Patch for Windows, powered by Shavlik

Agentless vs. Agent-based Solutions

Ivanti Patch for Windows provides both agentless and agent-based solutions. This section describes, in general terms, the benefits of each solution. The sections that follow explain in more detail how to use an agent.

Agentless Solution

Agentless systems are based on push technology and on a centralized design.  A central authority is responsible for scanning the machines in the enterprise and for initiating all actions on those machines. Agentless systems have a number of advantages over agent-based systems. Strict agent-based systems can only report on machines that have the agent actively running. If the agent has been disabled the machine will appear to not exist. In addition, new machines can be introduced to a network and these rogue machines will not only be agentless, they may well be invisible. Agentless systems, on the other hand, can scan ranges of IP addresses and report on machines it finds. Even if it cannot access the system, the agentless scanner will at least report that a new IP address is present on the network. In many cases agentless systems lower the cost of ownership, reduce management overhead, and provide for quick and easy deployment. This is especially true in large enterprises managing 10,000 or more machines.  An administrator can be scanning and fixing their network within minutes using an agentless system.

In Ivanti Patch for Windows, all patch, asset, and power management tasks can be performed without agents.

Agent-based Solution

Patch management and asset management

Certain types of users or systems can pose problems for agentless solutions. Machines that must reside in a ”de-militarized zone” (DMZ), roaming users, and disconnected or inactive machines can all prove problematic. In these cases an agent-based solution is often the best answer. Agent-based solutions consist of proprietary client-side communications software that resides on a computer and facilitates communications with server-based administrative software. The agent scans the client machine for information and then provides the information directly to the server console.

An agent-based solution is a useful complement to an agentless patch management and/or asset management solution. Outfitting your troublesome systems with agents provides the best of both worlds--agentless solutions to protect machines permanently or newly introduced to the network, and agent-based solutions for the hard-to-reach machines.

Power management

Power management (including Wake-on-LAN) requires either a Ivanti Patch for Windows Advance license or a separate add-on license for Ivanti Patch for Windows Standard.

An agent-based solution is also well suited for performing power management tasks. For example, if you want to be sure your portable machines are not left powered on late at night or over the weekend, an agent can be used to automatically shut down those machines. In addition to saving power and avoiding unnecessary wear, shutting down your disconnected machines during those times they are likely to be left unattended is also a smart security precaution.



Designed for centralized environments

Based on push technology

Ideal for networks with large amounts of bandwidth

Dependent on network connectivity

A central authority does all the scanning and deploying

Best for performing patch management and asset management tasks on networked machines


Best for frequently disconnected machines or machines in the DMZ

Based on pull technology

Ideal for distributed networks with remote locations that have limited bandwidth

Less dependent on network connectivity; ideal for mobile computers that are not always connected to the network

Each agent does its own scanning and deploying based on policies defined on the central console

Best for performing patch management and asset management tasks on disconnected machines

Was this article useful?    

The topic was:



Not what I expected