Agent versus agentless monitoring has been a hotly debated topic for some time. They both have advantages and disadvantages, but which one is better? It depends on who you ask.
Those in favor of agentless monitoring often anchor their argument in not having to deploy agents. You can manage everything from one place. There’s no hassle of configuring and updating agents. The result is faster time to value and less management overhead. Also, there are many agentless methods readily available. These include SNMP, PowerShell, WMI and domain manager APIs such as vCenter and UCS-M.
Unfortunately, ease of deployment isn’t the only factor IT admins have to consider. When it comes to IT infrastructure monitoring, you must consider all the pros and cons. You’ll then understand why choosing between the two is neither required nor recommended.
The Agent-Based Approach
The mandate to provide higher quality IT service at lower cost has given rise to microservice- based applications, cloud services, and dynamic infrastructure architectures. But these ephemeral environments are problematic for conventional poll-based monitoring techniques. They limit your ability discover short-lived compute instances and capture high fidelity metrics from environments such as AWS EC2, application containers, and virtual desktops. This is where agents prove valuable. They collect more detailed data at higher frequencies with less load on IT infrastructure.
Some agents can also collect logs and Windows events. Today, more applications are generating logs with performance metrics and configuration information. In essence, logs are becoming a dumping ground for anything and everything related to the health of an application. This means local log collection is becoming a common requirement for IT teams.
And then there’s the security concern: how do you secure remote connections? In some cases, this means moving away from SNMP v1/v2 to v3. You may also use Kereberos authentication for WinRM/RS. Agentless monitoring is becoming more difficult to setup and manage in these situations. For example, there’s a high degree of effort to setup WinRM with Kereberos authentication. And it may take several hours to build a group policy and test it. Not only are agents better suited to these more secure environments, they also have local rights and can act without external authentication.
However, the benefits of agents don’t come without some downsides. You must install agents on each server or system you want to monitor. This complicates installation and deployment. Some IT teams limit the number of agents they have to manage because of the cost and potential administrative load.
Furthermore, while agents are great to use in highly dynamic and secure environments, agents are not able to see outside of their own domain. So an agent doesn’t know it’s running inside a container on a virtual machine on a hypervisor on a blade server in a rack located in a west coast datacenter.
Now let’s look at how the agentless approach stacks up.
The Agentless Approach
With agentless monitoring, you use what already exists in the infrastructure. There are no third party agents to deploy, which lowers your cost. Technically speaking, agentless monitoring still leverages an agent. This could be an SNMP Daemon, WinRM service, or a domain manager API. But without the need for a third party vendor, there are fewer headaches associated with licensing and installation.
Agentless monitoring is valuable when you need to collect information from various domain managers such as vCenter, UCS Manager, SMI-S, AWS, and SMI-S. You can query domain managers and retrieve insight into how workloads are connected, what state they’re in, how they’re configured, and some other basic performance information you can’t get with an agent.
You’re also able to quickly identify gaps in monitoring coverage. But, to this same point, people today want better log management. And while it is possible to collect logs with an agentless approach, it tends to be expensive and error-prone.
Also, when it comes to collecting performance data, agentless isn’t as bandwidth efficient, since it results in more network traffic.
A Balancing Act
Both agent-based and agentless approaches have advantages for application and infrastructure monitoring. So it can be tough to decide between the two. The good news is you don’t have to.
Agents are great for doing deep, narrow, high-fidelity monitoring. They also address some of the more specific use cases around log management. Agentless monitoring provides that big picture view of what’s going on in your IT world. It’s the foundation upon which you deploy agents for specific use cases. Agents help you scour more effectively in smaller environments.
When you add the two together, you get a complete picture of what’s happening with your operations—from the application all the way down to the infrastructure.
That’s why at ScienceLogic we provide both agent-based and agentless monitoring. The combination gives customers the most comprehensive service assurance coverage. In addition, ScienceLogic’s agent technology is unique in the industry. That’s because our agents listen rather than poll. This makes them incredibly light weight while providing the high fidelity monitoring you need. So the holy war of agent-based vs. agentless is dead. By supplementing the weaknesses of one approach with the strengths of the other, you’re able to address a much broader range of use cases. It’s no longer an either/or dilemma.