In the early 90's, as client/server computing was readying for mainstream, the challenges of managing a distributed computing environment were initially answered through a structured management-framework approach. This involved deploying an agent-server infrastructure that mirrored the managed client/server environment. The need for a remote procedure call mechanism, secure connection management, a messaging infrastructures and a “run anywhere” user interface, led to heavy-weight solutions based on CORBA or “CORBA-like” architectures that had a dependence on local agent technology.
FIG. 1 illustrates one example of a prior art system 100 relying on local agent technology. In system 100, one or more resource servers 110 run resource programs 115, such as an email program 115, that contains multiple user accounts 118. Each resource program 115 provides an interface 120 so that user accounts 118 can be managed (e.g., created, deleted, etc.). In prior aft system 100, to remotely manage user accounts 118, a centralized management program 130, hosted on management server 135, can make a call to local agents 140 to initiate a management task. Each local agent 140 can then interface with the respective resource program 115 through interface 120, generate one or more management commands, and issue the management commands to resource program 115 in accordance with interface 120, thereby managing user accounts 118. Thus, the local agents are essentially a portion of centralized management program 130.
As products developed and functionality was added to the resources, the dependence, complexity and general “weight” of the agents (such as local agent 140) has continued to grow. Today's tool vendors have continued to build products with specific features and functionality built around the underlying assumption that the agent would be everywhere. This profoundly impacted the evolution of systems and security management software. Many prior art systems now have a total functional dependence on local agents, regardless of their benefit to the management task at hand.
Prior art systems, such as that of FIG. 1, suffer several deficiencies for managing resources, not the least of which is that agent architectures add a high degree of complexity to the overall deployment and ongoing maintenance of a management solution. The following outlines some of the more significant shortcomings of prior art management solutions, broken down into two categories: initial deployment, and ongoing management and maintenance.
The first problem encountered with an agent-dependent architecture is typically initial deployment. Often, simply getting the local agent deployed and running on the local hosts proves to be a significant challenge. The logistics of installing a software component on highly sensitive resources are substantial. Moreover, introduction of agents across departmental, divisional and organizational boundaries, can cause a company implementing an agent architecture considerable difficulties.
Consider the physical installation process. Can the agents be installed remotely? If so, does corporate security policy allow this to happen? Installation will likely require the use of a high-level systems user account an require an extensive amount of time on the part of systems administrators to implement. Moreover, if the agent installation process requires re-booting of the host, deploying agents to mission-critical, high-availability systems can be a significant challenge. Consider volume. If you have 1,000 systems under management, that means 1,000 separate agents—each one of which must be individually deployed. The introduction of 1,000 new remote software components often requires the re-testing of the systems and applications running on the machines on which the agents are installed. Software conflicts and general incompatibilities are commonplace and it is difficult to predict with any degree of certainty what effect a permanently running executable will have on the host system or applications running thereon.
Once the agents have been deployed, the next challenge with prior art systems arises from ongoing management and maintenance. How many agents do you then have running on any given system? How do you track agent status, version and availability across the environment? What happens when an upgrade to an agent or host platform occurs, will everything still work? In light of these issues, the management and maintenance of the management layer itself often becomes a greater challenge than the original problem it was put there to solve.