Cisco ACI - perfect for Public Sector Data Centers
October 09, 2020

Cisco ACI - perfect for Public Sector Data Centers

Mark Healey | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User

Overall Satisfaction with Cisco Application Centric Infrastructure (Cisco ACI)

We currently use Cisco ACI as the fabric for our next generation data centre. The platform is managed by the Network Team within our IT department, and hosts all of the internal application we use, as well as providing secure access to applications on the Police National Network, private and public clouds, and the Internet at large.
  • Security being at the heart of Cisco ACI made it the perfect choice.
  • The web management GUI is intuitive and feature rich.
  • Troubleshooting and fault finding facilities are excellent.
  • Some parts of ACI are very complex to understand and implement.
  • Upgrades are complicated and difficult to implement.
  • Third Party Support is hard to come by.
  • Cisco ACI has had a major positive impact on our core direction to embed security in everything we do.
We have been able to implement service insertion Cisco ASA firewalls directly into the fabric, to allow extra security around traffic that is allowed between two end points. This allows load balancing and traffic inspection from layer 4 upwards, rather than just relying upon the layer 3 security baked into Cisco ACI itself.
Day to day operations on Cisco ACI do not require much human intervention, the platform ticks over without any major faults. Being able to rapidly replicate the communication between two groups of machines across multiple sub networks speeds up new application delivery, and the integration into vmWare allows multiple teams within IT to work together to problem solve rapidly.
Zero-trust security is baked into the core of Cisco ACI. Two machines cannot communicate unless you specifically allow them to, and only on the specific ports and in the specific direction you allow. There is no lateral movement allowed across the network, and even if a single machine was compromised, it would not be possible to leverage that to compromise other machines in the same data centre.
As a Cisco house, we did not evaluate any other products.
Implementation of a new application into Cisco ACI, with all of the relevant groups of servers and storage, is very easy to carry out, as long as all of the communications between the servers are known. Migrating an existing application into the platform was found to be extremely difficult, as legacy applications are often built on a flat network, where this kind of information wasn't documented in the required depth.

Using Cisco Application Centric Infrastructure (Cisco ACI)

7 - Cisco ACI is managed and maintained by the Network team, with input from the Server and IT Security Teams.
7 - Cisco ACI is managed and maintained by the Network team, with input from the Server and IT Security Teams.
  • We use this for installation of all new applications.
  • We have improved security of some of our legacy applications by moving them into ACI.
  • We will soon be implementing a second Cisco ACI data centre, to extend the fabric over the WAN, providing better resiliency.
Cisco ACI is doing exactly what was intended for it to do, that is support our next generation data centre, improve security, and increase resiliency. Migrating to another platform would be a waste of time, resource and energy, which could be better spent migrating more legacy applications into the Cisco ACI fabric.

Cisco Application Centric Infrastructure (Cisco ACI) Training

  • in-person training
The Cisco ACI training provided by Cisco was in depth, covered all of our requirements, and allowed us to implement and maintain the platform without issues.

Cisco Application Centric Infrastructure (Cisco ACI) Reliability

We have yet to experience an unplanned outage of the platform.