Cisco ACI Reviews

My company was one of the first to deploy Cisco ACI in Montreal six years ago. I work in a multinational company with offices worldwide, such as in Bangladesh and Honduras, apart from Montreal.

My company has data centers fully integrated with VMware and then uses Cisco ACI for server segmentation.

My company bought Cisco ACI for data center extension between two geographical spots, and it's working well and stable.

Cisco ACI, networking-wise, is amazing. It's made for networking—all networking features work. The solution is easy to extend with VXLAN, and you can have the same security features between the data centers if you wish. It's straightforward to move the VMware server from Montreal to another place, for example, from Toronto to the West Coast; it's not a problem.

I also like the newer version's central management and troubleshooting configuration, as it's not complicated.

I especially like the host-based routing feature of Cisco ACI because it's straightforward to do it on different data centers.

Another valuable feature of Cisco ACI is that its management controller works very well with no issues.

Cisco ACI, segmentation-wise, could be more flexible, which is an area for improvement. The solution could be improved in terms of macro or micro-segmentation for many access lists and contracts. The process becomes very messy in the end.

Cisco seems to have stopped working on the segmentation feature and just put in all the effort on Cisco Tetration, mainly to install the agent on the server rather than do it on Cisco ACI.

I'm slightly disappointed about Cisco ACI and ISE integration because Cisco stopped working on that, so if you have ISE, you can only integrate it with one cluster of Cisco ACI. On the segmentation side, Cisco ACI has many issues.

I've been using Cisco ACI for six years.

Cisco ACI is one hundred percent stable. My company's data centers never went down in six years of using the solution.

Cisco ACI is a very scalable solution, and you can always add another site to the existing architecture, either over the internet or with dark fiber. It has become an extension of the same data center.

Cisco ACI technical support is excellent. My company implemented the solution six years ago, particularly version three, and now it's on version 6. The older version had many issues, yet the support my company received was excellent.

I'd give the support team a ten out of ten.

The initial setup for Cisco ACI is very straightforward so I can give it a ten for the setup.

The deployment strategy for Cisco ACI depends on existing architecture. If you do it from scratch, it's much more manageable. Everything is easier to install versus migrating from your existing network, then it will be a little bit complicated.

Migrating is more complicated than deploying Cisco ACI from scratch because you have to do some tracking and move server by server or subnet by subnet from your existing network to your new environment. If the existing network has security rules, it's much more complicated to migrate to your new architecture, which would take time.

Cisco ACI costs depend on how many sites you have. One simple site with a simple installation, including two leaves, two spines, and some fibers, would cost $200,000 to $300,000 for the licenses.

The solution is a bit expensive, but it's a good investment if you want your data centers to work without interruption.

My company uses Cisco Tetration, Cisco Secure, and Cisco ACI for segmentation.

My advice to others looking into implementing Cisco ACI is that it depends on your company. The solution isn't so cheap. It's expensive, but it works, so it's an excellent investment from my point of view.

On the networking side, which is what Cisco ACI does in general, it's a ten out of ten, but on the segmentation part, particularly on security, it's a six out of ten.

My company has a partnership with Cisco but is not a reseller.

I primarily use ACI to design data centers.

ACI's most valuable feature is sizing - you can easily find the sizing of the data, which means the data speed, CPU, and virtualization can be determined.

ACI's blade servers could be more flexible, and its storage interface is a little too complex because they use some third-party storage solution.

I've been using ACI for three years.

ACI's stability is good - I would rate it 3.5 out of five.

ACI's scalability is good - I would rate it 4.5 out of five.

Cisco's technical support is good, but there are sometimes delays in responding.

Positive

The initial setup was complex and took some time (almost six months), particularly to stabilize, as there were some issues during installation. I would rate the ease of the setup process as three out of five.

We used an in-house team assisted by some third-party workers.

The licensing cost for ACI is expensive - I would rate its price 2.5 out of five. It's available on a perpetual license, with a yearly renewal for support.

I also evaluated Nutanix, but we went with Cisco because we wanted to use one vendor from network to server.

I would rate ACI seven out of ten.

We use Cisco ACI for perimeter security and threat detection. 

The tool's initial deployment is complex and takes five hours to complete. 

I have been working with the solution for six to seven years. 

I rate the product's stability a nine out of ten. 

I rate the tool's scalability a seven out of ten. My company has around 150 users for the solution. 

The deployment took less than one week to complete. 

A partner helped us with Cisco ACI's implementation. 

The tool is easy to handle once deployed. I rate it an eight out of ten. 

We help customers obtain, renew, and upgrade. This is a multi-cloud software-defined data center. If a customer is in banking, we can separate and secure data centers for multiple sites.

I really like the usage of the application. It offers a good focus on applications and has a driven policy model. It is capable of automation and application-driven. Customers can focus on the applications, and this benefits the end customers.

We really like the GUI and the visibility we get in on the dashboards. You get real-time details on performance. 

The DevOps teams can integrate their own software in ACI. 

We can monitor which areas are working well. 

It can be used with Kubernetes.

We get a full holistic view of the ecosystem. 

Ideally, if it could be more aligned as a unit, it would be useful.

Compared to VMware, it needs more virtualization technologies. It cannot match that right now based on the hardware boxes that we use. It could be more virtualized. There is less flexibility as they have less virtualization.

The contract management could be better.

It needs to include log files.

The GUI could be better. The solution be more user-friendly.

We've seen a lot of trends in companies moving towards AI and cloud capabilities. If it could really focus on this area, it would continue to be a very good product. It would improve the cost-benefit of the product in the long run. They need to integrate with multiple cloud platforms. Better integration and compatibility across the board, in fact, would make it a better product.

I've used the solution for four to five years. The customers I work with use ACI.

I have found the stability to be good. I'd rate it nine out of ten. 

The scalability is pretty good. You should have two of the spines altogether. Then the leaves can expand when you want to have more bandwidth or more throughput requirement.

If you need more computing power or networking power in the data center, then you have to add the leaves. Of course, if you need more throughput power, it's a bit different. For example, if one spine has the power of 4GBs, the two spines, which are combined, give the power of 8GBs, if you want more throughput, for example, 50GBs, you just go and add a couple of spines to it to commit to that sort of power. 

We tend to work with medium to large organizations.

I'd rate the scalability seven out of ten.

Technical support has been good.

Positive

I haven't worked much with other solutions. I have worked with VMware NSX. It's similar, however, it is more flexible and is faster to set up.

The initial setup isn't too complex, depending on the user's background. If a person is comfortable with Cisco products, it won't be too hard. You do have to use the command line, which makes it a tedious task. That said, you have more advantages with configuration capabilities. 

I'd rate the process eight or nine out of ten in terms of ease of setup. For the most part, it takes five to six steps.

It doesn't take too long to set up the entire product. It's easier than the other areas of the Cisco portfolio. Cisco is also making deployments easier to handle in general. It might take a few days since it is software-defined. 

On a high level, if the customer has a lot of devices, it might take two to three hours, and then you need to integrate everything. It shouldn't take more than 30 minutes after that to deploy and get the devices integrated. It's just working on it and reviewing tasks, which takes some time. It's an ongoing process.

Cisco solutions are pretty pricy as you have to buy the AP controllers, leaves, spines, and hardware. I'd rate the pricing six out of ten in terms of affordability.

We are resellers and consultants. We provide insights to clients regarding this product. We don't use the solution ourselves; we help the customer use it and realize its value. We're Cisco partners. 

We don't use a specific version of the product. Typically, we use the latest when it comes out.

I'd recommend the solution for users that have a traditional setup and need a dashboard. Many banks have complex data centers. They'd benefit from moving to this solution.

I would rate the solution nine out of ten.

The pricing factor is an issue. It's also not as good as VMware as it is not as virtualized. However, the Cisco portfolio is quite strong.

We have several customers who are using Cisco ACI. In my opinion, Cisco ACI is the most powerful solution from Cisco. It is a very strong solution and was recently developed by Cisco, especially because of the Cisco ACI fabric. 

Cisco ACI is a declarative model or object-based model that focuses on application-centric policies rather than traditional network validation. It uses spine-leaf topology. It eliminates the need for customers to spend time configuring their network, routing, and switching. Instead, they can simply initialize the fabric and design their application based on their policy. It's a pretty advanced solution and eliminates a lot of headaches.

The most useful feature in the ACI is a feature called Service Graph. Service Graph is a part of the ACI fabric and is used to redirect traffic through various network services, such as firewalls, without the need for complicated network configurations.

You simply create a policy and redirect the traffic to the firewall and then back to the ACI. So the Service Graph feature is the most powerful feature in the ACI and can be used to deploy the firewall as a service template for any type of traffic. You can direct the traffic to go through the firewall and then back to the ACI. I think it's the most important feature of the ACI.

I can recommend that Cisco improve its execution. But keep in mind that ACI is the most convenient solution for Cisco, and it is developing every day, adding new features.

Additionally, keep in mind that you can integrate the manager or CCI and manage your remote cluster and data center from the ACI dashboard, which is another possible feature in ACI.

I have only been using ACI for six months because I was promoted to central consultant last year. After my promotion, I started working on the ACI solution. We are using version 5.2. It's on-premises because our customer is in the banking sector and due to governmental restrictions, we cannot install any solutions over the cloud. All solutions, including SDR, ACI, and SDR, depend on the on-premises setup.

After version 5, it became a very stable product.

Scalability is another powerful feature of Cisco ACI. For example, if you need to add another endpoint, you don't need to redesign your network. You can simply add a switch or a leaf switch and you're good to go. If you need to increase the number of devices or add more bundles, you can add a spine switch or a backbone switch without any redesign because the fabric is initialized from zero. You can add or delete devices without the need for a complete redesign. So it's a very scalable solution, and scalability is the most powerful feature of Cisco ACI.

I did have one case where I needed a replacement for a switch, and they handled it perfectly.

I would tell you the pros and cons of using your legacy network versus ACI. Without ACI, you may encounter scalability issues as adding new devices and switches would require a redesign.

Additionally, there may be challenges with extending the layers between switches in the data center, such as sending traffic and addressing challenges.

Using ACI can provide benefits such as simplifying network management. Without ACI, each device and loop would need to be managed individually, but with ACI, the entire data center can be managed through a single dashboard, including VMware, firewalls, and more. ACI can also improve availability and billing.

ACI uses an object and policy model, which simplifies the configuration of routing and switching and enables application-to-application communication. Using ACI can eliminate legacy network issues and provide significant benefits, regardless of the customer size.

Overall, I would rate Cisco ACI a nine out of ten.

Our primary use case is project-based. We deploy and configure upgraded ACIs, registered spines and leaves, and deliver projects to our customers. I'm a network consultant and we are gold partners of Cisco. 

The solution is valuable because it configures from a single point, from APs, and also all routers. Commands don't need to be configured on the spine and leaf side. You can control and manage the fabric from a single point. If you have serial numbers for your devices, they can all be registered with scripts. As a network engineer, you can configure and manage the fabric very easily. From the CLI side, it's really easy to configure from the GUI.

I faced issues when upgrading venues and registering devices. For example, in some cases, you have to reinstall the AP from scratch. We tried that and were then unable to register devices. From the network engineering perspective, it's hard to configure from the GUI. We tried to adapt but it was difficult. You have to add AP numbers for validations.

From an operational perspective, I think if you configure the fabric correctly, it's stable.

The solution is scalable; you can have multi-site scenarios. 

I have a good relationship with the technical support team, they are helpful. 

Because I have a system engineering background and I have MCSA and MCSE certification from Microsoft, the setup is very simple. The largest deployment I was involved in had 300 devices. 

This is an expensive solution, but it's high quality. I have experience with Huawei devices and Nokia. Huawei had many issues with bugs and I had hardware issues with Nokia. Cisco is the highest quality. 

I rate this solution eight out of 10. 

In the last nine months, I have done two projects with Cisco ACI. Both of them were banking systems. I'm capable of selling, installing, and deploying Cisco ACI, so I know all the licenses and prices as well as how to compare the prices and establish a pre-sales team and also doing the deployment and supporting the ACA solutions. 

The most important aspect of Cisco ACI in my opinion is the ease of management. Other solutions, like traditional solutions and pricier solutions—or even fabric and PAT—you have to do many configurations on a box-to-box basis, With Cisco ACI, you go on the AP and do some "next, next finish" installer. Everything is done without having to know about the VXLAN, AVPN, MP-BGP, or ISI. In previous solutions, you had to know all these things and deploy all of them yourself, so you needed a deep knowledge of VRF and all the other BGP things. You would have to remember everything about the detail configuration, but now we just do some clicks and everything is there.

The other benefit to me is the white-listing solution that the ACI can handle. It's important to have a good knowledge of IPS and DDoS things. I always prefer to stop traffic mid-way instead of putting everything on the firewall and blocking it on the firewall. In my opinion, a firewall has very limited resources and it is possible to run out of resources easily with a simple attack, like HPing. But when you do white-listing, you just greenlight your needed traffic, not all the traffic. So this is a very big difference. And also of course, nowadays everyone is talking about the ACR tool Heat that allows customized configuration to style. These are the major things and some other things like very low latency and few hops. 

Before version 5, you could manage your firewall or load balancer from the AP. It was very basic and now they removed the whole features in the new version, so you cannot manage your load balance or firewall from your AP on L2, L4, and L7 services. They can improve this because it's a little bit hard to send traffic with PBR or EPB to the box. They're returning back. That's one area where they could improve.

I've mostly worked with Cisco solutions in the last 15 or 17 years. I do everything from deploying enterprise solutions and developing data centers to building cloud applications with Cisco ACI or data solutions at the center, like MPP, GPU, AVPN, and VXLANs. Security-wise, I started with ASA and IPS then upgraded to Five Power and Snort. I also have a lot of experience with Ice and Identity solutions as well as ESA and WSA.

I believe that Cisco ACI is highly scalable. Anytime that you want to add bandwidth, you just need to add a spine and anytime you need more ports, you just need to add that. And the very cool feature is the different typology that ACI can support now. Before that, it was a stretch, especially the typology. Nowadays, everyone is talking about the IPN and the multi-part.

For bigger operations with different data centers in different locations, you can deploy multi-site and it also offers some support remotely. I've never deployed it, but you can use a virtual peak that gives this and also enables a multi-tier. That's also very helpful with customers that don't want to spend a lot of money for the cable or transceivers. And the hardware is massive. I really love the hardware. The MTBF is huge. Everything is stable.

I was also in Malaysia for many years as a CTO at a company before COVID and was a Cisco partner. So I know how to create tickets. I've experienced how they respond and escalate tickets. I was the business owner and promised stability and availability to my customers. I asked and they opened a ticket for me, and I'd give it to my friend. I only needed to interact with Cisco techs very few times. But for licensing things and hosting, I use support all the time.

In most cases, you just plug in the cables and it even has the cable cave, a guard system, attached spine to spine. In my opinion, the initial part that involves creating the overlay is very easy compared to an MP-BGP or VPN solution. So in that case, it definitely takes hours, especially if the site that you are working with ACI is multi-tenant. If it's multi-tenant and you are not using ACI or an MPG EVP solution, then it's hard for you to take care of the road fillers. And a BGP road target must be very accurate, but here you don't deal with anything. This is also very great about ACI, which takes less networking. There's no port. Everything is tied to the object. So that's very easy. I believe that it is exactly the same environment and same thing that we face with the Cisco Blade system. You can create a foreign device and attach it to any server on the Blade and everything works fine. 

I would rate Cisco ACI nine out of 10. I'm always trying to push customers to use Cisco solutions. When I'm talking to my clients or anyone else who is thinking about using Cisco solutions, I always say 10 out of 10, but I believe that there is some space for improvement. 

Primarily, what we like is the ability to do micro-segmentation. We have many different application endpoints, and one of the key use cases for us was to be able to classify the application endpoints into arbitrary buckets of different silos. We need to be able to ensure that different endpoints will go into, let's say, a production silo, versus a development silo, versus a test silo. That was one of the use cases.

The function above and beyond that is that you get things like automation as part of the SDN framework. Therefore, you get the data center overlay that is built automatically and provisioned automatically from the automation capability that's built-in.

The solution has all of the baseline functionalities for any sort of SDN capability. 

The stability is quite good.

The initial setup is straightforward.

One of the areas that need work is feature flexibility. If you want to do things like routing policies it's not cookie-cutter, however, you want to customize routing policies. It becomes a little bit more constrained due to the feature set, the routing policy feature set within ACI, doesn't allow for you to get very customized when it comes to, let's say, failover type scenarios. However, that's just an artifact of the product maturity. It's going to take some time before the product becomes mature and they have the ability to have more customized features enabled. At version 4.0, these features were not yet available. We ended up having to basically export the routing functionality, the more advanced routing functions, outside of ACI and just put it into the routing infrastructure around it.

The initial setup is not intuitive.

Technical support needs to be more helpful. It's rare that you get a knowledgeable person.

It would be nice for them to provide visibility at a cheaper price point. Visibility is something that everybody wants to achieve with their workload. One of the benefits of SDN is supposedly the ability to collect all that telemetry and correlate it to something that is actionable and meaningful. That's a key requirement, however, the bar is so high in terms of costs. In our environment, we opted out of it as it's so expensive, however, it would be nice, as, if you don't have visibility, then how do you properly segment your workload? The minute you start segmenting, you kind of cut off workload communication. If your goal is micro-segmentation and putting your workload into arbitrary silos, and if you don't have the visibility, then it will be very difficult to achieve. Therefore, if you don't have visibility and you want micro-segmentation and you don't want to pay, then ACI is not your solution.

I've been using the solution for two years at this point.

The solution is stable. We don't have issues with it crashing or freezing.

While supposedly it's scalable, the program is not. I don't have any data point that I can provide for scalability within ACI, as our environment is fairly small.

Technical support is hit or miss. Sometimes you can open a ticket and you will not have to escalate it three or four different times before you get somebody that is competent. I would say that's 85% of the time, however, the other 15% of the time you get lucky and you get somebody that knows what they're talking about.

I have some experience with VMware. I'd describe it as more intuitive and easier to configure, however, it's a different solution as it's software-based as opposed to ACI which is hardware-based. 

The solution's initial setup is straightforward. It is not difficult. One other area that I would say is a negative is the way that they have their setup. It's not intuitive. It's very complicated and if you want to provision an interface or something like that and get that interface, it requires a bunch of steps that are very counter-intuitive. It's not user-friendly.

The pricing could be a bit cheaper.

If I compare ACI to a VMware NSX-T type solution, I don't know if there's a differentiator there compared to NSX. I will say that NSX has much higher numbers of differentiation, as they have visibility into the workload at the hypervisor. Having used ACI, we were looking at solution sets that will give us specific capabilities beyond that. The value of NSX is it will give you the visibility component.

The version that I was working on is a 40 version, however, the company is at a 50 version at this point.

If you are looking for a solution that will give you the ability to have really good visibility into your workload, how your workload performs and functions, ACI doesn't give you that level of granularity as compared to, for instance, a solution like VMware NSX. For them to provide visibility, you're going to have to spend a lot of money on Tetration, which is another solution that they try to force on you. If visibility is one of your key requirements, then you might want to rethink your data center SDN solution for ACI.

I'd rate the solution at a six out of ten.

The solution helps with business continuity.

Centralized management is valuable. PBR has been beneficial for network efficiency. It helps redirect the traffic to a node that is not necessarily a gateway.

The GUI is not easy to use. It must be made simple and convenient to use.

I have been using the solution for ten years.

I have not faced any issues with performance or stability.

The tool is scalable. It can adapt to the growing needs of the business.

We contact the support team when we face any issues.

Positive

The initial setup is straightforward. The deployment is centrally provisioned. The initial setup might take a couple of days. The deployment depends on the scale and customer requirements. We need one engineer for the deployment. The maintenance requires some skill development.

The product is not cheap. It is usually expensive. However, the solution’s local presence and technical support sometimes make customers prefer it.

We see tangible benefits of policy-driven automation in a modern scale environment where frequent changes are required. However, the features and benefits are almost negligible for a relatively smaller and static environment. The vendor's local presence and the support provided are the main reasons customers choose Cisco ACI. I will recommend the product to others. We must ensure that the use case is well-defined to get the benefit and ROI from the product. Overall, I rate the tool an eight out of ten.

The main customers are Tata Consultancy and Data Communication Limited. For them, ACI's fabric capabilities, automation features, and specifically, the L4-L7 features and micro-segmentation are most valuable.

In legacy networks, managing changes requires individual tickets for each device. ACI's single pane of glass management through APIC is a big advantage.

So, single-tenant management is a plus.

Customer support for ACI needs improvement. Many customers prefer HPE because their internal support is different and easier to integrate with existing networks. This lack of awareness of ACI's capabilities makes customers stick to traditional networking.

My customers' internal teams lack ACI expertise, so Cisco should provide training or offer end-to-end use case support.

I have been using this solution for the last seven years. 

I would rate the stability an eight out of ten. 

It's quite scalable. I would rate the scalability a ten out of ten. We have features like fabric provision and tenant isolation, which makes it competitive with other OEMs.

We have enterprises primarily as our customers. 

Support can be inconsistent. Some customers have had issues.

Positive

I would rate my experience with the initial setup a nine out of ten, with ten being easy to set up. 

The initial setup is quite straightforward. Our clients have a private and hybrid cloud.  

Deployment timeframe can vary.  We get a chance to deploy the ACI on a quarterly basis.

The licensing is expensive. Customers find the price expensive.  

Remember, even a single network change with ACI instantly reflects across all devices.

Overall, Cisco ACI is excellent. I'd definitely give it a ten out of ten.