Cisco ACI Reviews

The primary use case is in an environment where the customer has a very large virtual compute and a lot of physical compute as well - in terms of the number of servers - and a big heterogeneous firewall. They want to converge their racks where they have a physical firewall and a virtual firewall. They have their metal servers and VMware or Hyper-V VMs. This is the best use case. This is where ACI fits best because it can integrate the physical and virtual environments together within a single fabric. It can give a very good overview, an "aerial view" of your whole data center within your fabric. That's the best use case.

The improvement I have seen after ACI has been implemented is that companies that wanted to implement a service lifecycle of any services, or that wanted to do automation, really improved their deployment times. Once the fabric is up, then they can start doing so. Customers usually get confused and think that if they implement ACI then everything gets automated. No. That's a mistake. With ACI, you have to buy software, an automation orchestration tool like Ansible, UCSD, or vRealize - tools to automate.

The improvement is that when companies buy an automation tool with Cisco ACI, the deployment time, their designs, are really fast. 

Another improvement is that customers say that the performance is really good with their new network.

The best part of ACI is that it can integrate with a lot of virtual environments like VMware, Hyper-V, and KVM. That's the best feature that sticks out in my mind because I have worked with customers who were looking into different solutions. The biggest selling point for them, which finalized their choice of ACI, was because it supported both Microsoft and VMware.

Better troubleshooting features would be helpful. In ACI, it can be a big mess, a real headache to troubleshoot a single issue. Cisco should work on the troubleshooting part of ACI. The troubleshooting part, and the information that ACI gives you, sometimes don't give you a proper, inside picture of what's going on within the fabric.

We had an issue where the customer was not able to sync with the NTP server and we were not able to identify the problem. The NTP was just not talking to ACI. The troubleshooting part is a bit difficult in ACI, and I feel that it should have been improved a long ago, but I don't know if they're working on it or not.

Also, they have the new designs for Multipod and Multi-Site. There are a lot of good features, like static storage connections. But I have seen some customers that faced issues with connecting the storage to the fabric.

The stability is good. Initially, it was not that good, but now it's really good with the new code.

I would give the solution's scalability an eight out of ten. The scalability options are really good. You just connect the leaves to the spine and it comes up. The scalability is not an issue.

The biggest environment I've worked with has two spines, spines with 16 leaves.

In terms of the number of users on it, initially it was really difficult for customers to adopt the new technology because it was a wholly new concept. Now, with time, and as ACI comes out with the new features, and the stability is really strong, the adoption is really good. According to Cisco engineers, they have customers who have gone up to 6,000 users.

Regarding the possibility of our customers' increasing their usage of ACI, we don't see that much indication of it, because what the customers are looking is more along the lines of having their fabric be more redundant. One of the features engineers are looking for is the Endpoint Tracker, which has had some issues. It is not that user-friendly.

I love their tech support. I would rate it at eight out of ten. It's really good with ACI. Even non-ACI support is really good. If you open a P1 case, an engineer comes online within ten to 15 minutes and starts doing the debugging and troubleshooting with you. 

I had an issue with their HyperFlex solution where the issue was more an interior design issue, and not a Cisco issue, but the tech came onto the call in 10 minutes and worked with me for six hours, non-stop, to fix the issue. They do it really slowly because they don't want to impact production. Otherwise, they could probably have done it in 15 to 20 minutes.

The initial setup is really straightforward. Very easy.

In terms of implementation strategy, Cisco has a concept called the Zero Touch installation, where you just connect the fabric and it actually starts discovering its own fabric. The implementation strategy is to install ACI in a silo'ed environment first, set all the policies there, and then connect your existing network parallel to ACI so that the network has a redundant connection to ACI. Then you gradually move your network connections from the legacy to ACI. This is how Cisco recommends an implementation be done.

It usually doesn't take more than a week for all that, max. We usually do it with two people, and we do it very smoothly. Usually, when you bring the fabric up, you have to make a lot of policies, including software profiles and the like. That is time-consuming work, but once it's done you can just recall them again and again in the customer's environment. That's the only thing that we need two people for. After that, when you're done, a single engineer can get migrate the network to ACI.

Maintenance of ACI is really easy, to decommission a leaf switch or a spine switch. When you decommission a switch from your existing ACI fabric, it's straightforward. In general one engineer is required for maintenance with a second engineer as a backup. Maintenance is really easy with ACI. Even if you're upgrading your fabric to new software, it's straightforward because they have built-in connections within the fabric. There is zero downtime. We have done it many times with zero downtime in a production environment.

One of our customers is a petroleum development company in the Middle East. They have seen very good ROI by implementing ACI. Their compute was relatively very new and their network was relatively very old. They saw very good ROI by having a very good, stable fabric that gives them very good response time on the network side.

The second part is that they wanted to implement a cloud solution which would support their existing Hyper-V and Microsoft. That was where the customer saw a good ROI on the investment. They were very happy with Cisco ACI.

I'm not involved in the pricing part, but Cisco has come up with Smart Licensing, which is a bit higher. But now they're giving the customers very good discount rates to bring customers in.

We are using VMware NSX in our environment as well. We had a customer that was using both NSX and ACI in their environment.

The good thing about NSX is that it has really strong support for the virtualized environment. And now the security is an integral part of their network solution, with the Distributed Firewall and the Edge Firewall. But it has some of its own issues because in a virtual environment, when you have big data centers where there is a lot of traffic coming in from the routing site, it's usually not up to that mark. Cisco has better visibility into that. If I compare it with ACI, ACI has a very strong routing component, but it has its own shortcomings.

In terms of rating NSX, I'm going to be biased because I work in ACI. I like NSX as well, it is a great product. It has a lot of flexibility because you can use existing servers and install NSX on them and It works pretty well. I rate NSX at six out of ten. The reason I rate it a little bit less than ACI is because its only native, strong support is for VMware. ACI has native support for Hyper-V and VMware.

Plan. Don't jump to a conclusion, plan it. You should first know your infrastructure and what your targets are, what you are trying to implement because, when you are more security focused, Cisco ACI can give you a tough in implementation. If you are more into converging your fabric, you want to your data center to be very converged into a single fabric with fast convergence times, go for ACI. There are different use cases based on what the customer's priorities are. So plan well, know your target, what you're trying to achieve. If you want to deploy more VMs faster, go for NSX. Don't go for ACI for that.

As a Cisco partner, our company does training and implementations on Cisco's behalf for different customers. Sometimes Cisco needs some advanced services to help the customer to do the implementation. Sometimes the customer has a problem with the ACI service. It's a new technology so some customers are really confused with the new terms and the new deployment style of ACI. They cannot compare it with their legacy solution, and when they start comparing it they get confused. We help with how the migration should be done from the legacy to ACI.

I would rate Cisco ACI at seven out of ten. The good thing about ACI is its integration with the different hypervisors. It supports VMware, Hyper-V, and KVM. When a customer is looking into a heterogeneous environment where ACI is involved and the other part is VMware for their NSX SDN, VMware has now come up with its own heterogeneous system, NSX-V. They realized very late that they had a problem, that they could only integrate with the VMware environment. Where Cisco ACI had an edge over them was that they could integrate with the virtual environment of Hyper-V, VMware, and KVM very well. And ACI automation also helps deploy and do the integration very easily in the virtual compute part of the network.

Also with ACI, the performance of switches is really good - it's actually a hardware-based SDN - and the delays are very small. The performance is really good with ACI.

But ACI has its own shortcomings such as not having very strong native support for security. Customers always have to look into third-party security solutions to implement good security within their software-defined data centers. If you compare it with NSX, NSX comes with the Distributed Firewall and the Edge Firewall. It has its own native security. This is where ACI lacks a lot because you have to implement contracts and filters. It's a very tricky part. You have to be very careful when implementing the contracts. If you make a little mistake, it can cause a good amount troubleshooting time to debug the issue. That's the missing part.

We started working with a customer which is in the Netherlands. They are really important for us. They started migrating the building of their CRM to ACI. We started with 2.0. We just upgraded the fabric to 3.2. In the next three months, we are aiming to migrate and upgrade the fabric plan to 4.0

Our customer has around 1,000 virtual machines and before, they were all 100 physical servers which, on our side, were obviously consuming energy and resources. Now everything is on the customer and so it's up to them to manage the size of the virtual machines. 

The straightforward migration of all of the applications and loop balancing are the two most valuable features. Also, the measurement of their customer-wide sources is very straightforward. It's another dimension of the networks.

The virtualization area needs improvement but I expect that to happen with the 4.0 version.

I would like for them to develop integration with AWS. 

Scalability is pretty good. 

Their technical support is top notch. 

We had reached the capacity in the data center. We could build a new data center or buy a new solution so we migrated to a new solution to save space. 

The setup was complex because we have a complex internet architecture. It wasn't because of the product. It was complex because of internal issues on our side. 

We had Cisco support but everything was done internally. 

We only looked at Cisco because we have all of our routing and switching infrastructure with Cisco. 

I would rate it an eight out of ten. There's room for improvement in the software version. To get to a ten, they should improve the virtualization and develop integration with AWS. 

For companies starting from scratch, ACI is the best solution in terms of the space needed and time to delivery. 

Primarily, what we like is the ability to do micro-segmentation. We have many different application endpoints, and one of the key use cases for us was to be able to classify the application endpoints into arbitrary buckets of different silos. We need to be able to ensure that different endpoints will go into, let's say, a production silo, versus a development silo, versus a test silo. That was one of the use cases.

The function above and beyond that is that you get things like automation as part of the SDN framework. Therefore, you get the data center overlay that is built automatically and provisioned automatically from the automation capability that's built-in.

The solution has all of the baseline functionalities for any sort of SDN capability. 

The stability is quite good.

The initial setup is straightforward.

One of the areas that need work is feature flexibility. If you want to do things like routing policies it's not cookie-cutter, however, you want to customize routing policies. It becomes a little bit more constrained due to the feature set, the routing policy feature set within ACI, doesn't allow for you to get very customized when it comes to, let's say, failover type scenarios. However, that's just an artifact of the product maturity. It's going to take some time before the product becomes mature and they have the ability to have more customized features enabled. At version 4.0, these features were not yet available. We ended up having to basically export the routing functionality, the more advanced routing functions, outside of ACI and just put it into the routing infrastructure around it.

The initial setup is not intuitive.

Technical support needs to be more helpful. It's rare that you get a knowledgeable person.

It would be nice for them to provide visibility at a cheaper price point. Visibility is something that everybody wants to achieve with their workload. One of the benefits of SDN is supposedly the ability to collect all that telemetry and correlate it to something that is actionable and meaningful. That's a key requirement, however, the bar is so high in terms of costs. In our environment, we opted out of it as it's so expensive, however, it would be nice, as, if you don't have visibility, then how do you properly segment your workload? The minute you start segmenting, you kind of cut off workload communication. If your goal is micro-segmentation and putting your workload into arbitrary silos, and if you don't have the visibility, then it will be very difficult to achieve. Therefore, if you don't have visibility and you want micro-segmentation and you don't want to pay, then ACI is not your solution.

I've been using the solution for two years at this point.

The solution is stable. We don't have issues with it crashing or freezing.

While supposedly it's scalable, the program is not. I don't have any data point that I can provide for scalability within ACI, as our environment is fairly small.

Technical support is hit or miss. Sometimes you can open a ticket and you will not have to escalate it three or four different times before you get somebody that is competent. I would say that's 85% of the time, however, the other 15% of the time you get lucky and you get somebody that knows what they're talking about.

I have some experience with VMware. I'd describe it as more intuitive and easier to configure, however, it's a different solution as it's software-based as opposed to ACI which is hardware-based. 

The solution's initial setup is straightforward. It is not difficult. One other area that I would say is a negative is the way that they have their setup. It's not intuitive. It's very complicated and if you want to provision an interface or something like that and get that interface, it requires a bunch of steps that are very counter-intuitive. It's not user-friendly.

The pricing could be a bit cheaper.

If I compare ACI to a VMware NSX-T type solution, I don't know if there's a differentiator there compared to NSX. I will say that NSX has much higher numbers of differentiation, as they have visibility into the workload at the hypervisor. Having used ACI, we were looking at solution sets that will give us specific capabilities beyond that. The value of NSX is it will give you the visibility component.

The version that I was working on is a 40 version, however, the company is at a 50 version at this point.

If you are looking for a solution that will give you the ability to have really good visibility into your workload, how your workload performs and functions, ACI doesn't give you that level of granularity as compared to, for instance, a solution like VMware NSX. For them to provide visibility, you're going to have to spend a lot of money on Tetration, which is another solution that they try to force on you. If visibility is one of your key requirements, then you might want to rethink your data center SDN solution for ACI.

I'd rate the solution at a six out of ten.

We use this solution in our data centers. It is for connecting servers and increasing our bandwidth and resiliency.

Historically, we had four different computer rooms, and they were all configured differently.  When we went through the refresh and started using ACI, it was the first time that we had a consistent setup in all of our computer rooms.

The most valuable features are the ease of setup for redundancy, as well as centralized control.

The ability for us to figure out the traffic flows, to enable some of the more segmentation parts of it, is really tough with what is built into ACI. It would be nice if it were part of it.

The stability of this solution is great. We love it.

We have not hit the limit, so it's been very scalable for us. Redundancy has been great.

We hired an employee who used to work for Cisco technical support, and this person has been much more useful than the Cisco tech, itself. Technical support has not always been what we had hoped for.

However, we've had a lot of on-site support with our advanced services, and they've been great.

We work on state budget cycles, and several years went by without any kind of refresh. What we had were disparate solutions that were failing, and didn't have the same kind of redundancy or configuration. As such, the users were having a terrible experience so we had to do something. We then looked at ACI and Cisco and positioned it such that it made a lot of sense for us.

The initial setup of this solution is pretty straightforward.

We implemented this solution in-house.

We considered Cisco, Juniper, and VMware. Cisco rose to the top because of the support. It wasn't just the sale; they were going to be around afterward. We have a relationship there, that we trust.

Cisco is there for the long haul. It's been built by network people who understand the resiliency needs for network infrastructure. It's been reliable for us, as well as scalable. It can do our one-gig, ten-gig, forty-gig, hundred-gig, it can do it all, no matter if it's legacy or new.

I would rate this solution a nine out of ten.

Cisco ACI is used in the data center ecosystem. It's an eco-space solution. It's a DMB solution where you have the big hybrid data center you want to deploy on-premises, so the goal is to integrate all the virtual environments on feature environment servers with the data center.

What's most valuable in Cisco ACI is that it isn't like the legacy infrastructure where you have a lot of complexity in a TTR architecture.

What I like most about Cisco ACI is that you can control those devices from a single console, even if you have three hundred devices. You can manage the entire infrastructure from a single point of contact, so Cisco ACI is a time saver.

Another exclusive feature of Cisco ACI is its API interface that lets you enhance automation within the environment.

You can manage your entire data center from a single interface through Cisco ACI. If you want to upgrade three hundred devices in one click, you can do that, and within one hour, all three hundred devices will be upgraded.

I also like that Cisco keeps enhancing the product by adding different features, so there have been five major releases of Cisco ACI.

Another valuable feature of the solution is that it's more user-friendly than Aruba and Juniper.

An area for improvement in Cisco ACI is security, which Cisco needs to enhance in the solution. Though Cisco ACI uses a whitelist model, you must purchase an external product, such as a security firewall solution, to make whitelisting work, which the customer could find expensive.

For example, you're a customer who has Cisco ACI, and the solution doesn't have IP-based filtering, so as a customer, you've purchased Cisco ACI. However, you still need to buy another product for security, and some customers wouldn't like that. However, some customers prefer to go with Cisco ACI because of its scalability and flexibility versus other solutions such as Juniper and Aruba.

Technical support for Cisco ACI also needs improvement, particularly in product knowledge.

An additional feature I'd like to see in the next release of Cisco ACI is segment routing. For example, if you have an MPLS network, you can't directly integrate it with Cisco ACI at the moment. Suppose you have multiple data centers you want to connect to the MPLS private link through your service provider. In that case, you can't directly integrate that with Cisco ACI without an external device, which doesn't make sense to the customer. Cisco recently introduced the MPLS feature in Cisco ACI, but it's not up to the mark.

We've been involved with Cisco ACI since 2015, and have deployed the solution for more than thirty projects.

Cisco ACI used to be unstable, but after version 4.2, it's been very stable in the production environment.

Scalability-wise, Cisco ACI is a good solution because you can have more than five thousand servers in one ACI fabric. There's a lot of flexibility and scalability in Cisco ACI because you can even seamlessly integrate it with legacy infrastructure despite having a different data center.

Cisco support used to be good, but over time, many newbies were hired to provide technical support for Cisco ACI and other Cisco products, so the quality has decreased. The support provided before 2018 was good, but now, the Cisco technical support team has been struggling to give good support or provide expertise in some areas.

For example, if you raise an issue, you have to ask multiple engineers and make numerous escalations. Cisco ACI is a good product, but the support quality nowadays isn't up to the mark.

Cisco requires the customer to have some experience with the product before deployment, but novice technical support is brought in without sufficient training or without training the newbies for at least six months. The technical support team seems to just select cases and works on those without enough knowledge, so the customer experience is bad.

On a scale of one to five, I'm rating Cisco support a three.

Some customers used Juniper and Aruba but went with Cisco ACI because the other two solutions weren't as user-friendly.

Anyone setting up Cisco ACI for the first time will see that it requires a lot of resources. Still, even if the initial setup is complicated, you can refer to the Cisco website regarding the steps you need to perform to complete the setup. Cisco explained the process well, and you can even take a workshop on it.

From a configuration point of view, I found Cisco ACI complex because it isn't easy to create the policy. Unless you have a good networking background, you won't be able to set up Cisco ACI easily.

For example, if your organization doesn't have experienced engineers, Cisco provides a two-day workshop for your engineers. Cisco also offers many free tools in the market to help you set up your account.

On a scale of one to five, I'm rating the initial setup for Cisco ACI as four.

Pricing for Cisco ACI could be expensive if you're not a gold partner. If you're a gold partner, you'll get reasonable pricing, but to become a gold partner, you must cross several layers. For example, at least twenty engineers within your organization have to be certified, with each certification priced at £2,000 minimum, so this would make some companies think twice about the product. If you're going for Aruba and Juniper products, on the other hand, you can quickly get the partner status, and you can start selling the product.

As a gold partner, you can get up to seventy percent discount on Cisco ACI, for example, while an ordinary partner gets ten percent off.

Cisco ACI is expensive for both customers and partners, but I'm rating pricing for the product as four out of five because even if the price is costly, you get a lot of benefits from the product.

Cisco ACI isn't the best, price-wise, but it's still a good solution. If you're in a small organization, you may be unable to afford it. Cisco ACI is best for enterprises but not SMBs because Cisco ACI and its required resources are expensive.

I've evaluated VMware NSX, but it can't compete with Cisco ACI. Cisco ACI is a hardware-level product that can support terabytes and petabytes of data at the same time, which VMware NSX can't do because it's a virtual environment with limited throughput and scalability.

If you're planning to apply terabytes of traffic in VMware NSX, you'll find it hard, and the solution will eventually choke after some time.

Cisco ACI has the best scalability. Cisco also has categories where particular hardware will be recommended based on your requirement, for example, whether you have petabytes or terabytes of data.

My company is mainly involved with three products, Cisco ACI, Cisco FTD, and Cisco WebDialer.

My company is a reseller/integrator for Cisco ACI.

I'd rate Cisco ACI as nine out of ten.

We want to automate some of the operational tasks of our team. We have many configurations and switches. In the future, we want to deploy a solution where we can configure all our switches in one place. This is why we are looking to use Cisco ACI in the future.

• A lot of our tasks in cloud projects are now done faster than before. 
• We can implement customer requirements more quickly. 
• Our quality has improved because we have faster visibility into when faults occurs in the network.

The valuable feature is its configuration policy. We can configure it because the policy is used for all the switches. We do not have to implement all the configuration on every switch. 

Also, it fully integrates with most of our other tools, like Infoblox or vCenter, as its very powerful.

In the new version of 4.0, the management groups for updating the software is not the best way to do it. It was better in 3.2. There was a better overview of all the management groups with integrated switches. 

It is stable. The updates for Cisco ACI have been consistent with no failures.

Scalability is another point for our cloud project. We use Cisco ACI, because when we expand the network another 10 to 20 switches more, the switches are easier to implement now. We  connect the new switches to the spine infrastructure, then they are the switches are ready to configure.

Cisco technical support has been great over the last five to six years that I have worked with them. We have two open cases with them now. All issues are solved in a timely fashion. 

We were previously using the Nexus 7000. We upgraded from the Catalyst environment to the Nexus environment. Now, we want to use ACI for automation and integration of third-party hardware.

We switched to Cisco ACI because of it improvements to our operations and integrations with third-parties.

At the beginning, the initial setup was complex because it was another way of networking. After the first installation, the second and third installation with ACI Fabric was a bit easier to configure.

To install the complete ACI Fabric with all 10 to 12 switches, it takes one to two days, then it's finished. Once you configure the application, it runs. 

We deployed it in-house.

We have seen time improvement using the product.

We did not consider any other vendors. Because in the network environment, we can only buy Cisco or Juniper. However, Juniper does not have a solution for us.

The solution helps with business continuity.

Centralized management is valuable. PBR has been beneficial for network efficiency. It helps redirect the traffic to a node that is not necessarily a gateway.

The GUI is not easy to use. It must be made simple and convenient to use.

I have been using the solution for ten years.

I have not faced any issues with performance or stability.

The tool is scalable. It can adapt to the growing needs of the business.

We contact the support team when we face any issues.

Positive

The initial setup is straightforward. The deployment is centrally provisioned. The initial setup might take a couple of days. The deployment depends on the scale and customer requirements. We need one engineer for the deployment. The maintenance requires some skill development.

The product is not cheap. It is usually expensive. However, the solution’s local presence and technical support sometimes make customers prefer it.

We see tangible benefits of policy-driven automation in a modern scale environment where frequent changes are required. However, the features and benefits are almost negligible for a relatively smaller and static environment. The vendor's local presence and the support provided are the main reasons customers choose Cisco ACI. I will recommend the product to others. We must ensure that the use case is well-defined to get the benefit and ROI from the product. Overall, I rate the tool an eight out of ten.

Our primary use case is project-based. We deploy and configure upgraded ACIs, registered spines and leaves, and deliver projects to our customers. I'm a network consultant and we are gold partners of Cisco. 

The solution is valuable because it configures from a single point, from APs, and also all routers. Commands don't need to be configured on the spine and leaf side. You can control and manage the fabric from a single point. If you have serial numbers for your devices, they can all be registered with scripts. As a network engineer, you can configure and manage the fabric very easily. From the CLI side, it's really easy to configure from the GUI.

I faced issues when upgrading venues and registering devices. For example, in some cases, you have to reinstall the AP from scratch. We tried that and were then unable to register devices. From the network engineering perspective, it's hard to configure from the GUI. We tried to adapt but it was difficult. You have to add AP numbers for validations.

From an operational perspective, I think if you configure the fabric correctly, it's stable.

The solution is scalable; you can have multi-site scenarios. 

I have a good relationship with the technical support team, they are helpful. 

Because I have a system engineering background and I have MCSA and MCSE certification from Microsoft, the setup is very simple. The largest deployment I was involved in had 300 devices. 

This is an expensive solution, but it's high quality. I have experience with Huawei devices and Nokia. Huawei had many issues with bugs and I had hardware issues with Nokia. Cisco is the highest quality. 

I rate this solution eight out of 10.