I doubt that there’s anyone in networking who doesn’t realize that there are some profound changes happening. In fact, they’ve been underway for some time, but as usual both vendors and operators have tried to stay the course and hope for a return of the good times. Both groups, at least at the planner level, are telling me that in 2023 they’ve accepted that return isn’t likely. Both are taking, or accelerating, steps to address a future that promises to be different, perhaps very different, but that doesn’t mean that they re not still trying to leverage the good old days.
Last week we had two network vendor announcements that I think are clear responses to this situation. Ignoring for the moment the RAN and mobile-specific infrastructure, Cisco is the market leader and greatest strategic influence in networking, according to enterprises and operators. Juniper is Cisco’s main strategic rival. Both had announcements that tell interesting, but different, stories.
Cisco’s purchase of Splunk is the largest in the company’s history, and it’s a two-or-three-edged bet. On the one hand, Splunk is a security play, and on the other hand an observability play. Both of these missions are facilitated through AI, and so you could also say it’s an AI play. The combination has been labeled by Splunk as “the key to enterprise resilience”, and it’s accurate to say that security and network issues create similar problems and even admit to similar paths to diagnose and resolve them. Despite the multi-edged character, I’d still see this deal as being more tactical. That fits with Cisco’s long-standing sales-driven mindset.
Juniper’s announcement was on its Apstra strategy, an evolution of something they acquired years ago, just as they’d acquired their Mist AI strategy. Both these had, in my view, very strong strategic justifications, and my primary criticism of Juniper has been that it’s made some very smart strategic moves but failed to quickly envelope them in a powerful positioning story. Apstra is actually way more than it appears, and more than how Juniper has tended to describe it.
Let’s start with Splunk. If we look at operations organizations, tools, and practices, we see them aimed at sustaining the collective business missions of a company by dealing with issues that would compromise quality of experience (QoE). Most organizations admit that these issues can arise from failures in services and equipment, failures in application software, platform software failures, and security breaches. But whatever the source, QoE depends first and foremost on having a way to validate the experience quality, which is really what “observability” is about. A lot of the things that can help with that could also provide information on suspicious behavior that could indicate a security breach, and Splunk has capitalized on that kind of convergence.
Splunk’s website has a useful figure that presents security and observability as piece of a spherical stack layer that’s supported by Splunk AI and served by a set of APIs, models, and tools that in turn allow for third-party elements to be integrated. This can then create closed-loop automation to integrate the data with other management information, and even to drive a form of closed-loop remediation. Cisco, as a provider of network and server/platform technology, and of management tools, is clearly in a position to provide those third-party elements. That would suggest to me that Cisco might wrap its whole management model around this multi-layer Splunk structure. Thus, it could be seen as a kind of top-down approach, and a fairly radical transformation.
The thing here is that Cisco has not been one to acquire companies and technologies to transform the whole of their product architecture and positioning. Not only that, such a move would surely create instant fear and conflict in the relationships Splunk already has with third parties and with other marketing channels. Cisco has promised Wall Street that the deal will be profitable and cash-flow positive, so any short-term issues like this would probably impact Cisco’s stock, which they’re not likely to risk. That would suggest that Cisco will either slow-roll any major strategic repositioning, or that they’ll view this deal as sales-tactical. That may sound odd given the potential strategic impact, but Cisco has always preferenced sales considerations in making M&A decisions.
Juniper, as I’ve suggested, may have been doing just the opposite for years. Their Mist AI acquisition has become (with Marvis conversational assistant support) the centerpiece of Juniper’s AI strategy (and likely a factor influencing Cisco’s Splunk deal) and one of its major success stories. Juniper, of all the network vendors, has the most enterprises who report their AI use and the most who are aware of their AI strategy and product portfolio. The announcement they made last week could well be the opening steps in demonstrating that their acquisition of Apstra is going to bear fruit in the same way.
While Juniper tends to represent Apstra as a data center network management tool, it’s really a kind of “data-center-network-as-code” abstraction tool. “Intent-based” is how Juniper describes this, and what it means is that rather than synthesizing (building from) behavior of data center resource connectivity from primitive network configurations, Apstra analyzes (decomposes from) data center goals to create connection configuration. This allows Apstra to support multi-vendor data center networks, to evolve a competing vendor’s network to Juniper gear, but most importantly to align data center connectivity with data center hosting.
The first level of this lets users build a graph database of operational/experiential goals/intents, as a single source of truth. This database then guides the configuration of the data center network, and the state of the network is monitored against it to detect issues. An issue can result in notification, recommendation, or remediation based on policy. Because the goals/intents are derived from the hosting requirements, this aligns with overall QoE objectives. A further level of alignment is achieved by linking Apstra to the Terraform infrastructure-as-code framework, using a Terraform Provider. With this linkage, Terraform configurations become goals/intents that drive data center network setup and operational management. Both these levels, but the Terraform Provider in particular, make it easy to align data center network operations with both WAN/VPN operation and with the cloud configuration in hybrid cloud models.
The cloud affinity here creates a potential link to operator needs, and in particular to metro networks, feature/function hosting, and Juniper’s own Cloud Metro story. Juniper recently had an Apstra win with Pakistan’s Jazz, and that suggests that Juniper is indeed bringing Apstra into Cloud Metro, which I think is a very important step.
Juniper is promising enhanced security features in Apstra, and they also have validated reference templates (Juniper Validated Designs) to use. You can use graph database queries to get customized information from the Apstra database, but you can also now use a no-code programming tool. Custom integration with other network, data center platform, and hardware elements is also supported. This all aligns with Juniper’s “Experience Based Networking” theme, which is a top-down-referenced company positioning, but instead of having a from-the-top integration and positioning as Cisco did, Juniper sure seems to have built their capabilities from the bottom up. While bottom-up-ness isn’t always in favor (and I’m disposed to think the other way), if we assume that both companies are aimed at the same goal, how would the difference in approaches play out?
It’s a matter of timing. Cisco has grabbed a company that asserts a top-level combined observability and security framework, but that company has existed for a decade and a half, and has been public for over a decade. They’ve also been a Cisco partner. Could Cisco augment Splunk? Sure, but that’s not typically what they aim to do, particularly not in the near term. Juniper has built a strategic framework that’s only now really coalescing, and they’ve paced their positioning to the realities of their capabilities. Could Cisco make it harder for Juniper to position their assets, assets that are now creating the same sort of stuff Cisco seems to be promising? Can Juniper claim a top-level position that they can fully realize, making it harder for Cisco to gain anything from Splunk but the revenue base it’s had all along? Those are questions only time will answer.
