MQTT Broker Comparison, Mosquitto, EMQX, HiveMQ in 2022
TL;DR — For < 50K clients: Mosquitto. Open-source, ~5MB binary, zero clustering complexity. For 50K-1M: EMQX 5.0 (just released August 2022). For enterprise with SLAs: HiveMQ commercial. For Erlang shops: VerneMQ. Pick by scale + ops capacity, not features.
After MQTT 101, which broker. Four serious options in 2022, each with a niche. This post compares.
The four
Mosquitto — Eclipse Foundation. Single-binary C broker. Default for small/medium setups. Apache 2.0 license.
EMQX — Chinese-origin, Erlang-based. Clustered out of the box. 5.0 just released (early August 2022). Apache 2.0 community edition.
HiveMQ — German, enterprise focus. Java-based. Commercial license; community edition exists with limits.
VerneMQ — Open-source, Erlang. Mature clustering. Apache 2.0.
Capacity at a glance
Approximate, broker-running-on-decent-hardware (8 vCPU, 16 GB RAM):
| Broker | Max concurrent connections | Throughput msg/s |
|---|---|---|
| Mosquitto | ~50K | ~50K msg/s |
| EMQX 5.0 | ~1M | ~1M msg/s |
| HiveMQ | ~10M (multi-node) | ~10M msg/s |
| VerneMQ | ~1M | ~1M msg/s |
Mosquitto scales vertically only. The others scale horizontally via clustering.
For most IIoT projects with thousands of devices, Mosquitto is plenty. Factories aren’t web-scale.
Clustering
Mosquitto: no native clustering. Multi-broker setups use “bridges” — manual mesh of brokers that forward selected topics. Works for HA pairs (active/standby); not real horizontal scaling.
EMQX: native clustering via Erlang distribution. Add nodes, they share connection state and routing. Automatic. Production-ready.
HiveMQ: native, commercial. Most polished operationally.
VerneMQ: native, similar to EMQX. Operating is more “you need to know Erlang” than EMQX.
If you need a cluster and don’t already run Erlang stuff: EMQX is the obvious pick.
Authentication and authorization
All four support:
- Username/password
- Client certificates
- ACL (access control lists) — who can publish/subscribe to what
The depth varies:
Mosquitto: flat config files. ACL via password-file + acl-file. Sufficient for static setups.
EMQX: dynamic auth from HTTP, MySQL, Postgres, Redis. ACL similar. UI to manage.
HiveMQ: plugin-based auth, deepest integration story.
VerneMQ: similar to EMQX.
For dynamic environments (devices commissioned at runtime, integrated with your auth backend), EMQX/HiveMQ win.
Observability
Mosquitto: $SYS/# topics expose internal stats. Manual Prometheus exporter needed.
EMQX: built-in Prometheus endpoint, dashboard UI, runtime stats. Click-deploy.
HiveMQ: enterprise dashboard, deep observability, control center.
VerneMQ: built-in Prometheus, similar to EMQX.
License realities in 2022
Apache 2.0 (Mosquitto, EMQX community, VerneMQ): full open source. Can use commercially without restriction.
HiveMQ: Community edition is free for non-commercial; full features are paid. Pricing per connection or fleet size; enterprise contract required.
EMQX: community edition Apache 2.0; enterprise edition paid. Enterprise adds non-Apache extensions but the core is fully open.
For most teams self-hosting: Mosquitto or EMQX community. Both Apache 2.0; no surprise license changes.
Ops effort
Rough order from easiest to hardest:
- Mosquitto — single Docker container, one config file, no state to coordinate
- EMQX — Docker Compose stack, optional clustering
- VerneMQ — similar to EMQX, requires more Erlang ops awareness
- HiveMQ — vendor-supported but more sophisticated setup
A team of 2 ops engineers can run Mosquitto in their sleep. EMQX takes ~a day to set up clustering. HiveMQ is “vendor solves it for you” priced accordingly.
Cloud-managed options
If self-hosting isn’t appealing:
- AWS IoT Core — MQTT 3.1.1 broker as a service. Tight AWS integration. Per-message billing.
- HiveMQ Cloud — managed HiveMQ. Tiered.
- EMQX Cloud — managed EMQX. Tiered.
Costs scale with usage. For a 120-sensor project, ~$50-150/month managed. For 10K sensors, $1000+. Self-hosting Mosquitto on a $10/month VM serves the same load.
My pick
For the factory project (~120 sensors, low complexity): Mosquitto. One container, one config, done. Has been running for two months without ops attention.
For a future project with 50K+ devices and active runtime auth: EMQX 5.0. The clustering + dynamic auth + observability all matter at that scale.
For “we have lawyers and need a vendor with SLA”: HiveMQ.
Common Pitfalls
Picking by feature comparison without considering ops. A clustered broker is overkill for 100 devices. Mosquitto wins on simplicity at small scale.
Assuming “more clients” needs a bigger broker. Vertical scaling on EMQX or HiveMQ can do millions per node. Clustering is for HA, not raw scale (usually).
Choosing HiveMQ community for production. Limited features; you’ll hit limits. Either pay for enterprise or use Apache-licensed alternative.
EMQX 5.0 too early. Just released August 2022. Some integrations and tutorials reference 4.x APIs. Wait a quarter unless you have a good reason.
Migrating brokers later. “We’ll start with Mosquitto and migrate to EMQX.” Possible but requires re-credentialing every device. Usually you outgrow Mosquitto only at >50K devices; if you expect that scale, start with EMQX.
Wrapping Up
Pick by scale and ops capacity. Mosquitto for small; EMQX for scale or dynamic auth; HiveMQ for enterprise commitments. Monday: self-hosting Mosquitto with TLS.
