{"id":2641,"date":"2014-11-04T11:17:30","date_gmt":"2014-11-04T17:17:30","guid":{"rendered":"http:\/\/benincosa.com\/blog\/?p=2641"},"modified":"2014-11-19T11:23:55","modified_gmt":"2014-11-19T17:23:55","slug":"on-reading-about-choosing-between-nsx-and-aci","status":"publish","type":"post","link":"https:\/\/benincosa.com\/?p=2641","title":{"rendered":"On reading about choosing between NSX and ACI"},"content":{"rendered":"

I consider myself \u00a0very fortunate to work in the IT industry. \u00a0Not only do I get to develop and deploy technologies that enhance the world we live in, but I also get more drama from the different companies than a soap opera. \u00a0Take for example the story of how Jayshree<\/a> left Cisco to help build Arista. \u00a0There’s also the story of how VMware bought Nicira<\/a> and caused disruption with the EMC Cisco partnership. None of these stories do I know the full extent of. \u00a0I’m just a spectator and focus day to day on my own activities and try to do things that matter to organizations.<\/p>\n

But like a spectator watching the Golden Bears win\u00a0or lose on any given week in college football, I’m entitled to my opinions as well. \u00a0In fact, everybody is. \u00a0I tell this to my kids all the time. \u00a0This quote from Steve Jobs nails it:<\/p>\n

“<\/em>Life can be much broader once you discover one simple fact: Everything around you that you call life was made up by people that were no smarter than you and you can change it, you can influence it, you can build your own things that other people can use. “<\/em><\/p>\n

NSX and ACI were made by very smart people. \u00a0But people that have opinions about it and have blogs like the one you’re reading now, aren’t necessarily any smarter than you. \u00a0We try to influence opinons, and some have been more successful than others. \u00a0Brad has an excellent blog and I’ve learned a lot from it. \u00a0But like a U2 album, not every one of their songs is a hit.<\/p>\n

My latest opinion on his article about On Choosing VMware NSX or Cisco ACI<\/a> is that someone is wrong on the Internet.<\/p>\n

\"\"
Duty Calls from xkcd<\/figcaption><\/figure>\n

In a big part of the article, Brad compares a physical network switch to a\u00a0TV stand and the television to what NSX does. \u00a0He then compares ACI to an adjustable TV stand, complete with remote. \u00a0\u00a0He then says:<\/p>\n

“You\u2019ll also need to convince people that it makes more sense to buy televisions from an electronics company; and television stands should be bought from a television stand company.”<\/em><\/p>\n

Umm. \u00a0Not quite. \u00a0This overlooks all the values ACI brings.<\/p>\n

Let’s liken NSX to a network overlay, which is what it is. \u00a0Let’s liken the Nexus 9000 in ACI mode to a network switch that has overlay technology built in, which is what it is. \u00a0It’s real simple: \u00a0With NSX you manage 2 networks. \u00a0With ACI you manage one integrated network.<\/p>\n

And you manage both with software. \u00a0 With ACI you put each server into an endpoint group. \u00a0They are either physical or virtual. \u00a0You can still use the same VMware DVS with ACI. \u00a0It then encapsulates that VLAN or VXLAN into an endpoint group and allows those groups to talk to each other in the fabric.<\/p>\n

Here’s another\u00a0analogy. \u00a0NSX is like a cute Christmas sweater on a nice day. \u00a0Sure, you’ll get a lot of people to look at it. \u00a0You’ll get some laughs and some comments that will make you feel good. \u00a0But what’s important is the programability of the system. \u00a0And on warm days, you really don’t need or use that cute outer sweater.<\/p>\n

\"\"
the Joy of using NSX<\/figcaption><\/figure>\n

I will concede the NSX GUI looks great! \u00a0VMware has always done a great job of making things look good and there’s a reason that VMware is the number one hypervisor in the industry. \u00a0But companies evolve. \u00a0 \u00a0VMware evolves into networking. \u00a0Cisco evolves into software. \u00a0So does your organization. \u00a0Your organization needs solid APIs if you want to program everything. \u00a0So if we’re doing it this way, we don’t need a sexy GUI to automate all of this. \u00a0I need those solid APIs. \u00a0Since Cisco introduced UCS its API business has been serious. \u00a0In fact, what other x86 platform has a more solid \u00a0API than UCS?\u00a0 \u00a0As Cisco continues to invest<\/a> in software to drive its products, ACI has become that next big thing. \u00a0But it’s a whole new paradigm of network. \u00a0Gone are VLANs. \u00a0All we care about now is how applications connect. \u00a0It’s all object oriented now and it’s simple.<\/p>\n

A Software Company versus a Hardware Company<\/h2>\n

This part is great. \u00a0Brad then puts 2 quotes from VMware employees about why they think NSX is going to win in the marketplace. \u00a0This one from the CEO of Nicira:\u00a0\u201cWho do you think is going to make better software, a software company or a hardware company?\u201d<\/em><\/p>\n

Is Apple a\u00a0hardware company or a software company? \u00a0Is Cisco a hardware company or a software company? \u00a0You see, only a Sith deals in absolutes.<\/a>\u00a0 Cisco is a solutions company.<\/p>\n

This is what John Chambers, the Cisco CEO, keeps trying to tell everyone: \u00a0It’s the solution that matters<\/a>. \u00a0It’s companies that see the whole vision of the architecture and can make all those pieces work together. \u00a0That is who wins.<\/p>\n

I don’t think Cisco has that down perfect yet. \u00a0I don’t think VMware does either. \u00a0But we are working towards it.<\/p>\n

The Network Effect<\/h2>\n

Both Cisco and VMware<\/a> keep touting how many people are using their SDN technology. \u00a0There is a sense of urgency with both companies to make everyone believe that everyone else is jumping on board. \u00a0It reminds me of when I was hosting my 20 year high school reunion this past summer. \u00a0People would ask me: \u00a0“How many people are going?” \u00a0And I’d say something like: “Oh, man we have at least 50 tickets sold and tons more who said they’ll come”. \u00a0In reality, many of those tickets were given to people on the committee and I had about 2 other people that said they would go. \u00a0You see, the network effect is huge and both companies know it. \u00a0So they have to make it sound like everyone is doing it. \u00a0Then, you are in your IT shop and you’re saying: \u00a0How come I’m not doing this? \u00a0No one likes to feel like they are missing out.<\/p>\n

And for the record: \u00a0The 20 year reunion was amazing. \u00a0We had well over 150 people there.<\/p>\n

Security<\/h2>\n

Zero Trust micro-segmentation seems is a cool thing. \u00a0If you have 10 web servers in the same group then you’d like to keep those secure. \u00a0How do we do this with ACI? \u00a0We put all the servers in what we call an End Point Group (EPG)<\/a> which allows ports or IP addresses or other EPGs to talk with it. \u00a0This is similar to how with AWS we create Security Groups<\/a> and can assign them to instances. \u00a0Some other cloud providers like Digital Ocean and Softlayer don’t have these features so in Linux instances we use things like iptables or ufw<\/a>\u00a0 to secure our instances.<\/p>\n

Since we want to secure and automate the entire environment, I’ve been playing with things like Docker<\/a> and Ansible<\/a> to create these secure instances and lock them down. \u00a0Open source tools to solve problems. \u00a0So while it’s a nice feature, it’s not going to apply in every case. \u00a0And how long before ACI has it? \u00a0Probably before most people adopt ACI or NSX to begin with.<\/p>\n

VMware and OpenStack<\/h2>\n

One last comparison:\u00a0 VMware is to OpenStack as Microsoft is to Linux. \u00a0I’ll just leave it at that.<\/p>\n

The Promise Land<\/h2>\n

The promise land is open. \u00a0It’s a place where I can take my applications from my own data centers and migrate them to any cloud provider I want. \u00a0\u00a0This is the vision of Cisco’s Intercloud<\/a>. \u00a0Use the best of public cloud and marry it with the private cloud. \u00a0It’s fast and it’s agile and it’s programmable.<\/p>\n

I’ll end with this: \u00a0Keep in mind that both of these technologies are still pretty fresh. \u00a0If I look at my customer set, I have quite a few Nexus 9000s but few ACI customers. \u00a0I also have lots of customers that are looking at NSX and ACI, but none of them have deployed it in test let alone production environments. \u00a0Now, my market here in the pacific northwest is a micro slice of the picture, and I’m sure Brad sees a lot more from his vantage point. \u00a0But if you haven’t jumped on any bandwagon yet (like I’d say 95% or more of IT have not), let me just say this:<\/p>\n

You can buy Cisco Nexus 9000s. \u00a0They make a great 40Gb switch and have great features including programability RESTful APIs, and python extensions. \u00a0It outperforms its competition on Power, Performance, Programmability, and Price. \u00a0You can try running NSX over them and you can try running them in ACI mode. \u00a0The choice is yours but you lose nothing and gain so much in moving to the Nexus 9k environment. \u00a0 \u00a0Its not just an adjustable TV stand. \u00a0It’s the whole solution: \u00a0The remote, the TV, and the stand, and the room you watch it in. \u00a0It’s the whole experience.<\/p>\n

You see the winner isn’t who comes up with the best software, \u00a0it’s who can produce the best experience.<\/p>\n

<\/h2>\n","protected":false},"excerpt":{"rendered":"

I consider myself \u00a0very fortunate to work in the IT industry. \u00a0Not only do I get to develop and deploy technologies that enhance the world we live in, but I also get more drama from the different companies than a soap opera. \u00a0Take for example the story of how Jayshree left Cisco to help build…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[990,481],"tags":[214,991,1012,981],"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/benincosa.com\/index.php?rest_route=\/wp\/v2\/posts\/2641"}],"collection":[{"href":"https:\/\/benincosa.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/benincosa.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/benincosa.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/benincosa.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2641"}],"version-history":[{"count":7,"href":"https:\/\/benincosa.com\/index.php?rest_route=\/wp\/v2\/posts\/2641\/revisions"}],"predecessor-version":[{"id":2676,"href":"https:\/\/benincosa.com\/index.php?rest_route=\/wp\/v2\/posts\/2641\/revisions\/2676"}],"wp:attachment":[{"href":"https:\/\/benincosa.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2641"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/benincosa.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2641"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/benincosa.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2641"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}