Cisco ACI Reviews

We have several customers who are using Cisco ACI. In my opinion, Cisco ACI is the most powerful solution from Cisco. It is a very strong solution and was recently developed by Cisco, especially because of the Cisco ACI fabric. 

Cisco ACI is a declarative model or object-based model that focuses on application-centric policies rather than traditional network validation. It uses spine-leaf topology. It eliminates the need for customers to spend time configuring their network, routing, and switching. Instead, they can simply initialize the fabric and design their application based on their policy. It's a pretty advanced solution and eliminates a lot of headaches.

The most useful feature in the ACI is a feature called Service Graph. Service Graph is a part of the ACI fabric and is used to redirect traffic through various network services, such as firewalls, without the need for complicated network configurations.

You simply create a policy and redirect the traffic to the firewall and then back to the ACI. So the Service Graph feature is the most powerful feature in the ACI and can be used to deploy the firewall as a service template for any type of traffic. You can direct the traffic to go through the firewall and then back to the ACI. I think it's the most important feature of the ACI.

I can recommend that Cisco improve its execution. But keep in mind that ACI is the most convenient solution for Cisco, and it is developing every day, adding new features.

Additionally, keep in mind that you can integrate the manager or CCI and manage your remote cluster and data center from the ACI dashboard, which is another possible feature in ACI.

I have only been using ACI for six months because I was promoted to central consultant last year. After my promotion, I started working on the ACI solution. We are using version 5.2. It's on-premises because our customer is in the banking sector and due to governmental restrictions, we cannot install any solutions over the cloud. All solutions, including SDR, ACI, and SDR, depend on the on-premises setup.

After version 5, it became a very stable product.

Scalability is another powerful feature of Cisco ACI. For example, if you need to add another endpoint, you don't need to redesign your network. You can simply add a switch or a leaf switch and you're good to go. If you need to increase the number of devices or add more bundles, you can add a spine switch or a backbone switch without any redesign because the fabric is initialized from zero. You can add or delete devices without the need for a complete redesign. So it's a very scalable solution, and scalability is the most powerful feature of Cisco ACI.

I did have one case where I needed a replacement for a switch, and they handled it perfectly.

I would tell you the pros and cons of using your legacy network versus ACI. Without ACI, you may encounter scalability issues as adding new devices and switches would require a redesign.

Additionally, there may be challenges with extending the layers between switches in the data center, such as sending traffic and addressing challenges.

Using ACI can provide benefits such as simplifying network management. Without ACI, each device and loop would need to be managed individually, but with ACI, the entire data center can be managed through a single dashboard, including VMware, firewalls, and more. ACI can also improve availability and billing.

ACI uses an object and policy model, which simplifies the configuration of routing and switching and enables application-to-application communication. Using ACI can eliminate legacy network issues and provide significant benefits, regardless of the customer size.

Overall, I would rate Cisco ACI a nine out of ten.

We have two clusters, the first one of which I upgraded last week to version 4.6, with the main cluster being, at the moment, 4.2. 

We are talking about simple things with which we use the solution, such as employing Cisco firewalls for protecting or managing some of the data. 

I actually managed a huge and very complicated corporate network, it being separated in many locations. We have i1 solutions and outstations which are all connected to our network. My primary focus nowadays is on our communication, on the head office network. 

We have a perimeter firewall when it comes to the hub, which is responsible for outbound and inbound traffic, in respect of the public services for outbound customers and outbound internet traffic for the internal RJ customers.

Our current H firewall is Fortinet, being the 3000 D series. 

There is a separation into five Vdoms, or virtual domains, which themselves are separated into a data center, firewall, VBN, publishing services, and proxy as a proxy firewall.

Routing mythology comes into play. At the moment, we have our AS number and BGP configuration with many service providers for the purpose of maintaining high availability and redundancy. So too, the Fortinet firewall is working in high availability mode.

When it comes to security, we recently switched to Fortinet, as we feel it to be more customizable for our use case in RJ than the solution. We moved because Cisco scored lower than Fortinet. 

While we have seen a return on our investment in certain cases, we have, of late, faced issues on the Call Manager, which we have. 

We have an on-premises, resistant license which we invested in. Out of nowhere, Cisco changed the licensing module to that of smart licensing, a perpetual license state, without offering any compensation to the customers. 

This made the license worthless and forced us to subscribe for smart licensing. This is the only way to continue receiving active support and upgrades from Cisco, not that anyone would say anything otherwise. 

Cisco is much more expensive than other vendors, especially when it comes to the licensing. For half the cost, I can obtain the same service with another product. 

It would be great if ACI would include the next generation firewall feature. 

I rate the solution as an eight out of ten, owing to the issue of the price and the complexity involved in its maintenance. 

I have been working with Cisco ACI for around five years. I have definitely worked with it in the past 12 months. 

The solution is definitely stable. 

The scalability is okay. 

Cisco technical support is great. 

In the past, I used Fortinet, Cisco ASA and Meraki. Currently, I use Cisco ASA and Fortinet. 

When it comes to security, we recently switched to Fortinet, as we feel it to be more customizable for our use case in RJ than the solution. We moved because Cisco scored lower than Fortinet.

When it comes to the installation, it is important to keep in mind that we are a corporate enterprise, which means that the complexity and customization are there. Many locations must be connected with each other. There is a need to apply many routing protocols, including EIGRB, static, and BGP. We have many protected areas in the backbone. 

In the middle are data center firewalls, which lie between the user and core switches. We also manage the wireless access. There is also Cisco Identity Service Engine, which manages access to the internet using authentication and posturing, based on the configured policies.

Much staff is needed for maintenance. This varies with the work payload. 

While we have seen a return on our investment in certain cases, we have, of late, faced issues on the Call Manager, which we have.

We have an on-premises, resistant license which we invested in. Out of nowhere, Cisco changed the licensing module to that of smart licensing, a perpetual license state, without offering any compensation to the the customers.

This made the license worthless and forced us to subscribe for smart licensing. This is the only way to continue receiving active support and upgrades from Cisco, not that anyone would say anything were I to stop. The licensing issue contributes to my decision to rate the solution as an eight out of ten. 

Cisco is much more expensive than other vendors, especially when it comes to the licensing. For half the cost, I can obtain the same service with another product.

We are talking about the cost of the renewal. 

Cisco solution is a perfect product and considered number one in the world in many parts.

Cisco ACI is a great product. It's nice to have in the company.

I am the network administrator in the enterprise company.

I rate Cisco ACI as an eight out of ten. 

We are transforming from an old legacy, non-Cisco network to a state-of-the-art data center.
Cisco ACI is reducing a lot of competence on the network. We are reducing a lot of assets, a footprint itself. It has one single pane of glass management. We use it to support our clients.

The efficiency in terms of the data center latency has been reduced by around 20-30%. Our applications function a lot better. We get a lot of intuitive data to know how our application stack is performing. 

The most valuable feature of this solution is the single pane of management. You can have various API integrations and you can have software-defined scripts.

Cisco ACI can build things for you which was not possible on legacy networks. 

The additional features I would like to see included in the next releases are support for our policy-based routing. There are endpoint issues that are there now in the code. Hopefully, these will get fixed in the future code. 

In terms of scriptings, there are a lot of APIs available but there's a big gap with networking and the application. That's a gap that we're trying to bridge to understand how to do scripting. 

So far, the stability has been good. There have been a lot of updates going in and things are getting a lot better.

Cisco ACI is very scalable. There's no real length to it. If you look at ACI, you can have an endless number of layers. 

The size of our environment is about 2,000 nodes. It's not a huge network, it's pretty medium-sized.

We use technical support for this product. We have our internal support team also. If we have additional feedback needed, we go back to Cisco. We are Cisco partners. Our experience with their support has been very good. I can communicate directly with certain BUs. 

We have been able to communicate with Cisco directly on certain questions. There are issues which have been very easy to resolve.

The initial setup is straightforward. It is not complex at all. It is plug-and-play. Then you add more switches into the network and you don't need to configure anything. 

We have not yet seen the ROI. We are in a transformation journey right now where you can clearly see how that is happening.

We have the smart licensing, but that was supported when we bought ACI. Smart licensing was not there previously. Recently, we migrated to the new code.

We had to convert to smart licensing. Licensing is for the overall number of nodes. We have a license for all 1,000 nodes right now.

On a scale of 1 to 10, I would rate this product at an 8 to leave a little bit of room for improvement.

I would advise someone considering this solution to do your homework. If you are trying to consolidate your data center, Cisco  ACI is probably the best product out there.

We started working with a customer which is in the Netherlands. They are really important for us. They started migrating the building of their CRM to ACI. We started with 2.0. We just upgraded the fabric to 3.2. In the next three months, we are aiming to migrate and upgrade the fabric plan to 4.0

Our customer has around 1,000 virtual machines and before, they were all 100 physical servers which, on our side, were obviously consuming energy and resources. Now everything is on the customer and so it's up to them to manage the size of the virtual machines. 

The straightforward migration of all of the applications and loop balancing are the two most valuable features. Also, the measurement of their customer-wide sources is very straightforward. It's another dimension of the networks.

The virtualization area needs improvement but I expect that to happen with the 4.0 version.

I would like for them to develop integration with AWS. 

Scalability is pretty good. 

Their technical support is top notch. 

We had reached the capacity in the data center. We could build a new data center or buy a new solution so we migrated to a new solution to save space. 

The setup was complex because we have a complex internet architecture. It wasn't because of the product. It was complex because of internal issues on our side. 

We had Cisco support but everything was done internally. 

We only looked at Cisco because we have all of our routing and switching infrastructure with Cisco. 

I would rate it an eight out of ten. There's room for improvement in the software version. To get to a ten, they should improve the virtualization and develop integration with AWS. 

For companies starting from scratch, ACI is the best solution in terms of the space needed and time to delivery. 

My clients use Cisco ACI for multi-site connectivity. They can use it to deploy multiple data centers and can manage the entire network from Cisco ACI Multi-Site.

I like features like policy control and micro-segmentation.

Quality Assurance could be better, and there are a lot of bugs in each release. We discover these bugs when we upgrade the ACI environment, sometimes resulting in downtime. 

In the next release, I would like to be able to manage hybrid cloud networking. So currently, if you have an ACI environment running on-premise or Epic in the cloud, we can handle it with the NexSys dashboard. But if Cisco can integrate SD WAN-related features, through which we can do multi-cloud networking, that will be an awesome feature. It should be more flexible.

I have been using Cisco ACI for more than five years.

Cisco ACI could be more stable. Bugs create performance issues.

On a scale from one to ten, I would give stability a six.

Cisco ACI is a scalable solution.

On a scale from one to ten, I would give scalability a ten.

My experience with technical support depends on the region. For example, technical support is excellent if it's an engineer from the EMEA, like Belgium. But we struggle to connect with good engineers in the APAC region.

Positive

It takes about a week to deploy this solution.

On a scale from one to ten, I would give the initial setup an eight.

We deploy this solution for our customers.

There are no additional costs. We only have to pay for a support contract apart from the license.

On a scale from one to ten, I would give pricing a seven.

On a scale from one to ten, I would give Cisco ACI an eight.

Our primary use case is replacing Nexus 7000 with Cisco NX-OS. We would like to replace this actuator with the newer Cisco ACI platform. We currently use Cisco Nexus 9000.

Cisco ACI improved the stability of our IT system and our data center.

We currently use the smooth upgrade process available in Cisco ACI, and it's really useful. I also like the augmentation of the bandwidth available in the platform with 10 and 40 GB interfaces.

Cisco ACI helps us better secure our infrastructure from end to end because we can use a contract to secure flow between endpoints in the data center.

Because we can use automation processes with this platform, we have been able to free up our IT department's time.

We can deploy applications quickly with automation, and we have been able to save time overall as an organization as well.

Our problems with Cisco ACI are mainly related to the contracts and how to manage them easily in the platform. Cisco also needs to improve the log files and the complexity of the graphical interface.

Cisco ACI is stable, and we haven't had any problems with the stability of the system.

We haven't had any problems with scaling the platform because it's easy to add a leaf or spine.

We have had good experiences with Cisco's technical support. They respond quickly and with accurate responses.

It takes some time to understand the new terms and concepts, but the deployment itself is completely smooth. We didn't have any problems deploying the solution.

We first deployed the solution on our qualification data center so that we could test the solution before we deployed it in the production data center.

We implemented it with the help of an integrator.

The pricing and licensing are both high, particularly if you want a high level of functionality. It would be great if the price and licensing costs could be decreased.

Cisco ACI works well, and it has been a good investment for us. There are a few areas for improvement, so I would give Cisco ACI an overall rating of eight out of ten.

Over the past six years, I've gained extensive experience with Cisco ACI, working on diverse solutions. This includes multi-site projects, like one involving a private bank with interconnected data centers utilizing Dark Fiber and Cisco ACI for seamless operations. I've also successfully integrated Cisco ACI with Kubernetes and Red Hat OpenShift to support container-based applications. I've played a dual role as an instructor, teaching Cisco ACI topics, and actively participating in various ACI-related projects. These projects have covered single-site, multi-site, and multi-tenant infrastructures, involving aspects like design, implementation, troubleshooting, and training, giving me a comprehensive understanding of the ACI ecosystem.

Our clients find several features of Cisco ACI particularly valuable, like the ability to create Service Graphs and employ Policy-Based Routing in an Application-Centric manner. One significant attraction for clients in Iran is the robustness of multicast solutions, which has been a major driver for them to migrate to Cisco ACI. It's worth noting that in Iran, the predominant IT infrastructure is on-premises, with limited usage of AWS or hybrid solutions.

While it is quite functional, I found it to be somewhat slow, and there was a notable issue related to the removal of the help section. In previous ACI versions, every configuration section had an accompanying help section that provided valuable information. This feature was removed in the latest version, and the reasoning behind this change is unclear. I believe there's room for improvement in terms of ACI's integration with various technologies. For instance, when it comes to integrating with Kubernetes, the compatibility is somewhat lagging.

I have approximately five to six years of experience working with Cisco ACI.

It exhibits remarkable stability, particularly from ACI version five onwards. For instance, the stock exchange infrastructure I've worked with has been operating flawlessly on ACI for almost two years now, with no significant issues. I would rate it ten out of ten.

I rate the scalability of ACI as nine out of ten, leaving room for potential improvements or aspects that I haven't explored fully.

I have never sought support from Cisco, mainly because of the nature of the operations and issues I've encountered. With the exception of hardware problems, which are usually beyond our control, I've handled all other situations and software failures directly.

Generally, I find the initial setup and configuration of Cisco ACI to be one of the simplest processes in the context of this technology, except in rare cases involving unique configurations. I would rate it eight out of ten.

The duration and complexity of the deployment can vary significantly based on the chosen approach, whether it's application-centric or network-centric. In the service recognition phase, especially for application-centric deployments, a deeper understanding of the service infrastructure is required. This involves collaboration with the software team to comprehend the service architecture, which can extend the deployment timeline. This approach differs from a more straightforward network-centric implementation where you might only need to convert legacy VLAN and IP contracts to ACI objects. In my experience, building Cisco ACI from the ground up can take anywhere from four months to nearly a year. For instance, if you aim to migrate swiftly to ACI without relying heavily on advanced features like service graphs and PBR, and simply want to establish ACI as the default gateway for servers, the fabric can be set up in as little as three to four months. Certain operations, such as the physical installation of spine switches, can extend the timeline from three to four months up to nearly a year for a complete project.

It is not very cheap, but it is still a cost-effective solution, especially when considering the broader context of data center expenses, including servers, storage, and firewalls. The pricing, including both hardware and licenses, is reasonable.

Overall, I would rate it ten out of ten.

In the last nine months, I have done two projects with Cisco ACI. Both of them were banking systems. I'm capable of selling, installing, and deploying Cisco ACI, so I know all the licenses and prices as well as how to compare the prices and establish a pre-sales team and also doing the deployment and supporting the ACA solutions. 

The most important aspect of Cisco ACI in my opinion is the ease of management. Other solutions, like traditional solutions and pricier solutions—or even fabric and PAT—you have to do many configurations on a box-to-box basis, With Cisco ACI, you go on the AP and do some "next, next finish" installer. Everything is done without having to know about the VXLAN, AVPN, MP-BGP, or ISI. In previous solutions, you had to know all these things and deploy all of them yourself, so you needed a deep knowledge of VRF and all the other BGP things. You would have to remember everything about the detail configuration, but now we just do some clicks and everything is there.

The other benefit to me is the white-listing solution that the ACI can handle. It's important to have a good knowledge of IPS and DDoS things. I always prefer to stop traffic mid-way instead of putting everything on the firewall and blocking it on the firewall. In my opinion, a firewall has very limited resources and it is possible to run out of resources easily with a simple attack, like HPing. But when you do white-listing, you just greenlight your needed traffic, not all the traffic. So this is a very big difference. And also of course, nowadays everyone is talking about the ACR tool Heat that allows customized configuration to style. These are the major things and some other things like very low latency and few hops. 

Before version 5, you could manage your firewall or load balancer from the AP. It was very basic and now they removed the whole features in the new version, so you cannot manage your load balance or firewall from your AP on L2, L4, and L7 services. They can improve this because it's a little bit hard to send traffic with PBR or EPB to the box. They're returning back. That's one area where they could improve.

I've mostly worked with Cisco solutions in the last 15 or 17 years. I do everything from deploying enterprise solutions and developing data centers to building cloud applications with Cisco ACI or data solutions at the center, like MPP, GPU, AVPN, and VXLANs. Security-wise, I started with ASA and IPS then upgraded to Five Power and Snort. I also have a lot of experience with Ice and Identity solutions as well as ESA and WSA.

I believe that Cisco ACI is highly scalable. Anytime that you want to add bandwidth, you just need to add a spine and anytime you need more ports, you just need to add that. And the very cool feature is the different typology that ACI can support now. Before that, it was a stretch, especially the typology. Nowadays, everyone is talking about the IPN and the multi-part.

For bigger operations with different data centers in different locations, you can deploy multi-site and it also offers some support remotely. I've never deployed it, but you can use a virtual peak that gives this and also enables a multi-tier. That's also very helpful with customers that don't want to spend a lot of money for the cable or transceivers. And the hardware is massive. I really love the hardware. The MTBF is huge. Everything is stable.

I was also in Malaysia for many years as a CTO at a company before COVID and was a Cisco partner. So I know how to create tickets. I've experienced how they respond and escalate tickets. I was the business owner and promised stability and availability to my customers. I asked and they opened a ticket for me, and I'd give it to my friend. I only needed to interact with Cisco techs very few times. But for licensing things and hosting, I use support all the time.

In most cases, you just plug in the cables and it even has the cable cave, a guard system, attached spine to spine. In my opinion, the initial part that involves creating the overlay is very easy compared to an MP-BGP or VPN solution. So in that case, it definitely takes hours, especially if the site that you are working with ACI is multi-tenant. If it's multi-tenant and you are not using ACI or an MPG EVP solution, then it's hard for you to take care of the road fillers. And a BGP road target must be very accurate, but here you don't deal with anything. This is also very great about ACI, which takes less networking. There's no port. Everything is tied to the object. So that's very easy. I believe that it is exactly the same environment and same thing that we face with the Cisco Blade system. You can create a foreign device and attach it to any server on the Blade and everything works fine. 

I would rate Cisco ACI nine out of 10. I'm always trying to push customers to use Cisco solutions. When I'm talking to my clients or anyone else who is thinking about using Cisco solutions, I always say 10 out of 10, but I believe that there is some space for improvement.