Likelihood to Recommend We are currently in POC with the Remote Leaf connectivity that for smaller sites, no need to invest for Spine and APIC controller, we can just add a pair of Leaf Switches. I think this approach is well suited for an environment that wanted to have Cisco Application Centric Infrastructure with less consideration in the project budget. Also, they have a Back-to-Back Multipod set-up that IPN is an option to be used, you can use the SPINE switch to connect the secondary DC.
Read full review Well suited scenarios - 1) Firewall Policy / Ruleset management 2) Where all the products are from Tufin like TOS ST, SC, SecureApp etc 3) Where customer focuses on ruleset compliance - USP violations, and other features Less suited - 1) Agnostic/distributed environment - Tough with integrate with 3rd party like CyberArk 2) FW recertification processes / exception process when complex process is included
Read full review Pros So with the old one, we've had a secure zone, core zone, so we have special hardware specific for those zones, so security zones in our data center. This allows us to basically have the spine leaf and we could put any ports in any zone. So it allows a lot more, I'd say efficient use of equipment, being able to plug in things to whatever, and then program it to how you want it to work on. Read full review Firewall management Compliance reports Unused rules and optimization Policy Automation Read full review Cons Actually we had some issues in past as well in which this multi ACI, whenever we run it into multi-part architecture mode or design. So we have a lot of multicast issues in between. In which endpoints between the data centers in the single EPG or bds, were unable to connect with each other due to that multicasting loops and other stuff. So this is the problem we faced multiple times in the past. Read full review Palo Alto Networks Integration Better/more user friendly api for integration with ticketing systems Web UI structure is not user-friendly Read full review Likelihood to Renew Cisco ACI is doing exactly what was intended for it to do, that is support our next generation data centre, improve security, and increase resiliency. Migrating to another platform would be a waste of time, resource and energy, which could be better spent migrating more legacy applications into the Cisco ACI fabric.
Read full review Usability Cisco ACI has changed the traditional data center model into a new era of automation and agility. The product was considerably easy to deploy met all the expectations. In terms of usability, ACI provides a unified interface for managing the whole infrastructure in one place which is the main benefit for users (admins)
Read full review Reliability and Availability no outages
Read full review Performance I do not give it 10 because the platform evolves more and more every day in the data traffic of the datacenter. But the implementations that they carry out for different clients of the platform are very happy with the result of the same over time. Another point that you notice about the platform, despite its good performance, is the low use of energy used by this 24x7 on, it is a good fact to take into account for our environment.
Read full review Support Rating Cisco provides users and partners with a multitude of data for you to consume. I think that the stuff in the public domain goes a long way to assisting you find any answers you may need, plus insights and information from areas such as DevNet provide you with access to more than just the traditional release notes and the like
Read full review In-Person Training The Cisco ACI training provided by Cisco was in depth, covered all of our requirements, and allowed us to implement and maintain the platform without issues.
Read full review Implementation Rating Not applicable
Read full review Alternatives Considered I have used competitors fabric products, however they were unmanaged (no APIC) and manually configured. In this deployment model, all tasks are manual and there is no central controller to monitor and maintain the system. It's also prone to configuration errors as each leaf switch is individually managed. APIC solution is much better.
Read full review 1) Fairly okay overall but definitely needs improvement overall Vs the other products available in the market like Palo Alto XSOAR 2) Cost wise okay at the beginning but when client demands add-ons/ more features/customization tailored to their needs, Tufin Orchestration Suite recommends RFE / custom costs/development costs 3) USP feature is cool to use overall Vs
FireMon 4) Tufin ProServ needs to buckle-up/Support compared to other competitors in the market
Read full review Scalability Cisco ACI scales well and is suited in scenarios such as multi-cloud or large data centre implementations. It is not suited to smaller deployments as the efficiencies that it provides are not fully realised. It is well suited in large environments that contain both virtual and bare-metal machines allowing a great deal of flexibility. It is also perfect to support multi-tenancy platforms.
Read full review Return on Investment We've definitely spent quite a bit of time relearning how to do things in ACI, but I think the investment has been well worth while considering that we can now deploy tenants and leaves from the ground up in a matter of seconds. We can if we choose to upgrade an entire datacenters worth of switches in a single night. (We've chosen to break it up for availability requirements, but if you didn't require 99.999% uptime like us you may be able to do it) Read full review I think if you correctly configure your SIEM, you don't need Tufin. You can correlate a lot of things for firewalls. Read full review ScreenShots