Thank you for your post. So there is one thing that needs to be made clear first. Anything run from the console like you've stated is an Agent-less operation and then of course anything run through the agent will be an Agent-based operation.
With that being said, agents were never designed to be watched at every moment. The purpose of an agent was to allow the scanning and deploying of patches to be done on machines that you don't have constant or any access to from your console machine. Because of this, there is no results window to where you can watch and see what the agent is doing at the current time from your console server. All data as it happens would be visible from the agent GUI.
Viewing the results of the agents would be done from the Machine View (View > Machines) as this is where the data from the scans and deployments would be seen once the agent has checked in successfully with the console.
I understand the intention, but in reality if I'm using agents to help build out my patch coverage, don't I need to know the results of agent actions in order to report on compliance? If I have 100+ machines using the agents, and another 1500+ going agentless, you can't expect me to check in with each 100+ of those to manually review the outcome of a patch or scan operation, can you?
I guess I'm just not seeing the value of the agent. If I can't check on the results, queueing up the deployment is unreliable and no better than just manually RDPing to the machine and running the patch... or am I missing something?
So let's role play... it's patch Tuesday:
1) Patches drop into Ivanti
2) I run scans on all machines. You're saying this is agent-based regardless of whther or not the machines in question have an agent installed. So how am I queueing a scan on all agent based machines?
3) Scan results come back, I schedule for deployment.
4) I have no way of knowing whether the agents successfully installed, only that they communicated back? .... again, seems a bit odd.
Thanks in advance,
Thank you for you reply. So again, the biggest thing to remember is that any scans and deployments you initiate from the console are agentless. The agent is never used in any of those operations.
The agent again was meant to run their tasks without any need to be hand-held on everything needed to be done. The agents are configured with an agent policy that will do all the scanning and deploying of patches versus having to set those operations from the console.
For example, in your scenario, steps 2 and 3 are agentless operations. The agent was not being used for communication or detection of updates. As for #4, if agents are running the patch deployment, the results will sent back to the console on the next check-in to state what patches were installed and if anything may still be missing.
As for reporting, you can run reports like normal as the agents data will be included in your reporting along-side any agentless operations. The individual machine data would be represented like the following: It will show the domain\machinename$ like below when running a report.
If you need any of this further clarified, I would recommend that you open a phone case in the support portal here to discuss this further.