One of the most frequent questions when searching for IT Asset Management (ITAM) software is whether it's agent-based or agentless. The debate between these two is somewhat complex and has its intricacies, but we managed to compile everything you need to know in this article.
The basic difference that pops up when opposing agent vs. agentless ITAM is how they approach data collection and device visibility within an organization's IT infrastructure. However, it's not about which one is better, but rather which option best suits your needs. We understand that, at times, IT admins may be tired of installing agents, but perhaps in this particular case, that simple action could be the source of more and better information available to optimize the IT budget.
Join us as we navigate the agent vs. agentless ITAM landscape!
What is agent-based IT Asset Management?
Agent-based IT Asset Management refers to a method of managing and tracking software and hardware assets within an organization using specialized software agents. Agents are small programs installed on individual devices that actively collect and report data about the assets they are installed on.
They enable communication between the asset and the ITAM system, and are designed to monitor and gather detailed real-time information about the assets, including installed software, license compliance, hardware specifications, and usage metrics.
The ultimate goal is to use the data they extract to map the IT infrastructure and create an up-to-date asset inventory.
Benefits of an IT Asset Management agent
- Real-time monitoring - It provides real-time visibility into the status, performance, and utilization of IT assets. If something changes, it will be automatically recorded.
- Automated data collection - Automating the process of data collection reduces manual effort and minimizes the risk of human error, as it periodically collects data from devices to create a precise and detailed inventory.
- Accurate inventory - As agents continuously collect and update asset data, they ensure accurate inventories and reduce human error or inconsistencies. This helps prevent discrepancies between the actual state of assets and the information stored in the ITAM system.
- Comprehensive asset tracking - They can monitor assets both within and outside the organization's network, including remote and mobile devices. This provides a holistic view of the entire IT infrastructure, particularly useful for multi-site or remote support.
Disadvantages of an ITAM agent
- Deployment and maintenance - Agents require installation and ongoing maintenance on individual devices, which can be time-consuming and resource-intensive, particularly in large-scale environments.
- Compatibility and performance impact - Some agents may have compatibility issues with certain operating systems or applications.
- Limited visibility for unmanaged devices - There are certain devices where the agent can’t be installed (whether because the hardware doesn’t allow it or because they belong to employees), disabling the possibility to be tracked. In these cases, organizations may need to rely on alternative methods or other ITAM approaches to manage these assets effectively. This is what makes ageless methods such a great complement.
What is agentless ITAM?
Agentless IT Asset Management consists of managing and tracking software and hardware assets through network scanning and remote data collection techniques to gather information about the assets.
In ITAM, "agentless" means that there are no dedicated software agents installed on individual devices to collect asset data. Instead, the ITAM system interacts with the devices remotely, leveraging network protocols, APIs (Application Programming Interfaces), or other methods to obtain information.
Agentless ITAM focuses on gathering data from network endpoints and infrastructure devices:
- Network switches.
- Storage systems.
It typically involves scanning the network to discover and identify devices, and then retrieving asset data using standardized protocols and technologies, such as SNMP (Simple Network Management Protocol) or WMI (Windows Management Instrumentation).
This approach can be particularly useful for managing assets that cannot or should not have agents installed on them, like network equipment, IoT devices, or devices belonging to external contractors or partners.
Pros of agentless monitoring
- Ease of deployment - As it does not require the installation and maintenance of software agents on individual devices, it has a simplified deployment process, reducing the associated administrative overhead.
- Scalability - Agentless monitoring can be easily scaled. Network scanning techniques allow organizations to discover and monitor a wide and diverse range of devices across their infrastructure.
- Non-intrusive - This method does not impact the performance or behavior of the devices being monitored since there are no agents running on them.
- Extended coverage - It can provide visibility into devices that may not support or allow agent installation, such as network devices, printers, or legacy systems. This enables organizations to have a more comprehensive view of their IT assets.
Cons of agentless monitoring
- Limited granularity - Agentless monitoring may provide less granular and detailed information compared to agent-based monitoring. Certain asset attributes, such as software usage metrics or detailed hardware configurations, can be more challenging to obtain.
- Dependency on network accessibility - As it relies on network connectivity and access to devices, if devices are offline, firewalled, or located in remote environments, collecting asset data may be more challenging or impossible.
- Reliance on standardized protocols - This method depends on the availability and support of standardized protocols, such as SNMP or WMI. If devices do not support these protocols or have limited compatibility, gathering asset data may be limited or require alternative approaches.
- Data accuracy and timeliness - It relies on periodic scanning and data retrieval, which means that the collected data may not always be real-time, and there is a potential for inaccuracies due to network latency or device configuration changes between scans.
Agent vs. agentless: Which is better?
While both agent-based and agentless approaches to ITAM have benefits, the winning method must combine both. This makes up a more extensive and adaptable ITAM solution, prepared to respond to a wide range of scenarios.
Here are the reasons why combining agent-based and agentless monitoring is advantageous:
|Coverage and visibility||
|Flexibility and scalability||
|Data accuracy and timeliness||
|Compliance and security||
Provides detailed insights into:
As you can see, combining agent-based and agentless ITAM monitoring maximizes coverage, flexibility, and data accuracy. Basically, it provides a comprehensive view of the IT infrastructure.
How InvGate Insight’s Agent works
InvGate Insight offers both agent-based and agentless alternatives to truly empower users and adapt to their specific company needs. By being able to choose, they can leverage the coverage of agentless ITAM software while obtaining the detailed information only an agent can provide from key assets.
Insight's Agent is designed to facilitate data collection and monitor the devices where it’s installed. It is a vital component of our software, as it can help your organization to:
- Gather accurate and real-time asset data.
- Enhance visibility.
- Control the IT infrastructure.
- Support effective ITAM practices.
What operating systems is the Insight Agent available for?
The Insight Agent is available for the following operating systems:
- Windows XP onwards.
- Windows Server 2003 onwards.
- Ubuntu 12.04 onwards.
- Debian 8 onwards.
- CentOS 7 onwards.
- RHEL 7 onwards.
- Oracle Linux 6/7.
- macOS 10.13 (High Sierra) onwards.
- Android 5.0 onwards.
The Insight Agent can be installed manually and remotely on Windows, Linux, and macOS, as well as through GPO for Windows operating systems (you can find this information in the Active Directory).
The agent deployment process is simple:
- Log into your InvGate Insight instance as an Administrator.
- Go to Settings >> Network >> Agent Deployment.
- Select the operating system and method of installation.
If concerned about the resources the Agent utilizes (and how that might affect your organization’s asset performance), don’t worry. Insight’s Agent weighs 23MB, which maintains a service that consumes less than 10MB of RAM. It’s designed to pull out information with minimal resources. It scans assets every 4-12 hours, and transfers an encrypted package of less than 100kb.
How does the Agent work within InvGate Insight?
When an Agent is installed, it gets assigned an AgentID to identify it. This links the asset to your InvGate Insight inventory. From the moment the Agent is installed, it reports to the InvGate Insight server every 8 to 12 hours. Each time it submits an inventory, the date and time of the following report is automatically calculated. If the computer is turned off, the Agent will send the inventory as soon as the computer is back on.
Overall, it collects critical data to report to your instance. This includes:
- Device status
- Installed hardware
- Installed software
- Operating system information
- Logged-in users
- Network information
- Geolocation (Windows 10 onwards)
How to use InvGate Insight without the Agent
InvGate Insight's Discovery feature creates an automated and unattended inventory of all the devices connected to your organization’s network. Of course, it doesn’t require an installed agent to work, but keep in mind that it won’t map assets outside your physical premises (remote workers’ laptops, for instance).
You can automate the feature to scan the network periodically, and add to your IT inventory only the assets you’re interested in. Once they’re in, make sure to include them into the CMDB (Configuration Management Database).
It is particularly helpful to discover network-connected devices on which the Agent does or can not run, such as printers, switches, routers, IP phones, etc. Plus, it’s a great way to detect shadow IT and keep your network safe. However, for computers, we encourage you to install the Agent since it provides more information.
How does Discovery work?
Discovery is the first step to automating the IT device inventory process. To do so, you need to contact all the IPs specified in the InvGate Discovery configuration and identify which ones are active through a series of protocols, including at least DNS, ICMP, mDNS, NetBIOS, SNMPv1, SNMPv2c, SNMPv3, TCP, and UPnP. The collected data will be used to detect the following information:
- Device name.
- Device type.
- IP address.
- MAC address.
- Serial number.
How can you see the results?
As simple as it sounds, you can access all found devices in the “Discovery” tab within the “Assets” section. Here, you will be able to find the following data to identify and convert the devices to assets:
- MAC address.
- Source Type and Discovery source name.
In this section, you can also resolve conflicts, ignore assets, generate an inventory item from the discovered devices, and approve the devices that were categorized as “not secure.”
Once the asset is found, the device status can be:
- Pending - This is the initial status of discovered devices. Once marked as pending, you can convert them to assets in your inventory.
- Ignored - Ignoring a device means that it won’t be turned into an asset. However, they can go back to “Pending” if you want to pay attention to them again or add them to your inventory.
- Processing - This is the status of devices in the process of being converted to assets.
You can also track all the previous logs in your instance and get an overview of the latest scans by going to Settings >> Network >> Discovery sources and clicking on "Logs."
Converting a discovered device into an asset
To add a “Pending” asset to your inventory, you must follow these steps:
- Choose a device.
- Press the “Convert to Asset” button.
- A menu will show up on the right margin, which will allow you to fill in the rest of the asset information.
- Press the “Apply” button.
Once the discovered device has been converted to an asset, go to the “Explorer” tab within the “Assets” section to see its profile. To access the profile, click on the asset’s name. The “Summary” tab can contain the following information:
- Asset details - Name, description, object identifier, manufacturer, model, IPv4, MAC address, serial number.
- Location - Indicates the asset location. This information is assigned manually in the
- Contact - Indicates the name, phone number or email address to contact the user or
- department responsible for the asset. This information is assigned manually in the
- Requests - Status of open requests, linked via InvGate Service Desk.
- Tags - Tags assigned to the asset.
- And more!
In the case of printers, the “Ink levels” box shows the percentage of remaining ink. Click on the icon to view the color codes and the serial numbers:
In addition, the “Interfaces” tab can provide detailed information on the asset interfaces:
- Description - Interface description.
- Status - Indicates whether the interface is active or not.
- Index - Index assigned to the interface.
- Admin - Indicates whether the interface administration is active or not.
- Type - Type of interface.
- Physical address - MAC address of the interface.
- And more!
Agent-based monitoring offers real-time data and detailed insights into devices that have an agent installed on them. Meanwhile, agentless monitoring provides broader coverage and captures information from devices without agents.
However, the conclusion should be clear by now: the best approach is to combine both to have a complete view of the IT infrastructure and be able to implement a proactive ITAM strategy. This way, you’ll be able to effectively manage a diverse range of assets, improve compliance and security measures, and adapt to evolving IT environments. Basically, more coverage makes your overall ITAM more effective.