Many network and systems monitoring tools these days offer both client-based and agentless options to monitor managed clients, such as servers and workstations. The question in these cases is, "Which do I pick?" There are pros and cons to both options, and which one you pick has everything to do with how you weigh these factors.

 

Agentless Monitoring

 

Agentless monitoring can refer to several different types of solutions. For example, it can refer to a solution that monitors hardware, like your network devices, that do not allow third-party software. Conversely, it can refer to a solution that monitors remote clients from a centralized hub without any extra third-party software on the client itself. In the first example, an agentless solution, such as SolarWinds NPM, is really the only way to go since you typically wouldn't install software on a switch. In the second example, agentless options are often the easiest and most convenient, but there can also be some drawbacks:

  • You're limited on what you can and cannot see
  • You have little or no remote management capabilities
  • It may be difficult to differentiate between critical and non-critical systems

 

In many cases, these limitations are likely to outweigh the convenience of monitoring remote clients solely from a centralized hub.

 

Client-based Monitoring

 

While going agentless might be tempting, going with the client-based option for your managed clients comes with several perks:

  • Client-based solutions typically collect more detailed information than agentless monitoring
  • Client-based solutions provide remote management options, such as active response and configuration management
  • Some client-based solutions report in real time, limiting bandwidth requirements
  • Some client-based solutions can queue data locally, which is helpful in the case of a network outage

 

On the other hand, agents also require occasional maintenance, such as:

  • You have to configure firewalls and client settings to allow communication between your clients and the central tool
  • You have to install software directly on your clients
  • You may have to upgrade the client-side software periodically
  • There may be additional steps if you decommission a remote system

 

So, what's the verdict?

 

Again, whether you go with the agentless or agent-based option for your managed clients is totally up to you. The good news is that choice is becoming evermore flexible.

 

Two examples of SolarWinds products that allow both types of configurations are Log and Event Manager (LEM), and Patch Manager. In both cases, you have the option to use just the central monitoring functions built into the products, or deploy additional software to clients for more coverage.

 

For our SIEM tool LEM, deploying the LEM agent provides a high level of detail and control in your monitoring. You can see all the logs from the clients, and even monitor third-party products such as anti-virus software. You also have the ability to take action on the clients both manually and automatically. For example, if a user plugs a USB device into a locked-down system, the LEM agent can automatically detach it and send you and email.

 

When it comes to patch management, the client-side solution for Patch Manager is similar in that it provides more detailed reporting and some configuration management capabilities, but it's not implemented as an agent. Rather, Patch Manager, the ideal patch management software deploys WMI Providers to managed clients, which only run when needed -- no service, no application. Basically, the WMI Providers allow Patch Manager to interface with client systems using native Windows Management Instrumentation (WMI). With the WMI Providers in place, you can perform a long list of configuration management tasks, such as deploying software updates to managed clients on demand, or rebooting the client. With the right patch management solution, patch management is never a complex affair.

 

For additional information about what client-based monitoring does for these products, see: