Click here to load reader
Date post: | 28-Nov-2014 |
Category: |
Technology |
Upload: | 1e-empowering-it-efficiency |
View: | 428 times |
Download: | 0 times |
Click here to load reader
All rights reserved. No part of this document shall be reproduced, stored in a retrieval system, or transmitted by any means, electronic,
mechanical, photocopying, recording, or otherwise, without permission from 1E. No patent liability is assumed with respect to the use of the
information contained herein. Although every precaution has been taken in the preparation of this document, 1E and the authors assume no
responsibility for errors or omissions. Neither is liability assumed for damages resulting from the information contained herein. The 1E name is a
registered trademark of 1E in the UK, US and EC. The 1E logo is a registered trademark of 1E in the UK, EC and under the Madr id protocol.
NightWatchman is a registered trademark in the US and EU.
AGENT OR AGENTLESS?
WHAT ARE THE APPROACHES, ADVANTAGES AND CHALLENGES OF DEPLOYING TECHNOLOGIES THAT USE
AGENTS VERSUS AGENTLESS ONES?
SU KENT
RAJPAL SINGH
1E
SEPTEMBER 2011
ABSTRACT: We discuss the issues around deploying either agent-based or agentless technologies for successful IT
operations. Companies need to understand the values of both and the operational ability of each approach. The
decision reached is usually dependent on the data that needs to be collected, how often it is collected and what you
want to do with the data. Purchasing decisions need to be determined by your data needs and the way your network
is architected.
© 1E 2011
2
Contents
Introduction .............................................................................................................................................................. 3
Why you want an agent working for you .................................................................................................................... 3
Why does running an agent lend itself to power management? ......................................................................... 3
Avoiding dependence on the network connection .............................................................................................. 3
Centralized security model ................................................................................................................................. 4
Minimize network hassle ................................................................................................................................... 4
High scalability ................................................................................................................................................... 5
Precision ............................................................................................................................................................ 5
Actions are taken almost immediately................................................................................................................ 5
How to avoid common issues when deploying agents ........................................................................................ 5
Platform specific agents are required ................................................................................................................. 5
Human intervention and objections ................................................................................................................... 6
Myth busting ............................................................................................................................................................. 6
Agents usually place additional load on the network .......................................................................................... 6
Interference with the operating system and applications ................................................................................... 6
Opening up the machines to security vulnerabilities ........................................................................................... 6
Summary ................................................................................................................................................................... 7
Telescope or spy? .............................................................................................................................................. 7
References ................................................................................................................................................................ 7
© 1E 2011
3
Introduction
1E efficient IT solutions, specifically NightWatchman Enterprise and NightWatchman Server Edition, require IT
departments to install a software agent (which resides on a workstation or server) and collects data based on a
centrally set policy. Agents collect, aggregate and process local data and only communicate changes when necessary.
Many other software solutions on the market adopt an agentless approach, relying instead on a central service that
interrogates systems remotely to retrieve data, without having a locally installed agent on each client.
We look at the pros and cons of each approach and debunk the myths around installing agents. According to Gartner
there is already a consensus that neither approach to monitoring is absolutely superior. Each has its strengths in
different contexts.
“An agent is like a spy in the ranks, giving you
a lot more information than you would get from just
looking through a telescope (agentless)”
Why you want an agent working for you
Why does running an agent lend itself to power management?
An agent running on the system is capable of local data collection, correlation and processing. Taking PC power
management as an example, the agent can make better decisions based on activity that happens locally, for example
whether the user is active before prompting to power off the system.
An agent running on the machine can query the operating system to check when the user last used the machine and
whether he is logged on locally or remotely in order to defer or force the low power state. With multiple users
logged on, each user’s documents can be saved before logging off. In summary, user productivity is not disrupted.
Using an agent for a server power management solution is the only way to identify whether useful work is being
carried out on a server. This is the only way to accurately determine if a server is being used, enabling you to easily
discover and decommission the 15% of servers doing no useful work.
With agentless technology, there is reliance on remote methods to find interactive user sessions which have a
dependency on specific remote accessible APIs that cannot return whether the sessions are really active i.e. user
logged on and working. There is also no solution for true useful work detection with an agentless approach as this
data is not exposed remotely.
Avoiding dependence on the network connection
Agentless solutions are entirely dependent on network connectivity to obtain any information from clients.. For
example, if there is a network problem it may make the assumption that a workstation is in a low power state when
© 1E 2011
4
it is not. Conversely, without the ability to probe the system for more data, an agentless approach could potentially
power down a machine when a user is using it.
An agent has a degree of IT autonomy and can cache data and execute actions based on an existing policy even if the
management server or its connection fails. It can send the data back to the management server when
communication is restored.
Centralized security model
The agentless scenario inherently needs higher access rights. The server has to query the client which means that the
local security policy on each machine has to be set up to enable access to the central account that can connect to the
machine. An account that has access to local administrator privileges on every machine is required. This account will
have almost every right that a domain administrator has and therefore if compromised would allow access to a large
proportion of the IT assets of an organization.
An agent requires administrative rights only on the machine it is installed on. Authentication and authorization rules
are only setup at the server end for policy and reporting. Neither account has access to any more than it absolutely
needs.
Minimize network hassle
In an agent-based scenario policies are retrieved and state is reported via outbound HTTP or SSL. Here the agent is
sending data to the central server and, as it is the initiator, is inherently trusted. As HTTP is stateless and ubiquitous,
network devices and edge firewalls do not have to be configured to allow traffic. A route back to the server is all that
is needed which means reliance on the existing DNS/ DHCP/ proxy infrastructure. Since the agents only need to be
aware of the server, they can be configured and can report over the internet. An agent on a subnet is responsible for
waking its neighbors which means that magic packets are sent via local broadcast.
With an agentless solution, there is reliance on incoming connections and the administrator has to set up security on
each machine and allow inbound connections. In most cases, the server would be probing a Microsoft Windows
machine using WMI (Windows Management Instrumentation) that relies on DCOM (Distributed COM) and RPC, the
Service Control Manager, the event log, Perfmon, ADSI, etc. This requires Kerberos authentication and enabling
inbound firewall connections. ICMP would be used to query the state of the machine and hence the ICMP firewall
rules would need to be modified. SNMP would be used for network devices – centralized management of SNMP
devices has its own issues.
Advances in networking technologies, particularly fault tolerant, dynamic (policy-based) routing make prediction of
end-to-end path availability and characteristics exceedingly difficult. This is exacerbated when only a limited part of
the network is visible – for example, across WAN links or within tunneling protocols.
In an agentless environment where the server connects to agents from a central point and in environments where a
limited part of the network is visible centrally, you may require the setup of multiple servers which then introduces
another challenge of managing roaming machines. Configuration or reporting over the internet is impossible.
Routers have to be enabled for subnet directed broadcast which is the only way agentless wakeups can work.
© 1E 2011
5
High scalability
Agentless solutions have to ping/ investigate/ poll data from a large number of monitored systems, so there is a
natural limit (number of metrics per number of systems at a given polling interval) a server can process. This also
adds additional strain to the network.
An agent-based approach to management is very scalable. Events are sent asynchronously after local processing and
the agent can take decisions to enhance scalability such as only sending up data when it changes, sending
differences, randomized time of sending or batching data based on server load all which enable scalability through
less server resources.
Using stateless configuration and reporting over HTTP allows load balancing the server environment. Numerous
architectural patterns exist for scaling HTTP and HTTPs environments and making them highly available.
Precision
Agentless generally means ‘polling’. As the polling frequency is increased you get a better understanding of what is
happening on the network. An agent doesn’t need to poll at all. It simply subscribes to operating system notifications
and is informed of any state changes. Reporting can be initialized even before the machine has been allocated an IP
address and can be accurate to the millisecond. The state of the machine can be validated through querying multiple
data sources before a report is generated.
An agent can collect and process data locally and generate a behavior model to make certain intelligent decisions
such as powering the machine down when a user has not logged on or if the machine has not been used for a while.
The agent can also probe the operating system to model the behavior of the system’s idle timers and use intelligent
logic to force the machine to sleep saving even more power.
Actions are taken almost immediately
Simple actions such as reporting IP address or subnet changes for wakeups or complex decisions on automatically
fixing a failed computer health test can only be done immediately through operating system notification. The agent
can ask the operating system to inform it of state changes for example, of the network address, so that the server
database can be kept up to date.
In an agentless scenario, DNS querying or actively scanning the system would need to be depended upon. By the
time a user executes an action from the server, the data could be stale.
How to avoid common issues when deploying agents
Most organizations already have a systems management solution which can be used to install agents. Systems
Management best practice can avoid anticipated expenses sometimes attributed to agents, such as the cost of
deploying them. In a server environment simple tools can be employed to address the one time installation of a
server based power management agent.
Platform specific agents are required
An agent is required for each targeted set of platforms, for example, Windows 32-bit/64-bit, Linux, Unix, Macs.
© 1E 2011
6
An agentless solution has its own equivalent though, for instance having to support multiple protocols and methods
of remote querying, for example, WMI or SNMP.
Human intervention and objections
In general there are more ‘human’ objections against deploying agents and these complications can be more political
than operational. Some IT administrators see a risk in adding an agent which could potentially impact their current
service. However risks are managed by following operational best practice of thoroughly testing agents before
deploying them. Agentless methods are not immune to impacting performance or availability of systems since a
poorly written or buggy remote script still has the capability to damage IT services.
Myth busting
Agents usually place additional load on the network
Agents can employ intelligent data caching and spooling to send up less data than an agentless solution would. The
agent can send up data when the status changes or differences only. Reports are batched up and sent up at random
intervals, which means that the load on the network is minimized.
Agentless servers create data requests centrally to remotes devices, which then reply with data. This bi-directional
chatter will generally consume far more network bandwidth.
Interference with the operating system and applications
A low level agent running in the background listening to operating system events has less of an effect on a machine
than executing a remote query. Posting data back to the server using HTTP is very cheap. Low resource consumption
is claimed for agentless environments – which is not strictly true as the server is using technology (WMI, SNMP) on
the machine to execute similar queries which causes resource utilization. An advantage of having an agent in this
case is that queries can be targeted to the native operating system API and hence can result in less overall resources
utilization.
Opening up the machines to security vulnerabilities
A carefully developed agent that considers security in its design (NightWatchman is Common Criteria certified)
presents no additional attack surface. Proprietary agent communications are encrypted and use configurable ports,
making them far more secure with less effort
Most agentless protocols have no additional security, relying on the security of the underlying remote connectivity
protocols. However, requiring an account with administrative privileges across all machines is a much bigger security
issue.
© 1E 2011
7
Summary
Telescope or spy?
So what does agentless really mean? Agentless generally means that you will not have to install a software agent to
perform any power monitoring. While this might be technically true for a moment, agentless is really a misnomer.
Agentless implies that since there is no software to install, it is therefore easier to deploy, manage and maintain. In
most cases, the supposed agentless solution simply uses the agents that come with another vendor's product
instead, such as: Windows WMI or SNMP Service. The Windows SNMP service is not fully configured or enabled by
default in Windows XP and above; you have to manually configure it which is not easy to do. Configuring security for
WMI namespaces and enabling DCOM remote access is not trivial either. Although you don't have to install an agent,
you may have to spend an almost equal amount of time configuring the built in one.
Agent-based technologies are like having a spy in the ranks – giving you a lot more information than you would get
from just looking through a telescope (agentless). With an agent-based approach you get greater command and
control capabilities, more granular information gathering and much less impact on the network. There are the
additional benefits in real-time reporting (detecting which workstations are no longer in use or servers that are not
being useful) which brings the sought for benefits of Power Management (by powering them down).
References
Further Reading: How to Choose between Agent-based and Agentless Monitoring, Gartner Research,
by David Williams 12 July 2010