The MQTT broker your engineers already know. Now built for production at enterprise scale.
Pro Mosquitto extends Eclipse Mosquitto™ into a full production platform, with clustering, fine-grained access control, audit trails, and engineering support from the Eclipse Mosquitto maintainers.
14-day free trial · No credit card required · Full feature access
Powering MQTT infrastructure for 200+ enterprise customers worldwide
Roger Light created Eclipse Mosquitto in 2009 and leads Pro Mosquitto development at Cedalo. When you run Pro Mosquitto, you run infrastructure built by the person who wrote the original broker.
What MQTT in production requires
Six realities every production MQTT deployment has to address.
Identity, access, and credential lifecycle
Per-topic ACLs and dynamic security are solved problems. OSS Mosquitto's dynamic security plugin handles both. What it doesn't handle: integrating with corporate Active Directory or OIDC without writing a custom auth plugin, rotating client certificates without downtime, and proving to an auditor who changed which ACL when. Production identity isn't an authentication problem. It's a lifecycle problem.
Visibility and operations at scale
Production MQTT means knowing in real time what's connected, what's publishing, and what's failing. And reconstructing, weeks later, exactly what was happening during a past incident. OSS Mosquitto exposes logs and $SYS-topic counters per broker. What production actually demands: actionable diagnostics across federated brokers, retained for audit windows, with one place to look.
The broker as the data backbone
In production, the broker is the data backbone. Every device, edge gateway, and SCADA system publishes against it. Every database, cloud, and analytics consumer subscribes to it. Kafka Connect, Flink, and NiFi sit downstream, not parallel. The integrations that matter ship as part of the platform, sharing the broker's identity, audit, and management layer. Not assembled from third-party plugins.
High availability and scale
Production resilience means more than a redundant broker. It means load balancers, shared session state, failover orchestration, split-brain detection. Add scale and the operational complexity multiplies: capacity headroom for traffic spikes, predictable failover under load, sessions surviving rolling upgrades. All of it has to hold under realistic conditions like partition, packet loss, slow disks. Not just on paper.
Lifecycle and ongoing maintenance
Production brokers don't fail because of bad code. They fail months later, when a dependency CVE drops on a holiday weekend, or a config change ripples through bridges nobody documented, or a node restart loses sessions because a plugin silently broke in a patch. Patch testing, rollback procedures, capacity planning. The engineering work doesn't stop at deployment. It continues for as long as you run the broker.
Namespace structure and topic governance
UNSYour topic tree is the backbone every system publishes against. Not a configuration detail. In Unified Namespace (UNS) deployments, enforcing conventions across teams, scoping permissions to namespace branches, and validating that payloads under enterprise/site-a/line-3/sensors/temperature match schema requires a catalog, an enforcement layer, an inspection UI. On bare OSS, you build all three yourself. Without them, your namespace silently drifts into something nobody can refactor without breaking production.
How Pro Mosquitto delivers
Fine-grained access control
Per-topic ACLs, role-based access, dynamic credentials, mTLS, LDAP/AD/OIDC integration. Credential rotation without downtime. Audit logs for every connection, subscription, and ACL change.
Management Center UI
Live client monitoring, topic inspection, connection diagnostics, system metrics. REST API for automation. Real-time visibility across every broker node.
Native bridges
Kafka, PostgreSQL, MongoDB, InfluxDB, MQTT bridge, Azure IoT Hub, Google Pub/Sub, REST/HTTP, and several other SQL-based bridges. Built and supported by Cedalo. No custom middleware required.
Automatic failover & clustering
Active-passive HA for failover, active-active HP for high-performance load distribution with built-in failover. Session persistence across nodes. Zero-downtime upgrades. Configurable sync modes.
Updates, lifecycle & support
Independent release cadence. Pro Mosquitto security and feature patches typically reach customers weeks to months before they land in Eclipse Mosquitto OSS. LTS releases with multi-year support windows. Engineering support from the Eclipse Mosquitto maintainers.
Topic-tree governance for UNS
Schema validation on payloads, per topic. Per-topic ACLs as namespace boundaries. Topic-tree visualization and filtering. The broker primitives UNS architectures are built on.
Edge-to-cloud federation
Run on edge hardware (e.g., ARM devices only require 128 MB RAM), on-prem, or cloud. Bridges connect brokers across sites. Centrally governed, monitored, and managed in Management Center.
Disk-backed persistence
Persistent queueing on disk, not RAM. Built for edge and single-broker deployments. Messages survive broker restarts, network outages, and disconnected clients. Delivery guaranteed beyond RAM limits.
How customers get those outcomes
Core capabilities
MQTT 3.1.1 & 5.0 · Sparkplug B · Bridging · REST APIs · Persistent Queueing
Built on Eclipse Mosquitto™, the world's most trusted MQTT broker
All bridges built and supported by Cedalo
Browse all bridgesFederate brokers across edge → site → cloud via Cedalo MQTT Bridge, the foundation for a Unified Namespace built on your topic tree.
- Policy Engine
- Schema enforcement
- Streams
- Audit trails
- Syslog
- Logstash
- ELK Stack
- Prometheus exporter
- InfluxDB metrics exporter
- Grafana
*Windows runs Mosquitto with a limited feature set
The proof, in code and in production
Two things to verify the claims above: what the configuration actually looks like, and what customers actually run.
Your existing config. Zero changes.
Pro Mosquitto reads the same mosquitto.conf you already run. Enterprise features are additive plugins.
# Your existing config works unchanged
listener 1883
allow_anonymous false
password_file /etc/mosquitto/passwd
persistence_location /mosquitto/data
# Dynamic Security for role-based ACLs
plugin /usr/lib/mosquitto_dynamic_security.so
plugin_opt_config_file /mosquitto/data/dynamic-security.json
# Native Kafka bridge
plugin /usr/lib/cedalo_kafka_bridge.so
# Native MongoDB bridge
plugin /usr/lib/cedalo_mongodb_bridge.soRunning in production today
Enterprise customers
Industry leaders running mission-critical operations on Pro Mosquitto
Continents
Pro Mosquitto deployed globally, from factory floors to smart cities
Two ways in
Starting fresh
Your first message in 5 minutes:
- 1Sign up for a free license. Email and company name. No credit card.
- 2Download the setup. Grab the docker-compose bundle and license from your account.
- 3
docker compose upStarts the broker and Management Center. - 4Open
localhost:3000to create a client. - 5
mosquitto_pub -h localhost -p 1883 -u YOUR_CLIENT_NAME -P YOUR_CLIENT_PASSWORD -t test/hello -m "it works"Publish your first message.
Upgrading from open-source Mosquitto
Your existing mosquitto.conf, ACL files, and client connections work unchanged. Swap the binary, add your license, enable enterprise features. Typical migration: under 1 hour.
Due to its stability, resource efficiency, and performance, we chose Pro Mosquitto as our standard.Hans Michael KrauseDirector Ecosystem ctrlX World, Bosch Rexroth
Common questions architects ask
Ready to evaluate Pro Mosquitto?
14-day cloud trial or 30-day on-prem trial. Self-serve, no sales call. Docker Compose artifacts for single-node and cluster included.