“That helps a lot,” he says, adding that he also evaluated NSX at Zitcom A/S, Raabo’s previous employer. “At the moment, ACI is not as powerful (at microsegmentation) as NSX but we are almost there.”
Raabo says he expects Cisco to move towards a firewall-per-VM microsegmentation model with AVS.
Venzo also likes ACI’s ability to integrate with Microsoft Azure cloud services via the Microsoft Azure Pack, which provides a single pane of glass for definition, creation, and service management. ACI’s APIC controller integrates with a Microsoft System Center Virtual Machine Manager instance to extend the ACI policy framework to Microsoft Hyper-V workloads.
Venzo’s initial ACI implementation was not bug free. Raabo says switches initially couldn’t see the APIC controllers after adding a certificate, and they all rebooted at once. Luckily for the cloud provider, they all rebooted during a maintenance window and defaulted to the master configuration.
Still, “it shouldn’t have happened,” Raabo says.
It took Venzo four weeks to get ACI into production mode carrying live customer traffic, he says. And Raabo advises other users considering ACI to not bite off more than they can chew.
“They shouldn’t try to enable everything,” he says. “They should try to understand the technology because we have had to move stuff around later, because we had to pick the right naming schemes, move tenants around later. You should play with it and have time to play with it. But also, you shouldn’t be afraid of the technology. Throw some stuff at it.”
After all, it’s not all that unfamiliar.
“It is just a switch and it is just a router,” Raabo says.
Sign up for CIO Asia eNewsletters.