Cisco Application Centric Infrastructure (ACI) is network virtualization technology.
N/A
Tufin Orchestration Suite
Score 6.2 out of 10
N/A
Israeli company Tufin offers a firewall security management offering via the Tufin Orchestration Suite, including SecureApp for managing network connectivity, SecureChange network change automation, and SecureTrack multi-vendor and next-generation firewall management.
Well suited to data center deployments with storage and compute to host applications. When deployed with VMWARE and/or hyperconverged infrastructure you get a good solution that is reliable and robust and can support a vast array of solutions. Cisco Application Centric Infrastructure works on any sized solution however, it's more appropriate to mid to large scale deployments.
Well suited scenarios - 1) Firewall Policy / Ruleset management 2) Where all the products are from Tufin like TOS ST, SC, SecureApp etc 3) Where customer focuses on ruleset compliance - USP violations, and other features Less suited - 1) Agnostic/distributed environment - Tough with integrate with 3rd party like CyberArk 2) FW recertification processes / exception process when complex process is included
The REST API allows your to programmatically interact with the network and make massive changes very quickly when needed.
The API allows you to tie together Server Provisioning tools, storage provisioning tools, into an orchestration platform such as Ansible to streamline new deployments and builds.
New Deployments are extremely simple once you've worked out your programatic deployment process. We can deploy new clients/tenants in seconds rather than days or weeks like it used to take.
Replacing failed switches/apics/etc is also extremely easy.
Tightly couple the underlying Network Infrastructure to VMWare Deployments to allow VMs to move anywhere in the datacenter at the drop of a hat.
The APIC web UI is slow. Even on the newer UCS systems it is laggy.
The terminology for some of the objects is really confusing for someone that never used Cisco Application Centric Infrastructure. It would be at least helpful if there would be a link to a reference of the "classical" terms in the web UI.
The cost of the hardware, together with the management platform, is high. It is difficult to convince my management layer why the ease of manageability outweighs the high price.
Cisco ACI is doing exactly what was intended for it to do, that is support our next generation data centre, improve security, and increase resiliency. Migrating to another platform would be a waste of time, resource and energy, which could be better spent migrating more legacy applications into the Cisco ACI fabric.
Cisco ACI has changed the traditional data center model into a new era of automation and agility. The product was considerably easy to deploy met all the expectations. In terms of usability, ACI provides a unified interface for managing the whole infrastructure in one place which is the main benefit for users (admins)
I do not give it 10 because the platform evolves more and more every day in the data traffic of the datacenter. But the implementations that they carry out for different clients of the platform are very happy with the result of the same over time. Another point that you notice about the platform, despite its good performance, is the low use of energy used by this 24x7 on, it is a good fact to take into account for our environment.
Cisco provides users and partners with a multitude of data for you to consume. I think that the stuff in the public domain goes a long way to assisting you find any answers you may need, plus insights and information from areas such as DevNet provide you with access to more than just the traditional release notes and the like
The Cisco ACI training provided by Cisco was in depth, covered all of our requirements, and allowed us to implement and maintain the platform without issues.
NSX-T and ACI both are definitely awesome products. I tend to use ACI in networks that have more barebone and/or alternative hypervisors. NSX still works best in VMware heavy networks. Another consideration is where the network is managed, by which team. If the network is solely managed by the network team ACI tends to be a better fitting solution. Also since ACI is a complete solution you don't need any other products. If you implement NSX you will still need a physical network.
1) Fairly okay overall but definitely needs improvement overall Vs the other products available in the market like Palo Alto XSOAR 2) Cost wise okay at the beginning but when client demands add-ons/ more features/customization tailored to their needs, Tufin Orchestration Suite recommends RFE / custom costs/development costs 3) USP feature is cool to use overall Vs FireMon 4) Tufin ProServ needs to buckle-up/Support compared to other competitors in the market
Cisco ACI scales well and is suited in scenarios such as multi-cloud or large data centre implementations. It is not suited to smaller deployments as the efficiencies that it provides are not fully realised. It is well suited in large environments that contain both virtual and bare-metal machines allowing a great deal of flexibility. It is also perfect to support multi-tenancy platforms.
Positive impact moving off of legacy to ACI has shorten costs of operations.
Native support for automation makes deployment easier and takes few mins than large amount of hours that can bring costs (OT over time) since it takes minutes to deploy this OT cost has decreased.
Troubleshooting made easier, this gains customer trust, therefore we get to spend less time trying to solve an issue and less operations costs.
