Agent vs Agentless network application discovery is a common discussion point when considering different network application discovery options. “Agent-led solutions are more resource-heavy” one person might say, while the other counters with “Agentless options are far less accurate.”
At VNT, we believe that you’re having the wrong conversation and that this may lead to your business accepting a network discovery solution that is inherently limited. In reality you don’t have to compromise on either resource consumption or accuracy.
Here’s why an approach that achieves network discovery based on wire data and real traffic data will check all the boxes for your application dependency discovery project.
How Does it Measure up for Security?
Every open port is a potential gap in your security ecosystem, a hole that can be leveraged to gain access to your network. Both Agent and Agentless network discovery solutions need to open firewalls in order to achieve their discovery capabilities. In fact, in an Agent-based solution, firewalls need to be opened from every server back to the central server to allow the Agents to communicate information.
In contrast, VNT’s proprietary network discovery technology works without firewalls, offering a much higher level of protection than either of the former choices.
How Easy is Deployment for Each Option?
It goes without saying that an agent-based network discovery solution has a complex deployment attached to it. After all, you will need to install an agent on every server, a major project in an enterprise data center. Agentless discovery solutions also require architecture and network changes, opening inbound ports and configuring the solution on each and every endpoint.
VNT network discovery can be achieved with no network or infrastructure changes, in a matter of minutes from your dashboard. Simply set up NetFlow or sFlow on your environment, enter a URL and you’re ready to start viewing application maps.
What’s the Impact of VNT Network Discovery on Resource Consumption?
Any network discovery solution with access to your servers will be resource-intensive, whatever a vendor promises. Think about having an Agent on every server, which has a direct impact on the CPU and memory resources of those servers, by their very existence. An Agentless network discovery solution impacts resources in a different way. As your performance data is sent over the network from the servers to a remote data collector, the additional network traffic is a strain on resources.
That’s one of the reasons why we designed VNT’s solution to work without access to your servers at all. No access means no impact, and we can truly call ourselves lightweight.
Can you Compete with Agent Network Discovery Solutions on Accuracy and Scale?
Yes! We worked hard to ensure that our application discovery tool offers the same high level of accuracy and scale as an Agent-based application discovery tool.
In terms of accuracy, both agent-based and agentless network discovery solutions discover all applications and their dependencies with granular detail. In contrast, an Agentless solution is subject to protocol limitations and relies on low-frequency data collection. This usually results in low accuracy, with a limited amount of applications and dependencies identified on your map.
Now let’s think about scale. For Agentless solutions, it’s a non-starter again. Your server will have an intrinsic limit on how many connections it can handle at the same time. Scale? What scale? Agent-based network discovery solutions are known for being easy to scale, as the server can handle more processes at the same time. VNT discovery uses NetFlow, allowing a single server to scale to a very large enterprise data center, and unlike Agent-based tools, without any additional resource requirements on your servers.
I’m Intrigued. But How Robust is VNT Network Discovery?
Let’s bring it home for you. Agent-based network discovery solutions rely on installing an Agent on every single server. New servers will be blind spots until that work is done. As soon as one Agent stops working, your visibility is gone. This could happen at any time, with zero warning. If you turn to an Agentless solution to avoid these gaps, now you’re subject to networking issues. One unstable network connection and your data is going to suffer in accuracy and availability. This is down to the way that process initiation and stream handling is all done on the server itself.
VNT network discovery automatically collects data from any new servers on the network, and the network connection hardly affects mapping at all.
Why rely on a server-level solution that’s prone to blind spots and networking issues, if you can use statistical network analysis and data sampling to get more secure, accurate, and cost-effective network discovery and mapping?