The following is an excerpt from the Best Practice Install Guide from the Portainer Academy which outlines the differences between the Portainer Agent and the Portainer Edge Agent. You can read the full guide and more in the Portainer Academy.
Portainer supports a number of different connection methods for adding environments, but in a production setup we highly recommend the use of the Portainer Agent to connect. The Portainer Agent is a lightweight container that runs on your environment and facilitates the communication between the environment and the Portainer Server instance. The Portainer Agent can be deployed in two different configurations: Agent and Edge Agent, with the primary difference being how they communicate with the Portainer Server instance.
Agent
In Agent mode, the Portainer Server instance initiates communication from itself to the Portainer Agent container. With this method you are interacting with your environment in real time.
This requires that the Agent listen on a specific port for connections so that the Server can connect. As such, we generally recommend the use of Agent mode only in private networks where exposing a port on the Agent is acceptable within your organization's security posture.
Edge Agent
In Edge Agent mode, the opposite occurs. The Agent periodically connects back to the Portainer Server instance to check if there are pending tasks to perform. As a result, there is no need to expose any ports on the Agent end, making the Edge Agent mode ideal for remote environments outside of your network, and requiring only that your Portainer Server be accessible from the Agent.
Because the Agent initiates the communication in Edge Agent mode, you don't necessarily have instant access to your environment initially. You can however use a reverse tunnel initiated by the Agent to provide this access. When you select an Edge environment to manage through the Portainer UI, behind the scenes the Portainer Server logs a request for a tunnel to be opened. When the Edge Agent next connects to the Portainer Server to check for updates, it will see the pending tunnel request and initiate the tunnel, providing you access to the remote environment. Because of this check in process, you may need to wait for your tunnel to establish. The check-in interval for Edge Agents defaults to every 5 seconds, but this can be adjusted to suit your needs.
Edge Agent Async
The Edge Agent can also be configured to run in Async mode. For the most part this mode works the same as the standard Edge Agent configuration, with the notable exception that the reverse tunnel functionality is not available. Environment status is available through the use of "snapshots" sent periodically from the remote environment to the Portainer Server. This means that Async mode is best suited for IoT and IIoT devices where direct interaction with the environment is not required, and instead there is a desire for very small amounts of data to be transmitted, which is helpful when there may be limited or intermittent connectivity with the remote device, or when your remote devices are connected over unreliable network connections.
As we've covered above, there are pros and cons for each deployment option. To summarize, your Agent deployment options are as follows:
Agent Type | Comm. direction | Pros | Cons | Best for |
---|---|---|---|---|
Agent | Server -> Agent |
Instant access |
Requires exposing port at the Agent | Environments on local / private networks |
Edge Agent Standard | Agent -> Server | No exposed ports at the Agent Real-time management (on demand) |
Delayed real time access | Environments on remote networks |
Edge Agent Async | Agent -> Server | No exposed ports at the Agent Low data usage |
No real time access | Remote IoT / IIoT devices |
You can have a mix of agent types across your setup, but each environment should only be added once and with one agent type.
For more guides on how to set up and use Portainer, have a look at the Portainer Academy.
COMMENTS