The Joy of (Agentless) Monitoring.
One of the great differentiators between monitoring tools is whether they need to deploy agents to the devices being monitored. The need for agents has steadily decreased over time, as vendors have got better at building good telemetry directly into their products. Improved SNMP implementation, the broader and deeper reach of WMI into the Microsoft ecosystem, and increasingly, the availability of APIs have all served to reduce the need to deploy agent-based monitoring systems. But there are still some NMS vendors with agent-based tools, so let’s have a look at the pros & cons of monitoring with agents.
First off, what is an “agent”? It’s simply a piece of software that, when installed on a system, collects all the health and performance data and passes it back to a central system (the NMS server) for processing. Back in the day, it was common for sysadmins to write their own scripts for monitoring the systems they were responsible for. Often, those scripts would store their results on a file share for easy access, collation and reporting and thus the idea of the monitoring agent was born.
The Rise of Standards
Over time, improvements in monitoring technologies reduced the need for custom agents. Standards compliant tools such SNMP were embraced by hardware vendors, allowing performance data to be collected and stored efficiently and consistently across different platforms. In the Microsoft world, WMI and Perfmon provided similar capabilities, allowing administrators to monitor the state of their servers and applications.
Agents – Some do, Most Don’t
The majority of current monitoring systems like WhatsUp Gold, PRTG, ManageEngine, and the various open source tools no longer need agents (ignoring the philosophical question of “does SNMP qualify as an agent 😉). So why do tools like Microsoft SCOM, DataDog and ConnectWise Automate, still do?
In the case of DataDog, the reason is simple. As an entirely cloud based service, they need a way to collect data from their client’s systems without routing raw data across the internet. So deploying agents is the obvious, but not the only solution. The agents pull data from both on premise and hosted systems and feed it back to the DataDog cloud for processing.
What about SCOM and Automate? They both need agents because they’re not simply monitoring systems. As the name implies, ConnectWise Automate is designed to simplify the management of an entire infrastructure through the use of automation. Tasks like patch distribution, endpoint management and automated remediation simply would not be possible without agents on the managed systems. Microsoft SCOM is similar. It’s the monitoring element of the much larger and complex (AKA expensive) System Centre suite, which is designed to provide complete control of enterprise scale datacentres, a job that would simply not be possible without deploying agents.
Pros & Cons
Having agents installed on systems does provide some additional capabilities, such as collecting detailed system information for asset lifecycle management or being able to run synthetic transactions from endpoints that allow the “user experience” to be monitored. But this comes at the expense of needing to deploy, manage and update those agents across hundreds or thousands of systems.
The Agentless Way
Most of the tools that don’t require agents, take a fairly standard approach to collecting their monitoring data. They rely on protocols such as SNMP, WMI or custom scripts to retrieve data directly from the systems they monitor. This can be a problem when needing to pull information from remote sites. Passing monitoring data across the WAN, particularly SNMP v1 & v2c data is not a great idea, not only is the data unencrypted, you also need to open up ports on your firewalls.
A Different Approach
To get around this, the team at Paessler have come up with a cool solution with their PRTG software. They have a feature they call the “Remote Probe”. This is a small piece of software that is installed at a remote site. It collects monitoring data from all the devices at that site and passes it back to the central site for processing – a bit like an agent, but you usually only need one Remote Probe for the whole site. The data is encrypted, only needs one, user-configurable, port opening through the firewall, and best of all, the Remote Probe is unlicensed, meaning you can deploy as many as you need to, at no extra cost.