Pat Gelsinger: Cisco ACI 'Bicycle' Will Never Match VMware NSX 'Lamborghini’


VMware CEO Pat Gelsinger says his company's multi-cloud march has made its fast-growing NSX software-defined networking platform a “Lamborghini” on a fast track that Cisco's ACI “bicycle" will never be able to catch.

“Our vision and strategy are so much more comprehensive than ACI,” said Gelsinger, in an interview with CRN. “It’s really like comparing a bicycle that’s great and wonderful to a Lamborghini and saying, ‘Which one are you going to take out to the track this weekend?’ I mean, it’s just not even [comparable]."

Gelsinger said Cisco ACI (Application Centric Infrastructure) is bound to a Cisco-focused physical network, while NSX is open and tailor-made for the multi-cloud and hybrid cloud world.

[Related: VMware’s Tom Gillis On NSX vs. Cisco ACI, And AWS Outposts Future]

Sponsored post

“[Cisco’s] ability to extend the physical networks that are automated – well, those things are good, but you’re still bound to the physical network environment of Cisco,” said Gelsinger. “What we’re seeing is customers are increasingly resonating with the VMware NSX Virtual Cloud vision because it’s multi-cloud. Because it’s multi-data center. Because it now has software-based service-defined firewalls. Because it has native embodiments on [Microsoft] Azure and Amazon [Web Services (AWS)]. Because it has integrated policy. Because it’s integrated to the container solution. These are all use cases that ACI doesn’t address, and it’s never going to be able to address.”

Roland Acra, senior vice president and general manager for Cisco’s Data Center Business Group, called Gelsinger's comments "misguided” and said Cisco has proven its multi-cloud mettle.

"Cisco ACI has demonstrated it can integrate bare metal servers, virtual machines, and containers with virtual or physical L4-7 services on premises, allowing our customers to take advantage of their investment in firewalls, load balancers, and apply policy to any of their non-virtualized workloads,” said Acra in a statement emailed to CRN. “At the same time, we can carry all their network and security policy across data centers, colocations, and native clouds. No one else in the industry can do the same. I think our ACI customers around the world can attest to that – and to the misguided nature of VMware’s comments.”

Cisco is fighting back with a move to bring ACI beyond the data center to the public cloud. Just two months ago, Cisco said that it will provide "general availability" of ACI on AWS, effective March 31. ACI for Microsoft Azure, meanwhile, is set for general availability in the third calendar quarter. But in order to run in AWS and Azure with ACI, Cisco customers need to run Nexus 9000 switches and the Cisco APIC controller. That's a big difference compared to the NSX software-defined networking solution which is not tied to specific network switches and also works with other vendor offerings like Palo Alto Networks and Arista Networks, said channel partners.

Cisco told CRN it does not break out ACI sales. The last time CRN reported on ACI sales was in February 2016 when Cisco said ACI had more than 1,400 customers and was on a $2 billion annual run rate, while VMware at that time said NSX had 1,200 customers with a $600 million annualized run rate at the time.

VMware said it now has 10,000 NSX customers, including 82 of the Fortune 100, with sales climbing 50 percent in the most recent fiscal quarter, ended Feb. 1, to $1.3 billion for the full year.

Gelsinger told analysts during the company's fourth quarter earnings call in February that an increasing number of customers -- including Switzerland-based telecom provider Swisscom -- are "embracing NSX as their networking and security platform to connect and protect multi-cloud application deployments." In another case, Gelsinger said, VMware is combining with parent Dell Technologies to help a customer "fully automate its Infrastructure-as-a-Service environment" by leveraging NSX for network and security automation.

The CEO for a national enterprise solution provider, which is driving robust sales of both NSX and ACI, said Cisco may not be able to break out ACI sales anymore "because ACI is a logical progression of their networking and digital network architecture strategy. For VMware NSX is a discreet part of their business and it's growing fast, but off a smaller base. There is huge market demand for NSX because of the hybrid cloud/multicloud trend. Cisco is more focused on the network. VMware has a more extensive strategy."

Some other solution providers who also partner with both Cisco and VMware, said VMware's multicloud sales offensive has loosened Cisco's once tight grip on the corporate network.

In fact, a top executive for a global SP500 company that previously shunned Cisco network alternatives, said now he now views NSX as having a "leg up" over what he called the Cisco-centric ACI platform.

“NSX has a lot of advantages because, unlike ACI, NSX is multi-cloud, multi-data center, multi-hypervisor -- that in my mind is right off the bat a big advantage,” said the executive, a top tier Cisco and VMware partner who did not want to be identified. “Secondly, unlike ACI, NSX is not really tied to specific hardware. If you look at ACI, you can’t run ACI on an Arista [Networks] switch. ACI ties to the physical container of the physical hardware of Cisco. It’s a Cisco-centric architecture. The best example would be for iOS, you need the iPhone, you can’t run iOS on an Android. That’s the same thing that’s going on with Cisco. It’s a closed architecture. NSX, on the other hand, is multi-hypervisor so you can run it on multiple hypervisors. Additionally, you can run it on multiple clouds."

The CTO for a top regional solution provider, who did not want to be identified, said NSX has cracked the Cisco networking lockhold by being more open and extending into multi-vendor, multi-cloud environments.

"NSX is more open and then extending into AWS – that’s a true multi-vendor, multi-cloud and multi-data center solution," said the CTO, speaking about VMware Cloud on AWS. "You can never get that from Cisco … ACI has got its use cases specifically around pure Cisco network. It’s easy to run on a pure Cisco network, and there is some decent automation that comes with it and policy and stuff like that, but if you want a true multi-cloud, automated software-defined networking with security – that’s more of an NSX play.”

Longtime Cisco partners are quick to point to the big return on investment advantages for customers who have invested heavily in Cisco's ASIC-based trusted network architecture. “There’s a lot that needs to be said about the ecosystem that Cisco has built,” said one data center executive from a North Eastern-based solution provider who partners with Cisco and VMware.

That ecosystem includes tens of thousands of highly skilled network architects in both the channel and at customer sites who are experts at driving secure network automation. Most solution providers have far more Cisco-certified and trained engineers compared to VMware NSX, partners told CRN.

“How many engineers do you know that actually have the VCDX [VMware Certified Design Expert] for NSX?" asked one partner, who did not want to be identified. "Very few. You probably have 20 people that have an NSX certification that can actually do that. The amount of knowledge out there and engineers out there who have NSX knowledge is limited. On the flip side, you look at Cisco, they’ve got a huge ecosystem of partners. They have a much bigger ecosystem and a lot more engineers.”

What's more, Cisco partners said the networking behemoth has made big strides with its "ACI Anywhere" strategy, extending its software-defined networking platform into multi-cloud, hybrid environments. “ACI Anywhere is Cisco trying to be able to extend that policy in the cloud because cloud networking environments are quite a bit different than on-premises networking environments. I think ACI is going to have a little bit less lock-in from that perspective. Customers are going to get some of those [ACI] benefits in cloud environments,” said data center executive from a solution provider based in the northeast.

Cisco has also made big strides in bringing down the entry-level price point for a Cisco ACI solution.

“For ACI, you used to have to buy three hardware controllers, two spines, two leafs, remote sites needed, a lot of things – but that’s changed," said the CTO for a top Cisco partner. "They have the concept now of a remote leaf, they’ve got a small APIC, etc. For those smaller customers that the ACI price point was a little bit more of a hurdle, it’s become more appealing,” he said. “We’ve seen ACI hardware requirements continue to come down-market. Cisco has refined it so they can offer smaller entry points so they can get into that midmarket. … I’ve sold ACI for as low as in the $50,000 to $60,000 range. You can do two leafs, two spines and a small APIC and be in that $50,000 to $60,000 range and have a decent number of ports for a small data center.”

Several solution providers said customers are investing heavily in both Cisco ACI and VMware NSX. The CEO for an SP500 cloud provider, which is driving sales growth with both ACI and NSX, said many customers are using both software-defined networking platforms.

"Our stance has always been that ACI and NSX are different and complimentary," he said. "It is not either/or. We look at what the customer needs to get done and then we look at the capabilities of both platforms and see what maps best to those requirements. Sometimes it's ACI. Sometimes it's NSX. Sometimes it's both. Both are selling well for us,. We have big projects right now with both NSX and ACI."

Gelsinger, for his part, concedes that hundreds of customers are running ACI underneath NSX. "We’re very happy with that," he says. "But don’t confuse the Lamborghini with the bicycle.”