What's live, what's next, and how every layer of Cisco Secure AI Factory earns its place. A live home lab, not a slide deck.
Every layer of Cisco Secure AI Factory. Same products. Free tier. Running end-to-end in a home lab. The Secure AI Factory reference architecture — Access, AI Runtime, Data, Compute, Network, with Security and Observability wrapping — is what Cisco+NVIDIA jointly recommend to enterprises building AI infrastructure. This lab is that same stack, downsized to what any DC SE can rebuild at zero incremental cost.
Cisco AI Defense × NetBox × Nemotron
A NetBox chatbot on Nemotron, guarded by AI Defense at input, tool-args, and output. Running on OCI free tier, reachable now.
Same reference architecture Cisco+NVIDIA co-market to enterprise DC customers. Left column: what runs in a real Secure AI Factory deployment. Right column: what runs in this lab. Where the products are identical, they're flagged SAME.
Access & Applications
User → chatbot UIAI Runtime
Inference · modelsData
Vector · RAG · sourcesCompute
CPU · GPU · substrateNetwork Fabric
L3 · SDN · edgeCisco Cloud Control is Cisco's announced (pre-GA) AI-native platform for cross-domain security operations. When it ships, it's where customers will run every product on this page at production scale. This lab isn't a substitute for Cloud Control; it's the hands-on foundation SEs need to be fluent in the portfolio it will orchestrate. Build the stack here now. Be ready to operate it there when the cockpit ships.
The Secure AI Factory layers above run on four free-tier substrates. Any SE on the team can reproduce the whole architecture by signing up at four URLs.
Cloud services
$0/mo · perpetualHosts every public-facing surface — the SE Lab site you're reading and the AI Defense demo. One AMD instance plus one ARM instance covers the distributed lab's public face at zero cost.
AI inference
Free · rate-limitedManaged API endpoints for open-weights models — Nemotron, Llama, embedding stacks. No local GPU needed. Cisco email address unlocks a fresh credit pool every month; more than enough for on-demand chatbot demos.
On-prem lab
One-time HW · $0 recurringWhere the story earns the "hybrid" label. The 1210CE is one node — real enterprise gateway with FTD 7.6 and full evaluation licensing. Adjacent: a UCS server for compute workloads and a Raspberry-Pi-based OOB console.
Observability
$0 (Cisco-provided)The layer that sees every hop the request takes. Local ThousandEyes agent at the home lab, plus 200+ ThousandEyes cloud agents worldwide, plus Talos intelligence feeding IPS at every FTD instance. Splunk and XDR slot in here later as they roll out.
Products that already share the SCC pane. Each is an "enable a switch, gain a story" move — no new logins for customers, immediate cross-product correlation.
Cisco XDR
Correlates FW + endpoint + email + cloud. Orchestration layer above every other Tier 1 product.
Umbrella
Filters at DNS layer + SASE tunnel from FTD. Blocks threats before they hit the firewall.
Duo
Authenticates admin access to FDM, SCC, everything. MFA + device trust in one move.
Secure Endpoint
Closes the endpoint side of the kill chain. Feeds XDR with process/file telemetry FW can't see.
Secure Email Threat Defense
Covers the email attack vector. Most breaches still start there — completes the "every door" story.
Talos intel
Powers IPS + URL filtering by default. Not a product to sell — proof of platform depth.
Firewall vendors get blamed for problems they don't own. These products prove where the fault actually lives — the SE's most re-used demo.
ThousandEyes
Sees internet + SaaS + FW paths end-to-end. Answers "is it the ISP, Cloudflare, the app, or my box?" in one screen.
Splunk
Ingests FTD syslog + Snort events. Since Cisco owns it, the "platform SIEM" answer for enterprise DC.
AppDynamics · Splunk Observability
Extends observability to the app layer (now part of Splunk Observability suite). Rounds out the FSO story.
Different problem space than perimeter FW — east/west inside clusters. Same platform pitch. Pairs cleanly with the AI Defense story already in the tenant.
Isovalent
Enforces workload-to-workload policy in K8s via eBPF (Cilium / Tetragon). Cisco acquired 2024. Complements FTD's north/south.
Panoptica · Outshift
Covers CNAPP — cloud posture, container, K8s, app. Sits above Isovalent in the stack.
Multicloud Defense
Protects multi-cloud network traffic (Valtix acquisition, 2023). Extends FTD-style policy across AWS, Azure, GCP.
Not core to the security pitch, but every DC SE needs credible answers when customers ask "what about…". The lab covers them by proximity.
Cisco Secure AI Factory
Validates AI-DC reference architectures (NVIDIA partnership). The "how do we build AI infra securely" answer.
UCS + Intersight
Manages a UCS C220 M8 in the same rack. Same ConsolePi already consoles it — one lab, two products.
Nexus Dashboard
Cockpits DC network fabric. Where switch + UCS stories converge.
Fifteen-plus Cisco products, spread across the five architectural layers of Secure AI Factory, running end-to-end from free tiers any DC SE can rebuild. When a peer asks "what would Secure AI Factory look like at our scale?" — the answer opens in a browser tab, not a PDF.