Extreme Networks: AI Agent for Network Administration

At this year's Extreme Connect trade show in Orlando, Extreme Networks presented a comprehensive update of its products. In addition to some hardware innovations, the focus was on an AI agent designed to assist with network operations, either supportively or autonomously.

Agent Number One for Extreme Platform ONE

With Agent ONE, the cloud network management service Extreme Platform ONE gains an AI agent. The agent accesses the assets and telemetry data managed there and uses them in a three-layer stack: Frontier models from external hyperscalers, a knowledge layer based on platform data, and a skills layer with connectors and workflows, including guardrails.

However, this model connection is precisely the sticking point for regulated environments: While Platform ONE is to be operated on-premises on Extreme hardware in the future – prices for which are not yet known – Agent ONE currently only works with Frontier models from the cloud. Therefore, those who want to rely on on-premises operation for compliance reasons will have to forgo AI functions for the time being. Extreme has not yet indicated whether a local model option will be available, but has not ruled it out either.

The agent is delivered in two stages: Agent ONE Coworker (from July 1, 2026) is designed as a proactive companion. It provides context-specific hints about problems, analyzes the currently open content in the console, and suggests actions. It does not act independently – every measure requires human approval. This is consistent with the "Human-Centric" line and realistic for a first iteration, as humans retain full control over actions.

Agent ONE Operator (Q4/2026) goes further and executes workflows autonomously within defined guardrails. The rights management here is interesting: Secure defaults are available; beyond that, one configures via prompt what the agent is allowed to do autonomously, what requires approval, and what is taboo. Tasks can be triggered, scheduled, or executed continuously. Static user interfaces with buttons are largely a thing of the past in Operator mode; control is text-based. Nevertheless, metrics should be displayable in a clear manner – with the help of dashboards, the Operator also assists in their creation.

Transparent quota limits and an observability dashboard are intended to prevent cost runaways and illustrate which actions were executed when and why – important for audit and compliance managers. Extreme Exchange is intended to function as a marketplace for skills and extensions, offering instructions for building custom skills and a discussion forum. However, it remains to be seen whether the community will actively contribute.

Furthermore, it remains to be seen how Extreme will approach the topic of security. A community skill that only makes recommendations in Coworker mode is uncritical – the same skill in Operator mode with write access to policies or fabric configurations is not. Signing, traceable reviews, and granular rights mapping are likely to quickly become prerequisites for use in production environments in the enterprise sector. Extreme has shown little concrete on these points at Connect so far.

Platform ONE: Under-the-Hood Improvements

The remaining Platform ONE innovations appear solid, albeit largely incremental. An exception – and particularly interesting for migration scenarios – is third-party management via the Third Party Management Engine (TPME). This allows switches from manufacturers such as Cisco, HPE, and Juniper to be integrated into Platform ONE via a proxy VM; Wireless LAN Controllers (WLCs) are also planned for the future. The interface here is mainly the tried-and-tested SNMP. The focus is initially on monitoring directly from Platform ONE. Firmware and simple configuration management are planned for the future.

Also new is a cloud PKI that can distribute its certificates via common MDM software as well as via an Extreme-proprietary agent. For user authentication, it integrates existing identity providers such as Entra ID, Google Workspace, Okta, or HENNGE One; a generic provider for integrating any further solutions is announced.

Furthermore, drift management is added, which makes deviations between the central target configuration and the actual device status visible. For each conflict, the admin can decide whether to adopt the local change into the central profile or overwrite it.

The Platform ONE innovations are rounded off by a series of smaller improvements and integrations of other product lines into Platform ONE. Wireless Intrusion Prevention System (WIPS) directly in the WLAN stack, extended client insights including position tracking, Fabric over SD-WAN for extending the fabric across locations, and further developed Zero-Touch Onboarding. Their configuration profiles now support variables – useful wherever many locations with similar but not identical configurations need to be set up.

(mho)