Item: Cisco Software-Defined Access (SD-Access)
Rating: 8
Author: Verified User

Use Cases and Deployment Scope

I configured and implemented this solution [Cisco SD- Acess] for 2 large companies. The main benefit I can include about this solution so far is the consolidation of all the below points: -Security: Identify and verify all endpoints and network segmentation (high and low level) -Monitoring: Network, applications and endpoints health, the best benefit in this point is related to insights that the controller provides to solve network issues. -Configuration: The deployment can be done in a way that saves time, not only for the first deployment but also for subsequent device incorporation in the network.

Pros and Cons

Security: Macro and micro segmentation
Configuration: LAN Automation and provisioning
Monitoring and telemetry: Network metrics and insights

Documentation: Working in this solution I realized there were missing information details about the fusion device support for nexus.
Fusion router: This roll in the fabric should be already integrated in the solution, right now it is configured manually.
Bugs: Unfortunately the solution still present a lot of bugs, mainly in the controller.

Key Insights

Do you think Cisco Software-Defined Access (SD-Access) delivers good value for the price?

Yes

Are you happy with Cisco Software-Defined Access (SD-Access)'s feature set?

Yes

Did Cisco Software-Defined Access (SD-Access) live up to sales and marketing promises?

Yes

Did implementation of Cisco Software-Defined Access (SD-Access) go as expected?

Would you buy Cisco Software-Defined Access (SD-Access) again?

Yes

Return on Investment

Positive: Less time to provisioning a device in the campus Lan network
Positive: Less time to troubleshoot the network
Negative: the implementation phase itself was too long because of a lot of bugs in the oldest versions.

Integrations with other Cisco products

Cisco Application Centric Infrastructure (Cisco ACI)

Security policies between SGTs (SD-Access) and EPGs (ACI), were made and we achieved end-to-end security between the LAN and the datacenter services. These policies are easy to handle and configure.

Network Ops Experience

We were able to identify endpoints using SGTs with the solution, we defined policies to manipulate and permit/deny the access according to the customer profiles. We also exchange network policies with other network domains like ACI, through the configuration of Cisco ISE. Using Assurance we were able to monitor the device, network, and application health and made easy QoS configurations using DNAC.

Support Rating

SD-Access TAC is well prepared to support this new solution, we always received quick support from them. Unfortunately, there are a lot of bugs still present in the solution and opening cases is very common. We needed to recur to the TAC many times for problems in our deployment and this delays a lot of implementations times.

Alternatives Considered

Unfortunately I haven't tested similar solutions from other vendors.

Other Software Used

Cisco SD-WAN, PRTG Network Monitor, SolarWinds NetFlow Traffic Analyzer (NTA)

Likelihood to Recommend

The best way to use this solution [Cisco Software SD-Access] is in Campus LAN environments, [which] could be small, medium, and large sites, that includes remote branches also. And always use with 3 node (HA) availability. This solution is not appropriate for Data Center environments. This solution is not mean[t] to connect remote sites (the WAN itself). This solution is ideal to achieve high and low level hierarchies of security and connectivity of end users in a network.

Cisco Software-Defined Access Excellent solution, but still [needs] to be improved

Overall Satisfaction with Cisco Software-Defined Access (SD-Access)