📘CCNP Encore (350-401-ENCORE-v1.1)
Orchestration Tools Overview
Orchestration tools are software systems that help IT teams automate configuration, deployment, and management of network devices, servers, and applications. Instead of doing tasks manually (like updating a server or pushing a configuration), these tools allow you to write instructions once and then apply them automatically across many devices.
Some popular orchestration tools include:
- Chef
- Puppet
- Ansible
- SaltStack
A key concept in these tools is how they communicate with devices:
- Agent-based: Each device runs a small software called an agent, which receives instructions from a central server.
- Agentless: Devices do not run any agent. The orchestration tool connects directly to devices over protocols like SSH or API.
Agent-based Orchestration Tools
How they work
- You install a small program (agent) on every server or network device.
- A central server (called “master” or “controller”) sends instructions to these agents.
- Agents perform the tasks on their device and report back the results to the central server.
Examples
- Chef
- Uses Ruby-based recipes to define configuration.
- Agent on each node checks the central Chef server and applies changes.
- Good for complex server setups, like installing multiple packages and services.
- Puppet
- Uses manifests (written in Puppet’s language) to define desired state.
- Agent contacts the Puppet master periodically to check for updates.
- Good for large-scale infrastructures with many servers.
Advantages
- Reliable: The agent ensures the task is applied correctly.
- Continuous enforcement: Agent can periodically check and fix configurations.
- Good for complex and long-term management.
Disadvantages
- You must install and manage the agent on every device.
- More resource-intensive on devices.
- Can be harder to quickly deploy on temporary or cloud devices.
Agentless Orchestration Tools
How they work
- No agent is installed on devices.
- The orchestration tool connects directly using SSH, API calls, or WinRM.
- Executes instructions immediately on target devices.
Examples
- Ansible
- Uses playbooks (YAML files) to define tasks.
- Connects via SSH to Linux servers or via WinRM to Windows servers.
- Commonly used for network device automation and cloud deployments.
- SaltStack
- Can work in agent or agentless mode.
- Agentless mode uses SSH for Linux and WinRM for Windows.
- Agent mode uses Salt Minion installed on devices for faster and large-scale automation.
Advantages
- No need to install software on devices.
- Easier to start automation quickly, especially in cloud or temporary environments.
- Lightweight and simple for small-to-medium networks.
Disadvantages
- Less control for continuous monitoring (unless you run it frequently).
- May be slower for very large infrastructures compared to agent-based.
Agent vs Agentless – Quick Comparison Table
| Feature | Agent-based (Chef, Puppet) | Agentless (Ansible, SaltStack) |
|---|---|---|
| Software on devices | Requires agent | No agent needed |
| Communication | Agent contacts server | Server connects directly (SSH/API) |
| Configuration enforcement | Continuous, periodic checks | Runs on demand |
| Complexity | More setup initially | Easy to start |
| Performance | Good for large, complex infra | Lightweight, fast for small-to-medium infra |
| Use case | Large data centers, persistent servers | Network devices, cloud servers, temporary environments |
Key Exam Notes
- Know which tools are agent-based and which are agentless:
- Agent-based: Chef, Puppet
- Agentless: Ansible (primarily), SaltStack (can be both)
- Understand communication methods:
- Agent-based: agents pull configurations from server.
- Agentless: server pushes configurations via SSH/API.
- Be able to compare advantages/disadvantages for different IT environments:
- Large, persistent servers → agent-based may be better.
- Rapid, temporary deployments → agentless is faster and simpler.
- Real IT examples:
- Chef: Automatically install software, configure multiple web servers consistently.
- Puppet: Ensure all servers in a data center always have correct firewall and security settings.
- Ansible: Update network switch configurations or push software updates to cloud servers without installing anything.
- SaltStack: Monitor servers for changes or apply quick fixes without installing agents (agentless mode).
✅ Summary for Exam
- Agent-based tools require software on devices; agentless tools do not.
- Chef and Puppet = agent-based; Ansible = agentless; SaltStack = flexible.
- Agent-based is strong for continuous management, agentless is strong for quick, lightweight automation.
- Know how they connect (agent pull vs server push) and when each is preferred.
