[wp_tech_share]

What to Expect when Signing up for NaaS in the Campus LAN

Campus NaaS is poorly defined in the industry, leading to market confusion. In this series of blogs, Siân Morgan explores the differences and similarities of the offers on the market and proposes a set of definitions to help enterprises and vendors speak the same language.

In 1999, lack of common definitions among industry participants had catastrophic implications to space exploration. The Mars Climate Orbiter, an interplanetary weather satellite designed to study the Martian climate, was caught in a fundamental miscommunication. While the team that developed the software calculating the thruster impulse was using pound-force seconds, the team that developed the software to calculate the craft’s trajectory interpreted the data as newton-seconds. Every adjustment of the spacecraft’s trajectory was off by 4.45. When the Orbiter reached Mars, it was 105 miles closer to the surface than expected, and in all likelihood, the $125 million craft was burned to smithereens.

While there may be similar challenges in understanding the different aaS or “as a service” offers available for LAN connectivity, the misunderstandings will be less explosive. Vendors such as Extreme, HPE, Join Digital, Meter, Nile, RUCKUS, and Shasta Cloud have aaS offers for the LAN that differ considerably, but we can start to make sense of the landscape by focusing on the common thread: a service model inspired by cloud computing. Figure 1 depicts the fundamental service and implementation characteristics of a cloud-computing-inspired offer.

Cloud-inspired offers service and implementation characteristics

Whereas terms like IaaS and SaaS have been around long enough for industry participants to understand the broad scope of the offer, when describing a layer-2 network used to connect PCs, mobile phones, printers, smart blinds, sensors, and the myriad other IoT devices within an enterprise’s campus, using the term NaaS usually leaves more questions than answers.

Appending a “C” to the acronym (CNaaS or Campus Network-as-a-Service) designates that the service pertains to campus connectivity, meaning connectivity within an enterprise or branch office. Figure 2 depicts where CNaaS lies within the network, as compared to the more traditional NaaS, IaaS, PaaS, or SaaS offers.

aaS Network Schema

CNaaS Characteristics

Unlike a cloud-computing offer such as SaaS, campus networks require a large amount of equipment to be installed on-site and dedicated to a physical space. Radio frequency waves and cables are subject to the laws of physics, and WLAN APs can only be shared between enterprises if the physical office space is also shared. This limits two of the cloud-inspired implementation characteristics: most of the hardware cannot be shared, nor can it be centralized. CNaaS vendors have thus turned to other approaches to simulate aaS characteristics.

Among the CNaaS offers on the market, the cloud-computing characteristics have been instantiated as follows:

Outcome Oriented

An outcome-oriented service is priced based on an expected result, rather than on the number of ports, APs, or other technology deployed. For example, some CNaaS vendors, for instance Meter and Nile, offer service based on a combination of the number of devices, the floor space, and/or a series of user-experience metrics.

By purchasing a service based on an outcome, customers are effectively transferring responsibility for the underlying technology design to the provider of the service. Some vendors provide service credits to enterprises whose networks did not meet agreed-upon service level metrics. For enterprises with complex networks, the advantage of outsourcing the network design comes with an additional complexity of capturing the SLA in a contract.

Elastic

Since the maximum capacity of a LAN is determined by the hardware installed onsite, it is impossible to deliver a CNaaS offer that provides unlimited capacity for expansion. Some vendors, for example Extreme, provide rebates to enterprises to turn off ports or APs during quiet periods of the year. However, in this case, the hardware remains in place and unused and the cost to deliver the service is not altered significantly.

CNaaS offers, such as HPE’s Turnkey CNaaS, can also simulate elasticity by blending the price of the solution for a multi-site organization, allocating the bill for the service according to the network size at different sites. For example, if an enterprise has two branches, and Branch A has twice as many network users as Branch B, Branch A would pay two-thirds of the enterprise’s CNaaS bill. This distribution allows for better cost allocation within the organization.

Related:  Campus NaaS growth is surging. AIOps is reshaping enterprise networks, boosting software over hardware, and fueling recurring fees

 

Opex Price Structure

By centralizing and sharing computing resources, traditional aaS providers allocate abstracted portions of technology to each customer and charge the customer based on how much capacity it uses. Because of the limited ability to centralize and share the infrastructure of a campus network, this approach cannot be used with CNaaS offers.

To deliver an opex price structure, some CNaaS providers retain ownership of the hardware, with the consequence of a growing balance sheet. Other providers make use of a third-party financing company. Large vendors, such as HPE, can rely on established financing divisions to back the service. In any of these situations, financing adds to the service cost. In addition, most CNaaS offers come with a prescribed contract duration to ensure the vendor covers its upfront investment. In the few cases that offers do not come with a set contract length, one of the parties involved is assuming the risk of early termination.

Maintenance-free

Traditional cloud-computing services make use of centralized computing resources that are housed and maintained by the supplier, thus relieving the customer of installing, maintaining, and refreshing servers. The large amount of on-site hardware required for the LAN makes this maintenance-free characteristic difficult to implement, and CNaaS vendors have circumvented this with two different approaches.

First, many vendors partner with MSPs to deliver lifecycle services as part of the bundled recurring CNaaS fee. This is the case with RUCKUS and Extreme’s CNaaS offers that are delivered with the companies’ channel partners. Lifecycle services go beyond the 24×7 hardware support that is usually bundled with an equipment’s license. They may include network design, installation, and ongoing monitoring, while allowing an enterprise to apply and manage its own network policies and some local configurations.

In the second approach, CNaaS offers include 24×7 equipment monitoring by the vendor (such as Nile or Meter), as opposed to by the MSP. Monitoring is performed from a centralized location, using as much automation as possible to reduce costs. The degree of customer visibility and control over the network is a challenge for CNaaS vendors. Whereas some enterprises may wish for more of both, the cost of developing additional features to enable enterprise control undermines the maintenance-free concept.

In truly opex-structured, outcome-oriented, maintenance-free offers, hardware replacements are also included as part of the service. For instance, the CNaaS vendor would upgrade a network from Wi-Fi 6 to 6E and to Wi-Fi 7 at no additional charge to the enterprise. The events that trigger such a hardware upgrade are not always clearly laid out, highlighting the contractual complexity of this approach.

Enterprises considering an aaS construct for their LAN service should decide how important each of these cloud-inspired characteristics is to them and insist that their prospective service providers clearly define how each is to be delivered. As I will explore in my next blog, service providers may use the same terms, but the services vary depending on the providers’ business objectives.

Dell’Oro Group Tracks CNaaS Trends, Market Dynamics and Revenue Forecasts in the Advanced Research Report: CNaaS and Public Cloud-Managed LAN

[wp_tech_share]

AI and the Economy: Sorting Through Mixed Signals

 

In the first half of 2025, a fresh breeze blew through the Enterprise Networking market — a welcome change after the doldrums of 2024 and the gales of 2023.

Worldwide Enterprise Networking market 1H25 - Dell'Oro GroupRock ’n Roll Trajectory

The worldwide Enterprise Networking market, made up of the segments depicted in Figure 1, hit a growth peak of 32% Y/Y in 2Q23.  In that quarter, vendors began to deliver on the large backlogs that they had built up during the post-pandemic supply constraints.  Hardware orders were particularly affected, with the result that Campus Switch and WLAN shipments flooded the market, and the revenue growth from these two domains dominated.

Two quarters later, the slide downward began, with the winners from 2Q23 pulling the market down to a double-digit contraction (Figure 2).  Network Security was immune to the 2024 drop; the large share of software and as-a-service delivery in this segment did not get tangled in the supply constraint problems, and cybersecurity threats continued to drive sales.

Finally, in 4Q24, the digestion of excess equipment came to an end, and Enterprise Networking revenue grew for the first time in four quarters.

But is it likely to last?

Since the turnaround, market growth has accelerated.  In 2Q25, data center switch sales to large enterprises surged. Enterprises resumed their networking projects and began upgrading to Wi-Fi 7, leading to 12% growth of worldwide Enterprise Networking revenue in the second quarter.

Meanwhile, the industry is awash with mixed signals.  With global trade tensions, inflation and tariffs, uncertain economic outlook, a flush of merger and acquisition activity, and double-edged promise/threat of AI, industry participants have been left guessing as to which way things will head for the rest of the year.

Puts and Takes

In 2Q25, US hyperscalers pulled in purchases of data center server components in order to get ahead of tariffs.  However, the impact of global trade tensions on the Enterprise Networking market has been muted.  Whereas some segments, such as WLAN, may have seen a small bump in sales by companies aiming to avoid price hikes, overall spending has not risen significantly due to advanced ordering.

Instead, the impacts of global trade tensions are being felt in the form of an unease in the face of macroeconomic uncertainty.  With fixed IT budgets and strategic demands on cash flow, enterprises often choose to hold back on IT purchases when the outlook for future revenues is murky.

 

Trends to Shape the Market

Meanwhile, the arrival of AI – with its vast array of impacts on enterprises – has the potential to both fuel and slow network spending.  We predict the following four trends will shape Enterprise Networking revenue for the remainder of 2025.

  1. AI FOMO (fear of missing out) will lead to cautious spending

Enterprise leaders are under pressure to stay competitive amidst an AI revolution.  Companies and institutions have embarked on AI proofs of concept but are struggling to measure tangible benefits.  The best first step is to lock down strong network performance and prepare for an onslaught by AI-fueled hackers.  The need to move forward in this era of AI will drive enterprises to spend on networking and security as they develop their roadmap of AI use cases.  But enterprises will also be looking to allocate spending to the pursuit of AI projects once they’ve been fleshed out.  Depending on where they find the budget, spending on Local Area Network equipment could take a hit when AI projects are ready to be implemented. Data center switch spending by enterprises could grow, depending on the extent to which companies choose to run workloads on premises, instead of in the cloud.

  1. Network Automation is an Easy Win

Implementing AIOps functionality will become a differentiator for enterprises looking to gain competitive advantage.  Whereas the ROI on many AI projects has been elusive, it is fairly straightforward to capture the savings associated with fewer trouble tickets, faster time to problem resolution, and simpler network configuration.  This will help drive investment in the latest network technology, since most vendors are offering AI-fueled operations features.

  1. Software and Recurring Fees Provide Added Flexibility

Automating operations and outsourcing network maintenance are two ways for an enterprise to refocus on becoming more competitive, but both of these initiatives usually come with recurring fees.

Having witnessed the innovation catalyzed by cloud computing, many enterprises are becoming more accepting of the recurring license model.  These fees drive up the cost of network equipment, but enterprises that take a holistic approach can count increased labor efficiency as compensation.

  1. SASE is the battleground for Network-Security Convergence

As bad actors adopt AI, cybersecurity risks are growing, and enterprise spending on security will need to keep pace.  Network Security vendors are jostling for position, each aiming to take share of the growing opportunity.  However, the increased addressable Network Security market is not going unnoticed by WLAN and Campus Switch vendors.

Today, the Local Area Network (WLAN and Campus Switch) and Network Security segments are dominated by different vendors.  As security threats become amplified by AI, the two types of vendors are greedily eyeing each other’s markets.

In 2Q25, traditional LAN equipment vendors, such as Cisco, HPE, and Juniper, accounted for only 11% of the Network Security market.  On the flip side, the only traditional security vendor in the network market (Fortinet) accounted for an even smaller portion of LAN equipment sales. It is in the Branch Routing market that the two solitudes meet. Security vendors, with strong SSE offers, made up nearly 30% of the Branch routing market in 2Q25.

In 2025, the convergence of network and security will continue to occur mainly in the Wide Area Network, with single-vendor SASE offers.   However, in the longer term, if larger enterprises choose to merge their NetOps and SecOps departments and seek to streamline the number of suppliers, vendors will have opportunities to expand and may also face threats from newcomers to the market.

Which Way is Up?

When we weigh growth trends and headwinds, we are cautiously optimistic for 2025, calling for 9% growth for the year.  It’s not a growth rate to rival the double-digit highs of 2022 and 2023, but after the upheaval of the last five years, it feels pretty good.

[wp_tech_share]

Today, Arista Networks closed its acquisition of the VeloCloud SD-WAN portfolio from Broadcom, turning a once-rumored transaction into a move that reshapes both companies’ positions in the enterprise SASE/SD-WAN arena. The deal is an asset-plus-talent carve-out: Arista receives the intellectual property and roughly half of VeloCloud’s ≈1,000 employees—primarily core engineering and technical staff—while most sales- and marketing-oriented roles were left behind. Although neither party disclosed financial terms, multiple press accounts still place the consideration “well under” $1 billion, in line with the May 2025 reporting from The Information that first surfaced the transaction.

To understand why this asset still matters—and how Arista might unlock its full potential—this blog traces VeloCloud’s journey in four parts. Section 1 reviews the company’s pre-SASE strengths, highlighting its rise from a 2012 start-up to capturing 16 percent of SD-WAN revenue by 2020. Section 2 explains how pandemic-era work-from-home trends and Broadcom’s extended VMware acquisition disrupted that growth. Section 3 evaluates what took place under Broadcom, where layoffs, partner resets, and price hikes diminished momentum and confidence. Finally, Section 4 explores the strategic upside and execution risks of VeloCloud’s next chapter under Arista.

  1. Pre-SASE Strength (Founding – 2020)

Launched in 2012, VeloCloud quickly distinguished itself as a cloud-delivered SD-WAN pioneer that could blend inexpensive broadband with MPLS-class reliability. Its Dynamic Multipath Optimization and active-active architecture delivered sub-second fail-over, a capability repeatedly validated in partner reference designs and field deployments. Leveraging a software-centric model, the company built more than 3,700 global gateways and rode the first wave of branch cloud adoption.

Go-to-market execution was equally strong. AT&T selected VeloCloud as its lead managed SD-WAN VNF on the FlexWare/x86 platform, giving the start-up access to thousands of enterprise sites without the expense of building a large direct sales force. Other carriers followed, cementing a robust service-provider (SP) channel that accounted for ~70% of bookings.

Market traction was tangible. Dell’Oro’s SD-WAN tracker projected VeloCloud’s revenue share to be in the mid- to high-teens by 2020, peaking around 16 percent, before the category began to broaden. VMware acquired the company in late 2017 for approximately $449 million, providing scale and an established enterprise brand while allowing VeloCloud to retain a degree of operational autonomy. By the eve of the pandemic, the platform was viewed as the de facto benchmark for “pure-play” SD-WAN.

  1. SASE Disruption and the Broadcom Transition (2020 – 2023)

COVID-19 radically reshaped network priorities. Instead of connecting thousands of branches, IT teams had to secure millions of remote workers. Buyers gravitated to software-only or cloud-native Secure Access Service Edge (SASE) offers that converged networking and security. Although VMware launched a work-from-home client and experimented with an OEM agreement with Menlo Security, the roadmap still revolved around appliance-centric SD-WAN. As a result, VeloCloud’s differentiation narrowed, while newcomers such as Palo Alto Networks set the pace in integrated SASE.

Strategic uncertainty intensified when Broadcom announced its intent to buy VMware in early 2022; the deal did not close until November 2023. Competitors exploited the 18-month limbo, and some enterprise buyers imposed vendor-selection moratoria until ownership was settled. During this window, VeloCloud’s share slipped steadily, moving from the teens toward single digits by late 2023.

  1. Post-Close Reality Inside Broadcom (4Q23 – Present)

Once the acquisition closed, Broadcom integrated VeloCloud into a newly formed Software-Defined Edge division and pivoted security to the Symantec portfolio, effectively scrapping the Menlo Security path. Broadcom also forced all VMware partners to re-qualify under its new program structure, alienating a historically loyal VAR base.

Cost-reduction took priority: VMware’s overall headcount was cut roughly in half within four months, and long-standing support teams were dispersed, triggering public complaints about ticket backlogs and inexperienced first-line engineers on public discussion forums. Customers already wary of double-digit price hikes on core VMware software (vSphere, vSAN, etc.) associated the same “Broadcom tax” with edge platforms.

The net effect was a visible erosion of business, lengthening release cycles, and a decline in Net Promoter Scores, according to channel feedback.

  1. A New Chapter at Arista – Opportunities & Risks

Strategic fit. Arista, renowned for its data-center franchise and burgeoning campus, lacks an enterprise-class WAN. In 2023, the “Arista WAN Routing System” entered limited trials but never reached broad availability. Acquiring VeloCloud instantly fills that gap with a production-proven SD-WAN architecture, 20,000-plus customers, and a seasoned SP channel. Cultural compatibility is high: both firms share a software-centric, telemetry-heavy design philosophy and emphasize deterministic performance.

Portfolio synergy. VeloCloud’s cloud gateways complement Arista’s EOS-based routing and CloudVision management, creating an end-to-end fabric that spans from the data center spine to the branch edge. In the near term, Arista can offer a best-of-breed SD-WAN overlay without re-platforming, while leveraging Untangle’s SMB firewall (acquired in 2022) to serve smaller sites and retail chains.

Go-to-market leverage. Arista primarily sells to Global 2000 cloud, financial services, and web-scale operators—audiences that increasingly request managed SD-WAN solutions to connect distributed workloads. Bundling VeloCloud with spine-leaf refresh cycles or campus upgrades could accelerate cross-sell velocity.

Path to full-stack SASE. The strategic decision is whether to remain an SD-WAN specialist or pursue the larger SASE total addressable market (TAM). Staying narrowly focused minimizes incremental R&D and integration risk but would leave Arista exposed as single-vendor SASE preferences harden. Conversely, expanding into Security Service Edge (SSE) would require investment—either organically or through the acquisition of a cloud-delivered network security pure play—but positions Arista to participate in a segment projected to exceed $10 billion by 2025.

Execution risks.

  • Marketing/enablement gap: The transaction excludes most of VeloCloud’s marketing, field enablement, and demand-generation personnel, so Arista must build these functions nearly from scratch, risking slower pipeline growth and weaker partner momentum in the first 12–18 months.
  • Integration complexity: Absorbing roughly 500 staff, migrating them to Arista’s lean HR and IT systems, and aligning development road maps across EOS, CloudVision, and VeloCloud’s orchestrator will be resource-intensive.
  • Channel dislocation: Broadcom’s partner reset created churn. Arista must quickly rebuild trust with top VARs and MSPs before rivals solidify their footholds.
  • Strategic focus tension: Arista’s DNA—and current market leadership—lies in data-center switching, particularly in the fast-paced AI data center networking race. Enterprise WAN and SASE target very different buying personas. As Arista pivots into these adjacent markets, it must avoid diluting resources or missing its core AI opportunity—a balancing act that will test execution discipline.

Upside bias.

  • Accelerated enterprise relevance: SD-WAN grants Arista a credible branch-to-cloud narrative, broadening its addressable opportunity beyond data-center switching.
  • Recurring revenue lift: VeloCloud’s SD-WAN revenue diversifies Arista’s P&L with software subscriptions and managed service attach.
  • Platform optionality: Possession of a mature edge stack enables Arista to choose the pace of SSE expansion through selective tuck-in deals or partnerships, while still harvesting SD-WAN growth today.

Bottom line. VeloCloud’s core technology remains well-regarded, and demand for high-performance SD-WAN remains intact. However, the platform languished under Broadcom’s cost-driven stewardship. Broadcom’s loss of VeloCloud—its only native SD-WAN pillar—means its Symantec/Carbon Black security unit can no longer claim single-vendor SASE. Still, because integration between the two portfolios was minimal, the security division can pivot to partnerships with other networking leaders without significant disruption.

The bigger story, however, is Arista’s gain: a culturally aligned, engineering-driven home that can reignite VeloCloud innovation, restore channel confidence, and extend Arista’s influence from the data-center spine to the branch edge. If Arista executes on integration and closes its marketing and enablement gap, the acquisition could transform a challenged asset into the catalyst for Arista’s next phase of growth and position the company for a broader SASE play.

For granular market-share data—including VeloCloud’s latest position—see Dell’Oro Group’s SASE & SD-WAN Quarterly Report, which tracks vendor performance each quarter.

[wp_tech_share]

Its absence dropped like a cannonball into a pond.  In Cisco’s August 2024 earnings call, CEO Chuck Robbins laid out the company’s investment strategy—with nary a mention of networking. Cisco was laying off up to 7% of its workforce, shifting resources into strategic areas. Robbins outlined his three-point list: AI, cybersecurity, and cloud.  Corporate focus was on integrating Splunk, the mega acquisition made in March.  Cisco had yet to announce Wi-Fi 7, a year and a half after competitors in China had taken the lead in the new technology.  It seemed that Cisco may be turning its back on campus networking, a market the company had dominated for decades.

What a difference 10 months can make.

Earlier this week, on June 10th, Chuck Robbins appeared on stage with Jeetu Patel, appointed by Robbins as Chief Product Officer just days after the August 2024 earnings call.Their message was that Cisco is an AI company with networking at its core, and that message was backed with a list of announcements so broad that Chief Marketing Officer Carrie Palin called it “bonkers”. Patel stole the show with a narrative designed to address the perception that a) Cisco is too complex and b) it missed the boat on AI.

The three focus areas outlined in August shifted. The word “cloud” morphed to “data center”, with a view that increasingly, AI workloads will be running on private infrastructure.  Cisco’s new strategy was infused with AI throughout, starting with a prediction that millions of AI agents will one day be introduced into the human workforce.  However, insisted Cisco executives, these agents will be “network-bound”.  To grow to its full potential, AI needs network infrastructure, but it also needs to be trusted.  To build trust, says Patel, security needs to be fused into the network, and Cisco, as a networking company, is best placed to make it happen.

To back up the proposition that the AI Era requires a robust underlying network, including inside the enterprise, Cisco revealed a slate of new developments for the campus network:

  • Two new Smart Switches for the campus (C9350 and C9610) with Silicon One coprocessors designed to run parallel workloads, such as Cisco’s Hypershield.
  • A cloud-native gateway, designed to help enterprises transition APs from controller-managed to cloud-managed architectures.
  • 19 new industrial switches, including small form factors intended to be installed on robots.
  • A behemoth of a Wi-Fi 7 AP, the CW9179F, weighing ten pounds, with front and back beam coverage, designed for large venue deployments. This is the latest addition to Cisco’s family of Wi-Fi 7 APs, the first of which was revealed in October 2024.
  • The addition of Ultra-Reliable Wireless Backhaul (URWB) on 6E APs (IW9165 and IW9167), with a plan to introduce URWB to some Wi-F 6 APs as a software upgrade.
  • The unification of Meraki and Catalyst from a hardware, licensing, and management perspective.
  • An AI-fueled management platform, AI-Canvas, with a multi-player, dynamic user interface. The platform relies on an LLM purpose-built for networking (Deep Network) fed with live telemetry and Cisco’s vast array of TAC insights (alpha version expected in October).

The vision was compelling and impressive in scale.  The reality will reveal itself as the platforms become available over the next few months.  Only as customers begin ordering, deploying, and using these new products in earnest will we begin to get answers to the following questions:

Will enterprises be prepared to pay a premium for an additional DPU in a campus switch, a concept originally designed for the data center?  Will the adoption of these models be tied to the penetration of Cisco’s Hypershield security strategy, and how will that unfold?

Will the North American market finally shift over to Wi-Fi 7, or will piles of remaining Wi-Fi 6E inventory continue to be the main source of shipments?

Can Meraki and Catalyst really be converged from a management perspective?  How will Cisco address the challenge of feature parity between the two, and how will the new, converged platform be branded?

What will the fee structure be for AI Canvas? Can IT departments adjust from having their hands on the network to being humans-on-the-loop?  Will the chosen licensing model for AI Canvas hamper its adoption?

While there might still be hiccups as products start rolling out (says Patel, products are never finished, they are either incomplete or obsolete), it is clear that Cisco has found a compelling vision to lay out for customers. The sheer breadth of the company’s portfolio is dizzying, which has previously worked against Cisco as a source of complexity.  But breadth can also be a seller if it’s positioned correctly.  Says Oliver Tuszik, Cisco’s newly appointed Chief Sales Officer, “When we combine two or three parts of Cisco, we are unbeatable… nobody in the market can build this solution.”

As for CEO Chuck Robbins, he called the June 2025 show the most important Cisco Live ever.  “I probably say that every year,” said Robbins.  “But this year, I mean it.”

[wp_tech_share]

I spent the past three days at Cisco Live 2025 and the adjunct Press & Analyst Conference in San Diego watching the company deliver a sweeping vision that fuses networking, security, observability, and silicon into one agent-ready platform. For example, Cisco framed its AI Canvas as a cross-domain cockpit and its Hypershield as distributed “micro-firewalls.” At the same time, programmable Cisco Silicon One and NVIDIA-aligned AI factories promised bandwidth without power blow-outs. Building on that, customers like Hilton and Steve Madden validated the strategy with million-device Meraki rollouts and 30 percent tool consolidation. Furthermore, a “One Cisco” sales overhaul simplifies buying and seeds outcome-based services. Collectively, these moves signal an ambitious pivot from box vendor to AI platform orchestrator—an evolution explored next with the key themes from Cisco Live 2025.

Cisco Live 2025 Key Themes

Secure Network Platformization Meets Agentic AI

Building on last year’s tentative integrations, Cisco leaders unveiled a cohesive platform that grafts identity, policy, and APIs across networking, security, and observability. Meanwhile, AI Canvas surfaced as the centerpiece UI where humans and software agents co-create dynamic troubleshooting boards, auto-generate interface widgets, and execute rollback-safe remediations. DJ Sampah, Vice President & GM, AI Software Platforms, likened the experience to a “collaborative cockpit” that turns cross-domain chaos into deterministic workflows. Consequently, the company bundles Canvas into existing subscriptions, delaying direct monetization yet accelerating adoption across its million-customer base.

Likewise, Hypershield extends this vision by embedding layer-4 firewall enforcement in smart switches, endpoints, and Kubernetes nodes. Tom Gillis, EVP & GM, Security & Networking, Cisco, argued that “east-west traffic is where attackers hide; distributed firewalls light it up.” The policy plane lives in Security Cloud Control, allowing enforcement to roam without forklift upgrades. Two large banks are already piloting the technology, and regulated enterprises are slated to enter production within a year. While we see its architectural elegance, we question timeline realism and third-party interoperability.

Programmable Silicon and AI-ready Fabrics

Meanwhile, surging inferencing workloads are rewiring data-center economics, and Cisco is positioning Silicon One as the programmable answer to hyperscale ASIC lock-in. Kevin Wollenweber, Cisco’s SVP & GM, Data Center, Internet & Cloud, emphasized that runtime programmability “avoids 24-month retape-outs while incurring no power penalty.” Building on that, Martin Lund, Cisco’s EVP, Common Hardware Group, revealed co-packaged-optics prototypes targeting 400 Gb/s per lane, promising reduced loss and improved energy efficiency. Consequently, Cisco’s secure AI factory reference design, co-engineered with NVIDIA, bundles front-end and GPU back-end networks, zero-trust segmentation, and AI Defense model guardrails.

Furthermore, executives argued that network bandwidth, not GPU scarcity, will become the gating factor. The roadmap scales port speeds from today’s 800 Gb/s to 3.2 Tb/s. Although the silicon story resonates, Cisco still lacks its GPU and must lean on allies like NVIDIA and AMD. Consequently, the company’s silicon agility will be scrutinized as enterprises demand latency budgets below 50 ms for interactive agents and sub-5 ms for robotics.

Go-to-Market Reinvention and Customer Momentum

Meanwhile, Cisco’s sales and marketing overhaul seeks to translate platform breadth into double-digit growth. Oliver Tuszik, Cisco’s EVP & Chief Revenue Officer, collapsed 14 specialist teams into a unified “One Cisco” motion, backed by 90,000 employees and AI-driven account intelligence. Building on that, Cisco’s Chief Marketing Officer, Carrie Palin, repositioned the brand around four outcome pillars: AI Infrastructure, Future-Proof Workplaces, Digital Resilience, and Secure Networking. We applaud the candor around perception gaps, yet caution that enablement depth and partner capacity will determine execution.

Customer narratives reinforce the pitch. Hilton has deployed 700,000 Meraki devices across 6,000 hotels, targeting 1 million by December. Steve Madden slashed standalone tools by 30 percent after standardizing on Meraki, Secure Access, and Splunk-fed XDR, while Grok jumped from 100 Gb/s to 800 Gb/s switching for inference clusters. These cases showcase simplified operations, supply-chain reliability, and AI-ready bandwidth—but also reveal remaining friction. Dan Wood, Hilton’s VP, Global Network Engineering, stated that full autonomy will follow only after “bringing the feeds together before trusting AI.” That cautious stance mirrors broader industry ambivalence toward agentic control.

Looking ahead, Cisco must prove that unified licensing and friction-free trials can convert marquee case studies into mainstream repeatability across partners and verticals.

Cisco’s New Vision in Today’s Market

Building on the thematic foundation, Cisco’s platformization strategy enters a contested arena where many others are vocalizing similar platformization and AI-first themes. These include security juggernauts like Palo Alto Networks, Fortinet, and Zscaler, other network vendors such as Arista, Juniper Networks, and HPE, public cloud giants like AWS, Google, and Microsoft, and lastly, AI silicon behemoth Nvidia.  Meanwhile, Cisco leans on three differentiators—security-infused networking, programmable silicon, and Splunk-fueled telemetry processing—to outflank suite rivals and point players.

On the security front, Hypershield seeks to upset the immense network security foothold that Palo Alto Networks, Fortinet, and Zscaler enjoy today. Embedding security into every switch port could rewrite networking firewall price-performance curves and unlock new security value, yet it risks cannibalizing Cisco’s firewall appliance revenue if adoption outpaces upsell. Curiously, Cisco also announced the latest data center-focused 6100 series firewall appliance. Conversely, Palo Alto Networks’ threat protection remains deeply respected by its customers, and Fortinet’s ASIC-accelerated FortiFabric still holds performance leadership in raw layer-4 deployments, forcing Cisco to convince that hypershield threat protection is sufficient to displace Palo Alto Networks or that smart-switch elasticity outweighs Fortinet’s raw layer-4 throughput.

On the programmable silicon front, Cisco’s Silicon One positions it against Juniper’s and Broadcom’s silicon. Dynamic tuning with no power penalty offers future-proofing, but network-OS diversity may complicate software consistency and partner certification. Meanwhile, NVIDIA’s Spectrum-X fabric magnetizes hyperscale interest, prompting Cisco to co-develop secure AI factories rather than compete head-on for GPU boards. The alliance may grant Cisco optical sockets in trillion-dollar TAMs, yet deepens dependency on NVIDIA’s supply chain during component shortages.

In the fight for network and security telemetry processing, the Splunk federation underpins an “intelligent data fabric” that rivals Elastic and Datadog in observability. Offering no-charge log ingestion for Cisco firewalls shifts cost optics. The pricing gambit is a clever land grab, but deferred revenue recognition could pressure short-term financials if upsell velocity stalls. Meanwhile, Microsoft’s $20 billion security franchise looms as the benchmark; Cisco must match Microsoft’s cloud-native scale without forcing data migrations that customers resist.

Advantages dominate early momentum. Customers cite tool-chain consolidation, supply-chain agility, and cross-domain visibility as primary wins. Hilton’s million-device ambition underscores vertical scalability; Grok’s 800 Gb/s backbone attests to silicon headroom; and CVS Health’s multi-billion AI investment validates trust at regulated scale. Moreover, Cisco’s open-API narrative draws startups, leveraging a platform rather than smothering innovation—a contrast to so-called “rip-and-replace” incumbents.

Yet, disadvantages remain material. First, roadmap skepticism persists: Hypershield lacks complete layer-7 threat protection standard in standalone firewall appliances. Cisco did not share a specific timeline for adding complete threat protection to Hypershield. Second, licensing complexity still confounds partners juggling many licenses,  spanning the entire portfolio from networking, security, and observability. Third, the “grandfather’s Cisco” perception endures. Cisco has a perception problem, and it knows it. Fourth, agentic ops raise governance alarms; early adopters demand deterministic rollback and audit trails before surrendering root privileges to generative models. Finally, execution risk surrounds a nine-month idea-to-product cadence. Such sustained velocity could strain quality assurance and channel readiness, which, for decades, has worked with Cisco, which is much more conservative in shipping products.

Despite those cons, the trajectory remains favorable. Cisco’s willingness to cannibalize hardware for recurring software revenue demonstrates strategic maturity, aligning economic incentives with customer outcomes. Consequently, the blend of programmable silicon, AI-mediated operations, and federated data fabrics positions Cisco to capture incremental spend as enterprises refresh data centers for persistent inference traffic. Meanwhile, hyperscaler collaboration and sovereign-AI localization diversify addressable markets, foreshadowing competitive realignment over the next 18 months.

Conclusion and Looking Forward

Cisco Live 2025 underscored the company’s intent to become an AI-native orchestrator that fuses security, telemetry, and silicon. Yet even as the many innovations announced during Cisco Live 2025 promise agent-guided automation, a Reddit thread titled “Discouraged at Cisco Live (2025)” reminds us that practitioners still weigh hype against day-to-day realities. One attendee joked that the show echoed nothing but “AI, AI, AI,” sparking gallows humor about whether network engineers will soon automate themselves out of a job. Such grassroots skepticism tempers vendor optimism, underlining the need for tangible wins—latency cuts, tool reduction, and simpler licenses—before narrative momentum becomes mainstream trust.

On a tactical level, I have three litmus tests that I’ll be keeping my eye on as a barometer to Cisco’s journey over the next year:

  • Secure branch revenue velocity per my recent blog.
  • General-availability uptake of Hypershield and its impact on firewall appliance refresh revenue.
  • Customer conversion rates from free Splunk firewall-log ingestion to paid data-fabric expansions.

If Cisco translates roadmap ambitions into measurable adoption and incremental ARR, the company will emerge not just AI-ready but AI-native, reshaping how enterprises perceive the intersection of networking, security, and silicon.