HiveMQ Security

Security is a key concern for any IoT application. HiveMQ implements the security features required for safe and secure enterprise IT and OT deployments.

Key Features

TLS / SSL Encryption

  • Secure communication between HiveMQ and MQTT clients.
  • Secure communication between HiveMQ cluster nodes.
  • Native TLS/SSL support for increased performance.
  • OCSP Stapling caches the result of the OCSP responder with the Broker so individual MQTT clients no longer need to check OCSP.

Pluggable Authorization and Permissions

  • Assign fine grained permissions to clients to restrict the access and the actions to different MQTT topics.
  • Assign fine grained permissions to HiveMQ Control Center users to restrict the access to different pages and data available in the HiveMQ Control Center.

Overload Protection

  • Throttles overactive publishing clients so HiveMQ broker is not overloaded.
  • Dramatically improves the resiliency of a HiveMQ cluster.

Pluggable Authentication

  • Authentication of MQTT clients can be done through external sources, ex. device name and password in a database.

HiveMQ Security Architecture

HiveMQ Enterprise Security Extension (ESE) Key Features
Integration with third party enterprise security systems, includes support for username/password and roles/permissions stored in a SQL database
Preprocessing of authentication and authorization data coming from a MQTT client
A structured access log for tracking security related device information
Allow for fine-grained authorization rules that can specify permissions for specific clients or a group of clients
Access control for the HiveMQ Control Center
Download ESE

Security Features in HiveMQ Broker

HiveMQ Broker Security Features
Default support for TLS
Support for Java Key Store and Java Trust Stores to store X.509 certificates and encryption keys
Configuration to limit valid Cipher Suites
Cluster overload protection that allows for throttling MQTT clients
Increase performance via native SSL support (Enterprise Edition Only)
OCSP stapling to increase performance of client TLS connection (Enterprise Edition Only)
A structured audit log for tracking security related control center user information (Enterprise Edition Only)
Download HiveMQ

Contact Us to discuss how HiveMQ can add security to your MQTT and IoT deployment.