Cisco Adaptive Security Appliance (ASA) software is the core OS for the ASA suite. It provides firewall functionality, as well as integration with context-specific Cisco security modules. It is scaled for enterprise-level traffic and connections.
N/A
Cisco ACI
Score 8.0 out of 10
N/A
Cisco Application Centric Infrastructure (ACI) is network virtualization technology.
Our Palo Altos and Cisco ASAs are pretty comparable. They both seem to work well when used in an HA pair. They can both do IP/Port based ACLs. But the Palos also have APP-ID which helps to make sure that the traffic passing through your firewall is the type of traffic …
Lower cost than FabricPath, maybe a little bit cheaper than Arista when we looked into it. I wasn't involved in the initial purchasing of ACI, and was kind of against it at first, but the product has evolved a lot over the last few years and I now believe that it can …
Cisco ASA's are great for internal network connected access between a firewall and the central management server. And, for complex networks where high security requirements with overly strict compliance are necessary. For networks with limited connectivity to the core or for poor network connectivity these are not the best solution. There are other more stand-alone firewall's that do this better. These firewall's are a little more complex to set up to start with so significant knowledge of these devices is required to set them up and ensure they are best practice installed.
I feel that Cisco ACI is quite good at different architecture designs. You can have it as just a straight layer two network. You can have it like we have with a vast layer three network and I think just for the layer three network it has easen up the use. I think the use cases for layer three networking is better for ACI. If you just want to do the layer two, you can still use Cisco Nexus and so on and that should be almost simpler in some way.
Cisco ACI, The object model is very complicated. It's something difficult to understand and also because there is a user interface, there's a web user interface, but it's not optimal to use it because if you want to deploy a large amount of VLAN or a large amount of tenants, it's quite difficult to do it or it's quite challenging. Maybe if you want to configure a large amount of ports using the web interface, it's not appropriate because it takes a lot of time. It also provides APIs to do that, but as I say, the object model is very difficult to understand and there is very little documentation about automation of the ACI and maybe there is but it's not so easy to find.
I think something I've just went to a session with hyper fabric and the ideas that hyper fabric has. Keep it really simple because Cisco ACI is a complex system and adopt some of the ideas behind hyper fabric, bring it to ACI that will be really beneficial. So as I said, automation is a great thing, but it's still, you need to have the background and the really complex stuff that happens behind the scenes to leverage the value of that solution. And by adding more simplicity to it, I think that will be a great thing. And also integrating with other applications in terms of the automation.
To be honest there has been now great products out in the market compared to Cisco ASA. I beleieve Cisco has to do a lot of improvement in this area. The other defeiniete factors is the cost when it comes to renewals which is always a premium on Cisco products
Provided with the intensive fault isolation for the CISCO ACI, we are glad that we have this Data Center Solution in place and we will continue to renew as long as the future needed requirements are meet and more helpful features will be enabled in the future with the integration of security
You'll need a lot of training and hands on experience to get the most out of the product. There are a lot of very useful features in the ACI product. Often times there are a lot of ways to get to a solution for chalanges in the field. The solutions might be different eacht time. Knowing which one to implement is somtimes a challenge.
I generally have not noticed the outages, however since it's a machine it can malfunction, we need to implement the firewall infrastructure in such a way that it is highly available with device failure, region failure etc. Else any solution will be having the issues if they are not build with resiliency.
It allways works. If there are problems with links going down by accident (say someone accidentally unpatches something they shouldn't have), we rarely miss more then one packet over the link. Also, using VPCs we are able to upgrade the software on the switches without the attached EPs ever noticing.
Day to day operations on Cisco ACI do not require much human intervention, the platform ticks over without any major faults. Being able to rapidly replicate the communication between two groups of machines across multiple sub networks speeds up new application delivery, and the integration into vmWare allows multiple teams within IT to work together to problem solve rapidly.
The support is usually very good and gets back to you very quickly. However I had some instances of when two engineers will give me wildly different answers to what I thought was a simple question. Overall however I do rate the support highly and they are generally always very good.
Cisco provides users and partners with a multitude of data for you to consume. I think that the stuff in the public domain goes a long way to assisting you find any answers you may need, plus insights and information from areas such as DevNet provide you with access to more than just the traditional release notes and the like
The Cisco ACI training provided by Cisco was in depth, covered all of our requirements, and allowed us to implement and maintain the platform without issues.
It was quite a good one, how ever requires an expertise to deploy hence the SMB segment would be finding it difficult to implement this product. The one good reason is that there are lot of ASA certified engineers in compared to the other certified engineers. Hence this resembles positively on the deployment as you have quite a lot of experienced engineer on your deployment
Being involved in the implmentation gives you more overview on how things are supposed to be working and communicating, you can easily performce troubleshooting and understanding the troubleshooting scenario
We were using [pfSense] before in our environment but we regularly facing difficulties over it due to software bugs & downtime. After implementing Cisco ASA, it resolved our availability issue & provides us a reliable solution with the best security features & easy to understand GUI.
Actually we start our learning in networking career with Cisco. So it is very useful or easier to learn this product. And honestly speaking, I didn't work in any other data center solution other than Cisco. So I cannot compare what it gives us more than other popular stuff. But this is very nice product like from Cisco.
Cisco ACI scales well and is suited in scenarios such as multi-cloud or large data centre implementations. It is not suited to smaller deployments as the efficiencies that it provides are not fully realised. It is well suited in large environments that contain both virtual and bare-metal machines allowing a great deal of flexibility. It is also perfect to support multi-tenancy platforms.
We've definitely spent quite a bit of time relearning how to do things in ACI, but I think the investment has been well worth while considering that we can now deploy tenants and leaves from the ground up in a matter of seconds.
We can if we choose to upgrade an entire datacenters worth of switches in a single night. (We've chosen to break it up for availability requirements, but if you didn't require 99.999% uptime like us you may be able to do it)
