The third feature is unified policy orchestration, where Palo Alto Networks’ management plane centralizes zone-based and microperimeter policies, and CloudVision MSS responds with the offload and enforcement of Arista switches. “This treats the entire geo-distributed network as a single logical switch, allowing workloads to be migrated freely across cloud networks and security domains,” Srikanta and Barbieri wrote.
Lastly, the Arista Validated Design (AVD) data models enable network-as-a-code, integrating with CI/CD pipelines. AVDs can also be generated by Arista’s AVA (Autonomous Virtual Assist) AI agents that incorporate best practices, testing, guardrails, and generated configurations.
“Our integration directly resolves this conflict by creating a clean architectural separation that decouples the network fabric from security policy. This allows the NetOps team (managing the Arista fabric) and the SecOps team (managing Palo Alto Networks security) to scale, upgrade, and innovate independently,” Kotamraju wrote. “NetOps can focus on building a high-performance, reliable network, while SecOps can focus on delivering best-in-class security services. Each team uses their own domain-specific management tools, and the integration layer automatically synchronizes policy and enforcement actions.”
