By Alex Geuken. August 3, 2020.
When we talk about SAM inventory tool sets, the main reasons to use agents, rather than agentless SAM, is the quality of data available and proprietary ownership of that data. As an analogy, you can compare this with Apple iPhone running on iOS vs Android phones and their third-party hardware vendors (Huawei, Samsung, etc). Apple owns the entire process from software, hardware and chip, which results in superior control, functionality and consequent revenue. This equates to, arguably, the best user experience and performance. Apple doesn’t need to rely on a third party to develop a better/faster/stronger chip or software, it owns the source.
It is the same with SAM software, if a SAM software vendor doesn’t have its own agent, it can’t control what raw data is collected via the 3rd party data source. If you are missing data before attempting Normalization, it invariably means you are not able to effectively recognize applications, versions or editions. For example, you might be able to see that there is an Oracle DB in your network, but not which Enterprise Options are enabled, and unfortunately, Enterprise Options tend to be more expensive than the DB license on its own. The difference is detail, which agentless solutions will never be able to provide. The same issue exists with Web Apps, and usage. With agentless discovery, you can never get Active Usage (actual application usage metrics), which is so important for modern cost saving exercises.
There are two different types of agentless solutions.
1. Network Scan – checks everything on the network (no deep software recognition and no usage)
2. Existing Discovery Sources (SCCM, BigFix, LANDesk and many others)
The problem with using existing agents is that they are not built for SAM! It is like trying to use an RV in a Formula 1 race – this type of mismatch decimates the SAM process.
1. No need to install any agents
2. Quick implementation
3. Less security process within the purchase cycle
4. Discover everything on the network (printers, scanners, routers etc.)
1. Poor software inventory (missing applications, versions, editions and suites)
2. No real usage tracking (no Active Usage)
3. No Web App Discovery
4. Remote devices are impossible to scan (COVID impact is magnified)
1. Best software recognition (get all applications, versions and editions)
2. Much more detailed hardware inventory
3. Usage Metrics (get Active Usage via certain SAm Toolsets (Xensam))
4. Remote Workers: Remote agents can still report in via VPN
5. SaaS recognition
6. IaaS recognition
1. Need to install agents on all infrastructure.
Software and Hardware Recognition is achieved by collecting traces of unique data that is used to identify the software or hardware product – just like fingerprint identification. When relevant data has been collected, we can start to sort it into categories, versions, families, manufacturers, bundles etc., so it will be easy to separate and identify specific products. Also, we can add more data to the application, such as when it was released by the vendor, when the product support lapses, GDPR information, blacklisting, and so on…
As discussed above, agentless inventory can be performed via a network scan, where all devices are detected in the network. This gathering of data is easier but not as rich as data retrieved via an agent. Secondly, we have “agentless” using a pre-installed 3rd party agent (SCCM, ADDM or other source). Whilst this is not strictly agentless –as it uses another source of data, the problem is that the quality of the data is even worse as the agent is not built for ITAM and misses critical information, compromising ITAM programs. Also, from product development standpoint, tools based on other agents can’t control the roadmap of development, as innovation will always be dependent on the data provided by the 3rd party. Problems arise when customers have failed to cover sections of their organizations by 3rd party agent installations – the SAM software vendor cannot help cover 100% of the environment, as it is not their technology– virtually folding their arms until the data is available. Also, new challenges like Cloud applications will almost be impossible to address as 3rd party tools do not gather that data from browsers.
Software recognition is like investigating your environment. Your senses are your agent, and your brain is your database. You need to see with your eyes, hear with your ears, feel with your fingers, taste with your mouth and smell with your nose, to fully understand the situation. This is the reason that all major SAM tool providers (E.g. Xensam, Flexera and Snow), develop their own agents. Agents, sat on each device constantly collecting data, are like all our senses, which we need to fully understand the asset reality! Using SCCM, Altiris, LANDesk or other third-party discovery data, uses a reduced number of senses because those data sources are not purpose-built for ITAM, resulting in substandard SAM programs.
Let’s take Microsoft Office as an example; what version are you using, 2010 or 365? And what Edition are you using, Standard, Professional, Professional Plus or any of the 365 Enterprise Plans? And do they have any correlation for Software Assurance? Xensam handles this with ease. Also, Xensam has SKU recognition, for complex License Suites, which do not leave any trace on the machine. Simply add the license, and the system will do the rest for you.
The difference is that the Xensam agent looks at multiple components and retrieves a greater quantity of better-quality data for recognition purposes. Xensam’s agent is built for 2 things:
1. Obtaining quality data for recognition (hardware, software and users)
2. Track standard usage and Active Usage from the applications.
The agent examines the software for file version, SWID tags, Executable Path, version, file and many other attributes to understand what the software is.
To be able to get detailed and accurate recognition, the agent must be installed on the device, whether computers, laptops, servers, virtual machines or any other device, to be able to extract the necessary data.
A proprietary agent presents significantly more, and richer, data to analyze. It’s very much like looking through a microscope or telescope. If you can zoom and isolate, you will get more information. With more knowledge and data, you can make wiser and better decisions.
What about CPU and Bandwidth? Are my computers going to be able to perform or will the agent take a lot of CPU? Will my network crash when all agents are reporting in?
Today’s agents don’t affect either network or CPU power, Xensam’s agent uses approximately 0-1% CPU and the agents are prebuilt with randomization parameters, so they are not a burden on bandwidth. The amount of data that Xensam agents transmit, is only a few kilobytes -reading the news on a standard webpage will have a bigger effect on the network than Xensam agents!
Agentless inventory, such as ADDM or SCCM, is first of all not agentless, as it uses 3rd party agents not specifically developed for inventory. ADDM and SCCM agents will provide parts of the information you need for SAM, but not for all. Don’t take my word for it, this is what companies say after trying SCCM and ADDM as data sources. Furthermore, you need to apply PowerShell scripts on every single software application to get standard usage data (see how much the applications have been opened).
Xensam has developed the most advanced agent on the market. Out-of-the-box, the inventory data gathered by the Xensam’s agent and normalized in Xource, provides you with product bundles, families, suites, applications, Active Usage and Active Directory associations.
If we couple this data with the Xensam SKU library, you have the best inventory on the market.
This is what you get out of the box with Xensam:
1. Biggest SKU library on the market
2. Richest hardware inventory, computer serial number, manufacturer,
3. Active Directory
4. Active Usage
5. Web Apps
6. Vendor specific functionality, such as: Citrix virtualization, IBM PVU , Oracle DB editions/Options and Management Packs, Hyper-V and much more…
All available and ready to use out-of-the-box.
Contact us now for a demo firstname.lastname@example.org