Cisco Blogs

Customers Speak Out On ACI: Speed, Simplicity & Security

April 1, 2016 - 10 Comments

Speed, simplicity and security – these are 3 of the recurring themes that come up in conversations with customers when discussing ACI. Why? Because ACI addresses 3 fundamental problems that seem to be consistent with people running data centers – across vertical markets, geographies and organization sizes:

  • Problem 1: It takes too long to respond to business requirements, so apps don’t get rolled out fast enough.
  • Problem 2: The data center has gotten too complex, resulting in additional cost and time to deploy/operate/troubleshoot.
  • Problem 3: Managing security is too laborious, complicated and error prone, resulting in security holes.

With ACI, customers are seeing dramatic increases in their ability to get apps and associated infrastructure rapidly deployed. This is due in large part to the simplicity that comes from ACI’s policy based automation. Additionally, security is built in to the system, by virtue of ACI’s whitelist policy model, as well as deep integration with ecosystem partners. Read on to see if these claims are just hand waving from the marketing guy, or if there is substance to back this up.

First, I want to point out that an ever growing base of customers are leveraging ACI. In February, we announced that there were over 6,000 Nexus 9000 customers and 1,400 ACI customers, along with 50 ecosystem partners. Many of these customers joined us, not too long ago, at Cisco Live Berlin. Here is a 2 ½ minute summary of what some of them had to say:

ACI addresses Problem 1 with Speed

Sainsbury’s, the second largest supermarket chain in the UK, is a ~150 year old company with a vast array of legacy systems. They wanted to change how they interact with customers, wherever and whenever, and try new things, extending their business model. To do this, IT needed to move at the speed of business. Jon spoke of how, before ACI, speed of deployment had been a real challenge, in that it used to take day’s to get servers rolled out. Now this happens in hours.

Halkbank is a large Turkish bank. Cenk contrasted the speed of doing network upgrades with ACI versus the way things went in the past. He was clearly pleased with his experience of doing an entire data center upgrade in 10 minutes: 6 minutes to upgrade spine switches, 4 minutes for the leafs,  0 minutes downtime.

ACI addresses Problem 2 with Simplicity

Andreas from Dresden University of Technology described how ACI’s policy model simplifies initial deployment and ongoing growth. As his data center grows, he basically just adds switches, plugs them in and they are automatically configured by the fabric.  His overall summary:

  • “It just works.  That’s pretty cool!” 

Halkbank, with 100’s of branches and 1000’s of ATMs, continues to grow year over year, in part through acquisitions. This adds to the complexity of the IT environment, though at the same time, they’re trying to simplify things for customers. The business wants a lot and wants it fast, and ACI helps them simplify.

ACI addresses Problem 3 with Security

NBCUniversal is a huge force in the entertainment industry with a range of businesses including news, theme parks, movies, etc.   Steve spoke of their need for speed, and highlighted the need of delivering this in a highly secure fashion.   He discussed the requirement to provide an environment for their businesses that is isolated, but can share common services in a way that gives them more security.

Others, like Andreas, also highlighted how ACI allows them to scale a multitenant environment with security.

More Details

Speed and Simplicity are addressed in this thorough analysis from InfoWorld.   Comments include:

  • “Assuming the cabling is complete, the entire process of standing up an ACI fabric might take only a few minutes from start to finish.”
  • “Implementing ACI is surprisingly simple, even in the case of large-scale buildouts.”

Regarding Security, the results of this customer survey from ESG reflected the challenges associated with traditional security. Summary comments include:

  • “Implementing network security controls is tedious and time-consuming.”
  • “Network security operational issues leads to human error and configuration problems.”
  • “It’s difficult to make changes to security controls once they are implemented.”

These obviously reflect issues associated with manually managing ACL’s that are 100’s or 1000’s of lines long, not wanting to trim the list for fear of creating some catastrophic leak, etc. ACI is able to effectively address these and many other issues because of the security that is an inherent part of its design. You can read more about topics such as ACI’s secure multitenancy, white list policies, and built in stateless L4 firewalling in this paper on ACI’s overall security architecture. Here is some background on ACI’s microsegmentation capabilities.


A summary of each of the customer’s who were profiled at Cisco Live Berlin is here. Also, you can check out the entire Cisco Live customer session (note it requires you to register). In any case, if you don’t have time to dig into the details above, the key takeaway here is that ACI delivers Speed, Simplicity and Security for these, and many other customers.

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.


  1. I got Dev workload which I want to migrate to ACI in application centric way

    has anyone done such migration?

    Does anyone migrated OpenStack production workload to ACI ?

    Has anyone tried OpenStack integration (GBP) with ACI?

  2. Thanks

  3. Thanks for the summary

  4. While ACI will solve a number of problems, troubleshooting configuration problems is very frustrating, the dependent configuration items are too disjoint and scattered over the UI and it is not well documented what needs what. I agree that the FABRIC is easy to get working, the policies are another matter altogether. If I can get a signoff from our security people that contracts can replace at least the L4 filtering options on firewalls then it is worth it. By the by some information comparing ACI to say ASA or some other firewall in terms of features and functions would help.

  5. We are finally rolling out ACI! Setup was a breeze, upgrade was super easy. Can’t wait to finally start making EPGs and running real data across it. We are going to move to Multipod as soon as possible to link our disparate data centers together. Anyone else considering this?

  6. dsadasd

  7. My engineers say ACI = A Complex Infrastructure.
    My finance guys say ACI = A Costly Invoice.

    Too complex. Still too expensive. We passed.

    • Too bad Bryan. Our experience is the exact opposite. A traditional data center from Cisco was nearly twice the TCO. We also looked at HP and Extreme networks and they could only get within $250K above the ACI cost. Usage is so simple from management to upgrades. We currently run nine 6509Es in our core with 7K, 5K, 2K throughout the DC. ACI management compared to those is a snap.

      • No wonder you are happy. You are comparing Aci vs cat 6ks and not the industry leading gear out there.

  8. Thanks Craig!