What's New in HiveMQ 4.2?
Written by Dominik Obermaier
Category: HiveMQ Release
Published: July 24, 2019
We are pleased to announce the release of HiveMQ 4.2. This HiveMQ version is a feature release that focuses on additional functionality for enterprise environments: Role Based Access Control for the HiveMQ Control Center as well as Audit Logs. A brand new Backup & Restore feature lets you seamlessly backup, recover, and migrate HiveMQ clusters of any size, even in the most complex environments.
HiveMQ extension developers will love all the new functionality that 4.2 adds to the extension SDK (including new interceptors and services).
You can read about all the new features below.
This version is a drop-in replacement for HiveMQ 4.1 and supports rolling upgrades with zero downtime. Learn more in our Upgrade Guide.
Backup & Restore
Backups are an important part of every mission-critical MQTT deployment. In the past, a highly-resilient, distributed MQTT platform such as HiveMQ (which supports up to 10,000,000 concurrent devices simultaneously and is deployed on multiple servers) required careful planning for backups. Now, our new backup and restore functions make it extremely simple to create cluster-wide backups for all of your MQTT-platform data quickly and efficiently. Our fully-integrated Control Center allows you to create and download backups that contain the following data:
- Retained messages
- MQTT client sessions
- Client subscriptions
- Queued messages
- Shared subscription queues
- Client data that extensions add
- Message data that extensions use (Kafka Extension)
You can download all of this data in one compressed data file.
In the Control Center, you can also upload a backup file to perform a cluster-wide restore of the backup. In case of a disaster, your backup files can be used to restore any previous cluster state. This backup functionality can also be used to migrate data to other infrastructure providers. Simply export cluster data and import it again in a fresh cluster.
The new backup and restore functions are immediately available for both HiveMQ Professional Edition and HiveMQ Enterprise Edition customers.
Role Based Access Control for the Control Center
The HiveMQ Control Center is a Swiss army knife for operators that provides insight into all aspects of a MQTT deployment (including powerful capabilities to debug MQTT clients and devices in production).
The HiveMQ Enterprise Edition adds Role Based Access Control (RBAC) for Control Center users. RBAC allows you to restrict user permissions and precisely control which users can view, access, and modify data. Use RBAC to create fine-grained access management for your HiveMQ system.
In environments with multiple administrators, legal reasons can require you to disable Control Center functionality for some or all users. For example, prevent the display of IP addresses. The HiveMQ Enterprise Edition allows you to restrict user access according to corporate compliance policies while providing best-in class monitoring and debug capabilities for production environments.
In enterprise environments, it is critical to have audit trails for all administrative actions that can potentially disrupt production systems. HiveMQ 4.2 adds the capability to log all user actions via the HiveMQ Control Center in a dedicated audit log that is separate from the standard technical logs. The audit log makes it easy to reconstruct what user interactions took place and you can restrict access to the audit logs to authorized users.
Updated Extension SDK
This HiveMQ release adds numerous improvements and new APIs to the Community and Enterprise SDK. We’ve also added methods that let you work with data in large MQTT clusters without the need to fit all data into memory. These methods make it possible to use all APIs even in deployments with millions of MQTT clients.
New Services and functionality in Community SDK
- AdminService: This service allows to you to programmatically access information about the server and broker as well as the lifecycle state of a newly-started broker. The AdminService is ideal for implementing custom health checks.
- SubscriptionStore: The SubscriptionStore now provides access to all cluster-wide MQTT subscribers and their subscriptions. You can also limit your request to MQTT clients that subscribe to a specific topic filter. In addition, all subscribers that match a specific topic are easily accessible.
- ClientStore: The ClientStore now provides access to all MQTT sessions that are available in the cluster (even for millions of MQTT clients).
- ClientSettings: It is now possible to access and modify client settings such as the in-flight window.
New Interceptors in the Community SDK
- SubscribeInboundInterceptor: Allows you to modify incoming MQTT SUBSCRIBE packets.
- ConnectInboundInterceptor: Allows you to modify and enrich incoming MQTT CONNECT packets.
- ConnackOutboundInterceptor: Allows you to modify and enrich an outgoing MQTT CONNACK packet
- PublishOutboundInterceptor: Allows you to modify outgoing MQTT publishes before they are sent to clients.
New Enterprise SDK Features:
The following features are available for the Enterprise SDK. This SDK is available for partners and customers. Get in touch if you’d like to get access to the SDK.
- SessionAttributeStore: This new API allows you to add arbitrary key-value data to MQTT sessions that can also be used from different extensions simultaneously. The data that the SessionAttributeStore method adds to the sessions is available cluster-wide.
- Custom Authentication for the Control Center: The Control Center authentication is completely customizable. For example, developers can use third-party systems to check the credentials of users
- Control Center Permissions: Developers can use the brand new RBAC mechanism for programmatic and fine-grained permissions for their own views and to add and remove permissions for users.