Cisco ACI Reviews

In the last nine months, I have done two projects with Cisco ACI. Both of them were banking systems. I'm capable of selling, installing, and deploying Cisco ACI, so I know all the licenses and prices as well as how to compare the prices and establish a pre-sales team and also doing the deployment and supporting the ACA solutions. 

The most important aspect of Cisco ACI in my opinion is the ease of management. Other solutions, like traditional solutions and pricier solutions—or even fabric and PAT—you have to do many configurations on a box-to-box basis, With Cisco ACI, you go on the AP and do some "next, next finish" installer. Everything is done without having to know about the VXLAN, AVPN, MP-BGP, or ISI. In previous solutions, you had to know all these things and deploy all of them yourself, so you needed a deep knowledge of VRF and all the other BGP things. You would have to remember everything about the detail configuration, but now we just do some clicks and everything is there.

The other benefit to me is the white-listing solution that the ACI can handle. It's important to have a good knowledge of IPS and DDoS things. I always prefer to stop traffic mid-way instead of putting everything on the firewall and blocking it on the firewall. In my opinion, a firewall has very limited resources and it is possible to run out of resources easily with a simple attack, like HPing. But when you do white-listing, you just greenlight your needed traffic, not all the traffic. So this is a very big difference. And also of course, nowadays everyone is talking about the ACR tool Heat that allows customized configuration to style. These are the major things and some other things like very low latency and few hops. 

Before version 5, you could manage your firewall or load balancer from the AP. It was very basic and now they removed the whole features in the new version, so you cannot manage your load balance or firewall from your AP on L2, L4, and L7 services. They can improve this because it's a little bit hard to send traffic with PBR or EPB to the box. They're returning back. That's one area where they could improve.

I've mostly worked with Cisco solutions in the last 15 or 17 years. I do everything from deploying enterprise solutions and developing data centers to building cloud applications with Cisco ACI or data solutions at the center, like MPP, GPU, AVPN, and VXLANs. Security-wise, I started with ASA and IPS then upgraded to Five Power and Snort. I also have a lot of experience with Ice and Identity solutions as well as ESA and WSA.

I believe that Cisco ACI is highly scalable. Anytime that you want to add bandwidth, you just need to add a spine and anytime you need more ports, you just need to add that. And the very cool feature is the different typology that ACI can support now. Before that, it was a stretch, especially the typology. Nowadays, everyone is talking about the IPN and the multi-part.

For bigger operations with different data centers in different locations, you can deploy multi-site and it also offers some support remotely. I've never deployed it, but you can use a virtual peak that gives this and also enables a multi-tier. That's also very helpful with customers that don't want to spend a lot of money for the cable or transceivers. And the hardware is massive. I really love the hardware. The MTBF is huge. Everything is stable.

I was also in Malaysia for many years as a CTO at a company before COVID and was a Cisco partner. So I know how to create tickets. I've experienced how they respond and escalate tickets. I was the business owner and promised stability and availability to my customers. I asked and they opened a ticket for me, and I'd give it to my friend. I only needed to interact with Cisco techs very few times. But for licensing things and hosting, I use support all the time.

In most cases, you just plug in the cables and it even has the cable cave, a guard system, attached spine to spine. In my opinion, the initial part that involves creating the overlay is very easy compared to an MP-BGP or VPN solution. So in that case, it definitely takes hours, especially if the site that you are working with ACI is multi-tenant. If it's multi-tenant and you are not using ACI or an MPG EVP solution, then it's hard for you to take care of the road fillers. And a BGP road target must be very accurate, but here you don't deal with anything. This is also very great about ACI, which takes less networking. There's no port. Everything is tied to the object. So that's very easy. I believe that it is exactly the same environment and same thing that we face with the Cisco Blade system. You can create a foreign device and attach it to any server on the Blade and everything works fine. 

I would rate Cisco ACI nine out of 10. I'm always trying to push customers to use Cisco solutions. When I'm talking to my clients or anyone else who is thinking about using Cisco solutions, I always say 10 out of 10, but I believe that there is some space for improvement. 

Cisco ACI is the next-generation SDN-based solution that Cisco uses for almost every style of data center or server farm. It's similar to what we used when we wanted to build a facility containing our computing storage and everything we already have in our data center. However, this one is different because it uses innovative technology that combines VXLAN, MP-BGP, and SDN.

It has an amazing graphical user interface, and it integrates well with other brands like VMware. You can even integrate ACI with NSX in the latest versions. ACI integrates with NSX in version 5 and above. You can also use it with Kubernetes, OpenShift, and Cloud Foundry. It also has agents for cloud platforms like AWS and Azure.

ACI's most valuable feature is its SDN capabilities. Everything is on your software design controller. Everything is blocked by default until you allow it. 

The integration has room for improvement. There should be a drag-and-drop interface for configuring the integration where you connect some arrows to boxes, and the system takes care of the configuration. 

Right now, they have something similar, but it's limited. You have to take care of some things yourself. That is one area that the solution can work on. It's easy now, but it's much easier in other solutions.

Cisco ACI is highly stable. I've deployed it at six or seven data centers, and we've never had any issues with stability. It's a hundred percent reliable, but you have to consider some things. You can't deploy any version of your box and expect it to be stable because Cisco has some rules. For example, Cisco has a recommended version. It means that other versions may contain bugs.

Starting in 2000, if you open a switch, you will see a small motherboard, and the switch will work forever. There was no configuration. You just ran a few commands, and everything was done. Today, when you open a switch, you see a whole computer. For example, you can deploy the Cisco Catalyst 9000 with Python script. So there have been a lot of improvements and a lot of things.

Also, when they update ACI, you will face some bugs because this isn't a limited motherboard. Now, the motherboard is like a computer. You can expect some bugs, but you won't have that many issues compared to other solutions if you use the recommended version.

The initial setup is effortless. You can deploy ACI even if you have limited routing knowledge because everything is done automatically. The underlay network is IS-IS, while the overlay network is BGP. You don't need to know anything about IS-IS or BGP. 

You need at least two people to deploy ACI. More than two engineers might be required. Your VM engineer should join you if you're working with a virtualized environment,  and your storage network engineer should take part if the project involves storage. In total, it should be maybe two to three people.

I rate Cisco ACI nine out of 10.

The main customers are Tata Consultancy and Data Communication Limited. For them, ACI's fabric capabilities, automation features, and specifically, the L4-L7 features and micro-segmentation are most valuable.

In legacy networks, managing changes requires individual tickets for each device. ACI's single pane of glass management through APIC is a big advantage.

So, single-tenant management is a plus.

Customer support for ACI needs improvement. Many customers prefer HPE because their internal support is different and easier to integrate with existing networks. This lack of awareness of ACI's capabilities makes customers stick to traditional networking.

My customers' internal teams lack ACI expertise, so Cisco should provide training or offer end-to-end use case support.

I have been using this solution for the last seven years. 

I would rate the stability an eight out of ten. 

It's quite scalable. I would rate the scalability a ten out of ten. We have features like fabric provision and tenant isolation, which makes it competitive with other OEMs.

We have enterprises primarily as our customers. 

Support can be inconsistent. Some customers have had issues.

Positive

I would rate my experience with the initial setup a nine out of ten, with ten being easy to set up. 

The initial setup is quite straightforward. Our clients have a private and hybrid cloud.  

Deployment timeframe can vary.  We get a chance to deploy the ACI on a quarterly basis.

The licensing is expensive. Customers find the price expensive.  

Remember, even a single network change with ACI instantly reflects across all devices.

Overall, Cisco ACI is excellent. I'd definitely give it a ten out of ten.

We have several customers who are using Cisco ACI. In my opinion, Cisco ACI is the most powerful solution from Cisco. It is a very strong solution and was recently developed by Cisco, especially because of the Cisco ACI fabric. 

Cisco ACI is a declarative model or object-based model that focuses on application-centric policies rather than traditional network validation. It uses spine-leaf topology. It eliminates the need for customers to spend time configuring their network, routing, and switching. Instead, they can simply initialize the fabric and design their application based on their policy. It's a pretty advanced solution and eliminates a lot of headaches.

The most useful feature in the ACI is a feature called Service Graph. Service Graph is a part of the ACI fabric and is used to redirect traffic through various network services, such as firewalls, without the need for complicated network configurations.

You simply create a policy and redirect the traffic to the firewall and then back to the ACI. So the Service Graph feature is the most powerful feature in the ACI and can be used to deploy the firewall as a service template for any type of traffic. You can direct the traffic to go through the firewall and then back to the ACI. I think it's the most important feature of the ACI.

I can recommend that Cisco improve its execution. But keep in mind that ACI is the most convenient solution for Cisco, and it is developing every day, adding new features.

Additionally, keep in mind that you can integrate the manager or CCI and manage your remote cluster and data center from the ACI dashboard, which is another possible feature in ACI.

I have only been using ACI for six months because I was promoted to central consultant last year. After my promotion, I started working on the ACI solution. We are using version 5.2. It's on-premises because our customer is in the banking sector and due to governmental restrictions, we cannot install any solutions over the cloud. All solutions, including SDR, ACI, and SDR, depend on the on-premises setup.

After version 5, it became a very stable product.

Scalability is another powerful feature of Cisco ACI. For example, if you need to add another endpoint, you don't need to redesign your network. You can simply add a switch or a leaf switch and you're good to go. If you need to increase the number of devices or add more bundles, you can add a spine switch or a backbone switch without any redesign because the fabric is initialized from zero. You can add or delete devices without the need for a complete redesign. So it's a very scalable solution, and scalability is the most powerful feature of Cisco ACI.

I did have one case where I needed a replacement for a switch, and they handled it perfectly.

I would tell you the pros and cons of using your legacy network versus ACI. Without ACI, you may encounter scalability issues as adding new devices and switches would require a redesign.

Additionally, there may be challenges with extending the layers between switches in the data center, such as sending traffic and addressing challenges.

Using ACI can provide benefits such as simplifying network management. Without ACI, each device and loop would need to be managed individually, but with ACI, the entire data center can be managed through a single dashboard, including VMware, firewalls, and more. ACI can also improve availability and billing.

ACI uses an object and policy model, which simplifies the configuration of routing and switching and enables application-to-application communication. Using ACI can eliminate legacy network issues and provide significant benefits, regardless of the customer size.

Overall, I would rate Cisco ACI a nine out of ten.

We primarily use it for network-centric applications and environments. It's mostly used for migrating traditional three-tier networks to the ACI infrastructure.

Automation features have been most beneficial for managing complex networks.

It could benefit from an orchestration tool that makes deploying services easier.

I have been working with Cisco ACI for almost seven years. 

It is a very stable. I would rate the stability a ten out of ten.

ACI is highly scalable, both within a single site and across multiple data centers.

I would rate the scalability a ten out of ten. Our clients vary from mid-sized to large, including financial institutions.

We don't usually need much support unless there's a technical issue or bug. We might contact them for design reviews during deployment.

Neutral

It was easy, especially with the newer version. After preparing the initial fabric, it's mostly plug-and-play. 

However, service deployment could be simplified with a better orchestration tool for deploying endpoint groups (EPGs) and other objects.

The deployment process is an ongoing process that can take over a year, as it's part of a migration of workloads and services. You can't migrate an active data center all at once. There are project dependencies that affect the timeline.

These are not technical challenges but project dependencies. Each project has its own timeline and phases. The technical aspects aren't that complicated.

I haven't encountered any challenges in deployment. It's simple automation through a portal for deploying services and EPGs.

I highly recommend it. Compared to traditional data centers, it's more efficient, easier to deploy, and has less dependency on the infrastructure for application management.

Overall, I would rate the solution a ten out of ten.

Over the past six years, I've gained extensive experience with Cisco ACI, working on diverse solutions. This includes multi-site projects, like one involving a private bank with interconnected data centers utilizing Dark Fiber and Cisco ACI for seamless operations. I've also successfully integrated Cisco ACI with Kubernetes and Red Hat OpenShift to support container-based applications. I've played a dual role as an instructor, teaching Cisco ACI topics, and actively participating in various ACI-related projects. These projects have covered single-site, multi-site, and multi-tenant infrastructures, involving aspects like design, implementation, troubleshooting, and training, giving me a comprehensive understanding of the ACI ecosystem.

Our clients find several features of Cisco ACI particularly valuable, like the ability to create Service Graphs and employ Policy-Based Routing in an Application-Centric manner. One significant attraction for clients in Iran is the robustness of multicast solutions, which has been a major driver for them to migrate to Cisco ACI. It's worth noting that in Iran, the predominant IT infrastructure is on-premises, with limited usage of AWS or hybrid solutions.

While it is quite functional, I found it to be somewhat slow, and there was a notable issue related to the removal of the help section. In previous ACI versions, every configuration section had an accompanying help section that provided valuable information. This feature was removed in the latest version, and the reasoning behind this change is unclear. I believe there's room for improvement in terms of ACI's integration with various technologies. For instance, when it comes to integrating with Kubernetes, the compatibility is somewhat lagging.

I have approximately five to six years of experience working with Cisco ACI.

It exhibits remarkable stability, particularly from ACI version five onwards. For instance, the stock exchange infrastructure I've worked with has been operating flawlessly on ACI for almost two years now, with no significant issues. I would rate it ten out of ten.

I rate the scalability of ACI as nine out of ten, leaving room for potential improvements or aspects that I haven't explored fully.

I have never sought support from Cisco, mainly because of the nature of the operations and issues I've encountered. With the exception of hardware problems, which are usually beyond our control, I've handled all other situations and software failures directly.

Generally, I find the initial setup and configuration of Cisco ACI to be one of the simplest processes in the context of this technology, except in rare cases involving unique configurations. I would rate it eight out of ten.

The duration and complexity of the deployment can vary significantly based on the chosen approach, whether it's application-centric or network-centric. In the service recognition phase, especially for application-centric deployments, a deeper understanding of the service infrastructure is required. This involves collaboration with the software team to comprehend the service architecture, which can extend the deployment timeline. This approach differs from a more straightforward network-centric implementation where you might only need to convert legacy VLAN and IP contracts to ACI objects. In my experience, building Cisco ACI from the ground up can take anywhere from four months to nearly a year. For instance, if you aim to migrate swiftly to ACI without relying heavily on advanced features like service graphs and PBR, and simply want to establish ACI as the default gateway for servers, the fabric can be set up in as little as three to four months. Certain operations, such as the physical installation of spine switches, can extend the timeline from three to four months up to nearly a year for a complete project.

It is not very cheap, but it is still a cost-effective solution, especially when considering the broader context of data center expenses, including servers, storage, and firewalls. The pricing, including both hardware and licenses, is reasonable.

Overall, I would rate it ten out of ten.

Our primary use case is replacing Nexus 7000 with Cisco NX-OS. We would like to replace this actuator with the newer Cisco ACI platform. We currently use Cisco Nexus 9000.

Cisco ACI improved the stability of our IT system and our data center.

We currently use the smooth upgrade process available in Cisco ACI, and it's really useful. I also like the augmentation of the bandwidth available in the platform with 10 and 40 GB interfaces.

Cisco ACI helps us better secure our infrastructure from end to end because we can use a contract to secure flow between endpoints in the data center.

Because we can use automation processes with this platform, we have been able to free up our IT department's time.

We can deploy applications quickly with automation, and we have been able to save time overall as an organization as well.

Our problems with Cisco ACI are mainly related to the contracts and how to manage them easily in the platform. Cisco also needs to improve the log files and the complexity of the graphical interface.

Cisco ACI is stable, and we haven't had any problems with the stability of the system.

We haven't had any problems with scaling the platform because it's easy to add a leaf or spine.

We have had good experiences with Cisco's technical support. They respond quickly and with accurate responses.

It takes some time to understand the new terms and concepts, but the deployment itself is completely smooth. We didn't have any problems deploying the solution.

We first deployed the solution on our qualification data center so that we could test the solution before we deployed it in the production data center.

We implemented it with the help of an integrator.

The pricing and licensing are both high, particularly if you want a high level of functionality. It would be great if the price and licensing costs could be decreased.

Cisco ACI works well, and it has been a good investment for us. There are a few areas for improvement, so I would give Cisco ACI an overall rating of eight out of ten.

We help customers obtain, renew, and upgrade. This is a multi-cloud software-defined data center. If a customer is in banking, we can separate and secure data centers for multiple sites.

I really like the usage of the application. It offers a good focus on applications and has a driven policy model. It is capable of automation and application-driven. Customers can focus on the applications, and this benefits the end customers.

We really like the GUI and the visibility we get in on the dashboards. You get real-time details on performance. 

The DevOps teams can integrate their own software in ACI. 

We can monitor which areas are working well. 

It can be used with Kubernetes.

We get a full holistic view of the ecosystem. 

Ideally, if it could be more aligned as a unit, it would be useful.

Compared to VMware, it needs more virtualization technologies. It cannot match that right now based on the hardware boxes that we use. It could be more virtualized. There is less flexibility as they have less virtualization.

The contract management could be better.

It needs to include log files.

The GUI could be better. The solution be more user-friendly.

We've seen a lot of trends in companies moving towards AI and cloud capabilities. If it could really focus on this area, it would continue to be a very good product. It would improve the cost-benefit of the product in the long run. They need to integrate with multiple cloud platforms. Better integration and compatibility across the board, in fact, would make it a better product.

I've used the solution for four to five years. The customers I work with use ACI.

I have found the stability to be good. I'd rate it nine out of ten. 

The scalability is pretty good. You should have two of the spines altogether. Then the leaves can expand when you want to have more bandwidth or more throughput requirement.

If you need more computing power or networking power in the data center, then you have to add the leaves. Of course, if you need more throughput power, it's a bit different. For example, if one spine has the power of 4GBs, the two spines, which are combined, give the power of 8GBs, if you want more throughput, for example, 50GBs, you just go and add a couple of spines to it to commit to that sort of power. 

We tend to work with medium to large organizations.

I'd rate the scalability seven out of ten.

Technical support has been good.

Positive

I haven't worked much with other solutions. I have worked with VMware NSX. It's similar, however, it is more flexible and is faster to set up.

The initial setup isn't too complex, depending on the user's background. If a person is comfortable with Cisco products, it won't be too hard. You do have to use the command line, which makes it a tedious task. That said, you have more advantages with configuration capabilities. 

I'd rate the process eight or nine out of ten in terms of ease of setup. For the most part, it takes five to six steps.

It doesn't take too long to set up the entire product. It's easier than the other areas of the Cisco portfolio. Cisco is also making deployments easier to handle in general. It might take a few days since it is software-defined. 

On a high level, if the customer has a lot of devices, it might take two to three hours, and then you need to integrate everything. It shouldn't take more than 30 minutes after that to deploy and get the devices integrated. It's just working on it and reviewing tasks, which takes some time. It's an ongoing process.

Cisco solutions are pretty pricy as you have to buy the AP controllers, leaves, spines, and hardware. I'd rate the pricing six out of ten in terms of affordability.

We are resellers and consultants. We provide insights to clients regarding this product. We don't use the solution ourselves; we help the customer use it and realize its value. We're Cisco partners. 

We don't use a specific version of the product. Typically, we use the latest when it comes out.

I'd recommend the solution for users that have a traditional setup and need a dashboard. Many banks have complex data centers. They'd benefit from moving to this solution.

I would rate the solution nine out of ten.

The pricing factor is an issue. It's also not as good as VMware as it is not as virtualized. However, the Cisco portfolio is quite strong.