/
How HiveMQ Enterprise Security Extension Improves Resilience with Caching and Circuit Breakers

How HiveMQ Enterprise Security Extension Improves Resilience with Caching and Circuit Breakers

Overview
The HiveMQ Enterprise Security Extension (ESE) offers enhanced resilience for environments where external databases, like Postgres, are used for authentication and authorization. Two key features—caching and circuit breakers—help improve performance and reliability, particularly when dealing with high authentication traffic and potential database instability.

1. Caching Configuration for Resilience

One of the ways to improve performance and reduce load on your Postgres database is by using caching in the SQL Realm. HiveMQ ESE supports several types of caches that reduce the frequency of database queries by storing authentication and authorization data for a predefined time-to-live (TTL).

Types of Cached Data

  • Authentication Data (username and user information) – Cached for 1 minute.

  • User Permissions – Cached for 5 minutes.

  • Role Permissions – Cached for 1 day.

  • Authentication Failures – Cached for 1 minute.

Cache Configuration

You can configure TTL for the caches to fine-tune performance based on your specific needs. For example, reducing the TTL for role or permission caches can help reduce authentication traffic, especially in high-traffic environments.

  • Cache Size: The cache is limited in size, meaning old data may be evicted even before the TTL expires.

  • Evictions: If the cache is full, older entries may be evicted, leading to fresh queries to the database.

Where to Configure Caching

The caching configuration can be set within the HiveMQ ESE SQL Realm settings.

For more information, see the official documentation for SQL realm caching settings:
SQL Realm Caching Configuration

2. Circuit Breakers for Database Resilience

High authentication traffic, database connection issues, or occasional database failures can impact the stability of your HiveMQ deployment. To address this, HiveMQ ESE provides a circuit breaker feature, which improves resilience by controlling how HiveMQ interacts with the database during failures.

The circuit breaker prevents continuous retries during database unavailability, thereby reducing unnecessary load and potential cascading failures. When the database connection becomes unstable or fails, the circuit breaker can automatically stop attempts to authenticate users, allowing the system to recover.

How It Works

  • If the circuit breaker detects repeated failures, it opens and stops further authentication requests to the database.

  • Once the system detects that the database is stable again, the circuit breaker will close, allowing authentication traffic to resume.

Configuration

You can configure the circuit breaker functionality within the SQL realm settings. The feature is available in HiveMQ version 4.30.0 and later.

For more details on configuring circuit breakers, refer to the following resources:
What's New in HiveMQ 4.30: Circuit Breaker
SQL Realm Resilience Configuration

Summary

The HiveMQ Enterprise Security Extension (ESE) significantly improves resilience and performance by leveraging caching and circuit breakers. By configuring the TTL for cached data and using circuit breakers, you can reduce the load on your Postgres database, mitigate connection issues, and ensure smoother operation, especially in high-traffic or unstable environments.

For further assistance or custom configuration help, don’t hesitate to reach out to the HiveMQ support team.