What about agentless configuration management (CM)?
First impressions can be lasting impressions
We have found that the arguments against agents are usually related to really bad experiences with really poorly written agents. In many cases companies develop agents without really considering what the right tool for the job is. That means you wind up with a Java based agent that brings along with it a massive runtime that has a very large footprint, creates a drain on system resources, and is slow to perform.
On the other hand, having an agent allows for a degree of capability and control that you just can’t get with an agentless system. An agent purposely written to support the software application can interact with systems in ways that typically are not possible with agentless setups. Agents have direct control over the tasks they perform, can manage I/O effectively, and deal with hangs and error conditions far better.
“Agentless” setups really aren’t
When you see “agentless”, you’re almost always talking about using SSH. But that’s really an agent. It’s an agent that accepts incoming user connections, manages them, and deals with the processes, I/O, and connection issues directly.
The problem is, SSH was designed to be an agent to manage interactive connections from users, not to remote execute tasks.
Orca’s agent was designed and tweaked to be highly efficient and perform the specific tasks needed to effectively control remote task execution. Orca’s agent is a standalone binary – it requires no other runtimes or configuration. It’s also small, 5-8 MB depending on the platform. It will start and run with no configuration requirements from a command line. It also contains itself to a single directory, and removing that directory removes all traces of the agent. The agent can be run as a regular user or as a system service and only requires a single configurable port to operate.
Orca supports automatic updates
Orca’s agent supports automatic updates – the Orca console can broadcast out an agent update and the remote systems will update themselves with zero interaction.
Orca understands your firewalls
More importantly, our agent paradigm understands routing. That means you can have a single connection to a data center through one IP and still effectively manage any number of servers behind that ‘firewall’ server. Orca sends a single compact request to that gateway agent, and that agent can then replicate and route that request to any number of servers, even if that means going through yet another gateway again. This is pretty important from a scaling perspective. A big issue for management systems that talk to lots of servers is that they require direct connection to the initiating console.
For instance, say you need to send a config change to 500 servers. For other systems, all 500 agents must be able to talk to the console. That would create 500 simultaneous network connections, killing the console server and flooding the network.
You will see products offer ‘throttle and tuning’ controls to achieve performance (really just helping hide the negative performance). They do this because their design is flawed. With Orca, you can specify a few ‘gateway’ servers (they don’t have to be firewall situations) and Orca will ‘fan out’ the request. This means the console sends out 5 or 6 requests, and those 5 or 6 fan out to 10 or 20, and those fan out to another 10, and so on.
With Orca, however, your console does just a handful of connections and then goes about its business.
Inbound the gateways provide a flow control for return requests. Think of a ping going out and fanning out at multiple points. Those pings follow that same route back so the gateway servers can collect and manage incoming responses, instead of 500 or a thousand servers all trying to push data to the console server all at once.
So in the agent vs agentless debate, “agentless configuration management” might sound enticing, but it can confuse the means with the ends.
If your IT organization is seeking a small footprint CM solution which navigates efficiently through firewalls, please and request a demo consultation for more information.