Grand Release: Pro Mosquitto 2.5
Our team is happy to announce the release of the Pro Edition of Eclipse Mosquitto version 2.5.
It is a one-of-a-kind release, combining more than twelve new product features and improvements!
This release focuses on enhancing security, boosting monitoring and inspection functionality, performance, HA, testing, and other areas.
Let us dive deeper into the new features and functionality our team implemented as part of Pro Edition for Eclipse Mosquitto.
1. Security
1.1. Client certificates and custom CAs
Feature description: It is now possible for Mosquitto Management Center (MMC) to connect to your Pro Mosquitto instances using client certificates and custom CAs (certificate authorities). In the previous version, Mosquitto Management Center (MMC) could only authenticate and connect to Pro Edition for Eclipse Mosquitto instances using a username and password.
To test our Pro Mosquitto, sign up for a free 14-day trial here!
User benefit: Client certificates are more secure than a combination of a username and password since the former includes private and public keys. In this case, private keys cannot be leaked as they never leave the client’s side. Using custom CAs simultaneously improves your IoT project’s security since it verifies the trustworthiness and authenticity of the system you connect to.
1.2. User Groups
Feature description: From now on, you can arrange Mosquitto Management Center (MMC) users into different groups, assign roles and connections to them, and define their access rights.
User benefit: This feature simplifies user management and saves your admins a lot of time. Moreover, it reduces the risk of unauthorized access by limiting users to the MMC features and broker connections they are responsible for and optimizes user onboarding and offboarding processes.
Especially in organizations using larger MQTT broker fleets, it is required to have a granular Role-Based Access Control (RBAC) user management system to maintain system access integrity.
1.3. Application Tokens
Feature description: We introduce application tokens to enable Mosquitto Management Center (MMC) REST APIs usage from an external application. This feature allows you to issue requests to the MMC REST APIs by using application tokens with role-based access & expiration dates.
User benefit: Using application tokens makes it possible to provide access to MMC without the need to go through the usual authentication process. In other words, it is a straightforward and secure way for external applications to connect to MMC. In addition, application tokens provide more control over the agents using MMC: they contain an expiration date after which they cannot be used and can be revoked at any time.
Additionally, connecting your third-party apps and systems is usually more complex when Single Sign-On is enabled. So this is where application tokens can be used to fix the problem!
1.4. Single Sign-On Support
Feature description: Mosquitto Management Center now supports integration with your Single Sign-On (SSO) system (like Azure AD and others using Security Assertion Markup Language-based authentication flow). With Single Sign-On, an end user only has to log into one system (e.g., his Windows system). If the user subsequently requires access to other systems like the MMC, their identity and/or permissions are verified without further input.
User benefit: Enabling this feature simplifies the authentication process since an end user only has to log into a single system, and any further checks are executed automatically. Overall, system integrity and traceability are increased, especially in enterprise contexts.
1.5. SSL/TLS termination on the side of MMC
Feature description: Mosquitto Management Center now supports SSL termination. Normally, we recommend putting a reverse proxy in front of the MMC that handles encryption. However, now the Management Center is capable of this as well.
User benefit: You can now securely handle all your communications using HTTPS without installing additional software. This is very convenient in case your company has particular policies regarding proxy software, or such software is unavailable.
To test our Pro Mosquitto, sign up for a free 14-day trial here!
2. Monitoring & Inspection
2.1. Client Inspection
Feature description: Client Inspection lets you get details about all connected MQTT clients, e.g., connection status, protocol information, TLS encryption, last will message information, message queue usage, subscribed topics, and many more.
User benefit: This feature provides comprehensive visibility into the clients currently connected to your broker so that all information you require about a given client is available in one place. This allows users to find clients that are misbehaving easily. For instance, you can see which clients’ queues are clogged and, as a result, cause an increased memory usage of the broker. As a result, you can identify the problem locally (spot the clients that have it) and fix it without restarting the broker and interrupting your broker processes.
2.2. Monitoring API
Feature description: Mosquitto Management Center (MMC) supports a rich set of REST APIs, which makes it easy to integrate MMC and Pro Edition for Eclipse Mosquitto functionality into your application. Via the new Monitoring REST API, you can get insights and metrics about your Mosquitto HA clusters, for example, the health of a Pro Mosquitto HA cluster.
To test our Pro Mosquitto, sign up for a free 14-day trial here!
User benefit: Enjoy increased control over the status and performance of Pro Edition for Eclipse Mosquitto. In addition, get easy access to this information via REST API.
2.3. Client Control
Feature description: Client Control allows managing connected clients via a central MQTT API, e.g., subscribe to and unsubscribe MQTT clients from topics, disconnect them, etc.
User benefit: You can easily disconnect a client via MQTT using the Client Control MQTT API.
3. Performance
3.1. LMDB (Lightning Memory Mapped Database) persistence
Feature description: It is a high-performance local persistence database for Pro Mosquitto to store client sessions and retain message information over restarts.
User benefit: Suppose a client session should exist after the client disconnects. In that case, the broker should store information for this client, like subscriptions and queued messages, to disk, not to memory only (to have this information available after reconnecting). The previous Pro Mosquitto version would write data to disk periodically. It meant there was a risk of stopping the broker before it could write fresh data. The new feature added a plugin interface that allows users to build plugins to deal with persistent sessions more correctly. Compared to existing LMDB plugins for the Mosquitto OS version, the new Pro Mosquitto LMDB persistence can cope with a higher rate of change (more messages per second, more client sessions changing, etc.)
4. High Availability
4.1. High Availability improvements
Feature description: From now on, cluster nodes can be defined by hostname, plus bug fixes and other improvements.
User benefit: Made improvements to HA that add flexibility and allow it to be deployed in varied environments.
5. Miscellaneous & Minor
5.1. CentOS Build
Feature description: Up to now, the complete function set of Pro Edition for Eclipse Mosquitto was only available based on Docker. This version is now also available as Red Hat Linux packages (RPM files).
User benefit: Docker is not always allowed as an additional platform on corporate servers in larger organizations. Most IT departments, however, enable distributions that only require Red Hat Linux. With the new version, those companies can also benefit from Pro Edition for Eclipse Mosquitto. Secondly, on Red Hat Linux systems, an additional Docker layer (emulating a Linux environment again) causes a loss of system resources and an unnecessary layer to maintain for IT.
5.2. Broker Restart
Feature description: The Pro Mosquitto instances can now be restarted directly via the MMC GUI. This feature is available for both on-prem systems and our Cedalo-hosted (cloud) offering.
User benefit: Up to now, admins have had to log into their servers by SSH to be able to restart a stalled broker node. Now, they can accomplish this by pressing a button in the MMC GUI. This feature saves system admins valuable time. Cloud customers can now immediately react without the interference of Cedalo support in case of a stranded node.
5.3. Extended Connections REST API
Feature description: Now, viewing all currently present connections and creating and deleting them through the REST API is possible.
User benefit: Users get improved control over MMC connections and see which brokers are connected to a specific MMC instance. Your external applications or services can now manage this through the REST API.
5.4. Testing
Feature description: Improved coverage and scope of the test suite, giving the most stable release yet.
User benefit: Providing our customers with greater confidence in our environment stability.
5.5. New roles
Feature description: Management Center now features two new roles for finer control over users’ permissions: Connection Manager and Monitoring Viewer. The connection Manager role only has access to the Connections REST API, and Monitoring Viewer is a read-only role with only access to the Monitoring REST API.
User benefit: Get even more control and security for managing and monitoring broker connections. Restrict access and be sure that the user or external applications that use new roles will never be able to change anything else in your system that they are not supposed to.
Contact us!
For any questions regarding this release and new features, please do not hesitate to contact us at [email protected]!
To test our Pro Mosquitto, sign up for a free 14-day trial here!
About the author
Philip Ackermann is the Chief Technology Officer (CTO) at Cedalo, bringing over 20 years of software development experience to the team. During his 11 years at the Fraunhofer Institute, specializing in Web Compliance and IoT technologies, he focused on software engineering, software architecture, and product development.
In addition to that, Philip is a published author, having written five books on software development, covering topics such as Java, JavaScript, Node.js, and Fullstack web development. Two of these books have been translated into English, broadening their global impact and enriching the international software development community.