Pizza Pepperoni or Pineapple (in other words Agent Vs Agent-less)

In the wake of the recent CrowdStrike crisis, the age-old debate of agent vs. agent-less has resurfaced. It’s a bit like the debate over pineapple on pizza — everyone has a strong opinion, but the right answer depends on your taste (or in this case, your needs).

For those who know me, you already understand I don’t subscribe to the “all is good” or “all is bad” mentality. Life is full of trade-offs, and often it’s not just about WHAT you do, but HOW you do it.

This is particularly true for the agent vs. agentless debate. If you think you’re always better off going agent-less, you’re missing out on so many benefits, especially when it comes to monitoring, observability and FinOps. Let’s look at a few goodies you’d be giving up:

• Deep and Granular Usage Metrics: Agents can provide detailed insights into system performance, applications, and processes.
• Real-Time Capabilities: With agents, you get real-time monitoring and instant insights, which are crucial for timely issue detection and resolution.
• Enhanced Security: Agents can implement encryption at the source, ensuring secure data transmission.
• Efficiency: Agents can filter and process data locally, sending only relevant information to the backend.
• Reliability: By eliminating critical dependencies on network and remote connections, agents can continue to collect data even if the network goes down.

That’s the “WHAT”. Now, I’m not one to give up on these benefits easily. With that in mind, let’s focus on the “HOW”, and explore some best practices for working with agents to avoid the next CrowdStrike-like event.

Understand What the Agent is Doing and How it Works

Not all agents are created equal. Some are more intrusive, both in terms of resource consumption (which can impact overall capacity, performance, and cost) and the actions they take. Take a moment to understand the underlying technology and behavior of the agent.

For example eBPF based agents are considered to be safer, as among other guardrails they are running in a sandboxed environment within the kernel, going through verifier checks before loaded and has limited and well defined instruction set. This is on top of the fact that it has a strong and live community actively maintaining and auditing this technology.

Deployment Strategy

• Phased Approach: Deploy agents in phases, starting with non-critical systems and gradually working your way towards full coverage. This strategy applies to initial deployments and version updates.
• Timing: Control the deployment process rather than letting it control you. Avoid automatic updates, as unexpected issues often arise at the worst possible times (like during that crucial demo you’ve been preparing for weeks).

Keep Guardrails in Place

• Resource Limitation: Set limits on the amount of resources an agent can consume and prioritize its execution. This ensures prevention of resource hugging over your critical services.

In conclusion, while agent-less solutions have their place, they can’t provide the depth, real-time capabilities, security, efficiency, and reliability that agents offer. By understanding what agents do, deploying them strategically, and setting appropriate guardrails, you can harness their full potential without falling victim to unexpected issues.

Remember, it’s not just about choosing between agent and agent-less. It’s about how you implement your choice. And with the right approach, you can enjoy the best of both worlds without the drama. BTW — I love both Pepperoni and Pineapple Pizza!