Cisco ACI Room for Improvement
Before version 5, you could manage your firewall or load balancer from the AP. It was very basic and now they removed the whole features in the new version, so you cannot manage your load balance or firewall from your AP on L2, L4, and L7 services. They can improve this because it's a little bit hard to send traffic with PBR or EPB to the box. They're returning back. That's one area where they could improve.View full review »
Solution Consultant at a computer software company with 10,001+ employees
One of the areas that need work is feature flexibility. If you want to do things like routing policies it's not cookie-cutter, however, you want to customize routing policies. It becomes a little bit more constrained due to the feature set, the routing policy feature set within ACI, doesn't allow for you to get very customized when it comes to, let's say, failover type scenarios. However, that's just an artifact of the product maturity. It's going to take some time before the product becomes mature and they have the ability to have more customized features enabled. At version 4.0, these features were not yet available. We ended up having to basically export the routing functionality, the more advanced routing functions, outside of ACI and just put it into the routing infrastructure around it.
The initial setup is not intuitive.
Technical support needs to be more helpful. It's rare that you get a knowledgeable person.
It would be nice for them to provide visibility at a cheaper price point. Visibility is something that everybody wants to achieve with their workload. One of the benefits of SDN is supposedly the ability to collect all that telemetry and correlate it to something that is actionable and meaningful. That's a key requirement, however, the bar is so high in terms of costs. In our environment, we opted out of it as it's so expensive, however, it would be nice, as, if you don't have visibility, then how do you properly segment your workload? The minute you start segmenting, you kind of cut off workload communication. If your goal is micro-segmentation and putting your workload into arbitrary silos, and if you don't have the visibility, then it will be very difficult to achieve. Therefore, if you don't have visibility and you want micro-segmentation and you don't want to pay, then ACI is not your solution.View full review »
Manager Network & Communication Engineer at a transportation company with 1,001-5,000 employees
When it comes to security, we recently switched to Fortinet, as we feel it to be more customizable for our use case in RJ than the solution. We moved because Cisco scored lower than Fortinet.
While we have seen a return on our investment in certain cases, we have, of late, faced issues on the Call Manager, which we have.
We have an on-premises, resistant license which we invested in. Out of nowhere, Cisco changed the licensing module to that of smart licensing, a perpetual license state, without offering any compensation to the customers.
This made the license worthless and forced us to subscribe for smart licensing. This is the only way to continue receiving active support and upgrades from Cisco, not that anyone would say anything otherwise.
Cisco is much more expensive than other vendors, especially when it comes to the licensing. For half the cost, I can obtain the same service with another product.
It would be great if ACI would include the next generation firewall feature.
I rate the solution as an eight out of ten, owing to the issue of the price and the complexity involved in its maintenance.
Assistant Vice President at a tech vendor with 5,001-10,000 employees
There are many bug fixes required with Cisco ACI. Whenever there is an issue, we raise it to their tech support and wait for a response. In the meantime, we come up with a version upgrade or patch upgrade so that it can be fixed. One concern we found after 15 days of troubleshooting was a multicasting issue. For many of the applications, we were using multicasting.
It is challenging for people who don't understand the programming language, making it difficult to migrate. With technology, there are two verticals. One is hardware driven and the other is software driven. Most people in our domain understand networking, but they don't understand programming. When we migrate, some programming is required.
I recommend that rather than creating individual stacks we are given some UI-based solutions. This type of functionality would allow us to create a tenant then click on bridge two, and then create it on a VR. Currently, we are using some scripts with help from Postman for migrations from a traditional data center to the cloud.
Over the past six months, I am more interested in the cloud and IoT. From a security perspective, I would recommend Cisco comes up with solutions for ACI and a portal perspective.
The Apex GUI needs improvement, so end users can follow the proper steps without having to go through the guide, giving more flexibility to the GUI. This will ensure that the user can easily build the configuration.View full review »
The integration has room for improvement. There should be a drag-and-drop interface for configuring the integration where you connect some arrows to boxes, and the system takes care of the configuration.
Right now, they have something similar, but it's limited. You have to take care of some things yourself. That is one area that the solution can work on. It's easy now, but it's much easier in other solutions.View full review »
Director Design, Architecture & Security at Syntax Systems GmbH & Co KG
I don't like the idea that Cisco is bringing in different machines or dashboards. This does not allow us to have one solution. We are viewing the DNA Center, ACI, and Meraki. A link from another system may have you end up in the Meraki dashboard, that's not what I expect. I want to have one single pane of glass where I can see and do the changes on every thing.
I would like to be able to test the upgrades in a simulation before implementing them in production because not everyone has a lab.
Nexus Dashboard could bring us a hugh step forward to become more felxible and agile.View full review »
Network Architect at a computer software company with 10,001+ employees
Its graphical user interface (GUI) is not as user-friendly as it could be.
It is quite expensive.View full review »
Technology Consultant at a tech services company with 51-200 employees
Training for this product is available from institutions but it is not available online where you can get users trained easily. It would be better if the training for our users was easier to get.
Cisco ACI should have better integration with a hypervisor such as VMware, Hyper-V, or KVM. This would give us a one-window solution for our networking, compute, and storage.View full review »
I faced issues when upgrading venues and registering devices. For example, in some cases, you have to reinstall the AP from scratch. We tried that and were then unable to register devices. From the network engineering perspective, it's hard to configure from the GUI. We tried to adapt but it was difficult. You have to add AP numbers for validations.
Consultant Engineer at a comms service provider with 51-200 employees
The learning curve is long. It's very difficult to learn Cisco ACI. As a result, our customers usually have difficulty working with this solution.View full review »
Senior Network Engineer at a computer software company with 1,001-5,000 employees
From my point of view, troubleshooting issues relating to ACI can be a little bit complicated to perform.View full review »
I would like this solution to be integrated with Pure Storage.View full review »