The Controller never connects to the agent.
The agent being edge node, we can’t assume that they can be reliably reachable.
One SSH connection is required by iofogctl in order to install the ioFog components (Agent and Controller) on the remote hosts.
Afterwards, all communication is done using REST APIs. And it is the agent that polls the Controller looking for any change or update.
To connect an agent with a Controller, we generate a provisioning token using the REST API of Controller, and we give that token to the Agent software. Upon first communication from the agent to the Controller, this provisioning token is provided on a specific API route, and this register the Agent with Controller.
Controller do not communicate with each others, but to enable HA on Controller, you can share a Database between multiple instance of Controller.
I hope this answered your questions, please let us know if you need more details.