kantver - Fotolia

Tip

Agent vs. agentless: Monitoring choices for diverse IT ops needs

All management tools must run on a device, but the standards for agent and agentless monitoring vary widely. The determination is easier once you understand monitoring data needs.

IT operations staff evaluating agent versus agentless monitoring products will find a balance of pros and cons for each. Much like where to go for dinner or who's your favorite child, the obvious winner varies depending on the situation.

Agents are proprietary software applications installed on each device that the user wishes to monitor. Typically, IT hardware suppliers bake special monitoring functions into equipment. IT shops purchase an add-on management application for that hardware and pay for the agent software and management application on top of the cost of the device.

Agents provide more in-depth analysis and higher levels of security than agentless monitoring achieves, but also can be harder to deploy and more expensive.

Agents go deep into data, not bandwidth

Agents win the agent versus agentless monitoring comparison in terms of how deeply they can dive into system performance. They burrow into the inner workings of systems, with specially designed applications to consume the monitoring data, such as operating system event logs.

Security is another agent system plus. Agent communications on the device occur internally, not over the enterprise network, and are therefore shielded from attack.

The agent system design reduces network bandwidth needs for IT monitoring. Typically, agent monitoring systems collect and evaluate performance information locally, only sending out distress signals to a central monitoring system when a significant problem arises. In addition, the monitoring application will not encounter firewall rules or other barriers, so agent systems require minimal network configuration. With enterprise data networks becoming larger, more complex and more dispersed, IT organizations want to cut down on the amount of white noise monitoring systems generate. Streamlined east-west data center traffic makes troubleshooting system problems a faster, more effective exercise.

Monitoring simplified without agents

The differences between agent and agentless designs revolve around data collection and communication.

Agentless products do not embed special management features into the hardware device. Instead, they rely on industry-standard interfaces -- see sidebar -- to gather monitoring data. The term agentless monitoring is a bit of a misnomer. All management tools require software -- an agent -- running on a device. However, with standards-based communication interfaces, agentless systems provide lightweight monitoring that targets key metrics and basic monitoring situations.

You're speaking my language

Through the years, numerous standards have emerged to help IT operations staff collect management data. Three -- SNMP, CIM and WMI -- are commonly used.

The Simple Network Management Protocol (SNMP) relies on TCP/IP to exchange network management and monitoring data on IP networks.

The Common Information Model (CIM) standard is XML-based and defines device and application characteristics so systems administrators and IT management programs can monitor and control these components using the same set of tools. CIM circumvents management complication that could result from the components' differing architectures.

Microsoft embeds Windows Management Instrumentation (WMI) in Windows Server and desktop OSes. The standard features an application programming interface (API) and toolkit for managing devices and applications in a network of Windows-based computers.

Operations management is a complex process. This trio of standards enables firms to collect information without extraneous effort.

The agentless approach usually does not require licensing fees for monitoring functions on each system, saving money versus agent monitoring designs.

The set up and operation of agentless probes is simple. Users do not install client software on each piece of hardware to be monitored, reducing deployment efforts and maintenance tasks. With agentless monitoring, a remote data collector gathers performance metrics. The central management tool uses standard protocols to access the monitoring data via a remote API.

Swapping out a device in the IT infrastructure, such as a storage server, is less disruptive with agentless monitoring. The monitoring capabilities rely on standard interfaces, not special embedded vendor functions that are lost in a supplier switch.

Finally, agent software runs continuously on remote machines, consuming processing cycles. As monitoring functions become more complex, agent monitoring systems have the potential to affect system performance.

Solve the agent vs. agentless monitoring dilemma

The nature of the IT deployment, and the business itself, determine the best answer to agent vs. agentless monitoring. Businesses that rely on information technology as a key driver of overall company performance, such as a financial services provider, may want the depth that agent-based systems deliver. Firms where downtime or system bottlenecks have a minimal impact on the bottom line may find the simplicity of the agentless approach more appealing.

Enterprises are also able to mix and match agent and agentless monitoring. In a bandwidth-intensive business, such as video editing, the IT operations staff can monitor network switches with in-depth agent technology, but might choose agentless monitoring for servers and storage systems.

Businesses have two options for collecting system data; it isn't an either/or decision. Consider the nature of the IT components and the business, then determine whether an agent or an agentless approach is the best fit for that particular need.

Next Steps

IT monitoring tools improve systems management potency

Use IT monitoring strategy to anticipate data center challenges

Learn how to choose application performance monitoring tools

Dig Deeper on IT systems management and monitoring