Is Going Agentless “Essential” for Business Service Management Initiatives?
by Bill Keyworth
You’re investigating the purchase of a fabulous new driving machine …with some of the most innovative and latest features available in automotive technology. In order to build and deliver this mechanical marvel, the manufacturer had to design and implement an instrument panel in the middle 18 inches of the windshield creating a significant visibility issue for the driver. However, the enhanced maneuverability, braking, and performance are so compelling that a sense of justification for buying the vehicle overrides the visibility handicap. Unfortunately the long term result is obvious with numerous accidents, personal injuries, unexpected lawsuits, and excessive mean-time-to-repair.
Yet, in an effort to better support our business customers, doesn’t IT invest heavily in IT service management solutions that are highly dependent upon agent technologies for the visibility needed to “drive” (i.e. access, secure, manage and control) the desktops, laptops and servers within our IT infrastructure? These Business Service Management (BSM) oriented investments in endpoint management do impact the actual gateways of the business community into our IT infrastructure. Are these ITSM applications so compelling that we’ve succumbed to the sirens of functionality and increased our subsequent dependency upon inconsistent management visibility to agents …on trusting traditional agent-based models which are inherently vulnerable to the same risks as the endpoints they manage?
The inherent dependency of Windows upon these agent-based management tools is a primary factor in the flexibility and strength of the Microsoft operating system in becoming the IT infrastructure of choice for over 90% of enterprises. Yet is it prudent from a business perspective that IT is subsequently unable to identify 10-25% of the infrastructure’s endpoints due to issues of hidden, missing, outdated, or misconfigured agents required for anti-virus, inventory and patches? Given the significance of the these mission critical IT management and security applications upon business processes, the answer is to complement agent technology with agentless capabilities that are essential to our IT service management tasks and processes or Business Service Management initiatives.
The Culprit of Change
What is it about agents that introduce so many issues in the management and security of personal computers and servers? The answer is simple, yet incredibly complex to resolve …change within the infrastructure. Let’s use the business community’s huge investment in Microsoft to demonstrate this vulnerability to change. Even though Windows is a significant component of almost every IT shop …it becomes fragile and highly susceptible to configuration issues and security risks when frequent change is introduced into that environment.
Windows reliance on agent software to discover, track, configure, update, patch, secure and monitor software illustrates its susceptibility to change when unauthorized processes and services are introduced that create changes to the registry settings.
When an endpoint problem is identified, it frequently occurs because one of these three key Microsoft building blocks is altered, disrupted, or not in alignment with your business’s policies and procedures. The managed item (…or the problem ‘child’ that is wrecking havoc in the IT support community) unexpectedly becomes invisible to the management or security console that is constantly checking, analyzing, fixing all target components of the IT infrastructure.
Consequently, lower levels of IT service are provided to the end user (business) community jeopardizing contractual Service Level Agreements. Cost of support escalates to unexpected and unacceptable levels when scarce staffing resources are allocated to finding and remediating IT issues, particularly at remote locations. Endpoint data is too frequently returned that is incomplete, outdated or inaccurate making many decisions driven off this data collection process highly inaccurate. Non-compliance to corporate IT operational and security policies becomes visible and suspect. Security vulnerabilities are inappropriately exposed or even worse, remain unknown.
Growing Demand for Agentless Technologies
The expanding need for agentless technologies as part of the IT support community is confirmed by an Aberdeen Group survey that identifies the significant trend to increase planned investment in agentless technologies …a 300% increase in 2011 over 2010. This trend reflects the need for some type of objective way to measure, monitor, report, and correct how the agents are actually working. The common expectation is that the management or security console provides that information. Yet how can a console identify and report on the problem if the actual issue stems from a registry key or a process that isn’t working. If your endpoint doesn’t know that key or process isn’t working, how can it notify the console to report on that problem …a genuine Catch-22.
For a Windows system to function properly and deliver against business demands, certain critical applications and agents must be deployed in order to maintain, protect and secure that computing environment. For Windows to run correctly, efficiently and effectively, there is a collection of agent-based tools essential to run your business on Microsoft technology. What has been previously missing is some type of easy, automated solution that functions like a “master of agents” which finds, measures, monitors, reports and corrects the agents that aren’t working properly …without requiring the use of the agent to identify and fix what it can’t do for itself …some type of “agentless” approach that compliments and enhances the use of existing IT service management tools in order to actually work as promised.
Only then can IT organizations hope to achieve BSM goals to increase operational efficiency, lower operational costs and increase operational accountability to their end-user (business) community.
Multiple Agentless Options
The earliest and most common implementation of agentless was Microsoft’s own Windows Management Instrumentation (WMI). WMI is defined as a “set of extensions to the Windows Driver Model that provides an operating system interface through which instrumented components provide information and notification.” WMI originated in the late 90’s as one of Microsoft's approaches to standards-based requirements for IT management outlined from the Distributed Management Task Force (DMTF).
WMI’s adherence to principles of agentless and its resulting pervasiveness have made significant contributions to the management of distributed and networked systems and applications that are built upon the Windows Operating System. Unfortunately, there are known complexity and network/system performance issues that preclude its broad appeal for the needed “master of agents” approach to resolving many common IT management and security issues.
A more recent approach to agentless technology is to leverage the administrator privileges of most operating systems, particularly Windows, to implement a subset of required endpoint control functions. The negligible bandwidth requirement for networks, low impact on endpoint performance and minimal end user permissions, exempts this form of agentless from the complexity and performance issues associated with WMI. However, such ubiquitous usage precludes vendor-specific implementation and maintenance tools for endpoints, (i.e. anti-virus, patch management, software configuration, etc.) yet complements these existing IT solutions by ensuring that they are installed, up-to-date and configured appropriately in order to fulfill that tools’ purpose for existing. By overseeing what is installed or not installed on the endpoints, this agentless technology could better leverage what the IT support organization already has in place, from agents to support teams to 3rd party contractors …allowing such resources to work as intended.
Many vendors and programmers position Active X as another agentless approach. The value of Active X as a way to define reusable software components, including elements of security and manageability, is unquestioned. Yet the primary use of Active X controls, or building blocks, for code reusability within a web-environment create nuances that both help and hinder the needed “master of agents” approach. The similar purpose and successful use of Java applets for non-Windows environments illustrates the unique elements that make the Microsoft OS an increased management and security challenge.
Dissolvable Agents are sometimes referenced in the context of agentless. Frequently installed on endpoints that are not currently managed by enterprise administrators, dissolvable agents are usually java-based. These unique types of agents are delivered on-demand and without administrative privileges and can be used to evaluate and remediate endpoint operational support issues. Again, by design, this beneficial approach to non-corporate environments precludes its use for endpoint resolution and compliance issues within the confines of enterprise IT management and security.
As noted, there are pros and cons to each of the agentless approaches. However, most critical is the unique contribution that agentless technologies provide to more effectively and more broadly resolve the IT management and security endpoint issues of the Windows environment.
Impact of Cloud on Endpoint Control
It’s not possible to discuss ‘technology’ options without reference to Cloud Computing. Cloud provisioning is truly one of the major technology shifts of our era. Yet, from the perspective of better aligning IT with the business community, Cloud offerings seem to be more the symptom and less the issue. Most current Cloud initiatives are driven by business demands for more rapid provisioning of infrastructure and applications at lower cost, reflecting dissatisfaction with IT’s ability to deliver technology in a format acceptable to business decision makers. Unfortunately it also reflects some lack of understanding by business users re: the critical role of IT Operations in delivering, securing and managing technology for the enterprise. The ability of business to suddenly grasp the nuances, issues and trade-offs continually required by IT Operations is not a high expectation.
Industry observers have consistently highlighted the rapid adoption of Cloud Computing and Cloud Services by end users which is driving an explosion of interest within the vendor community. The ability to grasp what endpoints are within our computing environments is a huge issue in moving to the rapid acceleration of cloud services. It is not just that new endpoint technologies are forcing the network perimeter to become more porous by the week. It is also the fragile nature of the Windows operating system upon which so much of our computing infrastructure (…and business objectives) are dependent. How can we talk about provisioning and managing a dynamic, heterogeneous cloud infrastructure when you can’t see 20% of your Microsoft endpoints?
In a technology support environment where IT Operations are expected to do more with less, some form of agentless technology becomes essential to the success of the IT Support desk. The impact that improved endpoint control can have on the basic ITIL management support processes of more accurate and timely incident management, problem tracking and asset discovery, faster problem resolution, more effective change management, tighter monitoring of product and application releases, more efficient software configuration management ensure stronger service management to the end user communities. Improved accountability from better endpoint service level measurement provided by third party outsources as well as internal IT operations is invaluable.
More accurate, complete and timely data for planning purposes of availability, power management, service continuity, security, software asset management are improved. In short, agentless technology is indeed a very, very good thing for IT support, and hence for Business Service Management initiatives which impact the end user’s IT experience.
Register for our monthly newsletter