Agentless vs. agent-based monitoring? Why not both?

Agentless performance monitoring software eased server maintenance for IT staff at The Regence Group without sacrificing the quality of the data.

Portland, Ore.-based insurance giant, The Regence Group, saw a big boost in IT operations productivity after deploying agentless performance monitoring software from BMC Corp. in its server farm.

Agentless management tools allow data center administrators to monitor servers and other hardware without installing an agent on each machine. Installing and configuring agents on every piece of hardware can be time consuming. Agentless monitoring allows administrators to get baseline monitoring up and running more quickly.

According to Craig Robin, systems administrator with Regence, agentless monitoring has allowed him to cut down on maintenance -- giving Robin more time to work on other important projects. "It's saved us time on administration and has a return on work hours."

The tradeoff is that agentless monitoring tools do not have the same depth of capabilities -- administrators have less information and less control over the hardware being monitored. Agents are more stable and offer more functionality. For more on the tradeoffs, see our systems management expert's recent recommendation on the agentless vs. agent-based monitoring debate.

Luckily, Regence can have it both ways. Regence is using BMC's Patrol monitoring software to monitor about 1,300 servers, three quarters of which run Windows 2000 and 2003, and the rest run a combination of IBM AIX and Sun Microsystems Inc. Solaris Unix. About a year ago, Regence switched from its standard agent-based monitoring to a hybrid option, using the BMC Remote Service Monitor (RSM) for agentless monitoring.

BMC's RSM communicates remotely with the monitored resources through Secured Shell allowing access to UNIX platforms, and Performance Monitoring and Windows Management Instrumentation (WMI) to access Microsoft platforms. RSM can also tap BMC's agent protocol (TCP-based) to communicate with, and collect information from, BMC's agent technology. The RSM maintains an internal scheduling mechanism and at appropriate intervals collects required information using the (resource appropriate) protocols.

Since adoptiong the agentless monitoring tool -- and spending less time maintaining the agent-based systems -- Regence has become more proactive on server monitoring. "The portal has an excellent reporting piece to show historical data and trends to help us capture issues before they happen," Robin said.

Regence can predict when an over-utilization situation may occur in its server farm. For example, every two weeks, employees hop onto a server to input their hours and the server's CPU utilization spikes. By looking at historical data for that server, Regence can predict CPU demand spikes and adjust resources accordingly.

"It's letting us become a bit more proactive. We've been able to catch things before they turn into a fire," Robin said.

Managing server utilization has become even more important since Regence is running virtualization on a majority of its servers. "We try to go virtual as often as possible if we're putting out apps that don't require dedicated servers," Robin said.

Robin works closely with the capacity management group to make sure the servers have enough memory and CPU resources. "We're constantly doing audits," Robin said. "Certain loads in certain parts of the day trigger alarms, and we can get a server upgrade or put more memory on the server."

Those kinds of modifications -- assigning CPU or disk utilization alarm thresholds -- can be changed and monitored as a group now, whereas on the agent-based system applying the changes across all the systems was hugely time consuming, according to Robin. "You can group servers and make a change in 30 seconds," Robin said. "With the old Patrol agent monitoring, 300-to-400 devices would take 3-to-4 weeks to make a change."

With fewer agents to maintain, agentless management has freed Robin up to do more development. One of the biggest jobs was to develop a custom operations control console that allows Regence to manage all of its monitoring tools from a single view, including the BMC Patrol and Control products, Cisco Works and others. The front end is PHP, and the back end is Java and SQL database. The program is integrated into Helpdesk software and interfaces with notification for support groups.

"I've always got projects stacked up, updates to the system," Robin said. "Putting this [agentless] portal out there has saved my hide."

Additionally, Regence can now monitor systems that it couldn't before. For example, on some Cisco Systems Inc. servers, Robin can't install a BMC Patrol agent because it would violate a support contract. With agentless management, Regence can monitor those servers without installing any software on the Cisco box.

Is agentless monitoring for everyone?

Regence is currently adopting an agentless and agent-based hybrid approach to systems monitoring to make sure it has all of its bases covered. That is sound practice, according to Andi Mann, senior analyst at Enterprise Management Associates (EMA).

EMA advises its clients to look at getting the best of both worlds, especially in these early days for the technology. Right now, there are not a lot of absolute truisms on the capabilities of agent-based vs. agentless monitoring, according to Mann, as systems management vendors have various approaches to agentless monitoring like thin-agent hybrids.

But speaking in broad brush strokes, Mann said the following on agentless vs. agent-based monitoring:

  • Systems that must be locked down or are outside of the enterprise are good candidates for agentless monitoring. Examples may include, monitoring a partner's system or Regence's Cisco server.
  • Mission critical systems that exist inside the data center for which you need to gather a lot of data on are better candidates for agent-based systems.
  • An agent-based system is often deemed to be more secure because it can use bidirectional security protocols. But agentless monitoring tools can be secured using Secure Shell and other tactics.
  • Typically agents are able to collect and store data in an outage and forward data when the network comes back. But agentless monitoring tools can also retain limited historical information.

In general, Mann said many customers are saying agentless monitoring can boost efficiency in maintenance and administration.

According to Mann, the big four (Hewlett-Packard Co., IBM, BMC and CA Inc.) have all bought or built their own versions of agentless monitoring software, and there is no distinct leader at this time in the market.

Mann said agentless adoption is happening at a good pace. While users aren't ripping and replacing agent-based systems, they are putting agentless monitoring tools in new environments.

Let us know what you think about the article; e-mail: Matt Stansberry, Site Editor.

Next Steps

Agentless monitoring versus agent-based monitoring  

How much is your agent getting?

Log management eases SAS 70 auditing burden

Dig Deeper on Real-Time Performance Monitoring and Management