Wrangling remote computers is no easy task. With a distributed workforce, deploying software and patching remote endpoints (those not connected to your LAN) become high priorities — and often major headaches. Depending on the situation, you may embrace an agent-based or agentless approach. But is a remote agent really necessary? The truth is that you don’t need an agent for remote deployment, but you’ll probably want one.
We’ll go over what an agent is, how it affects your computers, alternative remote deployment options, and how to decide what’s best for your environment.
What is an agent?
A remote agent is an application installed on a target computer that autonomously performs actions. Software deployment agents typically collect information on hardware and software configurations, distribute software packages created through a central management console, install the software on target devices, and verify successful installation.
Some sysadmins worry that installing remote agents could slow down their fleets. You’re right to worry. Heavy agents can definitely jeopardize performance. However, the best agent-based remote deployment solutions use a lightweight agent for unobtrusive cloud-based machine management in hybrid and remote environments.
Think of agent-based deployment as a team approach. The server console calls the plays, and the deploy agent runs them.
Remote deployment options
The software installation process for remote Windows machines varies depending on your chosen method. We’ll walk you through a few approaches.
Like to get your hands dirty and waste lots of time? Then manual updates are the route for you! Just kidding. Kind of. Manual updating may be just fine if you only manage a few remote machines. There are several ways to deploy manually:
Share files or scripts: Share download files on SharePoint, OneDrive, or via email; alternately, you can provide employees with a script. Then, have the users install the relevant software on their own. It’s low tech. It’s often ugly. And it puts an awful lot of faith in users. But it may be the best option for a small shop with limited resources.
Give local administrative privileges to everyone: If every user is an admin, they can download and update the software themselves. Again, this works best with a small fleet and trustworthy users. Even then, it’s extremely risky and drastically increases the likelihood of a malicious attack.
If you successfully convince users to connect to your VPN regularly, then we salute you. The award for your efforts is the option of deploying software via VPN using whatever methods you use on your LAN. That means you can use your favorite agentless solutions (*cough* PDQ Deploy and Inventory *cough*) to deploy software. Alternately, if you’re in the mood for a bit of a challenge (and battling Bowser just isn’t cutting it), you can use the following deployment methods while your users are connected to VPN:
Use Group Policy to distribute an MSI file to computers in a local or Microsoft Azure Active Directory domain.
Install an MSI package via Command Prompt.
Use PowerShell commands or an alternative deployment script.
With enough patience, you can use Intune or another Windows MDM solution to distribute apps. The main problem is that the process isn’t very user friendly. Expect deployments to take more time and effort than you’ve allotted. The good news is that you may already have Intune as part of a bundle, so it’s worth a try. Maybe.
A high-quality agent-based tool is the gold standard for remote deployments at scale. After agent installation, sysadmins can deploy whenever an endpoint is connected to the internet. Since there’s no need for the user to connect to the LAN or VPN, you don’t have to keep threatening to reveal your users’ search histories to get them to comply. Save that bargaining chip for another day.
How to decide what remote deployment approach is right for you
Choosing a remote deployment option isn’t an automatic slam dunk. You’ll need to consider your environment to choose the best approach for your business. We’ll break down the top factors to consider.
If you manage only a few remote machines, any method for remote deployment may fit the bill. But as your number of remote devices increases, you’ll probably need a more efficient solution. One of the main benefits of an agent-based approach is its scalability. It can handle many connections at the same time, allowing you to manage a large fleet simultaneously.
Standard operating system
The standard operating system makes a big difference. If you manage mostly Windows devices, you can use the methods discussed above. However, the larger your Apple fleet, the more likely you will also need an Apple MDM solution, like SimpleMDM. This MDM can be used in conjunction with your Windows deployment method of choice so that you never leave a device behind.
Location, location, location. The old real estate adage holds true here. If most of your devices are on-site and regularly connect to your LAN, then you have a plethora of options. We recommend a powerful software deployment solution to save time and make life easier. However, if you have a lot of remote machines, an agent-based solution has a clear edge.
Not gonna lie: Deploying software without stepping on toes is a lot easier if the company owns the devices. If you rely heavily on employee-owned endpoints, you’ll have to walk that fine line between keeping software current without taking too much control over personal devices. So basically, try not to upset your employees. There’s a strong chance some users will dislike any method you choose. Consider sending candy to sweeten the deal.
How much software do you deploy, and how often do you need to patch it? If your business doesn’t rely heavily on software, you might be able to make do with a less efficient deployment method, like a manual approach. Most businesses use quite a bit of software, though, so an agent-based solution with optional recurring automations is worth its weight in gold.
Unfortunately, budget is always a critical factor to consider. That said, don’t forget to also assess the overall value of a solution. For instance, if the tool saves your staff time and makes your environment more secure, spending that money upfront may ultimately be more affordable.
Available IT staff
It’s generally safe to assume that most businesses don’t have enough IT staff to bother with inefficient methods. However, if you somehow have a bunch of sysadmins whose primary function is spreading good vibes, you might be able to repurpose them for manual, Intune, or VPN-based remote deployments. But let’s be real; in most cases, your small but mITy IT team can do more with an agent-based solution. (We mean "mITY" like a punny version of strong. Not like you're covered in mites — unless you have a heck of an IT horror story.)
Long story short, you don’t need an agent for remote deployment, but it’s likely to make your job a lot easier. With our new tool, PDQ Connect, you can manage Microsoft Windows machines over the cloud as long as they have the lightweight agent installed and connect to the internet. Sign up for a trial now!
However, if you prefer to go with the VPN route for deploying to remote devices, sign up for a free 14-day trial of PDQ Deploy and Inventory to make the process that much easier.
Part writer, part sysadmin fangirl, Meredith gets her kicks diving into the depths of IT lore. When she's not spending quality time behind a computer screen, she's probably curled up under a blanket, silently contemplating the efficacy of napping.