What needs improvement with Cisco ACI?

It could benefit from an orchestration tool that makes deploying services easier.

The GUI is not easy to use. It must be made simple and convenient to use.

Cisco's MSO (Multi-Site Orchestrator) or NDO has room for improvement. Cisco monitors ACI through a product called NDI. I find it very frustrating that Cisco has multiple monitoring platforms. It has DNAC for monitoring Cisco NX-OS, campus switches, and any other routers and switches you would have in the environment. That same thing does not work for Cisco ACI monitoring. MEraki cloudbasd platform for Meraki which will get extended to Campus monitoring, to be honest Cisco never got Monitoring 100% right from days of CiscoWorks to Prime to current platforms. To monitor and manage Cisco ACI, you need to have another platform called NDI and Cisco Dashboard Insights. What frustrates me about Cisco is that it never has a central, single pane of glass platform for all its solutions. It has one thing for Cisco ACI and another thing for campus switches. I would really appreciate it if Cisco came up with something centralized to monitor everything. I haven't thought about anything since the Cisco NDO is quite advanced, and you can deploy your cloud networking through it. I don't know how many people use it. I might explore it as my cloud orchestration tool in the future. We do a lot of cloud automation using our scripts like TerraForm, but I would like to see people using NDO more. We could have more case studies on how many people use NDO for their cloud orchestration. That might be a much easier journey for people when they move from an on-premises data center into a cloud and move from one cloud to another cloud. That is where I personally see an orchestrator being effectively used for multiple deployments.

Its scalability and reliability capabilities should be enhanced.

It would be good if Cisco ACI had some cross-domain orchestrator that could rule all the pillars in the customer network or interconnect more easily with the compass environment.

The tool's initial deployment is complex and takes five hours to complete.

While it is quite functional, I found it to be somewhat slow, and there was a notable issue related to the removal of the help section. In previous ACI versions, every configuration section had an accompanying help section that provided valuable information. This feature was removed in the latest version, and the reasoning behind this change is unclear. I believe there's room for improvement in terms of ACI's integration with various technologies. For instance, when it comes to integrating with Kubernetes, the compatibility is somewhat lagging.

Quality Assurance could be better, and there are a lot of bugs in each release. We discover these bugs when we upgrade the ACI environment, sometimes resulting in downtime. In the next release, I would like to be able to manage hybrid cloud networking. So currently, if you have an ACI environment running on-premise or Epic in the cloud, we can handle it with the NexSys dashboard. But if Cisco can integrate SD WAN-related features, through which we can do multi-cloud networking, that will be an awesome feature. It should be more flexible.

I can recommend that Cisco improve its execution. But keep in mind that ACI is the most convenient solution for Cisco, and it is developing every day, adding new features. Additionally, keep in mind that you can integrate the manager or CCI and manage your remote cluster and data center from the ACI dashboard, which is another possible feature in ACI.

Our problems with Cisco ACI are mainly related to the contracts and how to manage them easily in the platform. Cisco also needs to improve the log files and the complexity of the graphical interface.

The virtualization part of it is still all hardware-based. You have to buy the switches, and they have to be Cisco switches. You cannot roll the Software-Defined Network and network virtualization over onto any other product. For example, if I have a mix of Juniper and Cisco in my network, they are of the same physical fabric layer, but when I want to virtualize, it's quite difficult. You cannot do it. There are solutions like NSX that can sit pretty on any physical layer, but Cisco SDN will only work with its own devices, so that's a downside. They need to be able to achieve virtualization end-to-end with Cisco ACI.

ACI's blade servers could be more flexible, and its storage interface is a little too complex because they use some third-party storage solution.

I would like to see Cisco ACI become more similar to what SD is, with improvements made to the onboarding on the multiport situation. Currently, it is complicated. Cisco ACI would benefit by providing the option to integrate easily with DNAC in their next release.

Cisco ACI would be improved by providing a cloud offering; otherwise, it risks becoming a niche product.

The learning curve is long. It's very difficult to learn Cisco ACI. As a result, our customers usually have difficulty working with this solution.

I faced issues when upgrading venues and registering devices. For example, in some cases, you have to reinstall the AP from scratch. We tried that and were then unable to register devices. From the network engineering perspective, it's hard to configure from the GUI. We tried to adapt but it was difficult. You have to add AP numbers for validations.

The integration has room for improvement. There should be a drag-and-drop interface for configuring the integration where you connect some arrows to boxes, and the system takes care of the configuration. Right now, they have something similar, but it's limited. You have to take care of some things yourself. That is one area that the solution can work on. It's easy now, but it's much easier in other solutions.

When it comes to security, we recently switched to Fortinet, as we feel it to be more customizable for our use case in RJ than the solution. We moved because Cisco scored lower than Fortinet. While we have seen a return on our investment in certain cases, we have, of late, faced issues on the Call Manager, which we have. We have an on-premises, resistant license which we invested in. Out of nowhere, Cisco changed the licensing module to that of smart licensing, a perpetual license state, without offering any compensation to the customers. This made the license worthless and forced us to subscribe for smart licensing. This is the only way to continue receiving active support and upgrades from Cisco, not that anyone would say anything otherwise. Cisco is much more expensive than other vendors, especially when it comes to the licensing. For half the cost, I can obtain the same service with another product. It would be great if ACI would include the next generation firewall feature. I rate the solution as an eight out of ten, owing to the issue of the price and the complexity involved in its maintenance.

Before version 5, you could manage your firewall or load balancer from the AP. It was very basic and now they removed the whole features in the new version, so you cannot manage your load balance or firewall from your AP on L2, L4, and L7 services. They can improve this because it's a little bit hard to send traffic with PBR or EPB to the box. They're returning back. That's one area where they could improve.

Its graphical user interface (GUI) is not as user-friendly as it could be. It is quite expensive.

One of the areas that need work is feature flexibility. If you want to do things like routing policies it's not cookie-cutter, however, you want to customize routing policies. It becomes a little bit more constrained due to the feature set, the routing policy feature set within ACI, doesn't allow for you to get very customized when it comes to, let's say, failover type scenarios. However, that's just an artifact of the product maturity. It's going to take some time before the product becomes mature and they have the ability to have more customized features enabled. At version 4.0, these features were not yet available. We ended up having to basically export the routing functionality, the more advanced routing functions, outside of ACI and just put it into the routing infrastructure around it. The initial setup is not intuitive. Technical support needs to be more helpful. It's rare that you get a knowledgeable person. It would be nice for them to provide visibility at a cheaper price point. Visibility is something that everybody wants to achieve with their workload. One of the benefits of SDN is supposedly the ability to collect all that telemetry and correlate it to something that is actionable and meaningful. That's a key requirement, however, the bar is so high in terms of costs. In our environment, we opted out of it as it's so expensive, however, it would be nice, as, if you don't have visibility, then how do you properly segment your workload? The minute you start segmenting, you kind of cut off workload communication. If your goal is micro-segmentation and putting your workload into arbitrary silos, and if you don't have the visibility, then it will be very difficult to achieve. Therefore, if you don't have visibility and you want micro-segmentation and you don't want to pay, then ACI is not your solution.

From my point of view, troubleshooting issues relating to ACI can be a little bit complicated to perform.

Training for this product is available from institutions but it is not available online where you can get users trained easily. It would be better if the training for our users was easier to get. Cisco ACI should have better integration with a hypervisor such as VMware, Hyper-V, or KVM. This would give us a one-window solution for our networking, compute, and storage.

I would like to see a lot more integrations with the rest of the Cisco portfolio. I would like to have ACI embedded into HyperFlex, as an example.

There has not been a single implementation we have done where the client wants to use all the features that are in the product currently. Contemplating new features seems out of order. Every product can benefit from new features as long as they are desired and add functionality that is useful. Most of the features that are there now are good and Cisco is doing a really good job at staying ahead of the curve with their competition. They are implementing new features before companies are even ready to use them or know that there might be a need for them. Figuring out how to implement the product for clients is the area we struggle with the most every day. Perhaps an enhancement would be artificially intelligent solutions, but that would be further down the road.

The CLI needs to be improved.

I would like to see simpler contract building, engineering, and architecture. There should be an alternative "ACI Light" solution for smaller-sized enterprises.

I don't have any new features that I need in Cisco ACI yet because we're still learning and making it work in our environment today. I don't have anything new. The one big challenge with it is Cisco going from a perpetual license model to a licensing model that is renewed every year. You pay a large fee to use stuff like this. That to me is one of our challenges. Making training more available for all of our employees and not even at a cost would help. If you want this to be deployed to all the data centers everywhere it's got to be something that everyone can sit down and get training on. If you're going to try and operationalize it amongst existing staff members and even up-coming ones, it's not a simple thing to sit down and learn. I've been doing this for thirty-five years now. It's one of the most difficult things I've had to sit down and learn myself.

The additional features I would like to see included in the next releases are support for our policy-based routing. There are endpoint issues that are there now in the code. Hopefully, these will get fixed in the future code. In terms of scriptings, there are a lot of APIs available but there's a big gap with networking and the application. That's a gap that we're trying to bridge to understand how to do scripting.

I recommend to customers that they meet a knowledgeable vendor to help them with it.

Technical support needs improvement. I can get stuck with a rep who will just have me scan the logs to look for the problem. I think that technical support tickets should be escalated sooner.

The ability for us to figure out the traffic flows, to enable some of the more segmentation parts of it, is really tough with what is built into ACI. It would be nice if it were part of it.

I wish that if I had to open up an additional tab, I wouldn't have to log in every single time. That would be a feature I would like. For the licensing model of the system, I still have not gotten another update after eight months. It's telling me I'm not licensed even though I'm told I am by my reseller.

I would like to see more troubleshooting apps. There should be more and better SNMP monitoring.

I would like to see a smoother transition from existing systems. The configuration from what we had earlier, compared to ACI, is completely different.

In terms of improvement, I would like to see some sort of way to baseline the system in a network-centric fashion. The way ACI works is that it is very application-centric but I think that a lot of people who I have spoken to that use it don't need all that application-centric focus. Cisco says you can do a network-centric approach but I want to do network-centric in my design and then have the system organize and set itself that way. That would be cool. I would like to see that. If you as the customer want a network-centric design, after you build that initial configuration and you go into the GUI for the first time and you decide which direction you want it to go in and you point it in a certain direction, then it builds out the infrastructure to accommodate that, that would be beautiful. They are selling the system as application-centric. I think a lot of people, ourselves included, are not ready to approach it in that way. It's too many knobs to turn. It's great overall architecture, scalability-wise, has an easy configuration, central configuration, but there are too many knobs to turn.

I haven't been using the product long enough to really be looking for additional features as I haven't exhausted learning about the features that are available.

I think there are a lot of additional features that we haven't had a chance to look at yet, but I would like to see a simpler interface where it is easy to find endpoints and get information about them. Making it more user-friendly would be wonderful. That is my main concern.

I would like to see integration with Tetration. You should be able to use Tetration to manage your scripts and push into ACI without having to export, manually manipulate, script it, and then re-import back in ACI. It needs automation there.

They should make it easier for the network people to do automated solutions.

Cisco ACI needs to add more analytics and automation.

ACI is not simple, by any stretch of the imagination. We are not following the application-centric approach, but a network-centric approach instead. It would be nice if I could specify network-centric in my design, and the system would organize and set itself up in that way. Essentially, once you go into the GUI for the first time it would prompt you, and it would build out the infrastructure to accommodate your choice.

Where there is room for improvement from ACI is for Layer 2 and Layer 7 packages. Normally, when you're updating your ACI fabric or you're introducing new Layer 4 to Layer 7 devices and there are some constraints, there are some limitations. You need to check before you do it, as well as F5 load balances. When you are doing device packages you will not have the functionality of ASM. It's like WAF, web application firewalls. So you need to configure it manually. There is some room for improvement here. The rest of it, for VMM domains, is improving. Cisco is introducing new features. I don't feel that it's unstable or it needs more improvement. But, for Layer 2 and Layer 7 packages, it still needs improvement. It needs quite a bit of work. Currently, we are using it in our test lab for Layer 4 and Layer 7 services. We are not using it in production. We are using unmanaged Layer 4 and Layer 7 devices. We are not using complete device packages. I'm looking forward to something called Cisco Tetration. I have never worked on it but it's there now. It will map everything: What type of ports are communicated through between users and applications and between applications. It will map that on ACI automatically, at the ACI contracts level and the application level. It's like a big-data platform. It will understand the application. It will understand the port requirements, the security requirements, and it will perform some types of automation. Right now, ACI is lacking this. There's some intelligence within it but not much.

They are still working on Multi-Site and Multipod but there are many customers that are looking for these in their Features page. We are having challenges with these features. For Multipod we need Layer 3 devices that support multicast. Customers ask: "Why can't ACI do that? Why do we need a dedicated Layer 3 device for this?" If they go for Multi-Site there is no need for that, ACI can do it. So Cisco needs to increase the Multipod features in ACI. For one customer we found CloudCenter doesn't support Cisco Multi-Site scenarios.

Better troubleshooting features would be helpful. In ACI, it can be a big mess, a real headache to troubleshoot a single issue. Cisco should work on the troubleshooting part of ACI. The troubleshooting part, and the information that ACI gives you, sometimes don't give you a proper, inside picture of what's going on within the fabric. We had an issue where the customer was not able to sync with the NTP server and we were not able to identify the problem. The NTP was just not talking to ACI. The troubleshooting part is a bit difficult in ACI, and I feel that it should have been improved a long ago, but I don't know if they're working on it or not. Also, they have the new designs for Multipod and Multi-Site. There are a lot of good features, like static storage connections. But I have seen some customers that faced issues with connecting the storage to the fabric.

One of the things that makes it a lot more complicated is the way contracts are handled in ACI. Contracts are like their own access lists. They can improve the setting up of contracts between devices a lot. It can be simplified. Because ACI re-invented something that's been working for so long - you can now have overlapping subnet - it gets really confusing when they say that you can use the same subnet for different VLANs. They should make a standard list of best practices and that makes it easy for the people who are going to use it. That part alone, when they tried to remove subnet and VLANs, that's an integral part of networking which people have been used to for so long. They tried to remove it. I don't know why, but when they did that, it muddled up the concepts of networking, and people need time to adjust. That's why they have to put out a best-practice's guide, to make it easier for traditional-method people to adapt to ACI. Another area for improvement is establishing a Layer 3 Out policy. Accessing the internet is a bit complicated where, before, using Cisco devices, it was just one line of code. With ACI, it took us a few days, almost a week, to just figure it out using the GUI.

They should improve the GUI, make it simpler. They also need to improve its integration with other automation tools. In terms of additional features, I would recommend of PTP support, which they have yet to come out with.

The error messages should be improved. Sometimes we want to remove an error message so we acknowledge an error and we would then like to remove it but there's no real way of doing that. If we need to do it, we need to open a tech case. That could use improvement.

I am still not quite happy with the APIC GUI, since I am more of a CLI guy. I don't really use the GUI a lot. It would be better to introduce some wizards to guide you through the whole configuration process instead of clicking through a bunch of menus with no concrete path. It is too easy to forget one or another if you configure it this way. A wizard would be a great help. We are still struggling with some design issues, but most of these issues will be fixed in the next release.

Cisco should provide more examples of code in their website. Something that other people can use. There is a great place in the development area.

I would like for ACI to manage all of the devices.

The interface is sometimes slow. I receive a lot of weird errors when I try to install apps, such as contract apps, which should give me a nice visualization of all the contracts. However, it just doesn't load, etc. I would like more thought put into the way the graphic part of the monitoring is rendered. When you have a lot of contracts, you can't understand the graphics because they are so loaded.

I don't like the idea that Cisco is bringing in different machines or dashboards. This does not allow us to have one solution. We are viewing the DNA Center, ACI, and Meraki. A link from another system may have you end up in the Meraki dashboard, that's not what I expect. I want to have one single pane of glass where I can see and do the changes on every thing. I would like to be able to test the upgrades in a simulation before implementing them in production because not everyone has a lab.

In the new version of 4.0, the management groups for updating the software is not the best way to do it. It was better in 3.2. There was a better overview of all the management groups with integrated switches.

We designed it from scratch which contributed to the complexity. They should have better information about the deployment requirements.

The virtualization area needs improvement but I expect that to happen with the 4.0 version. I would like for them to develop integration with AWS.

The product needs to be simpler. There is too much complexity in ACI. 80 percent of its features are of no use to us. We could do with a simplified version. I would like to see some of the roadmap products remotely working to satisfaction where we could actually deploy them for our customers.

It needs more features for integrating with third-party vendors.

Previously, the product was a little tricky to use. However, it's now a well developed platform. I would like to see the data center unification of Cisco ACI with Cisco DNA into a single platform to deliver the data center and campus sides.

Because this is new technology, which requires a different way of thinking, it can be hard to understand. Therefore, I would like more documentation or education.

It is more about resolving bugs early on in the code. Otherwise, as the product gets more mature and those bugs get discovered sometimes by the customer, then Cisco will resolve them.

I would like to see better training. I don't have good training with this product. If I did, I probably would be able to solve all of the problems during the installations.

If I was a customer who is using the ACI to run my network, I would like for there to be more information about it available. While using the ACI in the graphical interface, I would like if there was something that explained every step that you can click and it will tell you what you are doing in more detail. For me, I understand what's happening because I did a course, but the problem will be when our customers, who are not so versatile in this, start using it and won't know what's going on. If it works it's fine, but when they run into problems, then it's gonna be an issue. If everything works, it should be fine but if any issues come up, a lot of Cisco services will be needed.

I would like Cisco to simplify the interaction of the controller. I would also like them to simplify the way you configure the Fabric. The process is quite complex. This can be a barrier to entry. For anything, where it should take two or three steps, you have ten steps. It took quite a bit of time to learn how to use it. The learning curve is very steep.

The challenging thing about Cisco ACI was we had to put a lot of effort into providing the customer the full picture, new standards, and new technology that they had to use. This was more challenging than deploying the product. There should be more focus on training and support. I would like to see is more integration with services and service graphs.

It is still not mature and has room to grow. As with any product out there, it requires time to develop. We run into bugs from time to time. It is more from the perspective that we're not running the default configuration, so when we try to tweak it that is where we hit issues. The transition period when you go from standard networking to the application centric tool can be difficult because you need to understand the new terminology, but you will get through it.

I know Cisco is trying to move away from CLI, but I would still like to see improvements to the CLI. Troubleshooting is quite difficult using other tools, and there are still quite a lot of people with the network engineer mindset who rely on CLIs. Therefore, it would be nice to have a unified CLI. They made big improvements on this last time, but it could use additional improvements. Here are some of the issues that we encountered: * We had lift switches which failed to forward traffic correctly. * We had issues in the first deployment when we tried to finish the migration from traditional networking to Cisco ACI. * We had issues with the propagation of the routes internally. Therefore, we had destinations which were reachable, but other destinations were unreachable in the same subnet. It took quite a lot of tries to finish the migration, because our issues were always the same. These issues were related to silent hosts.

Sometimes, it has been a bit hard to configure it. Since it is a new technology, Cisco moved all the menus. This made it tricky to use.

Interoperability with third-party products always seems so straightforward, but every time you need to invest a lot to add an external element to the ACI Fabric technology. A good improvement would be to have an easier integration with external building blocks in the customer's environment. Biannually, there is a new design delivered by Cisco. Thus, you are always running behind the new design, and it never stops. With Cisco ACI, this has been a nightmare. I recommend that they provide more customer focused blueprints to fix this. They should try to learn and understand what are the real needs of each customer. Now, we are running behind releases. However, with each new release of a new design, you have to test it and validate it. So, we aren't going operational, which is not good. This support was not offered to us with the product. I would not want to see any additional features at this point. We have had enough additional features. We still have a lot to learn and don't want anything extra.

The product needs to be more visible on the Internet and have the ability to be integrated into more software developments. For example, with Amazon, you can click and deploy SDN with firmware, but not with SDI. It needs simpler process to be deployed everywhere. The Multi-site is not easy to use. While Cisco has plans to change this going forward, for now, it is complex.

* The way the objects are oriented on it are not as straightforward as they should be. * The learning curve of this product is very steep. It is not what I'm used to. * I miss having the CLI. I am old-fashioned.

I would like to see more integration with other Cisco products.

The ACI user interface is complex and Cisco should improve it. We had to take time to learn the product, as it is quite complicated to understand.

They need more documentation. Because when we hit an issue and searched on Google, we didn't find a lot of documents about the issue. Possibly because it's a new product. We are deploying ACI, and at same time, we are testing migration from our old network. Our old next is Nexus, latest version, and we have a less load balancing and it's hard to migrate. We are hitting some issues, so maybe there is room for improvement.

We would like to have faster services and problem monitoring for our customers.

The areas for improvement are automation and user-friendliness. If I lose the connection from one side to the core, I can't use the other side to go to the core. I hope in the future, this will be fixed.

The user interface (UI) should be made easier. I would like to have a multi-cloud environment, but I just read that Cisco ACI Anywhere is about to be released.

It needs to be able to function on the cloud.

It needs more integration with public clouds, like Azure and AWS. There are some setup issues that need fixing.

With the first setup, it was complex because of the terminology. We were clicking around because we did understand the API console. The hardest part was to make something scalable and easy to use in the future without having any prior knowledge. It was hard, which is why we used consultants with the setup to provide us advice. We did have problem with APIC, but we didn't even notice it. We changed it with no impact. We are waiting to see what happens with the cloud. We want to see if it will scale better. Also, we want to see how they will be moving to the cloud. At this time, we don't know.

The only drawback that we are seeing is the user interface is still a little complex and difficult to use. It needs a more user-friendly interface. I do not use it daily. Every time that I have to go back and configure something, it is very difficult and confusing to remember how to do it and where the menu are located.

There is quite a learning curve at the beginning.

* Security and isolation based on the type of traffic * High level of resiliency.