Agent-based and agentless monitoring are the two main approaches network monitoring tools use to capture and report data from network devices. As the names suggest, the difference between the two is pretty simple: someone has to install extra software(the agent) for agent-based monitoring to work.
But, that doesn’t explain why an IT team or an MSP would choose agent-based or agentless monitoring. It also doesn’t address the fact the word “agent” can mean different things depending on context.
Let’s take a closer look at agent vs. agentless network monitoring, the pros and cons of each approach, and how to choose the right approach for specific use cases.
What’s an agent, and what is agent-based monitoring?
For network monitoring, an agent is software that runs on a monitored device to enable the collection of monitoring data.
Monitoring agents have to be installed on the devices you want to be monitored and are often proprietary software from network monitoring vendors. Agents generally run locally as a service on the target device.
With an agent running on the device, you can obtain much more granular detail. If a metric can be queried on a device locally, the agent can report it. In some cases — like the agents for RMM tools — agents also enable management functionality and controls (e.g., reboots or running other commands).
The Pros and cons of agent-based monitoring
While this is certainly more work than using standard protocols that are already running on a network device, it also enables more functionality. Here’s a breakdown.
Pros of agent-based monitoring
- Deep visibility and control. If the device can report it, an agent can capture it. Vendors can also create custom features that simply aren’t available via standard monitoring protocols.
- More resilient to connectivity issues. If the network drops but the device remains up, agents can store metrics locally and report back when connectivity is restored.
- Less network traffic. Agents collect data locally without the need for a polling cycle. This means they can capture more data with less network traffic and efficiently roll that information up to a centralized tool.
- Fewer services and open ports on target devices. Agents can initiate outbound connections to a monitoring tool which may eliminate the need to have services like SNMP or WMI running.
Cons of agentless monitoring
- Additional software is always required. Agents need to be installed, patched, and maintained. For one device, this is easy. At scale, it can create a significant burden for IT.
- Vendor lock-in. Most monitoring agents are purpose-built for specific monitoring tools. Tying your monitoring strategy to those agents also ties them to a specific vendor.
- Limited device support. The device pool you can install a specific monitoring agent on is smaller than the set of devices that support standard protocols.
- More on-device resource consumption. Running a monitoring agent on a device can noticeably increase resource consumption.
What is agentless monitoring?
Agentless monitoring is the process of using standard protocols to monitor network devices without installing additional software on target devices.
Agentless monitoring uses standard protocols and doesn’t require any custom software on target devices. The agentless approach allows monitoring tools to capture metrics and data on devices using protocols and standards like:
These protocols use the standard request/response polling model that is the backbone of many monitoring tools. Additionally, most network devices generally support one or more of these protocols. Other protocols and tools, like SSH, Telnet, and flow protocols, also fall into the agentless monitoring category, even if they collect data in a slightly different way.
Frankly, the word agentless is a bit of a misnomer. Supposedly agentless network monitoring protocols like SNMP, IPMI, and WMI all depend on some kind of service or process running on the target device to actually work.
In fact, the term “SNMP Agent” is defined in RFC 3411, and SNMP agents run on target devices like switches, routers, servers, UPSes, and printers. You may even need to install or configure SNMP in some cases. So why is SNMP still referred to as one of the most common forms of agentless monitoring, and monitoring agents one of the more common SNMP alternatives? What gives?
The difference in practice is that the “monitoring agents” used by agent-based monitoring solutions don’t adhere to standard protocols. They don’t necessarily expose a standard interface that can be polled over the network. Their agents are usually purpose-built and designed to communicate with a specific monitoring tool only.
The Pros and cons of agentless monitoring
Like everything in IT, agentless monitoring comes with tradeoffs. Some of the tradeoffs aren’t even a clear pro or con and require context.
Consider the security implications of agent vs. agentless monitoring as an example. Running an agent increases the attack surface as it’s another process that will need certain privileges. If it’s compromised, the entire device may be compromised.
That seems like a clear win for agentless, right? Not exactly. Agentless monitoring also requires specific network services and open ports that agent-based monitoring doesn’t. The threat models are different, but neither presents a clear “this is the more secure” choice. It will depend on implementation details.
With that in mind, here’s a breakdown of the pros and cons relative to agent-based monitoring.
Pros of agentless monitoring
- No additional software on devices. This single difference means a lot. The fact IT doesn’t need to install any proprietary agents on devices means less operational overhead and more agility. Many of the other benefits of agentless monitoring grow out of this benefit.
- Easy to scale. Agentless monitoring tools can actively discover and monitor whatever they can reach that speaks a protocol they understand.
- Broader device support. The need to install an agent inherently makes it difficult to use agent-based monitoring for many devices. Running a custom agent on IoT devices and other embedded systems is usually a non-starter. On the other hand, network monitoring protocols are usually built-in.
- Better for network discovery (usually). Often, IT doesn’t know every device connected to a network. Scans using standard protocols allow IT to discover devices without needing to know about them first.
- Less resource-intensive on target devices. No additional software on target devices generally means less CPU, memory, and disk utilization (though bandwidth consumption may increase).
- Little/no vendor lock-in. Most network devices support one or more network monitoring protocols. As a result, using agentless monitoring offers more flexibility in tooling and device support.
Cons of agentless monitoring
- Visibility and control are limited to what’s exposed via standard protocols. You can do a lot with standard protocols, but what a device exposes over those protocols is almost always a subset of what it could report. With agent-based monitoring, you’re running a local process that can, depending on permissions, grab effectively any data or run any controls the device reports.
- Dependence on network connectivity. Polling a device from a monitoring tool requires connectivity. If connectivity is lost, agentless monitoring tools can report a device as “down” and might even capture logs that explain things after the fact. Having an agent on the device allows you to track and store metrics regardless of network connectivity.
- Increased network traffic. A large chunk of agentless monitoring depends on polling, which creates more traffic than agents that can transmit data in more efficient chunks.
Agent vs. agentless monitoring: What’s right for you?
TL;DR: Use agentless unless you have a compelling reason not to.
Frankly, there’s never a one-size-fits-all answer in IT. But in the agent vs. agentless debate, an “agentless by default” mindset is usually the correct starting point. Why? In most cases:
- Agentless monitoring is easier to scale
- Agentless monitoring requires less IT work
- Agentless monitoring is more vendor agnostic
- Agentless monitoring is more conducive to network discovery
For most network monitoring use cases, agentless monitoring can “check all the boxes.” IT and MSPs can discover their network, capture detailed metrics on devices, and become proactive in detecting and remediating network issues. While there will be some level of configuration required (credentials, allowing traffic through a firewall, etc.), the overall maintenance burden is much less than with agent-based monitoring.
That said, there are perfectly valid cases where agentless isn’t going to provide what you need, or perhaps there are externalities that make using agentless monitoring impractical. Common reasons you may need to use agent-based monitoring instead of—or to complement— agentless monitoring are:
- Granular management capabilities are required
- Network connectivity is poor or restricted
- Standard protocols don’t report the data you need
Final thoughts on agent vs. agentless monitoring: Efficiency matters
For IT, the question boils down to “what’s the most efficient method to achieve our business goals?”. The answer will be different for everyone, but thinking “agentless by default” is a useful framework for justifying the additional work involved with an agent-based approach. All else equal, agent-based monitoring requires a bit more upfront work for IT. It also means that your devices are now running an additional piece of software that chews up some resources and may require patching.
But installing an agent can solve real business problems. An agent can provide deep visibility into individual devices, and offer functionality standard protocols don’t. Agents also help address issues when connectivity is limited.
Finally, agentless and agent-based monitoring doesn’t have to be mutually exclusive. Using agentless network monitoring for the bulk of your systems, and installing agents on critical systems as needed is often the most practical approach. Start with the more efficient approach (agentless monitoring) and layer in other solutions (like monitoring agents) as business needs demand.
From a network monitoring perspective, Auvik supports a wide range of monitoring protocols and couples standard “agentless” protocols with features like TrafficInsights to provide deep visibility without unnecessary complexity. To try Auvik on your network, sign up for a free 14-day trial today.
Your Guide to Selling Managed Network Services
Get templates for network assessment reports, presentations, pricing & more—designed just for MSPs.