Cisco Application Centric Infrastructure (ACI) is network virtualization technology.
N/A
Palo Alto Panorama
Score 8.7 out of 10
N/A
According to the information provided by the vendor, Palo
Alto Panorama is a network security management solution that intends to
simplify and enhance cybersecurity processes for businesses. The product's
primary objective is to offer various features, including unified policy
management, centralized visibility, automated threat response, simplified
configuration, unrivaled scalability, and rapid security adoption. It claims to
assist organizations in efficiently managing their firewalls and…
I feel that Cisco ACI is quite good at different architecture designs. You can have it as just a straight layer two network. You can have it like we have with a vast layer three network and I think just for the layer three network it has easen up the use. I think the use cases for layer three networking is better for ACI. If you just want to do the layer two, you can still use Cisco Nexus and so on and that should be almost simpler in some way.
I think Palo Alto Panorama is suited for administrators of all levels because certain things can be locked down to certain permission levels. But there are executive dashboards all the way down to the weeds for the highest of administrators. This truly is a single pane of glass tool because you never have to go into the individual firewalls for anything.
So with the old one, we've had a secure zone, core zone, so we have special hardware specific for those zones, so security zones in our data center. This allows us to basically have the spine leaf and we could put any ports in any zone. So it allows a lot more, I'd say efficient use of equipment, being able to plug in things to whatever, and then program it to how you want it to work on.
First, it has a very good signature-based Intrusion Detection System (IDS) that shows malicious inbound or outbound network packets. The classification for the critical threats is flawless.
It has a feature called "Wildfire" which act like an anti-virus and it reports any malware or malicious attachment that have been downloaded or sent through the network.
I think something I've just went to a session with hyper fabric and the ideas that hyper fabric has. Keep it really simple because Cisco ACI is a complex system and adopt some of the ideas behind hyper fabric, bring it to ACI that will be really beneficial. So as I said, automation is a great thing, but it's still, you need to have the background and the really complex stuff that happens behind the scenes to leverage the value of that solution. And by adding more simplicity to it, I think that will be a great thing. And also integrating with other applications in terms of the automation.
It is very slow applying changes once you have committed the changes on its web interface. It could take a nearly 30 seconds until the change has been actually applied on the device, needs some software enhancements. It sometimes crashes for unknown reasons due to bugs.
Cisco ACI is doing exactly what was intended for it to do, that is support our next generation data centre, improve security, and increase resiliency. Migrating to another platform would be a waste of time, resource and energy, which could be better spent migrating more legacy applications into the Cisco ACI fabric.
Panorama has given us much more than we expected and the support for the product, by Palo Alto Networks has been great. We would like to see some improvements that I mentioned in another review, like scheduling changes, but overall Panorama has provided a very capable product and we are very happy with it.
Cisco ACI has changed the traditional data center model into a new era of automation and agility. The product was considerably easy to deploy met all the expectations. In terms of usability, ACI provides a unified interface for managing the whole infrastructure in one place which is the main benefit for users (admins)
It is a solid product, it allows me to connect multiple devices and to manage my cloud, on prem and vmware firewalling devices. I can assign roles with the required visibility depending on the users. I can also consolidate all my logs into it to have a single pane of visibility.
It allways works. If there are problems with links going down by accident (say someone accidentally unpatches something they shouldn't have), we rarely miss more then one packet over the link. Also, using VPCs we are able to upgrade the software on the switches without the attached EPs ever noticing.
I do not give it 10 because the platform evolves more and more every day in the data traffic of the datacenter. But the implementations that they carry out for different clients of the platform are very happy with the result of the same over time. Another point that you notice about the platform, despite its good performance, is the low use of energy used by this 24x7 on, it is a good fact to take into account for our environment.
Cisco provides users and partners with a multitude of data for you to consume. I think that the stuff in the public domain goes a long way to assisting you find any answers you may need, plus insights and information from areas such as DevNet provide you with access to more than just the traditional release notes and the like
When you get help it is great. they have different service plans you need to know what plan you have and what kind of turn around you can expect. We have even had a local engineer to help us with questions and solutions. I feel the support team they have is very knowledgable and can help you out. Most of the time there is no need to escalate the issue.
The Cisco ACI training provided by Cisco was in depth, covered all of our requirements, and allowed us to implement and maintain the platform without issues.
Being involved in the implmentation gives you more overview on how things are supposed to be working and communicating, you can easily performce troubleshooting and understanding the troubleshooting scenario
I've used the Cisco Wireless LAN Controller 9800. I was quite surprised. It was very good to manage access points in a campus network setup that was good. There's a Cisco SD Access solution that I use. I forgot the name of it, to manage also the campus. It was also good. Yeah, I've used quite some Cisco product, but the one I can remember was the Cisco Wireless LAN Controller 9800.
Palo Alto Panorama and Junos Space Security Director have many similar features but Palo Alto Panorama excels in almost all of them. The monitoring tools in Palo Alto Panorama are easy to use and give more in-depth insight into what is going on in your network. Palo Alto's security is ranked much higher and the Web Application Security is also superior to that of the Junos counterpart.
Cisco ACI scales well and is suited in scenarios such as multi-cloud or large data centre implementations. It is not suited to smaller deployments as the efficiencies that it provides are not fully realised. It is well suited in large environments that contain both virtual and bare-metal machines allowing a great deal of flexibility. It is also perfect to support multi-tenancy platforms.
We've definitely spent quite a bit of time relearning how to do things in ACI, but I think the investment has been well worth while considering that we can now deploy tenants and leaves from the ground up in a matter of seconds.
We can if we choose to upgrade an entire datacenters worth of switches in a single night. (We've chosen to break it up for availability requirements, but if you didn't require 99.999% uptime like us you may be able to do it)
Panorama seems expensive but when you compare it to other software it really isn't and the features make it worth every dollar.
Have panorama allow us to have entry-level team members help out even if they don't understand our whole network they can just go to panorama and know that find the info they need and what device the issue is happening on.
It has brought peace of mind to our security knowing that all policies can be managed through a central system and patches and updated can be centralized.
