrastructure. And it's a smooth path for large enterprises that already have access to both technologies via volume licensing agreements, he said.
Scot Colmer, director of technical enterprise solutions at Applied Computer Solutions, a Huntington Beach, Calif.-based Cisco and VMware partner, recently did a project for a customer that wanted to use VMware NSX to reduce their spending on Amazon Web Services.
The customer has a Cisco network with Nexus 9000 switches and is highly virtualized from an IT operations standpoint. But the customer was also spending $1 million monthly on AWS and wanted to lower this by building an on-premise solution using NSX, according to Colmer.
The customer needed to set up new business units with infrastructure to house insurance data, and also needed to secure workloads to comply with Sarbanes-Oxley, so it used NSX for microsegmentation, said Colmer.
In this case, the combination of Cisco ACI and VMware NSX solved the customer's needs, said Colmer. "You can have the best of both worlds -- it wasn't an either-or decision," Colmer told CRN.
Patrick Cronin, principal at Kovarus, a VMware and Cisco partner in San Ramon, Calif., told CRN the decision to go with ACI or NSX usually comes down to the requirements of applications the customer is running in their environment.
For instances where apps are fully virtualized, NSX is a very good fit. And when apps are running on Linux-based systems that are not virtualized, ACI is the better fit, Cronin said. "There is a lot of business benefit and value to having NSX and ACI working in parallel in customer environments," he said.
While it's difficult to make a direct comparison between them, both Cisco and VMware's SDN businesses appear to be thriving. Cisco said in February that ACI has more than 1,400 customers and was on a $2 billion annual run rate, while VMware said in January that NSX had more than 1,200 customers and had surpassed a $600 million annualized run rate.
In an SDN market that IDC predicts will be worth more than $12.5 billion by 2020, there is enough opportunity for both vendors to succeed.
VMware, which has previously acknowledged that most of its NSX customers are running the technology on Cisco networking hardware, doesn't seem to have a problem sharing the SDN spotlight with Cisco.
Hatem Naguib, vice president of networking and security at VMware, said some NSX customers are using Cisco ACI "for underlay fabric management" and that the technologies can solve different challenges for customers.
"We’ve said for some time that NSX and ACI should not be viewed as an either/or proposition, and customers are proving this out with partners," Naguib said in an email. "At the end of the day, this is becoming a customer-led discussion, and all parties benefit when solutions are customer-led and are mapped to specific customer pain points."
Cisco, which is the lone major networking vendor that isn't partnering with VMware on NSX, doesn't seem eager to help build official integration between ACI and NSX, partners told CRN.
Frank D’Agostino, senior director and CTO of technical marketing for Cisco's Insieme business unit, said in an interview that Cisco hasn't changed its stance on NSX.
"We've made it pretty clear we view NSX as an application. NSX is an app that runs on a hypervisor. This is the messaging we've been giving for the past 18 months or more," D’Agostino said in an interview.
D’Agostino acknowledged that many Cisco customers are deploying NSX "for good business reasons," but added that this doesn't pose a competitive threat to Cisco ACI.
"With NSX you still have to buy a network," D’Agostino said. "Can we show you an environment where NSX is needed? Yes. But can VMware show us an environment where networking is not needed? No."
Force 3's Stemberger agrees with this assessment of ACI versus NSX. "In many respects, NSX is just another application as it pertains to ACI, because ACI has no native integration with NSX today," said Stemberger.
"NSX can be treated just as another application within the policy construct of ACI, such that ACI can provision, secure, and enable telemetry for the NSX overlay and well as the other underlying VMware infrastructure networks," Stemberger said.
One partner that works with both vendors said while NSX does need an underlying physical network, it doesn't have to be one that Cisco provides -- and therein lies the threat to the networking giant's business.
"The physical network can be greatly simplified -- and use much less costly hardware and licensing -- because much of the intelligence is moved into that NSX ’application’," said the partner, who didn't want to be named. "That said, NSX only deals with the core of the datacenter and doesn’t extend out into the access layer or [wide-area network] and that’s where Cisco still has a great story to tell."
If more customers start deploying Cisco ACI and VMware NSX together, that could put more pressure on Cisco to work with VMware to integrate their respective SDN technologies, partners said. And while Robbins has been critical of NSX, sources told CRN that he is far more open to the idea than Chambers was.
"VMware wants this more than Cisco does, but Robbins sees what is happening in the marketplace and understands that NSX does have relevance," said another partner who works with both vendors. "It wouldn't take much work to integrate [ACI with NSX], and if Cisco's largest customers start asking for this, they'll do it."