APIC-EM is indeed a bit similar to some other network management tools out there. After all, the devices that it manages are all “autonomous” routers/switches/etc so it’s not a “real” SDN solution. The control and data plane remains on the routers/switches. With so many proven network management tools out there, I don’t think APIC-EM will be that popular. The main reason I tested it is because the APIC-EM Path Trace ACL Analysis Tool is on the CCNA exam now.
From what I’ve read in the APIC-EM documentation the CLI is used for:
CLI global credentials are used by the Cisco APIC-EM to authenticate and access the devices in a network that share this device credential when performing network discoveries.
So it seems it uses the CLI (and SSH) sometimes. This is also possible through SNMP so there is some overlap here. However, the documentation does mention:
Both the CLI and SNMP credentials are required for a successful device discovery. You should enter at least one set of SNMP credentials, either SNMPv2c or SNMPv3 for device discovery.
It doesn’t tell us exactly when they use the CLI and when SNMP. You could test this by monitoring it though.
For discovery, you normally only need SNMP read. Write is used when you want to make changes to a device through SNMP. I think you can get away by only specifying the SNMP read community so it can only do discovery.
To add new devices, take a look at APIC-EM Plug and Play
If you want to try APIC-EM, make sure you look at the devnet labs. There’s also a lab where they apply a policy to APIC-EM managed devices which might be nice to try. Those are free:
Devnet APIC-EM Labs