Tuesday, December 16, 2014

Agent-based vs. Agent-less Monitoring

Frequently, I have been asked by customers regarding the difference between agent-based and agent-less monitoring solutions. There is a lot of confusion in this area, so this blog attempts to provide an explanation for each of these solution types, focusing mainly on the "paid" solutions. Open source solutions may be covered in a future article.

A bit of history

Since the early 90s, when the client-server architecture became very dominant in the market,
IT managers started to look for a solution to monitor these new assets. New type of tools had
to be introduced as the old monitoring tools suitable to the age of central computing (mainframe) were completely useless now.

Network Equipment

At that time, network equipment was monitored by various solutions that were based on the SNMP standard. Monitoring software from vendors such as Sun (Sunnet Manager), HP (OpenView) and IBM (Netview) used the early versions of SNMP agents incorporated into the network devices. 
Click to enlarge sample view of Correlated Network Resources
IBM Netview 6000

Such agents were called "monolithic". As the SNMP standard was further developed, more sophisticated agents were introduced. These agents were more flexible and allowed to be extended according to customer needs. These agents were called "extensible".

Servers and Applications

Servers (mostly versions of UNIX) had some minimal SNMP implementations that were quite limited in their capabilities. Since each server had its own resources (CPU, memory, disks, network interfaces etc.) it was critical to understand what is the status of each component of the architecture in order to identify possible faults and performance bottlenecks. Additional requirements such as real-time reading of system logs, running automatic actions either scheduled or as response to an issue, were also of great interest.

Windows servers had their own implementation of SNMP (limited as with UNIX servers). But interestingly enough, Microsoft had came up with a new proprietary protocol  (WMI) to allow agent-less remote management of Windows servers.

Oddly enough, using SNMP agents or WMI to manage servers and applications is still considered "Agent-less"


The introduction of proprietary system-based Agents

Following the increased market demand, software vendors such as CA, IBM and HP have quickly developed combinations of monitoring consoles and agents. Due to the weakness of the SNMP standards to provide a more comprehensive monitoring of operating systems and applications, these vendors introduced proprietary software for agents instead of relying on SNMP. 
HP Operations for Unix
Obviously, the major drawback for customers was that they must use the agent and console from a single vendor and cannot mix and match them. 

Agent-less Monitoring systems

During the early 2000s it was quite obvious that there is a place for cheaper/simpler monitoring solutions for mid-market customers. Smaller vendors have emerged and provided suites of products that utilized agent-less technologies such as SolarWinds, Paessler, Freshwater (later become HP SiteScope) and many others.
PRTG Enterprise Console

When vendors say "Agent-less" they actually mean: Native SNMP agent or protocols such as WMI, RSH, SSH or some other API the use to collect data from the server. Situations where you don't need to install other proprietary software.

When vendors say "Agent-based" they mean that you need to install their own software and use their console to manage your IT assets.  

Comparing Agent-less vs. Agent-based features 

Agent-based Agent-less Feature
No Yes Built-in to OS
$$$ Free
No Yes
Open protocols
Yes YesIn depth OS/App
LowLow-Medium Network Load imposed by monitoring
Medium-High Low
Impact on host OS
Medium-High Low
Deployment Effort
SNMP Only Yes Use 3rd Party Mgmt Console