Skip to content
Industrial IoT and Edge

Portainer is your solution to securely deploy software containers across your fleet of Edge devices.

Portainer

Portainer is packed with features

We often hear from our users, “Wow, I didn’t know Portainer could do that!” So here’s a list of all the key features in Portainer Business Edition.

Common features

  • Audit logging
  • Automatic stack updates
  • Change window
  • ChatGPT integration
  • Container status indicator
  • External authentication
  • Force redeployment
  • Hide anonymous Docker Hub
  • Hide internal authentication prompt
  • In-app update
  • LDAP
  • New image availability
  • Notification log
  • OAuth
  • RBAC
  • Registry management
  • Relative path support
  • S3 backup
  • Stack versioning
  • Store git credentials
  • Stream logs to SIEM
  • User auto sync
  • Webhooks for Docker

Audit logging

Portainer provides a log of all user authentication requests, and journals the success or failure of each login as a record of when users engaged with Portainer. This log is retained for one week before being purged.

Authentication Snippet v2

 

Automatic stack updates

Take advantage of your existing automation and CI systems and trigger a redeploy of your container, stack or service through a webhook.

Automatic Stack updates

 

Change window configuration

Don’t want your automatic updates to take place during work hours? With the change window feature you can set up a timeframe in which application updates are allowed to happen, and outside of this time frame automatic updates will not occur.

Change window

 

ChatGPT integration

In Portainer Business Edition we've added the ability to ask ChatGPT's LLM bot for help with your containerization journey. We pre-inform ChatGPT that you're using Portainer and the type of environment you use, but provide no personal data. You can then ask questions and the bot will provide answers.

Container status indicator

Easily see which containers and services are running or stopped, healthy or unhealthy, from the list view and within the container or service details.

Image status

 

Easily configure your external authentication provider

If you’re using an external authentication provider such as Azure Active Directory, Google or Github, Portainer comes with preconfigured defaults to help you set this up quickly and without fuss. If you find you need to adjust these defaults for your particular needs, you can do that too.

features-externalauth

 

Forced redeployment

When your application is deployed from a Git repository, you can enable this feature to automatically keep it in sync with whatever is in the repo. This way, Git becomes your “source of truth”, so you can ensure you’re running the correct version of your application on your environments.

Force redeploy

 

Hide anonymous Docker Hub

By default the Docker Hub (anonymous) registry is available to all users. If you would prefer to hide this from the registry selection, you can do so with Portainer.

2.16-hide-anonymous-dockerhub

 

Hide internal authentication prompt

With external authentication configured, you can opt to hide the option to log in with Portainer’s internal authentication, enforcing that logins can only be processed by your authentication provider.

Hide internal authentication

 

Update Portainer from within Portainer

With Portainer Business Edition you no longer need to drop back out to the command line to update Portainer itself. When a new version is available, an admin can simply click the link in the notification to automatically update Portainer Server to the latest version.

LDAP authentication

Portainer can be configured to accept Lightweight Directory Access Protocol (LDAP) authentication if your organization has implemented LDAP or Active Directory authentication. When users attempt to log into Portainer, the application will authenticate them against your LDAP directory or Active Directory. If authentication is successful, the user is allowed to log into Portainer.

In Portainer Business Edition, we provide a pre-configured template for use with OpenLDAP, as well as the option to configure a custom LDAP setup.

features-ldap

 

New image availability

See at a glance whether your container images are up to date with what’s in the remote repository. Green means up to date, and red means there’s a newer version of the image available in the upstream repository.

New image availability

 

Notification log

Missed one of the pop up notifications, or need to look back on the history? In Portainer Business Edition we have a log of all the notifications your user has received, so you can easily check what you might have missed.

features-notifications

 

OAuth authentication

If you’re using Portainer inside an organization with established authentication systems in place you will likely want to exploit them rather than create something new. Portainer allows you to easily integrate Microsoft, Google and Github based OAuth systems, letting you onboard and manage team members without needing a separate access control system.

In Portainer Business Edition, we provide pre-configured templates for Microsoft, Google and Github's OAuth systems, as well as the option to configure a custom OAuth setup.

features-oauth

 

Role-based access control (RBAC)

With Portainer’s role-based access control (RBAC), you can configure fine-grained access controls for your environments, whether they’re Docker, Swarm or Kubernetes. There are multiple roles available to choose from, each with their own pre-defined set of privileges, targeted at a range of different user types. Users can be directly (or as part of teams) assigned roles and can be given levels of access on a per-environment basis.

features-rbac

 

Registry browser / management

Using Portainer you can easily manage your image registries from one interface. With compatible registry types you can not only browse registries and their associated image repositories, but you can also manage and manipulate associated tags. With registry support for private Docker Hub accounts, AWS ECR, Quay,io, ProGet, Azure, Gitlab, and GitHub as well as custom Docker registries, all your images are available right in Portainer.

features-registry

 

Relative path support for Git stacks

Often when deploying a stack you'll want to pre-populate your container's file system from your Git repository into pre-defined relative paths. In Portainer Business Edition, you can do this by enabling the relative path volume option on stack deployment and defining a local filesystem path for where to store the files.

Back up Portainer to S3

Ensuring your Portainer installation is backed up is crucially important in a production environment, and Portainer provide the ability to back up and restore your instance both as a local file and via S3 to AWS or S3-compatible providers such as MinIO. You can schedule automated backups to your S3 bucket directly within Portainer.

S3 Backup

 

Stack versioning

In Portainer Business Edition we include stack versioning functionality, in which Portainer retains a copy of your stack's previous configuration when you deploy an update. You can roll back to this configuration on demand if you run into issues with your deployment.

Store git credentials

When you're using git repositories to deploy your applications, you might find you're needing to reuse the same credentials for multiple deployments. In Portainer Business Edition, you can save your credentials for use in your deployments. Credentials are saved to your user account in Portainer, and are only usable by you.

2.16-whatsnew-gitcreds

 

Stream logs to SIEM

Portainer can be configured to stream it's activity and authentication logs to an external Security Information and Event (SIEM) system using the Syslog format. This lets you centrally manage your logs and aids in compliancy.

Automatically sync users from your external auth provider

When using a Microsoft Active Directory authentication provider, Portainer supports the auto-population of users within Portainer from Active Directory, based on the configuration you set.

User auto sync

 

Webhooks for Docker

Portainer provides the ability for you to trigger an action on your container, service or stack in response to an event, for example a push to your upstream repository. With webhooks you can redeploy your application automatically as part of your CI/CD flow, ensuring you're always up to date. You can even pass through environment variables to your deployment via the webhook which can be used as part of the deploy configuration.

Kubernetes features

  • Auto manifest deployment
  • Create KaaS clusters
  • Create MicroK8s clusters
  • Direct YAML editing
  • Enforce admin-only ingress creation
  • Enforce admin-only secret viewing
  • Enforce application notes
  • Enforce code-based deployment
  • Import via kubeconfig
  • Load balancer quotas
  • Manage Kubernetes objects
  • Namespace access
  • Pod security constraints
  • Resource overcommitment
  • Resource quota
  • Rolling restart
  • Storage quotas

Deploy a manifest to your new environments

When setting up a new environment in Portainer you may want to pre-provision services on that environment to get you up and running faster. With Portainer Business Edition you can specify a manifest to deploy to your environment when it is first joined to Portainer.

Create Kubernetes-as-a-Service clusters with cloud providers

If you need to spin up a new Kubernetes cluster at a cloud provider, you can do so on-demand and to your specifications directly within Portainer. With support for cloud providers such as Civo, Linode, Digital Ocean, Google Cloud, AWS and Azure, a new Kubernetes cluster with the Portainer Agent automatically deployed is a few clicks away.

features-kaas

 

Create MicroK8s clusters on new servers

With Portainer Business Edition, you can install and configure a MicroK8s Kubernetes cluster directly onto fresh servers - VMs or baremetal - from within the Portainer UI. All you need is SSH access to the servers and you're good to go.

Direct YAML editing

With Portainer Business Edition you can view and edit the YAML used for your Kubernetes deployment directly in the Portainer UI. If you need to make a quick change to your deployment code, this feature can be very useful.

Enforce admin-only ingress creation

In Portainer Business Edition, administrators can restrict ingress creation to admins only. With this option enabled, non-admin users will not be able to create new ingresses but will still be able to use existing ingresses. This option allows admins more power in controlling deployments and resource usage in their clusters.

Enforce admin-only secret viewing

With Portainer Business Edition you can restrict the viewing and editing of secrets within a cluster to administrators only. Non-admins will still be able to reference the secrets, but not view their contents or change them through the Portainer UI.

2.20-whatsnew-adminsecrets

 

Enforce application notes

With Portainer Business Edition you can require that any applications deployed from Portainer have the Notes field filled in, ensuring that you can easily tell what a deployment was for at a glance. You can even set the minimum number of characters required so that your descriptions are comprehensive and fit your needs.

Enforce code-based deployment

In Portainer Business Edition an administrator can specify that only code-based deployment is is available on a cluster, ensuring that all deployments made there are done via pre-defined YAML manifests instead of using the form-based approach. This lets admins have greater control over how apps are deployed on their clusters.

Import your existing cluster with kubeconfig

If you have an existing Kubernetes cluster you’d like to manage with Portainer, a kubeconfig file may be all you need. You can import the kubeconfig file and Portainer will then connect and deploy the Portainer Agent into your cluster, allowing you to connect and administer the cluster straight away.

Import via kubeconfig

 

Load balancer quota management

Portainer lets an administrator set per-namespace limits on load balancer quotas. This way, you can better manage the costs associated with your load balancer resources in your Kubernetes clusters.

Load balancer quotas

 

Manage Kubernetes objects

Portainer Business Edition lets you manage more than just applications. Through the More Resources menu we let you manage your cluster's Service Accounts, Roles and Role Bindings, as well as Cluster Roles and Cluster Role Bindings, without needing to drop out to the command line.

2.20-whatsnew-moreresources

 

Namespace access restrictions

With Portainer, you can restrict access to the default namespace, forcing users to deploy applications on a separate namespace. This ensures that applications are allocated the resources they need without conflicting demands, as well as providing the security of separate namespaces.

Namespace access

 

Pod security constraints

When you're sharing an environment between teams, you might want to restrict the access each pod has to limit risks. Portainer Business Edition lets you manage and apply pod security policies directly, on a per-environment basis.

2.15-whatsnew-podsec-1

 

Resource overcommitment

Portainer allows an administrator to disable resource overcommitment on the Kubernetes cluster, as well as determine the percentage of resources to allocate to running Kubernetes within the cluster. This helps you maintain the health of your cluster, and ensure the system won’t be compromised by resource-hungry applications or misconfigurations.

Resource overcommitment

 

Resource quota

Set a quota assignment per namespace to enforce resource limits. 

 

Rolling restart

Sometimes you may need to redeploy your application without taking it offline to cause minimal disruption to your users. With Portainer Business Edition you can choose to perform a rolling restart rather than a redeploy to help in this regard. This can be done both via the UI and through application webhooks.

Storage quota management

Need to limit the amount of storage a specific  namespace can use? With Portainer, you can set quotas at the namespace level, determining the amount of storage an application is allowed to consume within a given cluster.

Storage quotas

 

Edge features

  • Async mode
  • Bulk device onboarding
  • Edge Administrator role
  • Edge configurations
  • Edge Stack retry policy
  • Edge Stack versioning
  • Edge Templates
  • Manage async Edge devices
  • mTLS
  • Pass-through host env variables
  • Pre-pull images on Edge devices
  • Private registries at the edge
  • Relative path support
  • Remote update of Edge Agents
  • Staggered deployment
  • Waiting room for Edge devices

Edge Agent async mode

Portainer Edge Agents can be configured to function in async mode, disabling the tunnel between the agent and the Portainer Server and letting you define the communication intervals between the Edge Agents and the Portainer server. This lets you customize your communications to suit your requirements and restrictions.

Async mode

 

Bulk device onboarding

When you have a large number of Edge Devices to provision, setting up each device individually isn’t feasible. With Portainer, a deployment script can be pre-generated ready for connection to Portainer on deployment. And with support for FDO and OpenAMT, your devices can even boot from scratch and be automatically provisioned and added to your Portainer instance.

Bulk Device onboarding

 

Edge Administrator role

In Portainer Business Edition you can specify your users as Edge Administrators, giving them full access to your Edge Compute environments but without giving them access to the wider Portainer configuration settings. This lets you give your Edge admins the power they need while still keeping access secure.

2.20-whatsnew-edgeadmin

 

Edge configurations

The Edge Configurations feature in Portainer Business Edition lets you deploy a file or set of files to your Edge Devices, to all devices or to specific groups or individual devices, that you can then reference from your Edge Stacks. This is useful when you want to include configuration files or other similar references in your stacks but independent from the stack configuration itself.

Edge Stack retry policy

In Portainer Business Edition, you can enable a retry policy on your Edge stacks. With retry deployment enabled, Portainer will keep trying to redeploy your stack if it runs into deployment errors. This helps to avoid failed deployments when a connection to the edge device may be unstable or unreliable.

Edge Stack versioning

In Portainer Business Edition we include Edge Stack versioning functionality, in which Portainer retains a copy of your Edge Stack's previous configuration when you deploy an update. You can roll back to this configuration on demand if you run into issues with your deployment.

Edge Templates

Portainer Business Edition now includes Edge Template functionality, bringing our popular templating systems to Edge Stacks. With Edge Templates you can deploy stacks with just a few clicks from our pre-provided templates, or even create your own custom templates for your users to deploy from.

2.20-whatsnew-edgetemplates

 

Manage async Edge devices

Async mode means that you're not directly interfacing with your devices, so how do you manage them? With Portainer, you can browse snapshots of your individual Edge devices to ensure they're working as expected, as well as run commands like start, stop, restart and delete on your deployments directly.

2.16-whatsnew-asyncremote

 

mTLS for Edge Agent communications

With mutual TLS (mTLS), you can add an additional layer of security to the Edge Agent communications by encrypting the traffic with certificates from your own certification authority (CA). Under this setup, if a third-party system attempts to communicate with the Portainer Server and is not using a certificate signed by the certificate authority it will be rejected.

Pass through host environment variables

Often across a fleet of Edge devices you may need to customize the configuration based on the specific device (for example, a physical location tag). The Portainer Edge Agent allows you to pass environment variables from the host through to the Edge Agent’s container environment, letting you take advantage of host options within your stacks.

Pre-pull images on Edge devices

When deploying an Edge stack across a number of devices, you want to ensure the needed images make it there successfully. With Portainer Business Edition, you can specify in your Edge stack to pre-pull needed images on deployments, which tells each device that it needs to successfully pull the images before proceeding with the deploy, reducing the amount of deployment issues you might run into.

Private registries at the edge

You’re not just restricted to public container images on your Edge Agents. Using Portainer you can deploy your workloads to your Edge devices from private registries in the same way you would any public image.

Relative path support for Edge Stacks

Often when deploying an Edge Stack you'll want to pre-populate your container's file system from your Git repository into pre-defined relative paths. In Portainer Business Edition, you can do this by enabling the relative path volume option on Edge Stack deployment and defining a local filesystem path for where to store the files.

Remote update of Edge Agents

With Portainer Business Edition you can remotely update your Edge Agent deployments directly within the Portainer interface, making sure you have the latest Portainer features and fixes on your environments no matter where they are in the world. Updates can be scheduled to run at a time that suits you best.

Staggered deployment and rollback for Edge Stacks

When deploying your Edge Stack across your devices, with Portainer Business Edition you can choose to roll the updates out in a staggered manner, either in predefined group sizes or exponentially larger groups. You can specify how long to wait in between groups, and how to act if a deployment to a group fails - continue with the deployment, pause, or in combination with our Edge Stack versioning functionality roll back to the previous version of the deployment.

Waiting room for Edge devices

The Edge Devices Waiting Room functionality lets you pre-load Edge devices with a script to deploy the Edge Agent and connect back to the Portainer Server without having to pre-configure the environments. Newly connecting devices go into a "waiting room", where an admin user would approve or deny those devices connecting to the environment. This is extremely powerful if you're deploying a large number of devices and aren't able to manually configure each one when they're connected for the first time.

2.16-edge-devices-waiting-room

 

Get Started Today With Portainer

Portainer provides centralized configuration, management and security of container environments.