This section describes the differences between the Atmos Agent and Atmos Air (Agentless) deployments in the Atmos. It also provides guidelines for selecting the appropriate deployment for your environment.
This section includes the following topics:
- Key Considerations
- Atmos Agent
- Atmos Air (Agentless)
- Atmos Agent and Atmos Air (Agentless) Feature Comparison Matrix
The key considerations for using an Atmos Agent and Atmos Air (Agentless) deployment are as follows:
- Type of applications such as Web, RDP, SSH, Git, SQL, VoIP, SMB file shares, SaaS, and network range.
- Protocol requirements: TCP or UDP/TCP
- Level of trust required for a device (device trust)
- Amount of visibility in how users access applications, such as the number of applications accessed, which applications were accessed, failed attempts, and errors.
- Type of users accessing your applications: full-time employees, temporary employees, and contractors.
- Whether the devices are managed or unmanaged (BYOD).
Use the Atmos Agent to support applications that require thick client access, such as legacy applications or any ports and protocols, including managed devices that require comprehensive posture checks for a more restrictive security policy.
The Atmos Agent allows you to query and collect more information about the client devices; for example, the specific OS version for Mac or Windows conditions (CrowdStrike, Disk Encryption, Domain Join, Registry, Windows Patches) that are required to meet your policy. The AAtmos Agent provides greater visibility into devices than the Clientless approach because it is installed on the client’s OS.
The Atmos Agent deployment is useful for:
- Supporting any ports and protocols (UDP/TCP).
- Generally, applications for any ports and protocols, including legacy applications such as homegrown applications and network ranges.
- Managed devices that require comprehensive device posture checks.
- Full-time employees and power users.
- Applications that require the specific IP address of the devices, such as server-initiated or peer-to-peer such as VOIP.
- In-application support such as debugging, logs recording, diagnostics, packet capture, development tools, and opening support tickets.
Use the Atmos Air (Agentless) deployment to provide access to Web, RDP, SSH, Git, and DB (MSSQL database) applications with a seamless user experience and granular visibility and control without the need to install any software on to the client. The Clientless deployment supports popular browsers.
The device posture checks if a SSL client certificate is installed on the client’s browser. A device trust check can be achieved by querying SSL certificates. With a Clientless approach, you typically provide less access to your resources because you have less visibility and control over the device than using the Axis Client.
The Atmos Air (Agentless) deployment is useful for:
- Supporting TCP applications.
- Unmanaged devices: Optimized for 3rd party users, BYOD.
- Temporary access; for example, contractors.
- Leveraging the Axis Application Access Cloud portal for ease of access.
The following table summarizes when to use an Atmos Agent and Atmos Air (Agentless) deployment.
|Atmos Air (Agentless)
|Any ports and protocols (UDP/TCP).
|Certificate-based device posture checking.
|Destination Network Ranges.
|Host-based client applications.
|Applications that require the specific IP address of the devices, such as
server-initiated or peer-to-peer such as VOIP.
|SMB file sharing
|Requires comprehensive device posture checks and more restrictive
|Web, RDP, SSH, Git, and MS SQL database with seamless user experience
and granular visibility/control without installing anything in the device.
A common approach is to deploy both Atmos Agent and Atmos Air
Updated 5 months ago