Cisco ACI Reviews

I use Cisco for security and collaborating. I use this solution with WebEx, WebEx Teams, and WebEx Board.

It's a hybrid solution.

I like using WebEx Board.

I would like this solution to be integrated with Pure Storage.

I've been using this solution for 22 years.

It's stable.

It's scalable.

I've contacted technical support.

The cost is fine.

I would rate this solution 9 out of 10.

I would recommend this solution.

We have two clusters, the first one of which I upgraded last week to version 4.6, with the main cluster being, at the moment, 4.2. 

We are talking about simple things with which we use the solution, such as employing Cisco firewalls for protecting or managing some of the data. 

I actually managed a huge and very complicated corporate network, it being separated in many locations. We have i1 solutions and outstations which are all connected to our network. My primary focus nowadays is on our communication, on the head office network. 

We have a perimeter firewall when it comes to the hub, which is responsible for outbound and inbound traffic, in respect of the public services for outbound customers and outbound internet traffic for the internal RJ customers.

Our current H firewall is Fortinet, being the 3000 D series. 

There is a separation into five Vdoms, or virtual domains, which themselves are separated into a data center, firewall, VBN, publishing services, and proxy as a proxy firewall.

Routing mythology comes into play. At the moment, we have our AS number and BGP configuration with many service providers for the purpose of maintaining high availability and redundancy. So too, the Fortinet firewall is working in high availability mode.

When it comes to security, we recently switched to Fortinet, as we feel it to be more customizable for our use case in RJ than the solution. We moved because Cisco scored lower than Fortinet. 

While we have seen a return on our investment in certain cases, we have, of late, faced issues on the Call Manager, which we have. 

We have an on-premises, resistant license which we invested in. Out of nowhere, Cisco changed the licensing module to that of smart licensing, a perpetual license state, without offering any compensation to the customers. 

This made the license worthless and forced us to subscribe for smart licensing. This is the only way to continue receiving active support and upgrades from Cisco, not that anyone would say anything otherwise. 

Cisco is much more expensive than other vendors, especially when it comes to the licensing. For half the cost, I can obtain the same service with another product. 

It would be great if ACI would include the next generation firewall feature. 

I rate the solution as an eight out of ten, owing to the issue of the price and the complexity involved in its maintenance. 

I have been working with Cisco ACI for around five years. I have definitely worked with it in the past 12 months. 

The solution is definitely stable. 

The scalability is okay. 

Cisco technical support is great. 

In the past, I used Fortinet, Cisco ASA and Meraki. Currently, I use Cisco ASA and Fortinet. 

When it comes to security, we recently switched to Fortinet, as we feel it to be more customizable for our use case in RJ than the solution. We moved because Cisco scored lower than Fortinet.

When it comes to the installation, it is important to keep in mind that we are a corporate enterprise, which means that the complexity and customization are there. Many locations must be connected with each other. There is a need to apply many routing protocols, including EIGRB, static, and BGP. We have many protected areas in the backbone. 

In the middle are data center firewalls, which lie between the user and core switches. We also manage the wireless access. There is also Cisco Identity Service Engine, which manages access to the internet using authentication and posturing, based on the configured policies.

Much staff is needed for maintenance. This varies with the work payload. 

While we have seen a return on our investment in certain cases, we have, of late, faced issues on the Call Manager, which we have.

We have an on-premises, resistant license which we invested in. Out of nowhere, Cisco changed the licensing module to that of smart licensing, a perpetual license state, without offering any compensation to the the customers.

This made the license worthless and forced us to subscribe for smart licensing. This is the only way to continue receiving active support and upgrades from Cisco, not that anyone would say anything were I to stop. The licensing issue contributes to my decision to rate the solution as an eight out of ten. 

Cisco is much more expensive than other vendors, especially when it comes to the licensing. For half the cost, I can obtain the same service with another product.

We are talking about the cost of the renewal. 

Cisco solution is a perfect product and considered number one in the world in many parts.

Cisco ACI is a great product. It's nice to have in the company.

I am the network administrator in the enterprise company.

I rate Cisco ACI as an eight out of ten. 

My clients use Cisco ACI for multi-site connectivity. They can use it to deploy multiple data centers and can manage the entire network from Cisco ACI Multi-Site.

I like features like policy control and micro-segmentation.

Quality Assurance could be better, and there are a lot of bugs in each release. We discover these bugs when we upgrade the ACI environment, sometimes resulting in downtime. 

In the next release, I would like to be able to manage hybrid cloud networking. So currently, if you have an ACI environment running on-premise or Epic in the cloud, we can handle it with the NexSys dashboard. But if Cisco can integrate SD WAN-related features, through which we can do multi-cloud networking, that will be an awesome feature. It should be more flexible.

I have been using Cisco ACI for more than five years.

Cisco ACI could be more stable. Bugs create performance issues.

On a scale from one to ten, I would give stability a six.

Cisco ACI is a scalable solution.

On a scale from one to ten, I would give scalability a ten.

My experience with technical support depends on the region. For example, technical support is excellent if it's an engineer from the EMEA, like Belgium. But we struggle to connect with good engineers in the APAC region.

Positive

It takes about a week to deploy this solution.

On a scale from one to ten, I would give the initial setup an eight.

We deploy this solution for our customers.

There are no additional costs. We only have to pay for a support contract apart from the license.

On a scale from one to ten, I would give pricing a seven.

On a scale from one to ten, I would give Cisco ACI an eight.

We use the solution in our data center.

Virtualization and integration with VMware is the most valuable feature.

The firewall has room for improvement because there is no central inspection yet on Cisco ACI.

I would like more integration with additional security solutions. 

The upgrade cycle has room for improvement.

I have been using the solution for four years.

I give the stability an eight out of ten.

I give the scalability an eight out of ten.

We have around 10,000 people in our organization.

The technical support is very good.

Positive

I give the initial setup a five out of ten. The setup is complex moving a data center. The deployment took us six months.

Three people were required for deployment and they are responsible for the low and high-level design as well as the migration.

The implementation was completed with Cisco Professional services.

I give the solution a six out of ten.

The maintenance is performed by Cisco themselves as part of our service plan.

For organizations that are already working with Cisco solutions, it is easy to upgrade to Cisco ACI, but if other vendors are being used I suggest thinking carefully before switching to Cisco because it can become difficult.

I am an assistant vice president. My role involves product management, presales, and delivery of Cisco ACI. We have deployed the solution on-premises and in the cloud. We have different verticals, UIs, and data centers. We consolidate the data center on the basis of region. The data centers are in different regions such as Apex, Europe, and the U.S. Recently, we have MSO connected to Cisco Cloud.

Cisco ACI is an automation requirement where they want to consolidate data centers. We wanted a hybrid Oracle solution where services can be monitored and managed from the cloud and equally can be deployed on-premises. From an application perspective, fifty percent can be moved to the cloud and fifty percent of the on-premises applications cannot be moved due to application restraints.

We use all the features provided by Cisco ACI including orchestration to layer seven, service training, load enhancements, and firewalls.

There are many bug fixes required with Cisco ACI. Whenever there is an issue, we raise it to their tech support and wait for a response. In the meantime, we come up with a version upgrade or patch upgrade so that it can be fixed. One concern we found after 15 days of troubleshooting was a multicasting issue. For many of the applications, we were using multicasting.

It is challenging for people who don't understand the programming language, making it difficult to migrate. With technology, there are two verticals. One is hardware driven and the other is software driven. Most people in our domain understand networking, but they don't understand programming. When we migrate, some programming is required.

I recommend that rather than creating individual stacks we are given some UI-based solutions. This type of functionality would allow us to create a tenant then click on bridge two, and then create it on a VR. Currently, we are using some scripts with help from Postman for migrations from a traditional data center to the cloud.

Over the past six months, I am more interested in the cloud and IoT. From a security perspective, I would recommend Cisco comes up with solutions for ACI and a portal perspective. 

The Apex GUI needs improvement, so end users can follow the proper steps without having to go through the guide, giving more flexibility to the GUI. This will ensure that the user can easily build the configuration.

I have been using Cisco ACI for six years.

Early on, Cisco ACI was not stable. As it matures, it improves. Integration is the biggest challenge with this hybrid solution. From a security perspective, it wasn't stable.

The maintenance of Cisco ACI depends on the project. We use different delivery teams or supporting teams on a project-by-project basis. We handle the delivery and implementation and in the back end, there is a third team that maintains operations.

This solution is scalable. We are system integrators providing solutions to our customers. Approximately fifty percent of our customers are using ACI. 

With experience and after training, the initial setup is not easy. An individual who is going to implement this solution needs some support at the start. 

Deployment depends on how many workloads there are. We migrated more than 300 VMs with the help of tech support. It took three days to complete.

I would rate the ease of setup a three and a half out of five.

We had training and support from Cisco and live enrollment. It was helpful. We followed the initial implementation strategy. It depends on the application structure, what type of application, and how the applications are combined on-premises. The types of services and the type of payment, AD DNS, are also considerations together with security services and how the communication is going to happen between the app and the native services like AD DNS. 

This requires us to work with the application team and complete our homework. We used Excel on a per-application basis. Using Postman, we upload it in the format. Usually, it's a subnet IP schema.

Anyone looking to implement Cisco ACI should look into the cloud features. Ensure you work with the skills you understand, and try to understand some programming to make the job easier. 

I would rate this solution between a seven and an eight out of 10.

We use this solution in our data centers. It is for connecting servers and increasing our bandwidth and resiliency.

Historically, we had four different computer rooms, and they were all configured differently.  When we went through the refresh and started using ACI, it was the first time that we had a consistent setup in all of our computer rooms.

The most valuable features are the ease of setup for redundancy, as well as centralized control.

The ability for us to figure out the traffic flows, to enable some of the more segmentation parts of it, is really tough with what is built into ACI. It would be nice if it were part of it.

The stability of this solution is great. We love it.

We have not hit the limit, so it's been very scalable for us. Redundancy has been great.

We hired an employee who used to work for Cisco technical support, and this person has been much more useful than the Cisco tech, itself. Technical support has not always been what we had hoped for.

However, we've had a lot of on-site support with our advanced services, and they've been great.

We work on state budget cycles, and several years went by without any kind of refresh. What we had were disparate solutions that were failing, and didn't have the same kind of redundancy or configuration. As such, the users were having a terrible experience so we had to do something. We then looked at ACI and Cisco and positioned it such that it made a lot of sense for us.

The initial setup of this solution is pretty straightforward.

We implemented this solution in-house.

We considered Cisco, Juniper, and VMware. Cisco rose to the top because of the support. It wasn't just the sale; they were going to be around afterward. We have a relationship there, that we trust.

Cisco is there for the long haul. It's been built by network people who understand the resiliency needs for network infrastructure. It's been reliable for us, as well as scalable. It can do our one-gig, ten-gig, forty-gig, hundred-gig, it can do it all, no matter if it's legacy or new.

I would rate this solution a nine out of ten.

We are transforming from an old legacy, non-Cisco network to a state-of-the-art data center.
Cisco ACI is reducing a lot of competence on the network. We are reducing a lot of assets, a footprint itself. It has one single pane of glass management. We use it to support our clients.

The efficiency in terms of the data center latency has been reduced by around 20-30%. Our applications function a lot better. We get a lot of intuitive data to know how our application stack is performing. 

The most valuable feature of this solution is the single pane of management. You can have various API integrations and you can have software-defined scripts.

Cisco ACI can build things for you which was not possible on legacy networks. 

The additional features I would like to see included in the next releases are support for our policy-based routing. There are endpoint issues that are there now in the code. Hopefully, these will get fixed in the future code. 

In terms of scriptings, there are a lot of APIs available but there's a big gap with networking and the application. That's a gap that we're trying to bridge to understand how to do scripting. 

So far, the stability has been good. There have been a lot of updates going in and things are getting a lot better.

Cisco ACI is very scalable. There's no real length to it. If you look at ACI, you can have an endless number of layers. 

The size of our environment is about 2,000 nodes. It's not a huge network, it's pretty medium-sized.

We use technical support for this product. We have our internal support team also. If we have additional feedback needed, we go back to Cisco. We are Cisco partners. Our experience with their support has been very good. I can communicate directly with certain BUs. 

We have been able to communicate with Cisco directly on certain questions. There are issues which have been very easy to resolve.

The initial setup is straightforward. It is not complex at all. It is plug-and-play. Then you add more switches into the network and you don't need to configure anything. 

We have not yet seen the ROI. We are in a transformation journey right now where you can clearly see how that is happening.

We have the smart licensing, but that was supported when we bought ACI. Smart licensing was not there previously. Recently, we migrated to the new code.

We had to convert to smart licensing. Licensing is for the overall number of nodes. We have a license for all 1,000 nodes right now.

On a scale of 1 to 10, I would rate this product at an 8 to leave a little bit of room for improvement.

I would advise someone considering this solution to do your homework. If you are trying to consolidate your data center, Cisco  ACI is probably the best product out there.

I'm in ACI operations and the current use for Cisco ACI is to host the entire server farm and all the applications which are hosted in our data center, here in Qatar, and also in different locations.

Normally, when you're configuring your core switches and your normal switching fabric, like Nexus or any of the HP platforms, you configure VLANs. If you're dividing a switch, you configure a virtual device contact. Instead of this, you have different tenants for your different environments, different segments. And you have automation on top of it if you are running virtualization domains. It removes the traditional networking configuration and gives you complete control over your switching fabric from one controller.

Also, it has APIs. You can use REST APIs and you can have configuration already built in for your XML code or GSM files. You can push it using different tools like Postman. You can have different types of Python scripts and you can have these types of automation if you want to play with the API. It will provide faster provisioning of network and faster provisioning of your applications. 

If you go for full automation, you can build your own tools. I have my own tools that I built in Python. If I want to configure EPG or interface, I configure some parameters on my script, it will push to ACI, and it will configure it.

In terms of time saved, any new provisioning of services or new applications will take less than one minute on. I gave one IP to my system team to configure the IP on the application and tag the EPG on the application data. It was just a matter of tagging.

Among the valuable features are the integration with VMM domains and their Layer 4 and Layer 7 devices, like device packages for F5, Palo Alto, and ASA.

We are also doing automation from ACI and we have integration with Azure. With the Azure stack integration we can have total automation. We can configure the EPGs from there, and we can configure load balancing functionalities from there as well. The most useful feature is that you don't need to configure anything on ACI itself. You can configure on Azure and it will provision your application. This is the highest level of automation in Microsoft.

In the second level of integration, you create the EPGs and the gateways on ACI yourself. Then, it will be configured on a SCVMM and you tag the VLANs there. It removes the hassle of configuring code groups and VLAN tags on the VMM, the virtualization domain, on the virtualization platform. You configure within ACI, and it will be visible there. It removes the networking administrative part from the system side, and you have complete control there.

You can also have microsegmentation. You can have isolation for a certain part of the EPGs.

In addition, you have a complete fabric you can connect to and you can have a static binding all over the fabric. You don't need to configure specific VLANs or run different cables. All of switches are connected to the spine, so you have complete reachability all over the fabric. You can have multi-tenancy. You can have multiple fabric configurations for different types of connectivity. You would not have this on normal switching fabric.

Where there is room for improvement from ACI is for Layer 2 and Layer 7 packages. Normally, when you're updating your ACI fabric or you're introducing new Layer 4 to Layer 7 devices and there are some constraints, there are some limitations. You need to check before you do it, as well as F5 load balances. When you are doing device packages you will not have the functionality of ASM. It's like WAF, web application firewalls. So you need to configure it manually. There is some room for improvement here.

The rest of it, for VMM domains, is improving. Cisco is introducing new features. I don't feel that it's unstable or it needs more improvement. But, for Layer 2 and Layer 7 packages, it still needs improvement. It needs quite a bit of work. 

Currently, we are using it in our test lab for Layer 4 and Layer 7 services. We are not using it in production. We are using unmanaged Layer 4 and Layer 7 devices. We are not using complete device packages.

I'm looking forward to something called Cisco Tetration. I have never worked on it but it's there now. It will map everything: What type of ports are communicated through between users and applications and between applications. It will map that on ACI automatically, at the ACI contracts level and the application level. It's like a big-data platform. It will understand the application. It will understand the port requirements, the security requirements, and it will perform some types of automation. Right now, ACI is lacking this. There's some intelligence within it but not much.

It's a very stable product in terms of switching fabric. It's quite reliable. It doesn't fail that much compared to other switching platforms. There are some things you need to be cautious of, like when you are configuring contracts. When you are configuring L4 and L7, you need to be aware of what type of configuration you're doing. Sometimes when you are configuring something which is third-party, not Cisco, you need to be aware of what the end result will be. So you need to do it in a test environment first, and then do it in production.

In terms of scalability there is just one limitation. When you want the security rules and features to be applied on the application NIC level - on the virtual NIC level, on the network interface level, on the application itself, on the virtualization domain - you cannot do that. The application needs to reach via API so you can apply the security policy. Then the security policies will be applied and then it can talk to other applications. This is one thing that is missing on ACI. But you cannot say that it's actually missing because that's the overlay approach of SDN; it's not underlay like NSX.

Technical support is quite mature. It's not bad as before. I'm the one person who has been working with ACI for a long time. Most engineers only have experience two or three years of experience with ACI. I have experience with ACI when it started from version 1.1. I have used more or less all the OS's. In the beginning, support was quite bad, but now it has improved notably. They have good engineers for the VMM. They have separate departments for separate things.

Response time is good, but it depends. If you are getting a call from the European or the American site the support is better. But if you get a call from the Indian site or from another site, it's not that mature yet.

Currently, we don't have any other SDN solutions, but I have experience with SDN in NSX. I have certification in VCIX, VCIX-NSX, and NV - network virtualization - from VMware.

The biggest difference is that NSX is running on compute. It's running on the hypervisor level. But ACI is running as an overlay, on a switching overlay fabric. This is the major difference. In NSX you can put policies closer to the application on the NIC level, but on ACI you have a constraint that you need to reach the fabric to have security policies apply.

The last setup I did was a freelance project in Dubai for Emaar. I also did one of the biggest projects here in Qatar for our company. I did one extension project at Qatar University. I have also done some document evaluation and design evaluation for a project that didn't start because of some budget constraints. It's still not completed. They are still evaluating, but I did the design evaluation from the vendor side.

In general, the setup is a little bit complex, but it will remove future complexity. In the beginning, for newcomers, for new engineers, it's a little complex. Even for me, when I was learning it, was a little bit harder for me because it doesn't have conventional switching. It's running multiple types of OS's inside the fabric, so that can cause a little bit of confusion. But, after some time, you will feel like it's more logical.

The deployment time depends on how many leaves there are and how many fabric spine switches there are and on how many applications there are. If it's migration, it takes more time. If it's a greenfield project, it will not take that much time.

I did one deployment that was a complete greenfield project. There was nothing there. There was no migration. They are building a new data center and it was a small setup. It had six switches and two small, baby spine switches. That took less than one month.

Regarding implementation strategy there are two types of approaches. There is network-centric and there's object-oriented-centric. If it's network-centric, each VLAN has its own bridge domain. But if you have a complete application-centric approach, you have one BD for everything and you can configure multiple gateways there. You will specify contracts.

The number of staff required for a deployment depends on the fabric, the leaves and spines. Deployment generally takes two or three guys. For the configuration, I'm the only one. I can do it, no problem. But for physical stacking and connectivity, it takes a number of people. For configuration, one person is more than enough.

We have plans to increase usage. We are extending our fabric all the time because we started with 14 leaves and we now have around 24 leaves. We're also planning to implement it in our DR5. All over the Middle East, there is huge demand for ACI because Cisco is pushing this platform for core data centers.

It decreases network provisioning time and application provisioning time. It also takes fewer resources to manage it. You don't need a number of consultants to manage the ACI fabric because it's a centralized system. You will have one APIC controller which can manage more than 200 leaf switches. It depends on the APIC sizing. You can have multiple switches connected to it and you can manage it.

If you compare the licensing and total cost of ACI, it's cheaper than NSX because of the licensing fees. If you are going for full NSX features it will be too expensive, especially the next-generation firewalling feature.

If somebody is planning to implement ACI, it's mostly because they want their network to be centralized and they want their network to be more organized. They want more efficient provisioning of networking and applications. By implementing ACI they will need fewer resources and will have reduced operations costs. They will have more flexibility over the network. They can have multiple types of automation on their fabric, instead of using normal switching fabric.

In terms of maintaining it, the operation is something else. It depends on the number of applications and their business criticality. You need to check if it's a 24-hour approach where you need two or three guys to have a rotation for shifts. Currently, we don't have shifts, and I'm the only one who is managing the ACI, but we have an on-call rotation. Sometimes I'm getting called, sometimes my colleagues are getting called and they are relaying the information to me. But as I built the fabric here, I set it up so that I don't need to come in urgently. Everything is redundant, everything is connected on a dual-switch basis. If one switch fails or there's a configuration issue, there will not be downtime.

We have about 3,000 end users. It's our core. All the applications are hosted there.

I would rate the solution at nine out of ten. I have very good experience with ACI. My major platform and my focus is on security and data centers. I'm pretty good with data center technology as it is one of my major points of focus. I have experience with different products, mostly Cisco security products, but I have had a good experience with ACI.