Agent vs Agentless Orchestration Tools - CCNP ENCOR Guide

Agent vs Agentless Orchestration Tools

Why This Topic Is Important

Understanding the differences between agent-based and agentless orchestration tools is critical for modern network automation and infrastructure management. This knowledge directly impacts:

• Scalability decisions - Choosing the right approach for your network size and complexity
• Security posture - Understanding attack surfaces and security implications
• Operational efficiency - Determining resource requirements and maintenance overhead
• Device compatibility - Ensuring tools work with your existing infrastructure
• Real-world implementations - Making informed decisions in professional environments

The CCNP ENCOR exam tests your ability to understand orchestration architecture and select appropriate tools for specific scenarios.

What Is Orchestration?

Orchestration is the automated coordination and management of multiple systems, services, and processes across an infrastructure. It involves:

• Automating complex, multi-step workflows
• Coordinating tasks across multiple devices and applications
• Managing state and dependencies between operations
• Ensuring consistency and compliance across the infrastructure

Agent-Based Orchestration

Definition

Agent-based orchestration requires installing software agents on managed devices. These agents communicate with a central controller or orchestration server to receive and execute commands.

How It Works

1. Agent Installation: Software agents are deployed on each managed device (routers, switches, servers)
2. Central Server: An orchestration server or controller maintains connections to all agents
3. Communication: The controller sends commands/playbooks to agents
4. Execution: Agents execute tasks locally on their respective devices
5. Reporting: Agents report results back to the central server
6. State Management: The controller tracks state and manages complex workflows

Characteristics

• Persistent connections: Agents maintain ongoing communication with the controller
• Agent overhead: Requires resources on each managed device
• Deployment complexity: Must install and configure agents on every device
• Better state management: Easier to track device state and manage complex workflows
• Lower latency: Local agents can respond quickly to commands
• License requirements: Often requires per-device licensing

Examples

• Puppet - Configuration management with agents on devices
• Chef - Infrastructure automation using agents
• Cisco DNA Center - Network management with agents on network devices
• SaltStack - Remote execution with minion agents

Agentless Orchestration

Definition

Agentless orchestration manages devices without requiring any software agents to be installed. Communication happens through standard protocols and APIs available on devices.

How It Works

1. No Installation: No agents required on managed devices
2. Standard Protocols: Uses SSH, REST APIs, SNMP, or other standard protocols
3. Central Control: Controller initiates connections to devices as needed
4. Temporary Connections: Connections are established when tasks need to run, then closed
5. Task Execution: Commands are executed directly on devices through these protocols
6. Result Collection: Output is collected and reported back to the controller

Characteristics

• No agent overhead: Minimal resource consumption on managed devices
• Simpler deployment: No installation required on target devices
• Ad-hoc connections: Connects when needed, disconnects after task completion
• Universal compatibility: Works with any device that supports SSH, REST, or other standard protocols
• Easier scaling: Add devices without installing anything new
• Less persistent state: May require more complex logic to track distributed state
• Higher latency: Must establish connections for each operation

Examples

• Ansible - Agentless automation over SSH
• Terraform - Infrastructure as code using APIs
• Napalm - Agentless network device management
• Python with Netmiko - SSH-based agentless automation

Key Differences Comparison Table

When to Use Agent-Based Orchestration

• Complex state management: When you need persistent tracking of device state
• High-frequency operations: When devices frequently need configuration updates
• Managed environments: When you control all aspects of device deployment
• Performance-critical operations: When low latency is essential
• Heterogeneous environments: When managing many different device types with special requirements

When to Use Agentless Orchestration

• Quick deployment: When you need to start automation immediately
• Mixed infrastructure: When managing devices from different vendors
• Minimal overhead: When device resources are constrained
• Third-party devices: When working with devices you don't fully control
• Simple tasks: When tasks are straightforward and don't require constant monitoring
• Cloud and hybrid: When managing cloud resources and on-premises devices together

Exam Tips: Answering Questions on Agent vs Agentless Orchestration Tools

Tip 1: Identify Key Indicators in Questions

Look for specific clues in exam questions:

• "Need to deploy immediately without installing anything" → Agentless
• "Need persistent connection to track state" → Agent-based
• "Managing mixed vendor devices" → Likely agentless
• "Devices have limited resources" → Agentless
• "Requires installation on every device" → Agent-based

Tip 2: Understand Protocol Requirements

When answering questions:

• Agent-based: Look for proprietary protocols or agent software names (Puppet, Chef, Salt)
• Agentless: Look for standard protocols (SSH, REST, SNMP, NETCONF, YANG)
• Ansible specifically uses SSH and is the classic agentless tool for the exam

Tip 3: Scalability Scenarios

Question pattern: "You need to manage 1000 network devices across 50 locations"

• Consider agentless for easier scaling without installation overhead
• Agent-based might work but requires significant deployment effort
• Think about operational complexity with thousands of agents

Tip 4: Resource Constraint Questions

Question pattern: "Your network has limited-resource devices like IoT sensors"

• Choose agentless to minimize resource usage
• Agent-based would consume precious device resources

Tip 5: State Management Questions

Question pattern: "You need to maintain configuration state and ensure devices don't drift from desired config"

• Agent-based is better for continuous compliance monitoring
• Agentless can do this but requires more complex orchestration logic

Tip 6: Mixed Environment Scenarios

Question pattern: "Managing Cisco, Juniper, Arista, and cloud VMs together"

• Lean toward agentless using standard protocols
• Agent-based would require different agents for each vendor

Tip 7: Deployment Speed Questions

Question pattern: "You have a tight deadline and need to start automation immediately"

• Agentless wins - start immediately with Ansible
• Agent-based requires planning and installation time

Tip 8: Hybrid Approach Recognition

Some questions present hybrid scenarios:

• You might use agentless for initial deployment and provisioning
• Then use agents for ongoing management and monitoring
• Example: Use Terraform (agentless) to provision, then Puppet agents for management

Tip 9: Tool-Specific Questions

Know which category each tool falls into:

• Agentless: Ansible, Terraform, Napalm, REST API calls
• Agent-based: Puppet, Chef, SaltStack, Cisco DNA Center
• This helps you quickly eliminate wrong answers

Tip 10: Cost Consideration Questions

Question pattern: "What approach minimizes operational costs?"

• Consider licensing costs (agent-based often per-device)
• Consider operational overhead (managing agents vs. managing endpoints)
• Agentless typically has lower total cost of ownership

Tip 11: Security Questions

Common question: "Which approach has smaller attack surface?"

• Agentless: No agent software to exploit on devices
• Agent-based: More potential attack vectors (agent vulnerabilities, agent-to-controller communication)
• However, agent-based can use encryption for persistent connections

Tip 12: Multiple Choice Strategy

When multiple answers seem correct:

1. Identify the primary constraint in the scenario
2. Match the constraint to the tool's strength
3. Eliminate tools that don't address the constraint
4. Choose the most efficient solution

Tip 13: Scenario-Based Questions

These are common on CCNP ENCOR:

• Read for deployment constraints
• Read for device compatibility requirements
• Read for performance requirements
• Match the tool/approach to all stated requirements

Tip 14: Watch for Red Herrings

• Don't assume "newer" tools are always better
• Don't choose based on popularity; choose based on requirements
• A question might mention cost-saving but require high-performance (conflicting hints)
• Read carefully for the actual constraint

Tip 15: Configuration Management Context

Question pattern: "Ensuring all devices have consistent configurations"

• Agent-based: Excellent for continuous configuration management
• Agentless: Works but requires periodic runs or workarounds
• Think about drift detection and remediation

Sample Exam Questions and Answers

Question 1: Quick Deployment

You need to deploy network automation across 200 Cisco and Juniper devices immediately without modifying any device configuration. What is the best approach?

A) Install Puppet agents on all devices
B) Use Ansible with SSH connectivity
C) Deploy Cisco DNA Center agents
D) Implement SaltStack minions

Answer: B
Explanation: Ansible is agentless and works immediately over SSH. No device modifications are needed. Options A, C, and D all require agent installation. Since you have mixed vendors (Cisco and Juniper), agentless is best.

Question 2: State Management

Your infrastructure requires continuous monitoring and immediate remediation of configuration drift across 50 servers. Which approach is most suitable?

A) Agentless orchestration with periodic checks
B) Agent-based orchestration with persistent connections
C) Manual configuration management
D) REST API calls

Answer: B
Explanation: Continuous monitoring and immediate remediation require persistent state awareness. Agent-based orchestration maintains ongoing connections and can detect and fix drift immediately.

Question 3: Mixed Environment

You manage a hybrid environment with AWS instances, on-premises Kubernetes clusters, and legacy network devices from multiple vendors. What orchestration approach minimizes complexity?

A) Agent-based with vendor-specific agents
B) Agentless using standard protocols and APIs
C) Hybrid with agents for servers only
D) Manual orchestration

Answer: B
Explanation: Different vendors and platforms each require their own agents in an agent-based approach. Agentless using standard APIs and SSH works across all platforms with minimal complexity.

Key Takeaways for the Exam

• Agent-based: Persistent, stateful, better for continuous management, requires installation, supports complex state tracking
• Agentless: On-demand, stateless connections, easier deployment, universal compatibility, uses standard protocols
• Choose based on specific scenario requirements, not general preferences
• Understand protocol requirements for each approach
• Know specific tool categories (Ansible = agentless, Puppet = agent-based, etc.)
• Scalability favors agentless for heterogeneous environments
• State management favors agent-based for continuous compliance
• Always consider deployment constraints in the question
• Don't overthink - match the primary constraint to the approach strength