Frequently, I have been asked by customers regarding the difference between agent-based and agent-less monitoring solutions. There is a lot of confusion in this area, so this blog attempts to provide an explanation for each of these solution types, focusing mainly on the "paid" solutions. Open source solutions may be covered in a future article.
A bit of historySince the early 90s, when the client-server architecture became very dominant in the market,
IT managers started to look for a solution to monitor these new assets. New type of tools had
to be introduced as the old monitoring tools suitable to the age of central computing (mainframe) were completely useless now.
Network EquipmentAt that time, network equipment was monitored by various solutions that were based on the SNMP standard. Monitoring software from vendors such as Sun (Sunnet Manager), HP (OpenView) and IBM (Netview) used the early versions of SNMP agents incorporated into the network devices.
|IBM Netview 6000|
Such agents were called "monolithic". As the SNMP standard was further developed, more sophisticated agents were introduced. These agents were more flexible and allowed to be extended according to customer needs. These agents were called "extensible".
Servers and ApplicationsServers (mostly versions of UNIX) had some minimal SNMP implementations that were quite limited in their capabilities. Since each server had its own resources (CPU, memory, disks, network interfaces etc.) it was critical to understand what is the status of each component of the architecture in order to identify possible faults and performance bottlenecks. Additional requirements such as real-time reading of system logs, running automatic actions either scheduled or as response to an issue, were also of great interest.
Windows servers had their own implementation of SNMP (limited as with UNIX servers). But interestingly enough, Microsoft had came up with a new proprietary protocol (WMI) to allow agent-less remote management of Windows servers.
Oddly enough, using SNMP agents or WMI to manage servers and applications is still considered "Agent-less".
The introduction of proprietary system-based AgentsFollowing the increased market demand, software vendors such as CA, IBM and HP have quickly developed combinations of monitoring consoles and agents. Due to the weakness of the SNMP standards to provide a more comprehensive monitoring of operating systems and applications, these vendors introduced proprietary software for agents instead of relying on SNMP.
|HP Operations for Unix|
Agent-less Monitoring systemsDuring the early 2000s it was quite obvious that there is a place for cheaper/simpler monitoring solutions for mid-market customers. Smaller vendors have emerged and provided suites of products that utilized agent-less technologies such as SolarWinds, Paessler, Freshwater (later become HP SiteScope) and many others.
When vendors say "Agent-less" they actually mean: Native SNMP agent or protocols such as WMI, RSH, SSH or some other API the use to collect data from the server. Situations where you don't need to install other proprietary software.
When vendors say "Agent-based" they mean that you need to install their own software and use their console to manage your IT assets.
Comparing Agent-less vs. Agent-based features
|No||Yes||Built-in to OS|
|Yes||Yes||In depth OS/App|
|Low||Low-Medium||Network Load imposed by monitoring|
||Impact on host OS|
|SNMP Only||Yes||Use 3rd Party Mgmt Console|