Cisco Adaptive Security Appliance (ASA) software is the core OS for the ASA suite. It provides firewall functionality, as well as integration with context-specific Cisco security modules. It is scaled for enterprise-level traffic and connections.
Cisco ASA's are great for internal network connected access between a firewall and the central management server. And, for complex networks where high security requirements with overly strict compliance are necessary. For networks with limited connectivity to the core or for poor network connectivity these are not the best solution. There are other more stand-alone firewall's that do this better. These firewall's are a little more complex to set up to start with so significant knowledge of these devices is required to set them up and ensure they are best practice installed.
Windows Server and Active Directory is very robust and stable, it has been a staple in every IT environment I have worked in during my career. Junior to Intermediate admins can learn Windows Server easily, the user interfaces make administration tasks very easy as well as the documentation available through a vast amount of resources. There are other Operating Systems available with no GUI which has a smaller attack surface, faster update installation and reboot time. Windows Server does have the ability to remove the desktop experience, however it is not something I have had experience with and I believe most administrators choose not to remove it.
Microsoft needs to minimize the update frequency by making the product more secure. It can become very exhausting trying to keep updated if you don't have a dedicated support team. It can become challenging where the business is unable to allow downtime for reboots as part of the update process.
Prone to security and audit vulnerabilities.
The operating system needs more CPU and memory resources compared to other options such as Linux.
Understanding the licensing model can be abit confusing.
Comes with a standard firewall, but not the most secured one available. Would suggest using a more secured firewall as part of your antivirus software.
Due to the number of vulnerabilities and the operating system being a target for hackers, anti-virus software is a must.
To be honest there has been now great products out in the market compared to Cisco ASA. I beleieve Cisco has to do a lot of improvement in this area. The other defeiniete factors is the cost when it comes to renewals which is always a premium on Cisco products
I've carefully reviewed the servers and services currently running on Windows Server 2012, and given the opportunity would renew them as is going forward. There are two systems I currently have in place, one is a very large Linux implementation for a large ecommerce site, and one is a very large backup solution front ended by FTP servers running Linux. Neither are well suited for Windows, but the overall network infrastructure is and will be Windows Server for the foreseeable future.
Anyone new to IT could easily use the familiar Desktop Experience (GUI) version because we all know how to use Windows, whether a client or server version. Once an IT user is more comfortable with the operating system, they can move on to the Core version, which is the way to go in almost all situations.
I generally have not noticed the outages, however since it's a machine it can malfunction, we need to implement the firewall infrastructure in such a way that it is highly available with device failure, region failure etc. Else any solution will be having the issues if they are not build with resiliency.
The support is usually very good and gets back to you very quickly. However I had some instances of when two engineers will give me wildly different answers to what I thought was a simple question. Overall however I do rate the support highly and they are generally always very good.
Microsoft's support is hugely wide-ranging from articles online to having to contact them directly for the more serious issues. In recent years when I have contacted them directly, I have found the support o be excellent as I have found myself connected to very knowledgeable people in the field in which I needed the support. The online support available is vast and I tend to find most of the time that there is always someone out there who has had the same issue as me in the past and knows something about how to resolve it! This is the advantage of using industry standard and long-established systems such as Windows Server.
It was quite a good one, how ever requires an expertise to deploy hence the SMB segment would be finding it difficult to implement this product. The one good reason is that there are lot of ASA certified engineers in compared to the other certified engineers. Hence this resembles positively on the deployment as you have quite a lot of experienced engineer on your deployment
Make sure that you have detailed processes in place for every server instance you plan to install/upgrade, if possible get the base OS loaded and Windows Updates applied ahead of time, and if using a VM take a snapshot prior to installing each role, as well as along the way.
We were using [pfSense] before in our environment but we regularly facing difficulties over it due to software bugs & downtime. After implementing Cisco ASA, it resolved our availability issue & provides us a reliable solution with the best security features & easy to understand GUI.
They are different experiences, and while the other solutions offer enterprise-grade stability and, in some cases, address Windows server shortcomings (such as patching), they all do the trick, but the other solutions require a deeper technical background/configuration of items at the command line, which some people are not fully comfortable with.
