I consider myself very fortunate to work in the IT industry. Not only do I get to develop and deploy technologies that enhance the world we live in, but I also get more drama from the different companies than a soap opera. Take for example the story of how Jayshree left Cisco to help build Arista. There’s also the story of how VMware bought Nicira and caused disruption with the EMC Cisco partnership. None of these stories do I know the full extent of. I’m just a spectator and focus day to day on my own activities and try to do things that matter to organizations.
But like a spectator watching the Golden Bears win or lose on any given week in college football, I’m entitled to my opinions as well. In fact, everybody is. I tell this to my kids all the time. This quote from Steve Jobs nails it:
“Life can be much broader once you discover one simple fact: Everything around you that you call life was made up by people that were no smarter than you and you can change it, you can influence it, you can build your own things that other people can use. “
NSX and ACI were made by very smart people. But people that have opinions about it and have blogs like the one you’re reading now, aren’t necessarily any smarter than you. We try to influence opinons, and some have been more successful than others. Brad has an excellent blog and I’ve learned a lot from it. But like a U2 album, not every one of their songs is a hit.
My latest opinion on his article about On Choosing VMware NSX or Cisco ACI is that someone is wrong on the Internet.
In a big part of the article, Brad compares a physical network switch to a TV stand and the television to what NSX does. He then compares ACI to an adjustable TV stand, complete with remote. He then says:
“You’ll also need to convince people that it makes more sense to buy televisions from an electronics company; and television stands should be bought from a television stand company.”
Umm. Not quite. This overlooks all the values ACI brings.
Let’s liken NSX to a network overlay, which is what it is. Let’s liken the Nexus 9000 in ACI mode to a network switch that has overlay technology built in, which is what it is. It’s real simple: With NSX you manage 2 networks. With ACI you manage one integrated network.
And you manage both with software. With ACI you put each server into an endpoint group. They are either physical or virtual. You can still use the same VMware DVS with ACI. It then encapsulates that VLAN or VXLAN into an endpoint group and allows those groups to talk to each other in the fabric.
Here’s another analogy. NSX is like a cute Christmas sweater on a nice day. Sure, you’ll get a lot of people to look at it. You’ll get some laughs and some comments that will make you feel good. But what’s important is the programability of the system. And on warm days, you really don’t need or use that cute outer sweater.
I will concede the NSX GUI looks great! VMware has always done a great job of making things look good and there’s a reason that VMware is the number one hypervisor in the industry. But companies evolve. VMware evolves into networking. Cisco evolves into software. So does your organization. Your organization needs solid APIs if you want to program everything. So if we’re doing it this way, we don’t need a sexy GUI to automate all of this. I need those solid APIs. Since Cisco introduced UCS its API business has been serious. In fact, what other x86 platform has a more solid API than UCS? As Cisco continues to invest in software to drive its products, ACI has become that next big thing. But it’s a whole new paradigm of network. Gone are VLANs. All we care about now is how applications connect. It’s all object oriented now and it’s simple.
A Software Company versus a Hardware Company
This part is great. Brad then puts 2 quotes from VMware employees about why they think NSX is going to win in the marketplace. This one from the CEO of Nicira: “Who do you think is going to make better software, a software company or a hardware company?”
Is Apple a hardware company or a software company? Is Cisco a hardware company or a software company? You see, only a Sith deals in absolutes. Cisco is a solutions company.
This is what John Chambers, the Cisco CEO, keeps trying to tell everyone: It’s the solution that matters. It’s companies that see the whole vision of the architecture and can make all those pieces work together. That is who wins.
I don’t think Cisco has that down perfect yet. I don’t think VMware does either. But we are working towards it.
The Network Effect
Both Cisco and VMware keep touting how many people are using their SDN technology. There is a sense of urgency with both companies to make everyone believe that everyone else is jumping on board. It reminds me of when I was hosting my 20 year high school reunion this past summer. People would ask me: “How many people are going?” And I’d say something like: “Oh, man we have at least 50 tickets sold and tons more who said they’ll come”. In reality, many of those tickets were given to people on the committee and I had about 2 other people that said they would go. You see, the network effect is huge and both companies know it. So they have to make it sound like everyone is doing it. Then, you are in your IT shop and you’re saying: How come I’m not doing this? No one likes to feel like they are missing out.
And for the record: The 20 year reunion was amazing. We had well over 150 people there.
Zero Trust micro-segmentation seems is a cool thing. If you have 10 web servers in the same group then you’d like to keep those secure. How do we do this with ACI? We put all the servers in what we call an End Point Group (EPG) which allows ports or IP addresses or other EPGs to talk with it. This is similar to how with AWS we create Security Groups and can assign them to instances. Some other cloud providers like Digital Ocean and Softlayer don’t have these features so in Linux instances we use things like iptables or ufw to secure our instances.
Since we want to secure and automate the entire environment, I’ve been playing with things like Docker and Ansible to create these secure instances and lock them down. Open source tools to solve problems. So while it’s a nice feature, it’s not going to apply in every case. And how long before ACI has it? Probably before most people adopt ACI or NSX to begin with.
VMware and OpenStack
One last comparison: VMware is to OpenStack as Microsoft is to Linux. I’ll just leave it at that.
The Promise Land
The promise land is open. It’s a place where I can take my applications from my own data centers and migrate them to any cloud provider I want. This is the vision of Cisco’s Intercloud. Use the best of public cloud and marry it with the private cloud. It’s fast and it’s agile and it’s programmable.
I’ll end with this: Keep in mind that both of these technologies are still pretty fresh. If I look at my customer set, I have quite a few Nexus 9000s but few ACI customers. I also have lots of customers that are looking at NSX and ACI, but none of them have deployed it in test let alone production environments. Now, my market here in the pacific northwest is a micro slice of the picture, and I’m sure Brad sees a lot more from his vantage point. But if you haven’t jumped on any bandwagon yet (like I’d say 95% or more of IT have not), let me just say this:
You can buy Cisco Nexus 9000s. They make a great 40Gb switch and have great features including programability RESTful APIs, and python extensions. It outperforms its competition on Power, Performance, Programmability, and Price. You can try running NSX over them and you can try running them in ACI mode. The choice is yours but you lose nothing and gain so much in moving to the Nexus 9k environment. Its not just an adjustable TV stand. It’s the whole solution: The remote, the TV, and the stand, and the room you watch it in. It’s the whole experience.
You see the winner isn’t who comes up with the best software, it’s who can produce the best experience.