Agent vs Agentless SAM Software

by Alex Geuken

Why The Agent vs Agentless Discussion Matters in the First Place

Before we dive into a discussion of the differences between agent and agentless discovery, it's good to understand why it matters in the first place. It's a highly relevant business issue because far and away, one of the most common struggles we hear in the market and from customers is that organizations struggle with data.

They struggle to get enough data, to get good data, to know what to do with that that data, and to keep their data safe.

Both agent and agentless methods are used for gathering data in order to perform software/hardware recognition. If their purpose is to gather data, this is the key criteria against which you should evaluate the options: which option gathers the best data, the most efficiently, and meets adequate privacy and security standards?

Reliable and comprehensive data is one of the key ways you can maximize the ROI of your software environment. If you're interested in leaning how to get the most out of your software investments, you can register for my webinar Master Your ROI here.

And now, let's jump into exploring the agent/agentless options. 

Agent vs Agentless: What's the Difference?

Agent: An agent is an autonomous software program that is either manually installed on the target device/devices, or remotely installed via SSH (for Linux machines), RPC and SMB (for Windows machines), or similar methods. Apart from the initial installation and configuration, agents are very low maintenance because they can operate without any user intervention. They don't require administrators to check up on them, and only require sporadic updates depending on the manufacturers update frequency. 

Agents collect data from servers, desktops, laptops, virtual machines, operating systems, middleware, certain network devices and software applications, and then send the collected data to a central data hub. 

The Pros of Agent Discovery:

1. Provides the highest quality software recognition (all applications, versions and editions).

2. More detailed hardware inventory.

3. Usage Metrics (get Active Usage via certain SAM platforms, like Xensam)

4. Remote Workers: Remote agents can still report in via VPN.

5. SaaS recognition.

6. IaaS recognition.

The Cons of Agent Discovery:

1. Agents need to be manually installed across all infrastructure.

2. Agent updates require re-installation. 

Agentless: Agentless discovery is an alternative method that seeks to gather data without the use of an agent. Agentless discovery is executed using Network Management Protocol (SNMP), Internet Control Message Protocol (ICMP), or Address Resolution Protocol (ARP). Agentless discovery utilizes a central management server that securely connects to remote operating systems and runs a scan to extract raw application information. This method can be used to  find information about all devices on your network, even if they aren’t managed by a central server.

Because this method skips the use of an agent, it does not require the installation, maintenance or upgrade of any agents. Despite the lower involvement of agentless discovery, agents excel for a number of reasons. 

There are two different types of agentless solutions:

1. Network Scan – Checks everything on the network (no deep software recognition and no usage metrics).

2. Existing Discovery Sources (SCCM, BigFix, LANDesk and many others).

The Pros of Agentless Discovery:

1. No need to install any agents.

2. Quick implementation.

3. Less security processes within the purchase cycle.

4. Ability to discover everything on the network (printers, scanners, routers etc.).

The Cons of Agentless Discovery:

1. Poor software inventory (missing applications, versions, editions and suites).

2. No real usage tracking (no Active Usage).

3. No Web App Discovery.

4. Remote devices are impossible to scan (not ideal in a remote/hybrid work environment).

Why Agents Excel

When we talk about SAM inventory tool sets, the main reasons to use an agents over agentless SAM is the quality of data available, as well as proprietary ownership of that data. 

As an analogy, you can compare this with an Apple iPhone running on iOS vs Android phones and their third-party hardware vendors (Huawei, Samsung, etc). Apple owns the entire process from software, to hardware, to chip, which results in superior control, functionality and consequent revenue. This equates to, arguably, the best user experience and performance. Apple doesn’t need to rely on a third party to develop a better/faster/stronger chip or software. They control the source.

SAM software is the same. If a SAM software vendor doesn’t have their own agent, they can’t control what raw data is collected via the 3rd party data source or the quality and depth of that data. If you are missing data before attempting normalization, it invariably means you are not able to effectively recognize applications, versions or editions.

For example, you might be able to see that there is an Oracle DB in your network, but not which Enterprise Options are enabled. And the unfortunate truth is that Enterprise Options tend to be more expensive than the DB license on its own. The difference is in the detail, and what a difference this kind of detail can make when it comes to more accurate cost savings and accurate compliance.

Agentless solutions will simply never be able to provide the level of granular data that an agent can. The same issue exists with Web Apps, and usage. With agentless discovery, you can never get Active Usage on applications (actual application usage metrics), which is so important for modern cost saving exercises.

Misconceptions of Agent and Agentless Discovery

What about CPU and Bandwidth? Are my computers going to be able to perform or will the agent take a lot of CPU? Will my network crash when all agents are reporting in?

Today’s agents don’t affect either network or CPU power, Xensam’s agent uses approximately 0-1% CPU and the agents are prebuilt with randomization parameters, so they are not a burden on bandwidth. The amount of data that Xensam agents transmit, is only a few kilobytes -reading the news on a standard webpage will have a bigger effect on the network than Xensam agents!

Agentless inventory, such as ADDM or SCCM, is first of all not agentless, as it uses 3rd party agents not specifically developed for inventory. ADDM and SCCM agents will provide parts of the information you need for SAM, but not for all. Don’t take my word for it, this is what companies say after trying SCCM and ADDM as data sources. Furthermore, you need to apply PowerShell scripts on every single software application to get standard usage data (see how much the applications have been opened).

Software and hardware recognition is achieved by collecting traces of unique data that is used to identify a software or hardware product – just like fingerprint identification. When relevant data has been collected, we can start to sort it into categories, versions, families, manufacturers, bundles etc., so that it will be easy to separate and identify specific products. Also, we can add more data to the application, such as when it was released by the vendor, when the product support lapses, GDPR information, blacklisting, and so on.

As discussed above, agentless inventory can be performed via a network scan, where all devices are detected in the network. This gathering of data is easier but not as rich as data retrieved via an agent. Secondly, we have “agentless” using a pre-installed 3rd party agent (SCCM, ADDM or other source). Whilst this is not strictly agentless –as it uses another source of data, the problem is that the quality of the data is even worse as the agent is not built for ITAM and misses critical information, compromising ITAM programs.

Also, from product development standpoint, tools based on other agents can’t control the roadmap of development, as innovation will always be dependent on the data provided by the 3rd party. Problems arise when customers have failed to cover sections of their organizations by 3rd party agent installations – the SAM software vendor cannot help cover 100% of the environment, as it is not their technology– virtually folding their arms until the data is available. Also, new challenges like Cloud applications will almost be impossible to address as 3rd party tools do not gather that data from browsers.

How Does it Work?

Software recognition is like investigating your environment. Your senses are your agent, and your brain is your database. You need to see with your eyes, hear with your ears, feel with your fingers, taste with your mouth and smell with your nose, to fully understand the situation. This is the reason that all major SAM tool providers (E.g. Xensam, Flexera and Snow), develop their own agents. Agents, sat on each device constantly collecting data, are like all our senses, which we need to fully understand the asset reality! Using SCCM, Altiris (now the Symantec Asset Management Suite, owned by Broadcom), LANDesk or other third-party discovery data, uses a reduced number of senses because those data sources are not purpose-built for ITAM, resulting in substandard SAM programs.

Let’s take Microsoft Office as an example; what version are you using, 2010 or 365? And what Edition are you using, Standard, Professional, Professional Plus or any of the 365 Enterprise Plans? And do they have any correlation for Software Assurance? Xensam handles this with ease. Also, Xensam has SKU recognition, for complex License Suites, which do not leave any trace on the machine. Simply add the license, and the system will do the rest for you.