5 min read
Agent and agentless: An ongoing battle
By: Tyler Constable on May 11, 2023 5:00:24 PM
Observability of an SAP environment is critical. Whether you have a large complex and hybrid environment or a small set of simply architected systems, the importance of these systems is probably crucial to your business. Just thinking about system outages keeps us up at night, let alone the pressure of system performance, cross system communication and proper backend processing.
All of these challenges, as well as others I’ve not listed, require constant visibility into the environment; here’s where proper observability comes into play. While we can all agree that SAP systems need to have in depth observability and an automation plan, saying how this is achieved is a different story. This article delves into how you can implement an automation plan that covers in depth SAP systems observability, while considering the agent vs agentless debate.
For most organizations, keeping SAP systems secure is one of the most imperative activities of the support team. The need for observing these systems is also recognized, so we have to ensure secure communication between the SAP system and any monitoring solution.
This is paramount and where the agent, if developed properly, becomes key.
The agent, sitting on the operating systems of the SAP system, should have a secure method of connecting into the following:
- The primary application server
- Any secondary application servers
- The database
- Operating systems
Without the agent, this information is repeatedly passed over the network. It’s important to note, this is not just monitoring data, but system credentials that need to get passed openly.
This becomes a large security risk as passing open credentials over the network, repeatedly, can be an audit policy violation, or at least a system vulnerability that should be watched. So, what can we do instead? We can place an agent on the operating systems so additional security functionality, such as certificate driven communication, encryption and more, can be applied.
But it’s not always as cut and dry as that. Let’s consider third party software.
Third party software
Secure communication is important, but it may not be the only factor in play. Some organizations prefer to lock their environments down and do not allow any third party applications to run on operating systems hosting SAP.
This could stem from performance concerns, where the third party application would ‘run away’ with too many of the system resources and cause SAP performance issues. Alternatively, it could stem from a security concern around the development code of third party applications, which are not written in house.
These scenarios typically come down to the specifics of an organization's overarching IT policies. In these cases, it may be necessary to rely on an ‘agentless’ option where no third party software is on the SAP system’s operating systems. In this architecture, the data is being passed straight from the SAP system and database directly to the monitoring solution.
So, what about SAP solutions that you host externally? Let’s consider how agents are applied in this scenario…
SaaS, H.E.C. & Rise with SAP
Today, there’s a very good chance that an organization has some sort of SAP solution in its mix of environments that is hosted and managed externally. Here’s a couple of SaaS examples:
- Hana Enterprise Cloud
- The newer ‘RISE with SAP’
In these scenarios, SAP has full responsibility for the support of these environments and does not allow third party software to be located within their operating systems.
But these environments still need to be observed, as there’s a lot of data the organization needs to digest to in order to manage their business. And yet, the same collection of data may not be appropriate due to agentless connections being limited in what they can collect. However, the data it does collect is vital.
These scenarios will also require any third party monitoring solution to be ‘agentless’, so, when selecting a solution, it’s wise to choose one that SAP has certified to run in these environments.
Many organizations are now starting their innovation and automation journey within their SAP environments. The agent and agentless discussion does not just stop at observability, but amplifies when it comes to automation. Consider these two statements:
- An agent will allow for automation across the full technical stack (operating system, database and SAP).
- An ‘agentless’ solution may only be possible at the SAP layer.
Then, you add automation into the mix and things get interesting. Automation credentials may require more elevated permissions than observability credentials. Therefore, you have to be careful if you’re considering an agentless automation solution.
With that being said, you can choose to perform automations in a remote manner, but full stack abilities diminish without the agent in place for secure communication and automation initiation. This will eliminate the possibility of automation at the operating system level, but still give plenty of options to automate at the application layer. So there are always options.
It’s also important to note that the SaaS, HANA Enterprise Cloud and RISE with SAP environments may have prebuilt automations that can be run via API calls or SAP ABAP BAPIs. These scenarios may give you some strong automation options you can utilize without an agent. However, this is typically more ‘business data’ related than technical support related automations.
How Avantra AIOps platform helps
It’s easy to see how the agent and agentless discussion comes up fairly often. Just as every organization’s SAP environment is unique, everyone's view on this topic varies.
It could also be that an agent based observability and automation architecture is allowed for all managed environments, but a set of unmanaged systems could also be embedded (these being SaaS, HEC, Rise with SAP).
So, all considerations should be given when pondering which strategy to take. In the best case scenario, a platform like Avantra, which handles both agent and ‘agentless’ (remote agent) connections, is likely the best option.
Avantra is certified to run in RISE with SAP environments and therefore gives you a single pane of glass to monitor and initiate automation across on premise systems, public cloud environments, HEC or RISE with SAP landscapes, and even SaaS solutions.
Automate SAP for better performance
SAP system performance issues, if overlooked, can cause serious problems in the long run. Even if the problem isn't system-wide, it's worth looking into and resolving promptly.
Automating SAP performance monitoring and optimization is a step in the right direction as it can give you the opportunity to maximize your enterprise operations. Avantra is a leading AIOps solution that can help optimize the SAP system and other tools used within your enterprise.
If you want to prevent costly performance and security issues with the SAP system, talk with one of our SAP experts today.
5 Agent-Based vs. Agentless SAP Monitoring Myths Debunked
“Our IT uses agentless monitoring solution, why can’t we use it for SAP?” Do you hear that often?...
3 Unique Challenges in Determining SAP Root-Cause Analysis
Agentless SAP monitoring systems seem like the easy way to go, no installation and no deployment....
Log4j critical vulnerability advice for customers
At Avantra, our customers trust us to keep their business operations based on SAP running smoothly....