# Cisco Secure AI Factory with NVIDIA — 4+1 Layer AI Infrastructure Assessment

> Mapped to the 4+1 Layer AI Infrastructure Model  
> Version: v1.0 — Draft, Editorial Review Pending · Date: May 23, 2026  
> Source: Cisco Live EMEA 2026, GTC 2026, RSA Conference 2026, Cisco Q3 FY2026 earnings, Galileo acquisition announcement (Apr 2026), AGNTCY/Linux Foundation donation (Jul 2025), DefenseClaw open source, Cisco/VAST partnership, analyst coverage, published 4+1 model  
> Published by: The CTO Advisor LLC · thectoadvisor.com  
> Author: Keith Townsend

[Full interactive assessment](https://layer2c.web.app/assessment/cisco) · [Methodology](https://layer2c.web.app/methodology) · [What Is Layer 2C?](https://layer2c.web.app/what-is-layer-2c)

## Executive Summary

Cisco is the only vendor in this assessment series whose AI infrastructure authority is anchored by networking and security — but the compute story has matured beyond that framing. Where Dell builds up from servers and storage, HPE from sovereign compute and owned networking, VAST from the data platform, and hyperscalers from managed services, Cisco builds outward from the network fabric and security posture, with a purpose-built GPU compute portfolio (C885A, C845A, X-Series X580p) that now competes directly with Dell and HPE at every AI workload tier. The Secure AI Factory with NVIDIA is a reference architecture, not a vertically integrated platform — and that distinction defines Cisco's entire 4+1 profile. The customer asking Cisco for an AI factory receives a complete solution: Cisco-owned networking and compute, Cisco-owned security and observability, and partner-delivered storage and data services through validated integrations.

Layer 0 is Cisco's strongest position with depth across both networking and compute. Cisco owns the network fabric (Silicon One G300, Nexus 9000/8000, Nexus Hyperfabric) and has built a three-tier GPU compute portfolio (C885A dense HGX for training, C845A modular MGX for inference, X-Series X580p for composable blade AI) that competes directly with Dell PowerEdge and HPE ProLiant. The X-Series disaggregated GPU architecture — independently managing CPU and GPU lifecycles via X-Fabric — is an architectural differentiator no other blade vendor matches. Cisco does not own storage; the AI POD storage story depends on partners (VAST Data primary, plus NetApp, Pure Storage, Hitachi Vantara, Nutanix), which is Delegated authority. This makes Cisco's Layer 0 the inverse of Dell's: Dell owns compute and storage but brands NVIDIA networking silicon. Cisco owns networking silicon and has purpose-built AI compute but depends on partners for the data foundation.

The security and observability layers are where Cisco makes its most differentiated claim. AI Defense, Duo Agentic Identity, DefenseClaw, Splunk Observability Cloud with AI Agent Monitoring, and the Galileo acquisition together represent the most comprehensive agent security and observability portfolio of any infrastructure vendor assessed. These capabilities span Layers 2A through 2C — and they constitute genuine Cisco-owned IP, not rebranded NVIDIA or partner technology. The structural question is whether security and observability are sufficient to constitute a control plane, or whether they remain constraint enforcement without placement reasoning.

The AGNTCY initiative — open-sourced by Cisco's Outshift incubator, donated to the Linux Foundation with Dell, Google Cloud, Oracle, and Red Hat as formative members — contributes infrastructure primitives (discovery, identity, messaging, observability) to the broader agentic standards ecosystem. AGNTCY sits within the Agentic AI Foundation (AAIF), the fastest-growing project in Linux Foundation history, where MCP (Anthropic), A2A (Google), AGENTS.md (OpenAI) define the foundational protocols. Cisco is a Gold member of AAIF, not a Platinum founder — the ecosystem-defining standards were originated by Anthropic, Google, and OpenAI, not Cisco. AGNTCY contributes essential plumbing beneath those protocols, and Cisco's commercial products (AI Defense, Duo, Splunk) could become the enterprise implementation layer if these open standards achieve adoption. But Cisco's position is contributor, not definer.

Cisco's ~$9B in projected FY2026 AI infrastructure orders, record $15.8B quarterly revenue, and hyperscaler design wins (Silicon One P200, G200) validate market traction. The Galileo acquisition and DefenseClaw open-source release signal an intent to own the AI agent trust layer. The 4+1 assessment reveals a vendor with genuine strength at Layer 0 (networking + compute), comprehensive security and observability across Layers 2A through 2C (all Cisco-owned IP), and partner-delivered data plane capabilities at Layers 1A through 1C that the customer receives as part of the Secure AI Factory solution. The structural gap is specific: Cisco has no proprietary data software (storage, retrieval, pipelines) and no policy-driven placement engine at Layer 2C. Cisco secures the AI Factory and contributes to the open standards that may define its governance. It does not yet govern the factory itself.

## Layer Status

| Layer | Status | Classification |
|---|---|---|
| Layer 0 | ● Networking Strength — Asymmetric | Compute & Network Fabric |
| Layer 1A | ◑ Delegated — Partner-Delivered | Data Storage & Governance |
| Layer 1B | ◑ Delegated — Partner-Delivered | Context Management & Retrieval |
| Layer 1C | ◑ Delegated — Partner-Delivered | Data Movement & Pipelines |
| Layer 2A | ◑ Networking-Centric Orchestration | Infrastructure Orchestration |
| Layer 2B | ◑ Security Layer — Not Runtime | Application Runtime & Execution |
| Layer 2C | ◑ Security + Identity — Not Yet Governance | Agentic Infrastructure — The Reasoning Plane |
| Layer 3 (+1) | ◇ Partner Ecosystem | AI Application Layer — The Value Plane |

## DAPM Profile

| Classification | Count | Meaning |
|---|---|---|
| Retained | 27 | Enterprise owns and controls this capability |
| Delegated | 5 | Provided by substitutable partner; enterprise retains swap authority |
| Ceded | 0 | Vendor controls this; enterprise has no governance authority |
| Absent | 0 | No capability at this layer |

## Strongest Layers

- **Layer 0** (Compute & Network Fabric) — Networking Strength — Asymmetric

## Layer-by-Layer Detail

### ● Layer 0: Compute & Network Fabric

*Raw compute, networking, and acceleration fabric*  
**Status:** Networking Strength — Asymmetric

**Silicon One G300 (AI Networking Silicon)** [DAPM: Retained]  
102.4 Tbps switching silicon for massive AI cluster buildouts. Intelligent Collective Networking delivers 33% increase in network utilization and 28% improvement in job completion time. Powers gigawatt-scale AI clusters for training, inference, and real-time agentic workloads. Cisco-designed silicon — not NVIDIA-branded, not repackaged. This is Cisco's most significant Layer 0 differentiator: owned networking silicon IP at the same architectural level as AWS Nitro/EFA/SRD, Google Virgo, and Microsoft SONiC.

**Nexus 9000 / 8000 Systems (G300-powered)** [DAPM: Retained]  
102.4 Tbps switching speeds in liquid-cooled and air-cooled designs. Nearly 70% energy efficiency improvement with liquid cooling and advanced optics. Common hardware for diverse fabric types including Nexus Hyperfabric. Designed for hyperscalers, neoclouds, sovereign clouds, service providers, and enterprises. First P200 design wins confirmed with hyperscalers; third P200 win in early Q4 2026.

**Nexus Hyperfabric (Cloud-Managed AI Fabric)** [DAPM: Retained]  
Cloud-managed network fabric integrating networking, GPU, and storage into a unified infrastructure. Fabric-as-a-Service model with automated deployment and operations. NVIDIA NCP (Networking Connectivity Platform) design validation. Sharon AI selected Hyperfabric for Australia's first Cisco Secure AI Factory deployment (1,024 NVIDIA Blackwell Ultra GPUs).

**Nexus One (Unified Management Plane)** [DAPM: Retained]  
Unified management across on-premises and cloud-based data center deployments. AI Job Observability provides job-aware, network-to-GPU visibility correlating network telemetry with AI workload behavior. Native Splunk Platform integration for in-place telemetry analysis without data movement — essential for sovereign cloud and compliance-sensitive environments. API-driven automation and customization built-in.

**Cisco UCS C885A M8 (Dense GPU — HGX Platform)** [DAPM: Retained]  
Cisco's first 8-way accelerated computing system. Built on NVIDIA HGX platform with 8x NVIDIA H100 or H200 Tensor Core GPUs, OR 8x AMD MI300X/MI350X OAM GPUs — multi-vendor GPU support in the same dense server. One ConnectX-7 NIC or BlueField-3 SuperNIC per GPU for cluster-scale training. BlueField-3 DPUs for accelerated GPU-to-data access and zero-trust security. Designed for large LLM training, fine-tuning, and large model inference. MLPerf Training benchmarks published January 2026. This is Cisco's direct competitor to Dell PowerEdge XE9680 and HPE ProLiant DL380a — a genuine leadership-class AI server, not a rebadged reference design.

**Cisco UCS C845A M8 (Modular GPU — MGX Platform)** [DAPM: Retained]  
Flexible, scalable AI server based on NVIDIA MGX modular reference design. Configurable from 2 to 8 NVIDIA or AMD PCIe GPUs including RTX PRO 6000 and RTX PRO 4500 Blackwell Server Edition in a 4RU chassis. Enhanced power delivery, fewer PCBs, improved cable routing for optimal airflow and thermal management. GPU hot-swap for faster replacement. E1.S SSDs for increased storage density. First VAST Certified CNode-X platform in market (UCS C845A M8 with RTX PRO 6000). 'Start small and scale up' positioning for enterprises ramping AI from inference to fine-tuning. Day-1 Intersight management for unified AI and traditional workload operations.

**Cisco UCS X-Series + X580p GPU Node (Modular Blade AI)** [DAPM: Retained]  
Disaggregated, composable AI compute within the UCS X9508 blade chassis. X580p PCIe Node adds up to 4 NVIDIA GPUs (RTX PRO 6000/4500 Blackwell, H200 NVL, L40S) to X210c/X215c compute nodes via X-Fabric Technology. X9516 X-Fabric Module provides PCIe Gen 5 switching with ultra-low-latency, NVLink Bridge support, and dynamic GPU-to-host provisioning. Independent CPU and GPU lifecycle management — upgrade GPUs without replacing compute nodes. MLPerf Inference benchmarks published April 2026. Up to 24 GPUs per 7RU chassis. This is architecturally distinctive: no other vendor offers a modular blade system with disaggregated GPU composition for AI workloads. Dell PowerEdge MX and HPE Synergy do not have equivalent GPU composability.

**Cisco UCS C240 M8 / C225 M8 (Mainstream + Storage)** [DAPM: Retained]  
C240 M8: 2U rack server with Intel Xeon 6 processors, up to 2 double-width NVIDIA GPUs (RTX PRO 6000 Blackwell, H200 NVL). Balanced compute for distributed AI, analytics, edge AI, and vision workloads. Up to 28 NVMe/SAS/SATA drives for high-speed data access. C225 M8: designated as VAST Data Platform EBOX (storage servers) in AI POD architecture — the persistent storage foundation for Cisco AI PODs. Both managed through Cisco Intersight.

**Cisco AI PODs (Pre-Validated Full-Stack Infrastructure)** [DAPM: Retained]  
Modular, full-stack AI infrastructure platform combining UCS C885A/C845A compute, Nexus 9000 networking (up to 800G), NVIDIA GPUs, and partner storage (VAST Data, NetApp, Pure Storage, Hitachi Vantara, Nutanix). Scalable from 32 to 128+ GPUs. Cisco Validated Designs (CVDs) and NVIDIA Enterprise Reference Architectures (ERAs) for training, fine-tuning, inference, and RAG workloads. Pre-validated designs reduce setup time by up to 50%. Integrated management through Cisco Intersight and Nexus Dashboard. Modular scale-unit design enables growth without full infrastructure overhaul.

**Cisco Unified Edge (Edge AI Compute)** [DAPM: Retained]  
Edge compute platform supporting NVIDIA RTX PRO 4500 and 6000 Blackwell Server Edition GPUs for mission-critical AI at the edge. Also supports NVIDIA L4 GPUs. Zero-touch deployment with pre-validated blueprints. Centralized management via Intersight with Splunk and ThousandEyes integrations for end-to-end edge observability. Multi-layered zero-trust security with tamper-proof features, deep telemetry, drift-free configurations. Cisco AI Grid reference design extends edge AI to service providers via Cisco Mobility Services Platform — a unique go-to-market that no other assessed vendor offers.

**Gap Analysis:** Layer 0 is Cisco's strongest position with genuine depth across both networking AND compute — not just networking.

Networking authority is unmatched among on-prem vendors. Silicon One is proprietary switching silicon comparable in strategic significance to AWS's Nitro/EFA, Google's Virgo, or Microsoft's SONiC. No other on-prem infrastructure vendor designs their own switching silicon for AI networking. Dell brands NVIDIA Spectrum. HPE acquired Juniper for networking IP but doesn't design switching ASICs. VAST depends entirely on OEM networking.

The compute portfolio is broader and more architecturally deliberate than initial assessment suggested. The three-tier GPU server strategy (C885A for dense 8-GPU HGX training, C845A for flexible 2-8 GPU MGX inference and fine-tuning, X-Series X580p for composable blade AI) covers the full spectrum of enterprise AI workloads from leadership-class training to distributed inference. The C885A competes directly with Dell PowerEdge XE9680 and HPE ProLiant DL380a as a genuine 8-GPU dense server with MLPerf benchmarks published.

The X-Series X580p is an architectural differentiator that deserves specific recognition: disaggregated GPU composition via X-Fabric allows enterprises to independently manage CPU and GPU lifecycles, dynamically provision GPU resources to compute nodes, and scale GPU density within a blade chassis (up to 24 GPUs per 7RU). No other vendor offers modular blade-based GPU composability at this level. Dell PowerEdge MX and HPE Synergy do not have equivalent GPU disaggregation. This is Cisco applying its composable infrastructure heritage (UCS X-Series has always been about disaggregation) to the AI compute problem.

Multi-vendor GPU support (AMD MI300X/MI350X alongside NVIDIA HGX on C885A) gives Cisco the same silicon optionality that HPE offers with GX5000 (NVIDIA Rubin + AMD MI430X). Dell's AI Factory is NVIDIA-only (AMD under separate branding).

The storage gap remains the most significant Layer 0 structural difference from Dell and HPE. Cisco does not manufacture or sell storage. The AI POD storage story depends on partners: VAST Data (primary), plus NetApp, Pure Storage, Hitachi Vantara, and Nutanix as validated options. This multi-vendor storage flexibility is arguably a strength for the reference-architecture model — the enterprise retains storage vendor choice — but it means Cisco cannot build a vertically integrated data plane.

The dual-silicon networking strategy (Silicon One + Spectrum-X) is strategically unique. Cisco gives customers a choice: Cisco-designed silicon or NVIDIA silicon, both managed through Nexus One. This preserves the NVIDIA partnership while maintaining Cisco's networking authority. If NVIDIA changes its Spectrum roadmap, Cisco's customers have an alternative that Dell's customers do not.

The ~$9B in FY2026 AI infrastructure orders and hyperscaler design wins (P200, G200) validate that the networking + compute + reference architecture approach has market traction at the highest scale.

**Borrowed Judgment:** Moderate but structurally different from Dell's or HPE's. Cisco borrows GPU silicon judgment from NVIDIA (same as everyone) but retains genuine compute platform engineering judgment: X-Series composable architecture, X-Fabric GPU disaggregation, MGX reference design improvements, multi-vendor GPU support, and the three-tier server strategy. Cisco also retains networking judgment entirely — Silicon One, Nexus 9000/8000, Hyperfabric, and Nexus One are all Cisco IP. Storage judgment is borrowed from VAST Data and other partners.

The comparison:
• Dell retains compute packaging (thermal, mechanical, rack-scale) and storage judgment, borrows networking silicon from NVIDIA (Spectrum).
• HPE retains compute judgment (Cray heritage, ProLiant) and networking judgment (Juniper/Aruba/Slingshot), borrows runtime from NVIDIA.
• Cisco retains networking judgment AND compute platform engineering (UCS, X-Series composability), borrows GPU silicon (NVIDIA) and storage (partners).

Each on-prem vendor retains authority in their heritage domain. Cisco's heritage is networking, but UCS — now in its M8 generation with purpose-built AI servers — has matured from 'networking company does compute' to a genuine multi-tier AI compute platform. The X-Series disaggregated GPU architecture is Cisco's compute contribution that has no direct equivalent from Dell or HPE.

### ◑ Layer 1A: Data Storage & Governance

*Durable, governed data foundation — the Governance Catalog that Layer 2C queries*  
**Status:** Delegated — Partner-Delivered

**VAST Data Platform on Cisco AI PODs (EBOX)** [DAPM: Delegated]  
VAST Data Platform running on Cisco UCS C225 M8 servers (designated EBOX). VAST DASE architecture provides shared-everything model with NVMe-over-Fabrics, global namespace, and ACID guarantees. Managed through Cisco Intersight alongside compute and networking. VAST was recognized at VAST Forward 2026 for its Cisco partnership. The customer buying a Cisco Secure AI Factory gets VAST storage as a validated, integrated component — Cisco delivers the capability even though VAST provides the IP.

**Multi-Vendor Storage Options (AI POD Validated)** [DAPM: Delegated]  
Cisco AI PODs validate multiple storage partners: VAST Data (primary/deepest integration), NetApp, Pure Storage, Hitachi Vantara, and Nutanix. The enterprise retains storage vendor choice — a structural advantage of the reference architecture model over Dell's single-vendor storage story (PowerScale/ObjectScale) or VAST's vertically integrated approach. Each storage partner brings its own governance metadata model, meaning Layer 1A governance capabilities vary by storage choice.

**Cisco Hypershield + Isovalent (Data Security)** [DAPM: Retained]  
Zero-trust, ransomware-resilient storage security and inline network security. Cisco Secure AI Factory security principles applied to the data layer. Isovalent provides eBPF-based runtime security for containerized AI workloads. Hybrid Mesh Firewall extends policy enforcement to BlueField DPUs at the storage server level. Security is Cisco-owned and layered on top of whichever storage partner the enterprise selects — consistent security posture regardless of storage choice.

**Gap Analysis:** Applying the litmus test — what does the enterprise get when it asks Cisco for a 4+1 AI infrastructure? — the answer is clear: the Cisco Secure AI Factory delivers a complete data foundation. VAST Data Platform provides AI-optimized storage with DASE architecture, global namespace, and ACID guarantees. NetApp, Pure Storage, Hitachi Vantara, and Nutanix are validated alternatives. The customer gets Layer 1A capability through Cisco's go-to-market.

The DAPM classification (Delegated) captures the structural reality: Cisco delivers the solution, the storage partner provides the IP. This is the same pattern as Dell's Trust3 AI partnership at Layer 1A — Dell delivers governance but Trust3 AI provides the capability. The customer buying Dell doesn't experience Trust3 AI as a gap. The customer buying Cisco shouldn't experience VAST storage as a gap either.

Where Cisco's Layer 1A is genuinely thinner than Dell's or HPE's is governance metadata. Dell's MetadataIQ indexes billions of files across PowerScale/ObjectScale with automated classification, tagging, and metadata enrichment — Dell-owned IP. HPE's Data Fabric provides policy-based data placement with lineage tracking — HPE-owned IP. Cisco has no equivalent Cisco-owned metadata or governance capability. The governance metadata available depends entirely on which storage partner the enterprise selects. With VAST, the enterprise gets VAST Catalog. With NetApp, different governance primitives. Cisco adds consistent security across all of them (Hypershield, Isovalent) but does not add a Cisco-owned governance layer above the storage partner.

The 4+1 model defines Layer 1A as the 'Governance Catalog that Layer 2C queries.' The catalog exists in the Cisco Secure AI Factory — it's provided by the storage partner. Cisco does not own that catalog, which means Cisco's future Layer 2C ambitions depend on a partner's metadata model. Dell and HPE can build from their own metadata to their own control plane. Cisco would need to build from VAST's metadata to Cisco's control plane — a cross-vendor integration that neither party has announced.

The multi-vendor storage model is both a strength and a structural constraint. Strength: the enterprise retains storage vendor choice, avoiding single-vendor lock-in at the data layer. Constraint: Cisco cannot optimize the compute-to-storage-to-governance integration path the way Dell can with Exascale + MetadataIQ or VAST can with DASE + Catalog. Each storage partner brings its own data architecture, its own metadata model, and its own governance surface — Cisco must integrate across all of them rather than optimizing for one.

**Borrowed Judgment:** High for storage platform and governance metadata, low for data security. The enterprise buying a Cisco Secure AI Factory inherits the storage partner's data architecture decisions — VAST's DASE model, NetApp's ONTAP model, or Pure's Purity model depending on selection. Cisco contributes consistent security posture across all storage choices (Hypershield, Isovalent, Hybrid Mesh Firewall) but does not contribute governance metadata, data classification, or compliance tagging above the storage partner.

Comparison: Dell borrows Layer 1A governance judgment from Trust3 AI (a specific partner function) but retains storage platform judgment (PowerScale, ObjectScale, MetadataIQ are Dell IP). HPE retains both storage platform (Alletra) and governance (Data Fabric) judgment. Cisco borrows the storage platform from partners but retains the security layer — structurally higher borrowed judgment than Dell or HPE at Layer 1A, but the customer still receives a complete solution.

### ◑ Layer 1B: Context Management & Retrieval

*Low-latency retrieval for RAG — vector/hybrid search, context windows*  
**Status:** Delegated — Partner-Delivered

**VAST InsightEngine on Cisco AI PODs** [DAPM: Delegated]  
VAST InsightEngine on Cisco UCS C845A M8 servers (first VAST Certified CNode-X platform). Real-time vector embedding and retrieval for RAG and agentic workflows. Integrates with NVIDIA NIM microservices for AI-native retrieval. Automates embedding, indexing, and retrieval pipelines. Marketed as reducing RAG pipeline latency from minutes to seconds. This is a validated component of the Cisco Secure AI Factory — the customer asking Cisco for RAG capability receives InsightEngine as part of the delivered solution.

**Cisco AI Networking for Retrieval Performance** [DAPM: Retained]  
Silicon One G300 Intelligent Collective Networking directly impacts retrieval latency and throughput. The 33% network utilization improvement and 28% job completion time improvement are not just training metrics — they affect how quickly GPU compute accesses storage-side vector indexes. Cisco's networking fabric is the enabling layer that makes VAST's retrieval performance achievable at scale. Lossless, low-latency Nexus 9000 fabric with up to 800G bandwidth between compute and storage tiers.

**Gap Analysis:** Applying the customer litmus test: the enterprise asking Cisco for RAG and retrieval capability receives VAST InsightEngine as a validated component of the Secure AI Factory. The retrieval function is delivered. The DAPM classification (Delegated) captures that the retrieval IP belongs to VAST.

Cisco's Retained contribution at Layer 1B is the networking fabric that makes high-performance retrieval possible — lossless connectivity between GPU compute nodes and VAST storage with predictable latency. This is not the retrieval capability itself, but it is the enabling condition. The Cisco + NVIDIA + VAST data platform is marketed as 'the first enterprise architecture unifying compute, fabric, and storage into a single, validated platform to accelerate RAG' — and the validated integration is genuine, even though each component has a different owner.

Where Cisco is thinner than Dell at Layer 1B: Dell has Data Analytics Engine with its own MCP Server (Feb 2026), blurring the 1A/1B boundary with search, analytics, and orchestration surfaced as a single queryable service — Dell-owned IP. HPE has Data Fabric with integrated vector search capabilities. Cisco's Layer 1B retrieval is entirely partner-provided. If the enterprise selects a storage partner other than VAST (NetApp, Pure Storage, etc.), the Layer 1B retrieval story changes entirely — each partner brings different retrieval capabilities, and Cisco provides no Cisco-owned retrieval abstraction above them.

The network-to-retrieval performance correlation is an underappreciated Cisco contribution. When Nexus One's AI Job Observability shows that retrieval latency degraded because of network congestion on a specific path between compute and storage tiers, that's retrieval-relevant intelligence that no storage vendor can provide independently. Cisco sees the network between the GPU and the data — VAST sees the data, NVIDIA sees the GPU, Cisco sees the fabric connecting them.

**Borrowed Judgment:** High for retrieval logic, low for retrieval-enabling networking. All retrieval and context management intelligence is provided by VAST (InsightEngine) and NVIDIA (NeMo Retriever, AI Enterprise). Cisco provides the networking substrate that determines retrieval performance characteristics — and that substrate is Cisco-owned IP with genuine impact on retrieval latency and throughput.

The structural comparison: Dell borrows retrieval acceleration from NVIDIA (cuVS, NeMo Retriever) but retains the storage platform on which retrieval operates (PowerScale). Cisco borrows both retrieval logic (VAST InsightEngine) and retrieval acceleration (NVIDIA) but retains the networking fabric that connects them.

### ◑ Layer 1C: Data Movement & Pipelines

*ETL/ELT, feature engineering, data preparation for AI workloads*  
**Status:** Delegated — Partner-Delivered

**VAST DataEngine / SyncEngine (on Cisco AI PODs)** [DAPM: Delegated]  
VAST DataEngine executes serverless functions directly where data lives — 'bringing compute to the data.' SyncEngine indexes and synchronizes data from external sources, triggering enrichment pipelines automatically. Both are delivered as part of the Cisco Secure AI Factory with VAST Data. The customer asking Cisco for data pipeline capability receives these as validated components.

**Cisco Networking Fabric (Data Movement Substrate)** [DAPM: Retained]  
Silicon One G300 Intelligent Collective Networking optimizes data flow across the AI cluster. The network fabric is the physical data movement layer — every byte of training data, every embedding pipeline, every model checkpoint traverses Cisco's switching fabric. Lossless, low-latency networking with up to 800G bandwidth is a prerequisite for high-throughput data pipelines. Cisco's contribution to Layer 1C is the movement infrastructure, not the pipeline logic.

**Gap Analysis:** Applying the customer litmus test: the enterprise asking Cisco for data pipeline capability receives VAST DataEngine and SyncEngine as validated components of the Secure AI Factory. The pipeline function is delivered. DAPM classification (Delegated) captures the authority structure.

Cisco has no proprietary data pipeline, ETL, or feature engineering tools — and this is consistent with Cisco's architectural identity. Cisco has never been a data management software company. Dell's Dataloop-powered Data Orchestration Engine is notable precisely because it's Dell's first proprietary software asset in the data lifecycle. HPE's Data Fabric provides policy-based data placement. IBM has watsonx.data with Confluent streaming. Cisco's equivalent is the validated partner integration.

Cisco's Retained contribution at Layer 1C is the networking fabric that data pipelines traverse. In a disaggregated AI architecture, data movement between storage tiers, GPU compute, and model serving endpoints is constrained by network bandwidth and latency. Silicon One G300's Intelligent Collective Networking — the 33% utilization improvement and 28% job completion time improvement — directly accelerates data pipeline throughput. This is an infrastructure contribution, not a software contribution, but it's a real one.

The Splunk data ingestion and processing capabilities could theoretically extend into data pipeline territory — Splunk already handles high-volume data streams for observability. But Splunk is positioned as an observability and security platform, not an AI data pipeline tool. No Cisco signals suggest this expansion.

**Borrowed Judgment:** High for pipeline logic, low for data movement infrastructure. All data pipeline orchestration, serverless execution, and data synchronization judgment is provided by VAST (DataEngine, SyncEngine) or by the enterprise's own tooling. Cisco provides the networking fabric that determines data movement performance — Cisco-owned IP that directly impacts pipeline throughput.

If the enterprise selects a storage partner other than VAST, the Layer 1C story changes significantly. NetApp, Pure Storage, and Hitachi Vantara each have their own data movement capabilities, none validated at the same depth as VAST within the Cisco AI POD architecture.

### ◑ Layer 2A: Infrastructure Orchestration

*Resource scheduling, GPU allocation, infrastructure lifecycle management*  
**Status:** Networking-Centric Orchestration

**Cisco Intersight (Unified Fleet Management)** [DAPM: Retained]  
Cloud-based infrastructure management for UCS compute, Nexus networking, and VAST storage lifecycle. Policy-driven server profiles, firmware management, and workload optimization. Manages the chassis and networking — comparable to Dell's OpenManage Enterprise but with stronger networking integration. Does not manage GPU workload scheduling directly.

**Nexus One (AI Network Operations)** [DAPM: Retained]  
Unified management plane for data center networking. AI Job Observability correlates network telemetry with AI workload behavior. AgenticOps-powered autonomous network operations. The AI-aware network management capability is Cisco-unique — no other vendor correlates network health with GPU job completion at this level of integration.

**AgenticOps (Agent-First IT Operating Model)** [DAPM: Retained]  
Agent-driven IT operations across networking, security, and observability. Cross-domain telemetry from Cisco Networking, Security Cloud Control, Nexus One, Splunk, and ThousandEyes. Agentic Workflows and AI Canvas for troubleshooting and automation. Deep Network Model provides system-wide awareness. Extends from cloud to on-premises to air-gapped industrial environments.

**Cisco Hybrid Mesh Firewall** [DAPM: Retained]  
Policy enforcement across network switches, workloads, and NVIDIA BlueField DPUs. Extends security policy to the GPU server level. This is a Layer 0/2A security function — infrastructure-level policy enforcement that operates below the application runtime.

**Gap Analysis:** Cisco's Layer 2A is networking-centric: Intersight manages the infrastructure fleet, Nexus One manages the AI network, AgenticOps provides agentic IT operations. These are genuine Cisco-owned capabilities with no equivalent in Dell's or HPE's stack in terms of network-to-GPU observability correlation.

But GPU-aware scheduling and workload orchestration — the core Layer 2A functions — are NVIDIA-controlled (GPU Operator, Run:ai, AI Enterprise). This is the same gap Dell and HPE face. The enterprise using Cisco AI PODs schedules GPU workloads through NVIDIA's stack, not through Cisco's.

The AgenticOps framework is architecturally interesting because it applies agentic AI to IT operations itself — using AI agents to manage the infrastructure that runs AI agents. No other on-prem vendor has an equivalent agent-driven IT operations model. But AgenticOps manages infrastructure operations (networking, security, observability), not AI workload placement. It's a Layer 2A operational capability, not a Layer 2C governance capability.

Nexus One's AI Job Observability deserves specific note: correlating network telemetry with AI job behavior is a genuine signal that could feed Layer 2C placement decisions. If the network can tell you that a training job's completion time degraded because of network congestion on a specific spine switch, that's placement-relevant intelligence. Whether this signal is consumed by any placement logic today is not evident.

**Borrowed Judgment:** Moderate. Cisco retains infrastructure management and network orchestration judgment (Intersight, Nexus One, AgenticOps). GPU workload scheduling judgment is borrowed from NVIDIA (Run:ai, GPU Operator), same as Dell and HPE.

The AI Job Observability capability reduces borrowed judgment marginally — Cisco can see network-to-GPU correlations that NVIDIA's orchestration layer may not surface. But seeing the problem and acting on it are different functions. Cisco sees; NVIDIA schedules.

### ◑ Layer 2B: Application Runtime & Execution

*Model serving, agent execution, inference APIs, distributed inference*  
**Status:** Security Layer — Not Runtime

**Cisco AI Defense** [DAPM: Retained]  
Industry-first AI security solution for securing AI models, agents, applications, and infrastructure. Integrates NVIDIA NeMo Guardrails for AI application security. Secures NVIDIA OpenShell agent development platform with controls and guardrails to govern agent and claw actions. Model validation, prompt injection defense, data leakage prevention, bias detection. Spans Layer 2B (runtime security) and Layer 2C (agent governance). This is Cisco's most differentiated Layer 2B contribution — no other infrastructure vendor has an equivalent AI-specific security product.

**DefenseClaw (Open Source Secure Agent Framework)** [DAPM: Retained]  
Open-source framework that automates security governance for agentic AI. Admission control: scans skills, MCP servers, plugins, and code before they run. Observe mode (log without blocking) and action mode (block HIGH/CRITICAL findings). Integrates with NVIDIA OpenShell as the sandbox runtime. Splunk Observability Cloud dashboards for monitoring. Apache 2.0 licensed. Plans to integrate with NVIDIA OpenShell as the sandbox to eliminate manual steps and accelerate secure agent deployment.

**Cisco Isovalent Runtime Security** [DAPM: Retained]  
eBPF-based runtime security for containerized AI workloads. Deep kernel-level visibility into container behavior, network flows, and system calls. Part of the Secure AI Factory security stack. Runtime enforcement, not runtime execution — secures the container environment, does not provide the model-serving or agent execution runtime.

**Splunk AI Agent Monitoring** [DAPM: Retained]  
Tracks performance, cost, quality, and behavior of LLM and agentic applications in Splunk Observability Cloud. Visualizes agent workflows. Integrating with Cisco AI Defense for risk mitigation (bias, hallucinations, data leakage, prompt injection). GA February 2026. Galileo acquisition (expected Q4 FY2026) will add real-time guardrails, 20+ evaluation metrics including hallucination detection and context adherence, full ADLC coverage.

**Gap Analysis:** Cisco does not own the core agent runtime, model-serving runtime, or distributed inference framework — same structural position as Dell and HPE at Layer 2B. The NVIDIA NemoClaw/OpenShell stack provides execution; Cisco provides security governance around it.

But Cisco's security contribution at Layer 2B is the most comprehensive of any infrastructure vendor assessed. AI Defense is not a rebranded NVIDIA capability — it's Cisco-developed AI-specific security that integrates with NVIDIA's runtime. DefenseClaw is open-source admission control for agent capabilities. Isovalent provides kernel-level container security. Splunk AI Agent Monitoring provides behavioral observability. Together, these constitute a 'trust layer' for AI execution that no other infrastructure vendor matches.

The Galileo acquisition is strategically significant: it extends Splunk from infrastructure observability into AI agent evaluation, covering the full Agent Development Lifecycle (ADLC) — prompt optimization, model selection, production monitoring, and guardrail enforcement. Post-Galileo, Cisco will have the most comprehensive AI observability stack of any infrastructure vendor.

The distinction the 4+1 model draws: security constrains what agents CAN'T do. Runtime governs what agents DO. Governance determines what agents SHOULD do. Cisco has the first. NVIDIA has the second. Nobody fully has the third.

**Borrowed Judgment:** Moderate but inverted from Dell's pattern. Dell borrows runtime judgment from NVIDIA and security judgment from partners (CrowdStrike, Fortanix, F5). Cisco borrows runtime judgment from NVIDIA but retains security judgment entirely — AI Defense, DefenseClaw, Isovalent, and Splunk AI Agent Monitoring are all Cisco IP. The enterprise inherits NVIDIA's runtime decisions but Cisco's security decisions.

Post-Galileo, the observability judgment becomes even more Retained: Cisco will own infrastructure observability (Splunk), network observability (ThousandEyes, Nexus One), and AI agent observability (Galileo + AI Agent Monitoring) in a single platform.

### ◑ Layer 2C: Agentic Infrastructure — The Reasoning Plane

*Policy-driven placement and resource coordination — the Autonomy Layer*  
**Status:** Security + Identity — Not Yet Governance

**Duo Agentic Identity** [DAPM: Retained]  
Agent identity as first-class non-human identities. Duo Directory registers agents as distinct identity objects mapped to human owners with group-based policy enforcement. Per-action least-privilege enforcement. Lifecycle visibility for agent onboarding and decommissioning. Cisco Identity Intelligence provides continuous inventory of active AI agents — including shadow agents never registered with IdP. Architectural advantage: Cisco spans both identity and network, surfacing agents that communicate across infrastructure even without IdP registration.

**AGNTCY (Linux Foundation — Infrastructure Layer)** [DAPM: Retained]  
Open-source infrastructure for multi-agent systems: agent discovery (Open Agent Schema Framework / DNS-like agent directory), agent identity (cryptographic verification across organizational boundaries), agent messaging (SLIM — Secure Low-Latency Interactive Messaging, quantum-safe), agent observability (end-to-end across multi-agent, multi-vendor workflows). Originally open-sourced by Cisco Outshift (March 2025), donated to Linux Foundation (July 2025) with Dell, Google Cloud, Oracle, Red Hat as formative members. 75+ supporting companies.

Critical context: AGNTCY is one component within a larger standards convergence, not the defining standard itself. The Agentic AI Foundation (AAIF), formed December 2025, is the umbrella — analogous to CNCF for cloud-native. AAIF's founding projects are MCP (Anthropic), AGENTS.md (OpenAI), and goose (Block). Platinum members are AWS, Anthropic, Block, Bloomberg, Cloudflare, Google, Microsoft, OpenAI. Cisco is a Gold member of AAIF, not Platinum. A2A (Google) reached v1.0 and joined the broader LF agentic ecosystem. AGNTCY sits as complementary infrastructure beneath these protocols — the plumbing (discovery, identity, messaging, observability) that MCP and A2A need but don't provide themselves. AAIF is already called 'the fastest-growing project in Linux Foundation history' with 190 members by May 2026 — more than double CNCF's membership at the same stage. Microsoft explicitly draws the Kubernetes parallel: 'Just as Kubernetes needed RBAC and admission controllers to be enterprise-ready, agentic systems need governance primitives.' AGNTCY contributes some of those primitives. It does not define the ecosystem.

**Cisco AI Defense (Agent Governance Functions)** [DAPM: Retained]  
Secures multi-agent systems with controls for agent discovery, behavioral guardrails, and policy enforcement. Integrates with NVIDIA OpenShell for sandbox governance. Combined with Duo Agentic Identity, provides: which agents exist (discovery), who they are (identity), what they can access (authorization), what they do (monitoring), and what they can't do (guardrails). This is the closest thing to an agent governance stack in Cisco's portfolio.

**Splunk Observability + Galileo (Agent Evaluation)** [DAPM: Retained]  
AI Agent Monitoring in Splunk Observability Cloud for production agent behavior tracking. Galileo acquisition adds real-time guardrails, hallucination detection, context adherence, chunk attribution — 20+ evaluation metrics across the full ADLC. The Futurum Group positioned Splunk post-Galileo as 'an AI-era control plane candidate, concentrating network, security, and AI agent behavior telemetry in a single vendor.' Whether telemetry concentration constitutes a control plane is the open question.

**Gap Analysis:** Applying the 'Routing Is Not Reasoning' test from the 4+1 model:

• Duo Agentic Identity = identity management (which agents exist and what they can access)
• AI Defense = constraint enforcement (what agents cannot do)
• DefenseClaw = admission control (what agent capabilities are approved to run)
• AGNTCY = infrastructure primitives (how agents discover, authenticate, and message each other)
• Splunk + Galileo = observability and evaluation (what agents are doing and how well)

None of these provides policy-driven decisions about where compute runs relative to data, which model serves which request, or how cost/compliance/latency are arbitrated in real time. Cisco's Layer 2C is the most comprehensive SECURITY and OBSERVABILITY story of any vendor assessed — but security and observability are not the same as governance and placement.

The AGNTCY positioning requires careful calibration. The K8s analogy applies to the broader Agentic AI Foundation (AAIF) — the Linux Foundation umbrella with MCP (Anthropic), AGENTS.md (OpenAI), goose (Block) as founding projects, and AWS/Google/Microsoft/Anthropic/OpenAI as Platinum members. AAIF is 'the fastest-growing project in Linux Foundation history' with 190 members and more than double CNCF's early-stage membership. AGNTCY is one project within this ecosystem — important infrastructure (discovery, identity, messaging, observability) that MCP and A2A need but don't provide. But Cisco is a Gold member of AAIF, not Platinum. The ecosystem-defining standards (MCP, A2A) were originated by Anthropic and Google respectively, not Cisco. AGNTCY contributes the plumbing beneath the protocols — valuable, but not the protocols themselves.

The structural comparison:
• Google has a productized Layer 2C control plane (Agent Identity + Gateway + Registry + Orchestration + Observability + Memory Bank) AND originated A2A
• IBM has cross-framework agent governance (watsonx Orchestrate) + cross-platform model governance (watsonx.governance)
• VAST has PolicyEngine + Polaris for data-plane governance
• Cisco has agent identity + agent security + agent observability + open infrastructure primitives (AGNTCY) — but no agent orchestration, no model routing, no placement reasoning

Cisco is building the trust layer and contributing to the infrastructure standards layer. The question the 4+1 model poses is whether trust (can this agent be trusted to act?) plus interoperability standards (can agents discover and talk to each other?) is sufficient without governance (should this agent act here, now, with this data, on this model?). Trust and interoperability are necessary for governance. They are not governance.

However, Cisco's Layer 2C position is stronger than Dell's (Absent) and arguably stronger than HPE's (Delegated to Kamiwaza). Cisco owns genuine Layer 2C primitives — they just don't compose into a placement engine yet.

**Borrowed Judgment:** Low for the functions Cisco provides. All Layer 2C components are Cisco IP or Cisco-originated open standards. No NVIDIA dependency, no partner dependency for identity, security, or observability at this layer.

But 'low borrowed judgment for partial Layer 2C' is structurally different from 'low borrowed judgment for complete Layer 2C.' VAST has low borrowed judgment for a comprehensive (if captive) Layer 2C. Cisco has low borrowed judgment for agent trust functions — but the placement, routing, and governance functions are Absent, not borrowed.

The enterprise architect using Cisco for Layer 2C gets strong agent identity and security with zero borrowed judgment. They do not get agent orchestration, model routing, or policy-driven placement from anyone — Cisco or otherwise.

### ◇ Layer 3 (+1): AI Application Layer — The Value Plane

*AI-powered business capabilities — business logic, workflow automation*  
**Status:** Partner Ecosystem

**Cisco Secure AI Factory Partner Ecosystem** [DAPM: Delegated]  
Reference architecture that partners build on. VAST Data (storage), NVIDIA (compute/runtime), and a growing ecosystem of security partners integrated into AI Defense. The Secure AI Factory is a validated framework, not a walled garden — partners provide application logic, Cisco provides infrastructure and security.

**Splunk Platform (Analytics + Security Applications)** [DAPM: Retained]  
Splunk Enterprise Security TDIR platform. Splunk Observability Cloud. These are Layer 3 security applications that run on Cisco's own infrastructure. Splunk's installed base provides a distribution channel for AI capabilities — existing Splunk customers can adopt AI Agent Monitoring without new vendor relationships.

**Cisco Security Portfolio (Security Applications)** [DAPM: Retained]  
AI Defense, Duo, SecureX, Umbrella, Talos threat intelligence — the security product portfolio that Cisco positions as the 'trust layer' for enterprise AI. Each product addresses a specific security function; together they constitute a security application suite that sits alongside (not above) AI applications from other vendors.

**Gap Analysis:** Cisco's Layer 3 is structurally different from Dell's, HPE's, or the hyperscalers'. Dell has a broad ISV ecosystem (OpenAI, Palantir, Google, ServiceNow, SpaceXAI). HPE has Unleash AI with 26+ curated ISV partners. AWS and Google have thousands of ISV applications. Cisco's Layer 3 is narrower — the Secure AI Factory is a reference architecture that partners build on, not an application marketplace.

Cisco's strongest Layer 3 asset is Splunk — an established platform with deep enterprise penetration that is being extended into AI observability and security. Splunk's competitive advantage at Layer 3 is distribution: enterprises already running Splunk can adopt AI Agent Monitoring, AI Defense integration, and Galileo evaluation capabilities within their existing observability investment.

The strategic comparison with Dell at Layer 3: Dell's ecosystem is load-bearing (ISV partners provide infrastructure-level functions the platform lacks). Cisco's ecosystem is enabling (partners build applications on Cisco's infrastructure substrate). Cisco's Layer 3 partnerships are less about filling platform gaps and more about extending the reference architecture to specific use cases.

The Cisco 360 Partner Program (launched January 2026) structures partner engagement around the Secure AI Factory, with role-based training paths, dCloud demo environments, and NVIDIA compute training alongside Cisco networking and security training. This is a go-to-market capability, not a technology capability.

**Borrowed Judgment:** Distributed across partners, which is architecturally appropriate at Layer 3. The structural observation: Cisco's borrowed judgment at Layer 3 is concentrated in two domains — AI runtime (NVIDIA) and data platform (VAST). The security and observability applications are Retained. The enterprise application use cases are partner-provided.

The Splunk ecosystem (tens of thousands of enterprise customers, extensive app marketplace, active developer community) provides a distribution advantage for AI capabilities that pure-infrastructure vendors lack. Dell and HPE must sell AI capabilities to new buyer personas. Cisco can extend AI capabilities to existing Splunk and security customers.

---
*Layer2C · AI Infrastructure Decision Intelligence · The CTO Advisor LLC · thectoadvisor.com*