To overcome the new security challenges and the explosion of clients in today’s perimeter-less enterprise networks, Arista delivers a novel AI-driven network Identity service, Arista Guardian for Network Identity or AGNI to connect the network, users, and devices across remote and geographically dispersed locations. Based on Arista’s flagship CloudVision, the new AGNI platform brings a revolutionary improvement to scale, simplicity, and security across users, their associated endpoints, and IoT devices.

Featured Video: Introducing Arista Guardian For Network Identity

Introducing Arista Guardian For Network Identity


CloudVision AGNI embraces modern design principles, Cloud native microservices architecture, and Machine Learning / Artificial Intelligence (ML/AI) technologies to significantly simplify administrative tasks and reduce complexities. It offers a comprehensive range of features to meet the requirements of modern networks.

CloudVision AGNI provides simple self-service onboarding using single sign-on (SSO) for wireless unique pre-shared keys and dot1x digital certificates, complete certificate life cycle management with cloud-native PKI infrastructure, authorization and segmentation, behavioral profiling, and visibility of all connected devices. AGNI integrates with all the leading Identity Providers including Okta, Google Workspace, Microsoft Azure, OneLogin, and Ping Identity. Devices are discovered, profiled, and classified into groups for single-pane-of-glass visibility and control.




CloudVision AGNI integrates with network infrastructure devices (wired switches and wireless access points) through a highly secure TLS-based RadSec tunnel. The highly secure and encrypted tunnel offers complete protection to the communications that happen in a distributed network environment. This mechanism offers much greater security to AAA workflows when compared with traditional RADIUS environment workflows, which are not encrypted. AGNI integrates with Arista products to enable the exchange of important user and client context, secure group segmentation (MSS-G), and authentication telemetry data. Additionally, AGNI can fetch consumer advanced profiling, posture, and network inventory data to provide comprehensive policy management and insights into network security. The platform’s API-first approach enables seamless integration with third-party solutions, allowing for the exchange of user and client context, authentication telemetry, and endpoint protection status. AGNI offers Arista’s Unique PSK (UPSK) solutions to enable secure authentication mechanisms for BYOD, IoT/IoMT, and gaming devices. AGNI extends its feature set to accommodate a wide range of client devices with its support for Captive Portal and MBA authentications.

AGNI integrates with Arista NDR and other third-party XDR and EDR solutions for post-admission control functionality.

Existing NAC solutions suffer from the complexity of the deployment, requiring a cluster of appliances, and reliable WAN connections to keep them in sync. Inherently these products are difficult to configure, maintain and upgrade. They can’t scale up and down easily to meet the service requirements. These products also use less secure authentication methods which are no longer recommended in the Industry. Existing on-prem NAC solutions of today lack the simplicity, scalability, and security required to be effective in today’s ever-evolving enterprise networks.

Arista Guardian for Network Identity (AGNI), is the next-generation cloud-native AI-driven solution that delivers identity-based network access control. CloudVision AGNI is designed considering the 3-S fundamentals of network designing — simplicity, scalability, and security.

The solution delivers a substantial reduction in the total cost of ownership, making it a very cost-effective choice for businesses of all sizes. With its cutting-edge features and advanced technology, CloudVision AGNI is the ideal choice for businesses looking to enhance their network security infrastructure.