Cisco ACI Reviews

Our primary use case is replacing Nexus 7000 with Cisco NX-OS. We would like to replace this actuator with the newer Cisco ACI platform. We currently use Cisco Nexus 9000.

Cisco ACI improved the stability of our IT system and our data center.

We currently use the smooth upgrade process available in Cisco ACI, and it's really useful. I also like the augmentation of the bandwidth available in the platform with 10 and 40 GB interfaces.

Cisco ACI helps us better secure our infrastructure from end to end because we can use a contract to secure flow between endpoints in the data center.

Because we can use automation processes with this platform, we have been able to free up our IT department's time.

We can deploy applications quickly with automation, and we have been able to save time overall as an organization as well.

Our problems with Cisco ACI are mainly related to the contracts and how to manage them easily in the platform. Cisco also needs to improve the log files and the complexity of the graphical interface.

Cisco ACI is stable, and we haven't had any problems with the stability of the system.

We haven't had any problems with scaling the platform because it's easy to add a leaf or spine.

We have had good experiences with Cisco's technical support. They respond quickly and with accurate responses.

It takes some time to understand the new terms and concepts, but the deployment itself is completely smooth. We didn't have any problems deploying the solution.

We first deployed the solution on our qualification data center so that we could test the solution before we deployed it in the production data center.

We implemented it with the help of an integrator.

The pricing and licensing are both high, particularly if you want a high level of functionality. It would be great if the price and licensing costs could be decreased.

Cisco ACI works well, and it has been a good investment for us. There are a few areas for improvement, so I would give Cisco ACI an overall rating of eight out of ten.

Cisco ACI is used in the data center ecosystem. It's an eco-space solution. It's a DMB solution where you have the big hybrid data center you want to deploy on-premises, so the goal is to integrate all the virtual environments on feature environment servers with the data center.

What's most valuable in Cisco ACI is that it isn't like the legacy infrastructure where you have a lot of complexity in a TTR architecture.

What I like most about Cisco ACI is that you can control those devices from a single console, even if you have three hundred devices. You can manage the entire infrastructure from a single point of contact, so Cisco ACI is a time saver.

Another exclusive feature of Cisco ACI is its API interface that lets you enhance automation within the environment.

You can manage your entire data center from a single interface through Cisco ACI. If you want to upgrade three hundred devices in one click, you can do that, and within one hour, all three hundred devices will be upgraded.

I also like that Cisco keeps enhancing the product by adding different features, so there have been five major releases of Cisco ACI.

Another valuable feature of the solution is that it's more user-friendly than Aruba and Juniper.

An area for improvement in Cisco ACI is security, which Cisco needs to enhance in the solution. Though Cisco ACI uses a whitelist model, you must purchase an external product, such as a security firewall solution, to make whitelisting work, which the customer could find expensive.

For example, you're a customer who has Cisco ACI, and the solution doesn't have IP-based filtering, so as a customer, you've purchased Cisco ACI. However, you still need to buy another product for security, and some customers wouldn't like that. However, some customers prefer to go with Cisco ACI because of its scalability and flexibility versus other solutions such as Juniper and Aruba.

Technical support for Cisco ACI also needs improvement, particularly in product knowledge.

An additional feature I'd like to see in the next release of Cisco ACI is segment routing. For example, if you have an MPLS network, you can't directly integrate it with Cisco ACI at the moment. Suppose you have multiple data centers you want to connect to the MPLS private link through your service provider. In that case, you can't directly integrate that with Cisco ACI without an external device, which doesn't make sense to the customer. Cisco recently introduced the MPLS feature in Cisco ACI, but it's not up to the mark.

We've been involved with Cisco ACI since 2015, and have deployed the solution for more than thirty projects.

Cisco ACI used to be unstable, but after version 4.2, it's been very stable in the production environment.

Scalability-wise, Cisco ACI is a good solution because you can have more than five thousand servers in one ACI fabric. There's a lot of flexibility and scalability in Cisco ACI because you can even seamlessly integrate it with legacy infrastructure despite having a different data center.

Cisco support used to be good, but over time, many newbies were hired to provide technical support for Cisco ACI and other Cisco products, so the quality has decreased. The support provided before 2018 was good, but now, the Cisco technical support team has been struggling to give good support or provide expertise in some areas.

For example, if you raise an issue, you have to ask multiple engineers and make numerous escalations. Cisco ACI is a good product, but the support quality nowadays isn't up to the mark.

Cisco requires the customer to have some experience with the product before deployment, but novice technical support is brought in without sufficient training or without training the newbies for at least six months. The technical support team seems to just select cases and works on those without enough knowledge, so the customer experience is bad.

On a scale of one to five, I'm rating Cisco support a three.

Some customers used Juniper and Aruba but went with Cisco ACI because the other two solutions weren't as user-friendly.

Anyone setting up Cisco ACI for the first time will see that it requires a lot of resources. Still, even if the initial setup is complicated, you can refer to the Cisco website regarding the steps you need to perform to complete the setup. Cisco explained the process well, and you can even take a workshop on it.

From a configuration point of view, I found Cisco ACI complex because it isn't easy to create the policy. Unless you have a good networking background, you won't be able to set up Cisco ACI easily.

For example, if your organization doesn't have experienced engineers, Cisco provides a two-day workshop for your engineers. Cisco also offers many free tools in the market to help you set up your account.

On a scale of one to five, I'm rating the initial setup for Cisco ACI as four.

Pricing for Cisco ACI could be expensive if you're not a gold partner. If you're a gold partner, you'll get reasonable pricing, but to become a gold partner, you must cross several layers. For example, at least twenty engineers within your organization have to be certified, with each certification priced at £2,000 minimum, so this would make some companies think twice about the product. If you're going for Aruba and Juniper products, on the other hand, you can quickly get the partner status, and you can start selling the product.

As a gold partner, you can get up to seventy percent discount on Cisco ACI, for example, while an ordinary partner gets ten percent off.

Cisco ACI is expensive for both customers and partners, but I'm rating pricing for the product as four out of five because even if the price is costly, you get a lot of benefits from the product.

Cisco ACI isn't the best, price-wise, but it's still a good solution. If you're in a small organization, you may be unable to afford it. Cisco ACI is best for enterprises but not SMBs because Cisco ACI and its required resources are expensive.

I've evaluated VMware NSX, but it can't compete with Cisco ACI. Cisco ACI is a hardware-level product that can support terabytes and petabytes of data at the same time, which VMware NSX can't do because it's a virtual environment with limited throughput and scalability.

If you're planning to apply terabytes of traffic in VMware NSX, you'll find it hard, and the solution will eventually choke after some time.

Cisco ACI has the best scalability. Cisco also has categories where particular hardware will be recommended based on your requirement, for example, whether you have petabytes or terabytes of data.

My company is mainly involved with three products, Cisco ACI, Cisco FTD, and Cisco WebDialer.

My company is a reseller/integrator for Cisco ACI.

I'd rate Cisco ACI as nine out of ten.

Our primary use case is project-based. We deploy and configure upgraded ACIs, registered spines and leaves, and deliver projects to our customers. I'm a network consultant and we are gold partners of Cisco. 

The solution is valuable because it configures from a single point, from APs, and also all routers. Commands don't need to be configured on the spine and leaf side. You can control and manage the fabric from a single point. If you have serial numbers for your devices, they can all be registered with scripts. As a network engineer, you can configure and manage the fabric very easily. From the CLI side, it's really easy to configure from the GUI.

I faced issues when upgrading venues and registering devices. For example, in some cases, you have to reinstall the AP from scratch. We tried that and were then unable to register devices. From the network engineering perspective, it's hard to configure from the GUI. We tried to adapt but it was difficult. You have to add AP numbers for validations.

From an operational perspective, I think if you configure the fabric correctly, it's stable.

The solution is scalable; you can have multi-site scenarios. 

I have a good relationship with the technical support team, they are helpful. 

Because I have a system engineering background and I have MCSA and MCSE certification from Microsoft, the setup is very simple. The largest deployment I was involved in had 300 devices. 

This is an expensive solution, but it's high quality. I have experience with Huawei devices and Nokia. Huawei had many issues with bugs and I had hardware issues with Nokia. Cisco is the highest quality. 

I rate this solution eight out of 10. 

In the last nine months, I have done two projects with Cisco ACI. Both of them were banking systems. I'm capable of selling, installing, and deploying Cisco ACI, so I know all the licenses and prices as well as how to compare the prices and establish a pre-sales team and also doing the deployment and supporting the ACA solutions. 

The most important aspect of Cisco ACI in my opinion is the ease of management. Other solutions, like traditional solutions and pricier solutions—or even fabric and PAT—you have to do many configurations on a box-to-box basis, With Cisco ACI, you go on the AP and do some "next, next finish" installer. Everything is done without having to know about the VXLAN, AVPN, MP-BGP, or ISI. In previous solutions, you had to know all these things and deploy all of them yourself, so you needed a deep knowledge of VRF and all the other BGP things. You would have to remember everything about the detail configuration, but now we just do some clicks and everything is there.

The other benefit to me is the white-listing solution that the ACI can handle. It's important to have a good knowledge of IPS and DDoS things. I always prefer to stop traffic mid-way instead of putting everything on the firewall and blocking it on the firewall. In my opinion, a firewall has very limited resources and it is possible to run out of resources easily with a simple attack, like HPing. But when you do white-listing, you just greenlight your needed traffic, not all the traffic. So this is a very big difference. And also of course, nowadays everyone is talking about the ACR tool Heat that allows customized configuration to style. These are the major things and some other things like very low latency and few hops. 

Before version 5, you could manage your firewall or load balancer from the AP. It was very basic and now they removed the whole features in the new version, so you cannot manage your load balance or firewall from your AP on L2, L4, and L7 services. They can improve this because it's a little bit hard to send traffic with PBR or EPB to the box. They're returning back. That's one area where they could improve.

I've mostly worked with Cisco solutions in the last 15 or 17 years. I do everything from deploying enterprise solutions and developing data centers to building cloud applications with Cisco ACI or data solutions at the center, like MPP, GPU, AVPN, and VXLANs. Security-wise, I started with ASA and IPS then upgraded to Five Power and Snort. I also have a lot of experience with Ice and Identity solutions as well as ESA and WSA.

I believe that Cisco ACI is highly scalable. Anytime that you want to add bandwidth, you just need to add a spine and anytime you need more ports, you just need to add that. And the very cool feature is the different typology that ACI can support now. Before that, it was a stretch, especially the typology. Nowadays, everyone is talking about the IPN and the multi-part.

For bigger operations with different data centers in different locations, you can deploy multi-site and it also offers some support remotely. I've never deployed it, but you can use a virtual peak that gives this and also enables a multi-tier. That's also very helpful with customers that don't want to spend a lot of money for the cable or transceivers. And the hardware is massive. I really love the hardware. The MTBF is huge. Everything is stable.

I was also in Malaysia for many years as a CTO at a company before COVID and was a Cisco partner. So I know how to create tickets. I've experienced how they respond and escalate tickets. I was the business owner and promised stability and availability to my customers. I asked and they opened a ticket for me, and I'd give it to my friend. I only needed to interact with Cisco techs very few times. But for licensing things and hosting, I use support all the time.

In most cases, you just plug in the cables and it even has the cable cave, a guard system, attached spine to spine. In my opinion, the initial part that involves creating the overlay is very easy compared to an MP-BGP or VPN solution. So in that case, it definitely takes hours, especially if the site that you are working with ACI is multi-tenant. If it's multi-tenant and you are not using ACI or an MPG EVP solution, then it's hard for you to take care of the road fillers. And a BGP road target must be very accurate, but here you don't deal with anything. This is also very great about ACI, which takes less networking. There's no port. Everything is tied to the object. So that's very easy. I believe that it is exactly the same environment and same thing that we face with the Cisco Blade system. You can create a foreign device and attach it to any server on the Blade and everything works fine. 

I would rate Cisco ACI nine out of 10. I'm always trying to push customers to use Cisco solutions. When I'm talking to my clients or anyone else who is thinking about using Cisco solutions, I always say 10 out of 10, but I believe that there is some space for improvement. 

Primarily, what we like is the ability to do micro-segmentation. We have many different application endpoints, and one of the key use cases for us was to be able to classify the application endpoints into arbitrary buckets of different silos. We need to be able to ensure that different endpoints will go into, let's say, a production silo, versus a development silo, versus a test silo. That was one of the use cases.

The function above and beyond that is that you get things like automation as part of the SDN framework. Therefore, you get the data center overlay that is built automatically and provisioned automatically from the automation capability that's built-in.

The solution has all of the baseline functionalities for any sort of SDN capability. 

The stability is quite good.

The initial setup is straightforward.

One of the areas that need work is feature flexibility. If you want to do things like routing policies it's not cookie-cutter, however, you want to customize routing policies. It becomes a little bit more constrained due to the feature set, the routing policy feature set within ACI, doesn't allow for you to get very customized when it comes to, let's say, failover type scenarios. However, that's just an artifact of the product maturity. It's going to take some time before the product becomes mature and they have the ability to have more customized features enabled. At version 4.0, these features were not yet available. We ended up having to basically export the routing functionality, the more advanced routing functions, outside of ACI and just put it into the routing infrastructure around it.

The initial setup is not intuitive.

Technical support needs to be more helpful. It's rare that you get a knowledgeable person.

It would be nice for them to provide visibility at a cheaper price point. Visibility is something that everybody wants to achieve with their workload. One of the benefits of SDN is supposedly the ability to collect all that telemetry and correlate it to something that is actionable and meaningful. That's a key requirement, however, the bar is so high in terms of costs. In our environment, we opted out of it as it's so expensive, however, it would be nice, as, if you don't have visibility, then how do you properly segment your workload? The minute you start segmenting, you kind of cut off workload communication. If your goal is micro-segmentation and putting your workload into arbitrary silos, and if you don't have the visibility, then it will be very difficult to achieve. Therefore, if you don't have visibility and you want micro-segmentation and you don't want to pay, then ACI is not your solution.

I've been using the solution for two years at this point.

The solution is stable. We don't have issues with it crashing or freezing.

While supposedly it's scalable, the program is not. I don't have any data point that I can provide for scalability within ACI, as our environment is fairly small.

Technical support is hit or miss. Sometimes you can open a ticket and you will not have to escalate it three or four different times before you get somebody that is competent. I would say that's 85% of the time, however, the other 15% of the time you get lucky and you get somebody that knows what they're talking about.

I have some experience with VMware. I'd describe it as more intuitive and easier to configure, however, it's a different solution as it's software-based as opposed to ACI which is hardware-based. 

The solution's initial setup is straightforward. It is not difficult. One other area that I would say is a negative is the way that they have their setup. It's not intuitive. It's very complicated and if you want to provision an interface or something like that and get that interface, it requires a bunch of steps that are very counter-intuitive. It's not user-friendly.

The pricing could be a bit cheaper.

If I compare ACI to a VMware NSX-T type solution, I don't know if there's a differentiator there compared to NSX. I will say that NSX has much higher numbers of differentiation, as they have visibility into the workload at the hypervisor. Having used ACI, we were looking at solution sets that will give us specific capabilities beyond that. The value of NSX is it will give you the visibility component.

The version that I was working on is a 40 version, however, the company is at a 50 version at this point.

If you are looking for a solution that will give you the ability to have really good visibility into your workload, how your workload performs and functions, ACI doesn't give you that level of granularity as compared to, for instance, a solution like VMware NSX. For them to provide visibility, you're going to have to spend a lot of money on Tetration, which is another solution that they try to force on you. If visibility is one of your key requirements, then you might want to rethink your data center SDN solution for ACI.

I'd rate the solution at a six out of ten.

The main customers are Tata Consultancy and Data Communication Limited. For them, ACI's fabric capabilities, automation features, and specifically, the L4-L7 features and micro-segmentation are most valuable.

In legacy networks, managing changes requires individual tickets for each device. ACI's single pane of glass management through APIC is a big advantage.

So, single-tenant management is a plus.

Customer support for ACI needs improvement. Many customers prefer HPE because their internal support is different and easier to integrate with existing networks. This lack of awareness of ACI's capabilities makes customers stick to traditional networking.

My customers' internal teams lack ACI expertise, so Cisco should provide training or offer end-to-end use case support.

I have been using this solution for the last seven years. 

I would rate the stability an eight out of ten. 

It's quite scalable. I would rate the scalability a ten out of ten. We have features like fabric provision and tenant isolation, which makes it competitive with other OEMs.

We have enterprises primarily as our customers. 

Support can be inconsistent. Some customers have had issues.

Positive

I would rate my experience with the initial setup a nine out of ten, with ten being easy to set up. 

The initial setup is quite straightforward. Our clients have a private and hybrid cloud.  

Deployment timeframe can vary.  We get a chance to deploy the ACI on a quarterly basis.

The licensing is expensive. Customers find the price expensive.  

Remember, even a single network change with ACI instantly reflects across all devices.

Overall, Cisco ACI is excellent. I'd definitely give it a ten out of ten.

We use the solution’s microsegment for the security of the servers in the same VLAN.

Micro-segmentation is the solution’s most valuable feature.

We faced some issues while configuring the microsegment. 

The solution should provide a visibility tool for troubleshooting.

I have been using the solution for five years.

The solution's stability is okay.

When we contacted support for troubleshooting, the issue was escalated to the next level in four hours. However, the last time we had a problem, the support took a long time to investigate.

The initial setup is complex because it is a software-defined network.

I suggest that Cisco delete and add a new EPG. Overall, I rate the solution an eight out of ten.

My clients use Cisco ACI for multi-site connectivity. They can use it to deploy multiple data centers and can manage the entire network from Cisco ACI Multi-Site.

I like features like policy control and micro-segmentation.

Quality Assurance could be better, and there are a lot of bugs in each release. We discover these bugs when we upgrade the ACI environment, sometimes resulting in downtime. 

In the next release, I would like to be able to manage hybrid cloud networking. So currently, if you have an ACI environment running on-premise or Epic in the cloud, we can handle it with the NexSys dashboard. But if Cisco can integrate SD WAN-related features, through which we can do multi-cloud networking, that will be an awesome feature. It should be more flexible.

I have been using Cisco ACI for more than five years.

Cisco ACI could be more stable. Bugs create performance issues.

On a scale from one to ten, I would give stability a six.

Cisco ACI is a scalable solution.

On a scale from one to ten, I would give scalability a ten.

My experience with technical support depends on the region. For example, technical support is excellent if it's an engineer from the EMEA, like Belgium. But we struggle to connect with good engineers in the APAC region.

Positive

It takes about a week to deploy this solution.

On a scale from one to ten, I would give the initial setup an eight.

We deploy this solution for our customers.

There are no additional costs. We only have to pay for a support contract apart from the license.

On a scale from one to ten, I would give pricing a seven.

On a scale from one to ten, I would give Cisco ACI an eight.