faqs/getting-started/why-do-we-recommend-using-the-edge-agent-instead-of-the-traditional-agent.md
We recommend using the Edge Agent for most modern deployments, especially remote or distributed environments, because it’s built for scalability, security, and edge-centric use cases in ways the traditional Agent cannot match.
The Edge Agent unlocks Portainer’s full Edge Compute feature set, including:
These capabilities don’t exist with the traditional Agent, which is focused on basic connectivity rather than edge orchestration.
The traditional Agent requires the Portainer Server to initiate connections to each agent, meaning each agent must expose a listening port reachable by the server. This often forces you to open additional network ports on remote nodes.
In contrast, the Edge Agent connects outbound to the Portainer Server, requiring only that the agents can reach the server, not the other way around. This greatly reduces the number of open ports needed across your environments.
The Edge Agent was designed for environments where networking may be unreliable or intermittent. It polls the Portainer Server on a regular interval for any pending work it needs to carry out, meaning it handles intermittent connectivity more gracefully than the traditional Agent, which assumes a constantly reachable network.
Because all edge connections originate from the agents to the server, you can focus hardening efforts on the server’s exposed endpoints instead of securing numerous agent endpoints. Many standard Agent setups require exposing ports on every host if they are remote, increasing the attack surface.
The Edge Agent architecture, with polling and TLS tunnels, has been load-tested at very large scale (thousands of connected environments) and can more efficiently manage network overhead and orchestration, making it a better choice for enterprise or IoT/edge fleet use cases.