When Should I Use Agentless and Agent-based Solutions?

Security Controls is, at its roots, an agentless solution. With a few simple configuration steps, however, Security Controls can also provide agent-based services. This section explains when to implement each solution.

For Patch Management and Asset Management Tasks

Start with the Agentless Features of Security Controls

For large enterprises containing thousands of machines, the ease of use provided by the agentless technology of Security Controls can be used to address the patch management and asset management needs of the vast majority of the machines in your enterprise. Security Controls can be used to discover which target machines are missing patches and automatically deploy the missing patches. It can also scan your target machines and report on the software, hardware, and virtual assets contained on the machines. Using Security Controls you can scan and fix, from one central location, the vast majority of the machines in your network within minutes.

Polish Things Off with the Agent-based Features of Security Controls

Most large enterprises have machines in hard-to-reach places: machines in remote locations, laptops that roam to different locations or that park and dock outside the office, machines in protected zones (DMZs), etc. For these devices you can use the agent-based features provided by Security Controls, which are implemented using Security Controls Agent. With Security Controls Agent you can be sure that these machines are scanned regularly, even if they are disconnected from your enterprise network.

There is one exception; agents can be used to perform software asset scans and hardware asset scans, but they cannot perform virtual asset scans.

For Power Management Tasks

A number of the power management tasks apply only to agentless situations. This includes the Shutdown now, Restart now, and Wake-On-LAN tasks that are initiated from Machne View or Scan View. These tasks require the target machines to be accessible from the console and are therefore not implemented within an agent policy.

Power management tasks that use a power state template, however, can be implemented in either an agentless or agent-based manner. You may consider using an agent-based power state task under the following conditions:

  • If you want to apply your power management policy consistently across all machines within your organization (connected and disconnected).
  • If you have machines that may not always be reachable from the console (for example, machines in a DMZ).
  • If you are concerned with network bandwidth issues.

    • An agentless power state task will push a small number of files from the console to each target machine -- if a large number of machines are involved it may affect the performance of your network.

For Application Control Tasks

An agent is the only way to implement application control tasks in Security Controls. For overview information on configuring and implementing application control, see Application Control Overview.

Patch Management Tasks

All patch management tasks on Linux-based machines are performed using agents. For more information, see Overview of Linux Patch Management.

Power Management Tasks

Only a power status scan can be performed on Linux machines from the console . All other power management tasks on Linux-based machine are performed using agents.