When Should I Use Agentless and Agent-based Solutions?

Version 4

    When Should I Use Agentless and Agent-based Solutions?


    This article is an excerpt from the Protect 9 Admin Guide

     

    Shavlik Protect is, at its roots, an agentless solution. With a few simple configuration steps, however, Shavlik Protect can also provide agent-based services. This section explains when to implement each solution.

     

    For Patch Management and Asset Management Tasks


    Start with the Agentless Features of Shavlik Protect

    For large enterprises containing thousands of machines, the ease of use provided by the agentless technology of Shavlik Protect can be used to address the patch management and asset management needs of the vast majority of the machines in your enterprise. Shavlik Protect can be used to discover which target machines are missing patches and automatically deploy the missing patches. It can also scan your target machines and report on the software, hardware, and virtual assets contained on the machines. Using Shavlik Protect you can scan and fix, from one central location, the vast majority of the machines in your network within minutes.

    Polish Things Off with the Agent-based Features of Shavlik Protect

    Most large enterprises have machines in hard-to-reach places: machines in remote locations, laptops that roam to different locations or that park and dock outside the office, machines in protected zones (DMZs), etc. For these devices you can use the agent-based features provided by Shavlik Protect, which are implemented using Shavlik Protect Agent. With Shavlik Protect Agent you can be sure that these machines are scanned regularly, even if they are disconnected from your enterprise network. Note: There is one exception; agents can be used to perform software asset scans and hardware asset scans, but they cannot perform virtual asset scans.

     

    For Threat Management Tasks

     

    The threat management capabilities within Shavlik Protect must be implemented using agents. With the threat management capabilities you can configure an agent to scan for and remediate threats such as spyware, worms, viruses, trojans, rootkits, and more. You can also configure it to provide real-time monitoring and protection on your target machine against known and unknown threats.

     

    For Power Management Tasks

    A number of the power management tasks apply only to agentless situations. This includes the Shutdown now, Restart now, and Wake-On-LAN tasks that are initiated from Machine View or Scan View. These tasks require the target machines to be accessible from the console and are therefore not implemented within an agent policy.

    Power management tasks that use a power state template, however, can be implemented in either an agentless or agent-based manner. You may consider using an agent-based power state task under the following conditions:

    • If you want to apply your power management policy consistently across all machines within your organization (connected and disconnected).
    • If you have machines that may not always be reachable from the console (for example, machines in a DMZ).
    • If you are concerned with network bandwidth issues.

    An agentless power state task will push a small number of files from the console to each
    target machine -- if a large number of machines are involved it may affect the
    performance of your network.

     

    Affected Product(s)

     

    Shavlik Protect Version: All