HomeBlogWhat is the difference between agentless and agent monitoring tools? Which system...

What is the difference between agentless and agent monitoring tools? Which system will make installation and operation easier?

Agentless monitoring tools are characterized by a lower operational load for initial installation and subsequent monitoring tasks than agent-based monitoring tools. As the number of areas to be monitored continues to increase due to the spread of the cloud and remote work, agentless monitoring tools are attracting attention these days. In this article, we will explain in detail the differences between agentless and agent-based monitoring tools.

What is LogicMonitor, an IT integrated monitoring service that has been implemented by over 2,000 companies including Japan ?

table of contents

  1. What is agentless?
  2. Difference between agent type and agentless type
    1. ① Initial installation effort
    2. ②Man-hours for maintenance/operation management
    3. ③Load on the monitored environment
  3. What is LogicMonitor, an agentless monitoring tool?
    1. ① Agentless monitoring using Collector
    2. ②More than 3,000 types of monitoring templates
    3. ③ Robust security measures
  4. summary

What is agentless?

Generally, mechanisms for collecting data such as metrics and logs from monitored targets can be broadly divided into agent-type and agent-less types.

In the agent type, an application (agent) that collects data is installed for each monitoring target, and the data is sent to the monitoring tool’s management server or cloud side.

With the agent type, the application (agent) installed inside the monitored target resides and operates, so it is possible to understand the detailed status of the monitored target, and even if the network is interrupted, the data will be maintained as long as the monitored target and agent are running. Collection will continue.

However, since the agent operates using the resources to be monitored (CPU, memory, etc.), there is always a load on the resources to be monitored. As a result, performance issues can easily occur and problem isolation can be difficult.

On the other hand, with the agentless type, there is no need to install an application (agent) for each monitored target.

Agentless systems typically use standard protocols such as SNMP, ICMP, and WMI to collect data from monitored targets. Compared to the agent type, it requires less man-hours for initial installation and update work, and does not place a load on the monitored resources, so it has the advantage of being able to respond flexibly to expansion of the monitored area.

There are two types of agentless systems: on-premises, where a management server is built in the monitoring system environment and data is collected, and SaaS, where data is collected on the cloud side.

The table below summarizes the characteristics of agentless type and agent type.

agentless type agent type
How to install Build a management server within the system environment or SaaS initial settings
*For LogicMonitor, it is not necessary to build a management server, but it is necessary to install a relay application (collector).
・It is necessary to build a management server within the system environment, or
install SaaS initial settings ・A data collection application (agent) for each monitoring target
Update work Management server updates and upgrades are required, but with SaaS, no maintenance is required – Update or upgrade of the management server is required, but maintenance is not required in the case of SaaS
– In addition to the above, it is necessary to update the same number of agents as the number of monitored targets
Load on monitoring target Basically, no load is placed on the monitored resources. Load is generated due to the use of monitored resources (CPU, memory, etc.)
BCP measures (redundancy function) Possible
*In the case of LogicMonitor, redundant configuration and load balancing are possible by placing multiple relay applications (collectors).
basically not possible
Coexist with other tools Easy to use as it can be used in parallel with other tools or during migration work without affecting the monitoring target or existing environment Although they can be used together, multiple agents are constantly running for each monitoring target, which increases load issues and maintenance efforts. It also increases the likelihood of interference issues and negative performance impacts.
Scalability Easily expandable. If it is a SaaS type, it is even more scalable (no maintenance required) There is no problem if the number of monitored targets is small or the monitoring area/range is narrow, but scalability is difficult (maintenance required)

As you can see from the table above, agentless systems have excellent scalability.

Additionally, the agentless type eliminates the risk of affecting or interfering with other endpoint-type tools such as backup tools and security tools.

While maintaining other agent-based tools, you can gradually introduce agentless monitoring tools while operating them in parallel. Agentless monitoring tools are also suitable for companies considering a lift-and-shift from an on-premises environment to a cloud environment or a gradual migration.

Difference between agent type and agentless type

There is a big difference between agentless and agent types in how they collect data. Below, we will compare agent-type and agentless-type monitoring tools in more detail from three perspectives.

① Initial installation effort

Compared to the agent type, the agentless type can significantly reduce initial implementation costs. As mentioned above, with the agentless type, there is no need to install agents on each monitoring target.

A monitoring environment can be set up for a single system environment by simply constructing a single management server or relay server, or performing initial settings to collect data in the cloud. When there are a large number of targets to be monitored, the initial installation work required for the agentless type can be significantly reduced compared to the agent type.

②Man-hours for maintenance/operation management

Software is not guaranteed to work permanently at the same version. With the discovery of unknown and known vulnerabilities, it is also necessary to regularly apply patch programs, update the operating environment (OS and programming language), and perform upgrades.

With the agent type, the data collection application (agent) installed for each monitoring target must be updated. If it is agentless, the management time can be greatly reduced.

From the perspective of stable operation of the entire IT infrastructure, it is necessary to monitor the data collection application (agent) itself and perform backup operations in case the agent stops.

With the agent type, an agent is installed for each monitoring target, which requires time and effort to update and manage operations.

On the other hand, with the agentless type, the operations manager only needs to maintain the management manager or relay server, maintain the cloud, and add resources and change settings as necessary.

Compared to the agent type, where the number of agents increases proportionally as the number of monitored objects continues to increase, the difference in the amount of management time required to operate and maintain the monitoring tool itself is immediately obvious.

③Load on the monitored environment

Agent-type applications (agents) run on the monitored target, which places some load on the monitored target and affects performance.

Additionally, when considering load balancing and redundancy, the application itself is installed on the monitored target, making it difficult to solve the problem.

On the other hand, with the agentless type, the load on the monitored target due to data collection is close to zero and limited. Settings on the monitoring target side include only communication settings to enable the use of communication protocols and selection of necessary monitoring items. Since there is no need to worry about putting a load on the monitoring target itself, operation verification during initial installation is smooth.

What is LogicMonitor, an agentless monitoring tool?

LogicMonitor is an agentless integrated operation monitoring tool. It is provided in SaaS format and has been implemented by over 2,000 companies (10,000 end-user customers). A lightweight Java application called Collector is responsible for data collection and realizes efficient operational management of monitoring operations.

① Agentless monitoring using Collector

Collector, the data collection intermediary application, is a lightweight Java application that runs on a Linux or Windows server. It communicates with the network or server to be monitored and automatically collects data regarding the set monitoring items.

Unlike agent-type mechanisms, Collector does not require installation for each monitoring target. A single Collector can monitor hundreds or thousands of hosts and nodes.

All communications between the monitored target and the Collector, and between the Collector and the LogicMonitor platform (cloud) are encrypted to ensure robust security.

(1) Supports over 20 types of communication protocols

Collector supports over 20 different communication protocols and can monitor most of a company’s IT resources. Communication between the Collector and the LogicMonitor platform (cloud) is secure using HTTP/TLS protocol port 443 for outbound communication only. In addition, use cases regarding protocols and ports are published on the web so that the Collector can establish communication with the monitored target while taking into account network firewall rules.

(2) Redundancy and load distribution

If the Collector stops working, you will no longer be able to monitor the status of your company’s IT resources.

LogicMonitor can automatically assign a failover (backup) collector to a Collector when the Collector stops or goes down, in order to guarantee continuity of monitoring operations.

If Collector A goes down, it will automatically fail over and switch to Collector B (for backup). After that, when Collector A returns, it has a mechanism to prevent data loss by transmitting the data held before it went down.

Even if the performance of a running Collector deteriorates, by setting up load balancing in advance, it will automatically switch to another Collector depending on the load situation.

This function is used by large-scale customers with a large number of monitored targets. For example, a customer with tens of thousands of monitored targets may run four Collectors at the same time with processing priorities. It has a mechanism that automatically allocates processing to each Collector according to the processing status of each Collector and enables distributed processing.

In addition, the capacity (resources) used by the Collector can be selected according to the number of monitoring targets and monitoring requirements of the customer.

②More than 3,000 types of monitoring templates

A feature of LogicMonitor is the preconfigured standard monitoring template “LogicModules”.

There are over 3,000 templates that include the types of metrics data to be acquired, collection methods, display methods, alert thresholds, etc.

When you add or register a device or host to be monitored to Collector, a data collection app, the device or host is automatically identified and determined, and a template is automatically applied, making it easy to add, register, and expand monitoring targets. It’s smooth. This standard template greatly reduces the man-hours required for initial setup and operational design.

③ Robust security measures

The metrics data collected by LogicMonitor’s Collector is not important company information, but property information and meta information of monitored hosts and nodes, but incidents due to cyber attacks must be avoided at all costs.

In order to continue secure monitoring operations, LogicMonitor takes thorough security measures such as encrypted communication using the latest communication protocol (TLS1.3), application of multi-factor authentication, and regular penetration tests.

In addition, when sending the collected monitoring metrics data, all that is required is to encrypt the collected metrics data with the Collector and then send outbound communication to the cloud using the encrypted communication protocol.

Additionally, all data handled by the Collector is stored in memory and is never written to disk.

Regarding authentication, it also supports multi-factor authentication and SSO, and has several thorough security measures in place.

summary

As the number of corporate resources to be monitored, such as the cloud and IoT, continues to increase, agentless monitoring tools reduce initial installation and operation management costs and realize efficient monitoring.

LogicMonitor is an agentless comprehensive IT operation monitoring service that helps solve increasingly complex IT operation issues.

It is a tool that can provide one-stop support for operational operations from detecting anomalies to solving the root cause of problems, such as realizing early anomaly detection using AI and machine learning using the latest AIOps functions. We encourage you to consider comparing them in order to implement monitoring operations that are efficient and premised on automation.

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular

Recent Comments