This is an incredibly relevant question. I have several clients struggling with the exact same question.
The only way to obtain an meaningful answer is to step back and understand what you are trying to accomplish.
What problem are you solving with Prime? What additional capabilities do you need for your infrastructure?
Yes, dare I say it. Requirements!
I'm a huge fan of the promise of SDA. I always envisioned it as ACI for the Campus. I've helped clients roll our ACI in their data centers to great benefit.
1. Your data center becomes a fabric, a single logical entity to manage consistently, rather than some number of discreet switches to manage individually
2. It immediately sets up an automation platform.
3. With direct ties to virtualization, it helps to break down silos.
4. It achieves the security "holy grail". I don't care about the IP (when dealing with security posture, anyway).
For the Campus its is 1, 2, and 4 that are most relevant as Clients struggle with this question.
- Fabric
- Automation
- Security
Fabric
In a greenfield environment, a "turnkey" fabric is a wonderful thing (just like it is in the data center with ACI).
Given a Campus with, for example one layer 3 core and 25 access stacks, what could be operationally better than being able to mange the campus as a single entity rather than 26 discreet logical devices. One point of management minimizing configuration drift and ensuring configuration consistency. Potentially easier zero touch provisioning/plug & play. Comprehensive end to end visibility for your fabric. All kinds of goodness here particularly when you multiply that by say 50 or 100 or more different locations.
Can this be achieved via other means? Sure.
You can roll out your own underlay and overlay and you can automate that as well with Cisco tools or with other automation frameworks such as Ansible, Nornir, or other commercial products.
Products like SuzieQ (open source and commercial) can give you that fabric like visibility now with your existing hardware and with your new hardware.
Automation
If the only thing you are looking for is automation, the solution field is wide and varied. I'll leave it at that.
Security
This is where SDA could really shine. As @Flavio Miranda stated, TrustSec/SGTs can also help in this space but with just ISE it can be a heavy lift. The hope was that SDA would make that easier and that is the big question.
Today there is not a single client I am working with that is not struggling with improving security across their IT landscape and especially at the user endpoint/device layer. The ability to do so without re-addressing is a game changer. Today SDA is a heavy lift in terms of hardware and licensing. If you had a chance to go to Cisco Live, you probably noticed that there are many other vendors in this space looking to leverage Cisco technologies like ISE and SGTs to more easily secure environments. Some let you use ISE and SGTs where available and can bring other solutions in other areas including showing you not just the traffic flows between devices but also a way to more easily manage policy based on those flows.
Why am I bothering you with all of this?
These three functional areas are each incredibly broad themselves and could have many differing requirements within based on your needs.
I just wanted to show a way to start thinking about how to answer your question more discreetly and in a way that gets you actionable answers. With the right requirements defined you have a way to test and assess solutions to get you the one that best meets your needs.
If I had categorize where I think some of my Cisco clients are going to wind up with what I know today they would fall into these categories:
- Piloting SDA in greenfield campus during hardware refresh
- Piloting SDA in a brownfield campus (hardware refresh underway)
- DNAC Only (no SDA) plus 3rd party tools to address immediate automation, visibility, and security needs on existing hardware
- To soon to tell/No requirements
