We currently are using agents on our desktops and manage all our servers as "agentless".
A question that came up recently to a very time sensitive high availability set of servers, is how resource intensive are security patch scans on the systems in a machine group? There is a concern that running scans throughout the day while these systems are needed could cause a theoretical slowdown. Let me know your thoughts and experiences!!
Agentless scans should cause little or no resources to be used on the client systems unless you have security software like antivirus that tries to block or diagnose our scanning process. Agent scans however will use a larger amount of resources on the client machines since the scan is being initiated on the system itself. Agentless and Agent patch deployments should use a similar amount of resources as the majority of the work is being done by the installers themselves which will be the same regardless of the deployment method used.