Cisco Application Centric Infrastructure (ACI) is network virtualization technology.
N/A
FortiManager
Score 8.7 out of 10
N/A
FortiManager delivers unified management for consistent security across complex hybrid environments, providing protection against security threats. Key benefits include accelerated zero-touch provisioning with best-practice templates for deployment at scale of SD-WAN and streamlined workflows between the Fortinet Security Fabric and integrations with 500+ ecosystem partners.
I feel that Cisco ACI is quite good at different architecture designs. You can have it as just a straight layer two network. You can have it like we have with a vast layer three network and I think just for the layer three network it has easen up the use. I think the use cases for layer three networking is better for ACI. If you just want to do the layer two, you can still use Cisco Nexus and so on and that should be almost simpler in some way.
FortiManager is well suited for larger organizations which require unified configurations and IT departments that need quick turn around on firewall related tickets. I believe MSPs can also benefit with the use of the VDOM feature, if strict separation between clients is needed. FortiManager wouldn't be ideal for 1-3 site operations, unless their configurations are extremely complex or have a high number of active users.
Cisco ACI, The object model is very complicated. It's something difficult to understand and also because there is a user interface, there's a web user interface, but it's not optimal to use it because if you want to deploy a large amount of VLAN or a large amount of tenants, it's quite difficult to do it or it's quite challenging. Maybe if you want to configure a large amount of ports using the web interface, it's not appropriate because it takes a lot of time. It also provides APIs to do that, but as I say, the object model is very difficult to understand and there is very little documentation about automation of the ACI and maybe there is but it's not so easy to find.
I think something I've just went to a session with hyper fabric and the ideas that hyper fabric has. Keep it really simple because Cisco ACI is a complex system and adopt some of the ideas behind hyper fabric, bring it to ACI that will be really beneficial. So as I said, automation is a great thing, but it's still, you need to have the background and the really complex stuff that happens behind the scenes to leverage the value of that solution. And by adding more simplicity to it, I think that will be a great thing. And also integrating with other applications in terms of the automation.
Various bugs: The software is buggy, and if you don't have a good understanding of it's underlaying operation, you can get confused or stuck when pushing a configuration. There are lots of little quirks you will have to learn, which are not described in any documentation.
Conflict resolution: Occasionally, during larger changes, bringing new devices in, pushing a config will fail due to dependencies, conflicts, or other software bugs. This is somewhat time consuming because the error messages provided aren't descriptive
CLI Options: Some configuration changes require creating scripts that execute on each device, and can't be done via the GUI
Provided with the intensive fault isolation for the CISCO ACI, we are glad that we have this Data Center Solution in place and we will continue to renew as long as the future needed requirements are meet and more helpful features will be enabled in the future with the integration of security
You'll need a lot of training and hands on experience to get the most out of the product. There are a lot of very useful features in the ACI product. Often times there are a lot of ways to get to a solution for chalanges in the field. The solutions might be different eacht time. Knowing which one to implement is somtimes a challenge.
It allways works. If there are problems with links going down by accident (say someone accidentally unpatches something they shouldn't have), we rarely miss more then one packet over the link. Also, using VPCs we are able to upgrade the software on the switches without the attached EPs ever noticing.
Day to day operations on Cisco ACI do not require much human intervention, the platform ticks over without any major faults. Being able to rapidly replicate the communication between two groups of machines across multiple sub networks speeds up new application delivery, and the integration into vmWare allows multiple teams within IT to work together to problem solve rapidly.
Cisco provides users and partners with a multitude of data for you to consume. I think that the stuff in the public domain goes a long way to assisting you find any answers you may need, plus insights and information from areas such as DevNet provide you with access to more than just the traditional release notes and the like
The Cisco ACI training provided by Cisco was in depth, covered all of our requirements, and allowed us to implement and maintain the platform without issues.
Being involved in the implmentation gives you more overview on how things are supposed to be working and communicating, you can easily performce troubleshooting and understanding the troubleshooting scenario
Actually we start our learning in networking career with Cisco. So it is very useful or easier to learn this product. And honestly speaking, I didn't work in any other data center solution other than Cisco. So I cannot compare what it gives us more than other popular stuff. But this is very nice product like from Cisco.
FortiManager is the best choice for managing numerous FortiGate firewalls. It allows for easy integration into ServiceNow and automates simple repetitive tasks that are very straightforward. Role-based access control is easy to enable and you can get quite granular with user permissions. Administrative Domains help segregate firewall management and compliance within the FortiManager console, by almost any classification method that makes sense to your organization.
Cisco ACI scales well and is suited in scenarios such as multi-cloud or large data centre implementations. It is not suited to smaller deployments as the efficiencies that it provides are not fully realised. It is well suited in large environments that contain both virtual and bare-metal machines allowing a great deal of flexibility. It is also perfect to support multi-tenancy platforms.
We've definitely spent quite a bit of time relearning how to do things in ACI, but I think the investment has been well worth while considering that we can now deploy tenants and leaves from the ground up in a matter of seconds.
We can if we choose to upgrade an entire datacenters worth of switches in a single night. (We've chosen to break it up for availability requirements, but if you didn't require 99.999% uptime like us you may be able to do it)
