Cisco's Software-Defined Access (SD-Access) provides automated end-to-end segmentation to separate user, device and application traffic without redesigning the network. Cisco SD-Access automates user access policy so organizations can make sure the right policies are established for any user or device with any application across the network.
The best way to use this solution [Cisco Software SD-Access] is in Campus LAN environments, [which] could be small, medium, and large sites, that includes remote branches also. And always use with 3 node (HA) availability. This solution is not appropriate for Data Center environments. This solution is not mean[t] to connect remote sites (the WAN itself). This solution is ideal to achieve high and low level hierarchies of security and connectivity of end users in a network.
I would recommend all system administrators use some form of network monitoring if they are not already doing so, and I'd definitely recommend people consider OpenNMS if they're shopping around. Small businesses will benefit from the low-cost of entry (it's free!), whilst getting all the enterprise features. Larger businesses can benefit from paid support plans.
However, there's no getting around the fact that you will require some advanced networking and sysadmin knowledge to get the most out of OpenNMS, or at least, be prepared for a steep learning curve. If you don't have the resources to devote this time initially, you may struggle.
I haven't quite figured out how to make topologies work yet, but I haven't spent a ton of time on it either.
We've also had a bit of trouble importing some MIBs, but that usually boiled down to working with the vendor to make sure we had the right MIBs and dependencies.
As far as my experience with SD-Access -I'd say things that can be improved are - better functionality with ISE, ease to understand licensing and better documentation for configuration (add-ons, etc), and licensing.
Automation, pushing template-based configuration to multiple devices in one push saves time and manpower. Assurance helps trace issues related to devices, clients, and provide the troubleshoot as the best practices. Segmentation, with the use of the SGT tags, we are able to achieve segmentation and micro-segmentation securely.
OpenNMS's more attractive GUI and its price break were the main reasons our company chose to explore and use this product. However, it never managed to actually replace Nagios which had a much more established hold within the company. Perhaps we were over-monitoring, but our company claimed a $100k loss per hour of downtime.
Initial adoption required quite a lot of resources and time to get everything right. Totally worth it for us; just be prepared for a gradual process that will get better and better with time.
Once setup and running smoothly, it provides us with all the reporting we could hope for, at near zero cost.
With OpenNMS, we're able to offer a much more reliable service to our customers, and spend a lot less time dealing with issues.
