Product description

VerneMQ is first and foremost an MQTT publish/subscribe message broker which implements the OASIS industry standard MQTT protocol. It can use FIPS 140-2 certified cryptography, making it an ideal vehicle for Internet of Things (IoT), Intelligence, Surveillance & Reconnaissance (ISR) and other telemetry in Federal environments. VerneMQ is built to take messaging applications to the next level by providing a unique set of features related to scalability, reliability and high-performance as well as operational simplicity.


VerneMQ supports FIPS 140-2 encryption over Transport Layer Security (TLS) 1.2 to guarantee the confidentiality of messages in-flight. It ships with file-based, relational database (PostgreSQL and MySQL) and NoSQL (MongoDB & Redis) authentication connectors out-of-the-box. Custom connectors are possible using VerneMQ’s plugin framework. An ACL-based authorization mechanism which is enabled by default, controlling read/write access topics based on topic patterns, usernames or user IDs.

Built for clustering

To achieve these goals, VerneMQ is designed from the ground up to work as a distributed message broker, ensuring continued operation in the event of node or network failures and easy horizontal scalability. The underlying technology is a proven telecom grade technology stack providing a rock solid foundation for systems that must be in continuous operation around the clock. It’s also able to make efficient use of all available resources as a basis for easy vertical scalability.

VerneMQ uses a master-less clustering technology. There are no special nodes like masters or slaves to consider when the inevitable infrastructure changes or maintenance windows require adding or removing nodes. This makes operating the cluster safe and simple.


VerneMQ implements the full MQTT 3.1 and 3.1.1 specifications. The current list of core features include:

  • QoS 0, QoS 1, QoS 2 levels
  • File-based Authentication and Authorization
  • PostgreSQL, MySQL, Redis & MongoDB Authentication and Authorization
  • Bridge Support
  • $SYS Tree for monitoring and reporting
  • TLS (SSL) Encryption
  • Websockets Support
  • Cluster Support
  • Logging (Console, Files, Syslog)
  • Reporting to Graphite
  • Reporting to Prometheus
  • Extensible Plugin architecture
  • Shared Subscriptions
  • Multiple Sessions per ClientId
  • Session Balancing
  • Message load regulation
  • Message load shedding (for system protection)
  • Offline Message Storage (based on LevelDB)
  • Queue can handle messages FIFO or LIFO style.
  • PROXY v2 Protocol
  • Lua plugin scripting support
  • Webhooks
  • HTTP Administration API