Not that old chestnut…
In the world of IT asset management / audit there are basically two fundamental approaches; agent based or agentless. The former requires the deployment of software (the agent) , manually or via an automated process onto each and every computer / network device (where possible) on the audit target network; and, in the case of one off audits, the removal of agents on completion. The latter however …. does not!
Now I am going to level with you right up front. As a vendor of agentless auditing and systems management software I am a tad biased; but am I biased because we create agentless solutions, or do we create agentless solutions because we can’t believe anyone would want to do things the hard way with agent based solutions?
So what does this mean?
Agent Based
Agent based solutions take time to implement, time to gather data, Impact the performance of the end user computers and ultimately impact the user. You only have to recall the effects of anti virus agents that reduced users computers to a snails pace. The days when you turned on your PC and went for a cup of tea whilst the various background agents did their thing.
As the guardian of the corporate purse strings why would you invest in “improved performance” hardware only to lobotomise it by filling memory and loading processor/s with agents.
Also there is no definitive base line time as the time of occurrence of any event is relative i.e. Is it the time according to the computer upon which the event occurred; or is it the time that the information was recorded on the central server. If it’s the former, the times will differ from computer to computer and if it’s the latter, the time that the server became aware of it could be considerably later than the actual event because the agents cannot update the server simultaneously due to risk of network performance impact.
Real-time monitoring
A claim frequently made by the agent based solution vendors as one of the few features believed to be unique to them. I beg to differ or at least request an explanation. The argument is that it is only with code on each machine that you can monitor activity in real time. To a point I totally agree, however if the agent knows about events in real time that’s great but how does it help you with systems admin? After all, you don’t know what the agents know until the agents have reported back to the server (over a staggered time period to avoid network bandwidth impact) and only then after the server has digested the data and informed you. So you get from the agent what amounts to a notification that something you needed to know about occurred at precisely some time ago; but whilst I could not tell you about it you will be pleased to know that I was there to witness it and record it. Well, whilst being better than a poke in the eye with a sharp stick, to my mind that’s not a lot of help.
Also, just because an agent is on each machine does not make it real time! After all the agent is not scanning the computer constantly (i.e. at the processor cycle speed) as this would lock up the computer. The term “real time” is subjective and relative, in reality the agent will scan at best every 30 seconds (and that’s optimistic) as doing so anymore frequently could impact the users.
Change Control & Compatibility Testing
Then of course you are introducing new code into the mix on each box, so you really should lab test the agent against user environment builds. This is not too time consuming because all of your hardware is exactly the same spec so one compatibility test covers all… No? Then technically every spec variation needs testing.
Agentless
Well, if you search the web you will find numerous articles stating the limitations of agentless solutions, and they will all have been written by agent based solution vendors; and in truth there was a time when their claims were founded.
Generally it is considered that agentless solutions are only viable on small networks because of the time required to perform an audit/scan. Time frames such as 30 minutes to scan a class C network (255 nodes) were considered fast, so large scale commercial networks of investment banking scale, global wide area networks were most definitely out of the question.
Then it was claimed that due to the need to maintain what little speed these solutions had, it wasn’t possible for them to match the agent based solutions for depth and detail of returned data. Again this was true, it was a trade off of speed or detail.
Another claim was that agentless audits could, because of their speed constraints, only perform audits/scans infrequently so they would not hold a candle to the currency of the data returned by the agent based solutions. Logically this cannot be argued with, after all when agentless solutions take 30 minutes to scan a class C network the latency of agent based solutions is far superior.
What they don’t tell you.
As agentless solutions do not install any code there is nothing to conflict with existing software so the whole compatibility, change control issue becomes a mute point. That’s a considerable time saving on your audit project before you start and not to be sneezed at.
Then, in the case of one off audit, there is no agent removal required. Yes the agent based vendors with products that self install and remove agents will make that sound like a really slick operation, but what do you think happens when the job is done and it’s time to pick up the cheque and some of the machines are off or asleep when the server is issuing the uninstall command. What chance of redundant, active, code remaining?
Okay so what have we got. In summary, agentless = good for small networks, negligible (varies according to solution) aggravation factor. Agent based = good for large networks but has an increased aggravation and risk factor.
Then there was nanoTech
What if you could have the best of both worlds? After all, if you could cover the ground that agent based solutions can without the need to introduce agents then you would have no compatibility issues so earlier project commencement and savings on testing costs. No disruption or changes for the user base. Results at your finger tips.
Some years ago we at nanoTech realised the “magic bullet” nature of such a solution. We set about creating a scanning/auditing engine which would do just this.
Our engine
- Processes approximately 250 network nodes per second.
- 5,000- 6,000 per minute.
- Over 1 million per hour (tested on a 10 base T network and the internet over broadband).
- Will function from a lap top, over wireless.
- Detects wirelessly network connected devices (even mobile phones).
With our ‘smart sense’ logic, which manages the resources of the host computer and monitors the available network bandwidth, our engine automatically adjusts its behaviour so as to optimise its performance whilst ensuring minimal impact on host and network.
Our engine is incorporated in all our scanning products and is the power that enables these apps to scan global Wide Area networks from a single instance in seconds/minutes from a web browser (Internet Explorer).
nanoTech products can scan with such speed that with the incorporated scheduling feature repetitious scans can be performed at such frequency that they match or even out perform agent based. We can scan a class C network, for example, 60 times per minute; with no impact on users as our code is not using their box’s resources.
Comments