Caution: Articles written for technical not grammatical accuracy, If poor grammar offends you proceed with caution ;-)
There is not really much I can add to the debate on NSX vs ACI except to share my opinion on a few things.
Let’s look at the world as it is today. It is a virtual world. At least 80% of workloads in most datacenters today are virtualized. So that leaves roughly 20% of workloads as physical. How often do physical workloads move to different servers, racks, datacenters etc? Not very often right? You rack them, you cable them, you plug them in, you configure the port(s) and that is basically where it lives for the rest of it days. Any rules or policies you need for those machines get created and that’s it.
Now let’s look at the virtual side of the house. You have virtual machines that get spun up, spun down, scaled up, scaled down, moved from one physical server to another, moved to a different rack and possibly a different datacenter. All of this is happening automatically. No manual intervention needed. It is extremely important that these workloads are secured no matter where they are running or how long they are running for.
I don’t know about you, but I personally don’t really see how ACI can add anywhere near the value NSX can add to 80% of the dynamic workloads in the datacenter. I can certainly see ACI having benefits for the physical workloads in the environment. This goes back to my theory as to why does it have to be one or the other. Really it would be great to see Cisco and VMware work together and really make a difference in the datacenter. The good news however is that VMware and Arista are better together and making a difference in the datacenter.
I’m not going to get into the Arista VMware relationship in this article, but google it and you will find some good info. Why can’t we all get along and do what is best for the customer and their datacenter.
Here are some articles that I found to be interesting on the subject:
http://bradhedlund.com/2014/11/03/on-choosing-vmware-nsx-or-cisco-aci/
https://ccie31104.wordpress.com/2014/09/24/cisco-aci-vs-vmware-nsx/
Your virtual / physical position is flawed. Will 100% of any application workflow be deployed on a single NSX cluster? Any architect who approaches NSX with that in mind is unnecessarily limiting their options.
Some will want to stitch virtual and physical together to maximize cost savings. E.g., SSL processing on bare-metal costs about 1/3 of doing it in virtualized x86 compute cluster (and that’s before adding SW & hypervisor licensing). An SSL-heavy environment would be crazy not to look at the economics.
Others will be deploying heterogeneous applications. E.g., perhaps a container-based web and middleware tier, a bare metal database tier, vSphere-hosted application servers, etc.
I expect that the majority of enterprise data centers will end up with pockets of NSX computing running alongside non-NSX vSphere clusters, Hyper-V clusters, Openstack clusters, a Citrix VDI cluster, and other disjointly-managed and licensed environments.
Your comment on “How often do physical workloads move…?” is exactly right, but this apples to virtual workloads, too. NSX does a great job creating VM netwoking but, once created, how often does that change? Almost never. Yet, you’re on the hook to pay NSX licensing of $10 per month per VM forever. That’s a tough pill to swallow unless you’re using other NSX features — namely microsegmentation.
FYI, NSX can be licensed per proc just like vSphere, it doesn’t have to be purchased via subscription. The subscription model is more for folks who want to start with a smaller set of VM’s on NSX, or maybe for a temporary need like protecting a set of Windows 2003 servers for a year or two until the apps can be migrated/retired.