AGENT OR AGENTLESS?   WHAT ARE THE APPROACHES, ADVANTAGES AND CHALLENGES OF DEPLOYING TECHNOLOGIES THAT USE        AGENTS ...
ContentsIntroduction ........................................................................................................
Introduction1E efficient IT solutions, specifically NightWatchman Enterprise and NightWatchman Server Edition, require ITd...
it is not. Conversely, without the ability to probe the system for more data, an agentless approach could potentiallypower...
High scalabilityAgentless solutions have to ping/ investigate/ poll data from a large number of monitored systems, so ther...
An agentless solution has its own equivalent though, for instance having to support multiple protocols and methodsof remot...
SummaryTelescope or spy?So what does agentless really mean? Agentless generally means that you will not have to install a ...
Upcoming SlideShare
Loading in...5
×

Agents vs Agentless

258

Published on

What are the approaches, advantages and challenges of deploying technologies that use agents versus agentless ones?

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
258
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
6
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Agents vs Agentless

  1. 1. AGENT OR AGENTLESS? WHAT ARE THE APPROACHES, ADVANTAGES AND CHALLENGES OF DEPLOYING TECHNOLOGIES THAT USE AGENTS VERSUS AGENTLESS ONES? SU KENT RAJPAL SINGH 1E SEPTEMBER 2011ABSTRACT: We discuss the issues around deploying either agent-based or agentless technologies for successful IToperations. Companies need to understand the values of both and the operational ability of each approach. Thedecision reached is usually dependent on the data that needs to be collected, how often it is collected and what youwant to do with the data. Purchasing decisions need to be determined by your data needs and the way your networkis architected.All rights reserved. No part of this document shall be reproduced, stored in a retrieval system, or transmitted by any means, electronic,mechanical, photocopying, recording, or otherwise, without permission from 1E. No patent liability is assumed with respect to the use of theinformation contained herein. Although every precaution has been taken in the preparation of this document, 1E and the author s assume noresponsibility for errors or omissions. Neither is liability assumed for damages resulting from the information contained herein. The 1E name is aregistered trademark of 1E in the UK, US and EC. The 1E logo is a registered trademark of 1E in the UK, EC and under the Madr id protocol.NightWatchman is a registered trademark in the US and EU.
  2. 2. ContentsIntroduction .............................................................................................................................................................. 3Why you want an agent working for you.................................................................................................................... 3 Why does running an agent lend itself to power management? ......................................................................... 3 Avoiding dependence on the network connection .............................................................................................. 3 Centralized security model ................................................................................................................................. 4 Minimize network hassle ................................................................................................................................... 4 High scalability ................................................................................................................................................... 5 Precision............................................................................................................................................................ 5 Actions are taken almost immediately................................................................................................................ 5 How to avoid common issues when deploying agents ........................................................................................ 5 Platform specific agents are required ................................................................................................................. 5 Human intervention and objections ................................................................................................................... 6Myth busting ............................................................................................................................................................. 6 Agents usually place additional load on the network .......................................................................................... 6 Interference with the operating system and applications ................................................................................... 6 Opening up the machines to security vulnerabilities ........................................................................................... 6Summary................................................................................................................................................................... 7 Telescope or spy? .............................................................................................................................................. 7References ................................................................................................................................................................ 7© 1E 2011 2
  3. 3. Introduction1E efficient IT solutions, specifically NightWatchman Enterprise and NightWatchman Server Edition, require ITdepartments to install a software agent (which resides on a workstation or server) and collects data based on acentrally set policy. Agents collect, aggregate and process local data and only communicate changes when necessary.Many other software solutions on the market adopt an agentless approach, relying instead on a central service thatinterrogates systems remotely to retrieve data, without having a locally installed agent on each client.We look at the pros and cons of each approach and debunk the myths around installing agents. According to Gartnerthere is already a consensus that neither approach to monitoring is absolutely superior. Each has its strengths indifferent contexts. “An agent is like a spy in the ranks, giving you a lot more information than you would get from just looking through a telescope (agentless)”Why you want an agent working for youWhy does running an agent lend itself to power management?An agent running on the system is capable of local data collection, correlation and processing. Taking PC powermanagement as an example, the agent can make better decisions based on activity that happens locally, for examplewhether the user is active before prompting to power off the system.An agent running on the machine can query the operating system to check when the user last used the machine andwhether he is logged on locally or remotely in order to defer or force the low power state. With multiple userslogged on, each user’s documents can be saved before logging off. In summary, user productivity is not disrupted.Using an agent for a server power management solution is the only way to identify whether useful work is beingcarried out on a server. This is the only way to accurately determine if a server is being used, enabling you to easilydiscover and decommission the 15% of servers doing no useful work.With agentless technology, there is reliance on remote methods to find interactive user sessions which have adependency on specific remote accessible APIs that cannot return whether the sessions are really active i.e. userlogged on and working. There is also no solution for true useful work detection with an agentless approach as thisdata is not exposed remotely.Avoiding dependence on the network connectionAgentless solutions are entirely dependent on network connectivity to obtain any information from clients.. Forexample, if there is a network problem it may make the assumption that a workstation is in a low power state when© 1E 2011 3
  4. 4. it is not. Conversely, without the ability to probe the system for more data, an agentless approach could potentiallypower down a machine when a user is using it.An agent has a degree of IT autonomy and can cache data and execute actions based on an existing policy even if themanagement server or its connection fails. It can send the data back to the management server whencommunication is restored.Centralized security modelThe agentless scenario inherently needs higher access rights. The server has to query the client which means that thelocal security policy on each machine has to be set up to enable access to the central account that can connect to themachine. An account that has access to local administrator privileges on every machine is required. This account willhave almost every right that a domain administrator has and therefore if compromised would allow access to a largeproportion of the IT assets of an organization.An agent requires administrative rights only on the machine it is installed on. Authentication and authorization rulesare only setup at the server end for policy and reporting. Neither account has access to any more than it absolutelyneeds.Minimize network hassleIn an agent-based scenario policies are retrieved and state is reported via outbound HTTP or SSL. Here the agent issending data to the central server and, as it is the initiator, is inherently trusted. As HTTP is stateless and ubiquitous,network devices and edge firewalls do not have to be configured to allow traffic. A route back to the server is all thatis needed which means reliance on the existing DNS/ DHCP/ proxy infrastructure. Since the agents only need to beaware of the server, they can be configured and can report over the internet. An agent on a subnet is responsible forwaking its neighbors which means that magic packets are sent via local broadcast.With an agentless solution, there is reliance on incoming connections and the administrator has to set up security oneach machine and allow inbound connections. In most cases, the server would be probing a Microsoft Windowsmachine using WMI (Windows Management Instrumentation) that relies on DCOM (Distributed COM) and RPC, theService Control Manager, the event log, Perfmon, ADSI, etc. This requires Kerberos authentication and enablinginbound firewall connections. ICMP would be used to query the state of the machine and hence the ICMP firewallrules would need to be modified. SNMP would be used for network devices – centralized management of SNMPdevices has its own issues.Advances in networking technologies, particularly fault tolerant, dynamic (policy-based) routing make prediction ofend-to-end path availability and characteristics exceedingly difficult. This is exacerbated when only a limited part ofthe network is visible – for example, across WAN links or within tunneling protocols.In an agentless environment where the server connects to agents from a central point and in environments where alimited part of the network is visible centrally, you may require the setup of multiple servers which then introducesanother challenge of managing roaming machines. Configuration or reporting over the internet is impossible.Routers have to be enabled for subnet directed broadcast which is the only way agentless wakeups can work.© 1E 2011 4
  5. 5. High scalabilityAgentless solutions have to ping/ investigate/ poll data from a large number of monitored systems, so there is anatural limit (number of metrics per number of systems at a given polling interval) a server can process. This alsoadds additional strain to the network.An agent-based approach to management is very scalable. Events are sent asynchronously after local processing andthe agent can take decisions to enhance scalability such as only sending up data when it changes, sendingdifferences, randomized time of sending or batching data based on server load all which enable scalability throughless server resources.Using stateless configuration and reporting over HTTP allows load balancing the server environment. Numerousarchitectural patterns exist for scaling HTTP and HTTPs environments and making them highly available.PrecisionAgentless generally means ‘polling’. As the polling frequency is increased you get a better understanding of what ishappening on the network. An agent doesn’t need to poll at all. It simply subscribes to operating system notificationsand is informed of any state changes. Reporting can be initialized even before the machine has been allocated an IPaddress and can be accurate to the millisecond. The state of the machine can be validated through querying multipledata sources before a report is generated.An agent can collect and process data locally and generate a behavior model to make certain intelligent decisionssuch as powering the machine down when a user has not logged on or if the machine has not been used for a while.The agent can also probe the operating system to model the behavior of the system’s idle timers and use intelligentlogic to force the machine to sleep saving even more power.Actions are taken almost immediatelySimple actions such as reporting IP address or subnet changes for wakeups or complex decisions on automaticallyfixing a failed computer health test can only be done immediately through operating system notification. The agentcan ask the operating system to inform it of state changes for example, of the network address, so that the serverdatabase can be kept up to date.In an agentless scenario, DNS querying or actively scanning the system would need to be depended upon. By thetime a user executes an action from the server, the data could be stale.How to avoid common issues when deploying agentsMost organizations already have a systems management solution which can be used to install agents. SystemsManagement best practice can avoid anticipated expenses sometimes attributed to agents, such as the cost ofdeploying them. In a server environment simple tools can be employed to address the one time installation of aserver based power management agent.Platform specific agents are requiredAn agent is required for each targeted set of platforms, for example, Windows 32-bit/64-bit, Linux, Unix, Macs.© 1E 2011 5
  6. 6. An agentless solution has its own equivalent though, for instance having to support multiple protocols and methodsof remote querying, for example, WMI or SNMP.Human intervention and objectionsIn general there are more ‘human’ objections against deploying agents and these complications can be more politicalthan operational. Some IT administrators see a risk in adding an agent which could potentially impact their currentservice. However risks are managed by following operational best practice of thoroughly testing agents beforedeploying them. Agentless methods are not immune to impacting performance or availability of systems since apoorly written or buggy remote script still has the capability to damage IT services.Myth bustingAgents usually place additional load on the networkAgents can employ intelligent data caching and spooling to send up less data than an agentless solution would. Theagent can send up data when the status changes or differences only. Reports are batched up and sent up at randomintervals, which means that the load on the network is minimized.Agentless servers create data requests centrally to remotes devices, which then reply with data. This bi-directionalchatter will generally consume far more network bandwidth.Interference with the operating system and applicationsA low level agent running in the background listening to operating system events has less of an effect on a machinethan executing a remote query. Posting data back to the server using HTTP is very cheap. Low resource consumptionis claimed for agentless environments – which is not strictly true as the server is using technology (WMI, SNMP) onthe machine to execute similar queries which causes resource utilization. An advantage of having an agent in thiscase is that queries can be targeted to the native operating system API and hence can result in less overall resourcesutilization.Opening up the machines to security vulnerabilitiesA carefully developed agent that considers security in its design (NightWatchman is Common Criteria certified)presents no additional attack surface. Proprietary agent communications are encrypted and use configurable ports,making them far more secure with less effortMost agentless protocols have no additional security, relying on the security of the underlying remote connectivityprotocols. However, requiring an account with administrative privileges across all machines is a much bigger securityissue.© 1E 2011 6
  7. 7. SummaryTelescope or spy?So what does agentless really mean? Agentless generally means that you will not have to install a software agent toperform any power monitoring. While this might be technically true for a moment, agentless is really a misnomer.Agentless implies that since there is no software to install, it is therefore easier to deploy, manage and maintain. Inmost cases, the supposed agentless solution simply uses the agents that come with another vendors productinstead, such as: Windows WMI or SNMP Service. The Windows SNMP service is not fully configured or enabled bydefault in Windows XP and above; you have to manually configure it which is not easy to do. Configuring security forWMI namespaces and enabling DCOM remote access is not trivial either. Although you dont have to install an agent,you may have to spend an almost equal amount of time configuring the built in one.Agent-based technologies are like having a spy in the ranks – giving you a lot more information than you would getfrom just looking through a telescope (agentless). With an agent-based approach you get greater command andcontrol capabilities, more granular information gathering and much less impact on the network. There are theadditional benefits in real-time reporting (detecting which workstations are no longer in use or servers that are notbeing useful) which brings the sought for benefits of Power Management (by powering them down).ReferencesFurther Reading: How to Choose between Agent-based and Agentless Monitoring, Gartner Research, by David Williams 12 July 2010© 1E 2011 7

×