At an event recently one of the speakers advised the audience that agentless software auditing was the preferred method, I do not completely agree with this viewpoint.
By Dan Card 3 0
I recently attended an IT Service management event recently, and one of the speakers advised the audience that using agentless software for IT auditing was the preferred method. I do not fully support this viewpoint, and this article briefly discusses the relative merits of both agent versus agentless management techniques in the auditing context. Technical Note: The idea of agentless doesn’t exist in my mind - if you connect to WinRM, WMI, SSH etc. you’re already connecting to a service (agent) running on a system – however for simplicity we’ll stick to agent vs. agentless. The key decision points for using agent-based or agentless is normally not a technology based decision, but one of operational versus project requirements, and whether there is an ongoing need for management post data capture and whether this is a one off event. Additional contributing factors can include change management, capex costs, and timeframes for data discovery. Below is a comparative view of both methods.
In summary, choosing a single method of data collection is not ideal practice, a combination of technologies and methods will give you the most detail about an environment. Long term endpoint management strategies without agent based management in my experience result in a poorly managed environment.
The idea of a Configurations Management Database is antiquated; a federated Configuration Management System is what is required for a well-managed environment. The path to achieve this however is not short or easy. Continual review of your requirements should occur, picking the right tools for the right outcomes, consideration of the short and long term objectives should ensure you are able to utilise solutions that give you the ability to make the right business decisions.
If you would like to learn more about IT transformation strategy, virtualisation and cloud solutions, or wish to discuss your workspace challenges, we have lots of experience to share so please contact us
|Device can be monitored regardless of network connectivity||Requires an agent install – however, a well-managed environment should cater for this, eg: included in the gold image|
|Data can be collected prior to service starts||Agent conflicts, some management tools can conflict, however this is usually mitigated by a suitable design.|
|Agents can run as a local system and communication can utilise certificates||Access to systems management tools can come with political hurdles, however, effective sponsorship and good communication should mitigate this.|
|Scanning can be scheduled to run without requiring serial or multi-threaded connections|
|Agents allow for complete management, eg: Software Update Management, Software Deployment, Monitoring, Inventory|
|Agent credential management is often catered for by the systems management tool|
|Inventory/Report Access can be delegated|
|Systems management functions can be delegated|
|Known communication paths for firewall configuration|
|Reduced risk by not deploying software to target devices||Credentials must be supplied to the discovery service which could potentially be running from any device|
|WMI, SSH or WinRM connections are often accessible||Network connectivity must be solid (e.g. not blocked by firewall, correct routes, low latency etc.)|
|Can be scheduled e.g. task manager||Agentless scans still rely on remote management services which must be enabled and secured|
|Troubleshooting data collection can be time consuming|
|Catering for DMZ or multiple forest/domain can be problematic|
|Thread control can be problematic|