For a long time, Arista Networks has watched as new-fangled network access control (NAC) solutions from other vendors have made their way into the market, stoking public imagination with the potential for zero-trust security.
But in April, the company stepped off the sidelines and launched its own AI-driven NAC solution, rounding off its campus product portfolio with the one remaining element. CloudVision AGNI will expand Arista’s flagship CloudVision solution with features like secure onboarding, dynamic access control, AI-driven policy enforcement, and much more.
Bhagya Prasad NR, Director of Engineering, who has actively been part of the engineering team that designed CV AGNI, and Suparna Dam, Solutions Manager, jointly unveiled the solution to the audience at the recent Mobility Field Day event.
CV AGNI stands for Arista Guardian for Network Identity. Built on top of CloudVision, AGNI realizes three highly-coveted attributes in network identity management – simplicity, scalability and security.
A Tricky Dance
In addition to wired and wireless, the third and final element that completes a network security portfolio is a NAC solution. But not all vendors have their proprietary NAC product. For those that don’t, integrating with the customers’ existing NAC solutions is the only way to deploy their solutions at enterprises.
Through years of working with NAC solutions from other vendors, the team at Arista faced a complicated picture and a swirl of headwinds.
Largely, NAC solutions run on legacy infrastructure on premises. In the age of cloud-first, this is already a step backward. The characteristic complexity of the solutions further makes it is painful and painstaking to configure, scale and maintain them.
To get the most out of network access control, NAC solutions need to be cloud-native, simple for the most part, and automated where possible, easily scalable and on par with the industry security standards.
“We felt that that was a gap in our product portfolio as we went and offered the solution to our customers in the campus. We also felt that building our own solution that is natively integrated with our wired and wireless, we’ll be able to provide much more value and a compelling solution for our campus customers,” said Sriram Venkitestwaran, Director of Product Management for Cognitive Campus at Arista Networks.
Arista Guardian for Network Identity
Built from the scratch, AGNI was born in the cloud, and embodies modern cloud-first principles. This makes cloud flexibility characteristic to it.
CV AGNI has a modern microservices architecture that delivers elastic scalability – from tens to thousands of devices in a few clicks.
“When it is made up of microservices architecture, each microservice can be spawned depending on the load. You can go up or scale down depending on the density of the traffic” explained Mr. Prasad.
Additionally, high availability, and improved fault isolation of the microservices architecture help bypass the rigidity in legacy solutions with monolithic designs.
To protect against failures and outages, CV AGNI has geo-redundancy built into it “just to take care of some of the scenarios where it is necessary to route the traffic from one location to another,” said Mr. Prasad.
In the modern perimeterless network where identity policy management is a life-long process, CloudVision AGNI sidesteps the inherent complexities of the game with AI. All administrative functions can be performed from the solution’s centralized UI which features a natural language processing (NLP) chat interface that responds to queries with answers in complete sentences.
The UI allows self-service style onboarding for wireless with single sign-on (SSO), AI-driven policy enforcement, automated certificate management, streamlined deployment and faster troubleshooting, reducing average deployment time from weeks down to hours.
Continuous security posture is enabled with CV AGNI’s integration with Arista NDR. When Arista NDR spots an untrustworthy device in the network, it works with CV AGNI to swiftly isolate and limit its access level.
CloudVision AGNI addresses traditional NAC solutions’ lack of compatibility with a growing number of identity stores with broad native integration.
Wrapping Up
CloudVision AGNI’s wide set of features allows it to carry out security processes quickly and competently that’d take operators with fair amounts of experience a lot longer. Leveraging ML models and a modern architecture, it makes identity enforcement and management less harrowing, and incrementally streamlined, showcasing the real power of AI.
For more information, be sure to check out Arista Networks’ deep-dive presentations of CV AGNI from the recent Mobility Field Day event.
