Some network and server monitoring solutions use what are called "agents" in order to get values from the machines they are monitoring. Agents are programs that run on the remote machines and answer queries from the main monitoring system. Some vendors try to hide the fact that they use agents. They'll say things like they "deploy" to remote systems or use other terminology but it all boils down to installing custom software on the remote machines. We firmly believe that agents are bad thing and here are some reasons why.

The agent software runs on the remote machine and therefore affects its operation. In many environments, especially government and larger corporations, you simply can't go installing software on critical machines without going through an evaluation and approval process. Even if you have complete control over your machines, before installing agents you need to verify that they don't affect other applications running on the system, use excessive memory or CPU, generate port conflicts, etc.

There are documented cases where installing agents on remote machines has opened them up to security vulnerabilities. The agent is running on each remote machine and needs to do things like read security logs, check files on disk, monitor processes, etc. It needs administrative privileges for many of its operations and it's sitting there waiting for requests from outsiders. Unless the agent software has been very carefully developed and is using high-grade security technology, there are serious security questions that need to answered.

Agents are hard to maintain. As the monitoring solution is updated, the agents will need to be updated from time to time. Vendors will tell you that it's an easy process but in practice it often is not. If you have a large number of systems, some of them might not be available when it's time to upgrade and then they're running outdated versions. Agents might be hiding on VM images that were down when the upgrade was done and only come to life days or weeks later. Over the course of few updates you end up with a mess of different agents on different machines.

So why do so many vendors use agents? They do it because it's easy. It gives them a clear pipeline right into your machines and they don't have to worry about security configuration, firewalls or any of the other rules that are in place.

How does Tembria's agentless monitoring differ? We never install anything on the machines that we monitor. We use standard protocols to do all of our monitoring and the big benefit is that when it comes to your security configuration, we're playing by the rules.

Our commitment to agentless technology certainly makes for a lot more work for us, especially as each new version of Windows introduces enhanced security, but we think that the benefits to our customers are obvious.