Cloud Management – Why we selected an Agentless approach instead of using Agents?
Automating the deployment and runtime management of large application deployments running on multiple cloud resources across various cloud providers is a challenging problem. Managing remote resources is not a new problem the big difference is that in cloud the resources are added and removed dynamically and at a larger scale. Before cloud, people built management systems using two approaches:
Historically the major trade-off between the agent and agentless approaches has been control vs. rollout time and maintenance costs. You usually get more control with the agent approach compared to the agentless approach. Whereas, the agentless approach is easy to deploy and manage as it doesn’t require rolling out new agents and maintaining their versions.
At Kaavo, for deploying software and performing runtime configuration management we chose to use SSH instead of requiring proprietary agents to be installed on the managed cloud resources. Some of the design considerations for our decision are as follows:
Easier Rollout and Ongoing Maintenance: Using SSH for management gives you the same or more control and security when compared to an agent-based approach, without the overhead of deploying and maintaining proprietary agents on all images across all supported datacenters.
Better Security: Both the agent and agentless (SSH) approaches require communication between the group of manager servers and the servers/resources being managed. As a result, you have to manage the firewall rules on the communication ports (for incoming and outgoing packets) properly on the cloud servers/resources to avoid holes for potential intruders to exploit. However, since the SSH protocol has been around for a while and has been well-tested on a large scale, it is less likely to have any unknown security vulnerability compared to writing your own proprietary agent or protocol. Customers who are very sensitive about security and don't want an application running in the cloud to manage their private cloud infrastructure can choose onsite deployment of Kaavo IMOD.
Greater Control and Flexibility: In an agent-based approach, the agent code that is executed on the servers or the server-side scripts can’t be changed on the fly in case there is any unexpected change in the environment. Whereas in our agentless approach, we generate the configuration scripts and files just-in-time and send them to the servers for execution. This on-demand just-in-time generation of scripts gives us greater flexibility and control in managing cloud resources.
To rollout a scalable agentless approach for cloud management we had to solve some interesting complex problems like managing firewall rules automatically for managed servers in a dynamic cloud environment, handling distributed event queues, and handling execution order dependencies for parallel processes. We solved these hard problems because we didn’t want to compromise and take the easy way out by using configuration agents. If you have any further questions about this or want to learn more about why we choose an agentless approach for cloud management, please contact us.