We seem to invest heavily in IT service management solutions that are highly dependent upon agent technologies for the visibility needed to “drive” (i.e. access, secure, manage and control) the desktops, laptops and servers within our IT infrastructure. Are these applications so compelling that we trust traditional agent-based management models which are inherently vulnerable to the same risks as the endpoints they manage? Is it wisdom to introduce the resultant IT operational handicaps of being unable to identify over 15-20% of our infrastructure’s endpoints1 due to issues of hidden, missing, outdated, or misconfigured agents required for anti-virus, inventory and patches?
Given the significance of the functionality of these mission critical IT management and security applications, I would venture that the answer is ‘yes’ …but with the qualifier that agentless technology be an essential component to many IT service management tasks and processes.
The Culprit of Change – The impact of infrastructure changes upon agents used in the management and security of personal computers and servers is significant. A great example of this vulnerability is the fragile nature of the Microsoft OS with its high susceptibility to configuration issues and security risks when frequent change is introduced into that environment. Windows reliance on agent software to discover, track, configure, update, patch, secure and monitor software illustrates its susceptibility to change when unauthorized processes and services are introduced that create changes to the registry settings. When an endpoint problem is identified, it frequently occurs because one of these three key Microsoft building blocks is altered, disrupted, or not in alignment with your business’s policies and procedures. The managed item (…or the problem ‘child’ that is wrecking havoc in the IT support community) unexpectedly becomes invisible to the management or security console that is constantly checking, analyzing, fixing all target components of the IT infrastructure.
Consequently, lower levels of IT service are provided to the end user community jeopardizing contractual Service Level Agreements. Cost of support escalates to unexpected and unacceptable levels when scarce staffing resources are allocated to finding and remediating IT issues, particularly at remote locations. Endpoint data is too frequently returned that is incomplete, outdated or inaccurate making many decisions driven off this data collection process highly inaccurate. Non-compliance to corporate IT operational and security policies becomes visible and suspect. Security vulnerabilities are inappropriately exposed or even worse, remain unknown.
Growing Demand – The expanding need for agentless technologies as part of the IT support community was recently confirmed by an Aberdeen Group survey2 that identified the significant trend to increase planned investment in agentless technologies …a 300% increase in 2011 over 2010. This trend reflects the need for some type of objective way to measure, monitor, report, and correct how the agents are actually working. The common expectation is that the management or security console provides that information. Yet how can a console identify and report on the problem if the actual issue stems from a registry key or a process that isn’t working. If your endpoint doesn’t know that key or process isn’t working, how can it notify the console to report on that problem? …a genuine Catch-22.
For a Windows system to function properly, certain critical applications and agents must be deployed in order to maintain, protect and secure that computing environment. What has been missing is some type of easy, automated solution that functions like a “master of agents” which finds, measures, monitors, reports and corrects the agents that aren’t working properly …without requiring the use of the agent to identify and fix what it can’t do for itself …some type of “agentless” approach that compliments and enhances the use of existing IT service management tools in order to actually work as promised.
Fortunately, there are multiple forms of agentless technologies, each with its own set of pros and cons. The earliest and most common implementation of agentless has been Microsoft’s own Windows Management Instrumentation (WMI). A more recent agentless approach is to leverage the administrator privileges of most operating systems, particularly Windows, to implement a subset of required endpoint control functions. Active X and Dissolvable Agents are also frequently referenced in the agentless camp. The critical test for agentless technologies centers in its ability to more effectively resolve the IT management and security endpoint issues of the Windows environment.
Impact of Cloud on Endpoint Control – Cloud provisioning is becoming one of the major technology shifts of our era. Yet, from the perspective of better aligning IT with the business community, Cloud offerings seem to be more the symptom and less the issue. Most current Cloud initiatives are driven by business demands for more rapid provisioning of infrastructure and applications at lower cost, reflecting dissatisfaction with IT’s ability to deliver technology in a format acceptable to business decision makers. Unfortunately it also reflects some lack of understanding by business users re: the critical role of IT Operations in delivering, securing and managing technology for the enterprise.
The ability to grasp what endpoints are within our computing environments is a huge issue in moving to the rapid acceleration of cloud services. It is not just that new endpoint technologies are forcing the network perimeter to become more porous by the week. It is also the fragile nature of the Windows operating system upon which so much of our computing infrastructure (…and business objectives) are dependent. How can we talk about provisioning and managing a dynamic, heterogeneous cloud infrastructure when you can’t see 20% of your Microsoft endpoints?
ITIL Benefits – In a technology support environment where IT Operations are expected to do more with less, some form of agentless technology becomes essential to the success of the IT Support desk. The impact that improved endpoint control can have on the basic ITIL management support processes of more accurate and timely incident management, problem tracking and asset discovery, faster problem resolution, more effective change management, tighter monitoring of product and application releases, more efficient software configuration management ensure stronger service management to the end user communities. Improved accountability from better endpoint service level measurement provided by third party outsources as well as internal IT operations is invaluable. More accurate, complete and timely data for planning purposes of availability, power management, service continuity, security, software asset management are improved. I would offer that agentless technology could be a very, very good thing for IT Operational Excellence with benefits of increasing operational efficiency, lowering operational costs and increasing operational accountability to the end-user (business) community.
 “2010 Endpoint Risk Assessment: Internal Vulnerabilities – 4th Annual Inspection Results of over 100,000 Endpoints,” Promisec Inc., January 2011, 10 pages.
 “The Zen of Network Access,” Derek Brink, Aberdeen Group, January 2011, 28 pages.