Enterprise Features

On this page Carat arrow pointing down
Cockroach Labs will stop providing Assistance Support for v22.2 on June 5, 2024. Prior to that date, upgrade to a more recent version to continue receiving support. For more details, refer to the Release Support Policy.

CockroachDB distributes a single binary that contains both core and Enterprise features. You can use core features without any license key. However, to use the Enterprise features, you need either a trial or an Enterprise license key.

This page lists Enterprise features. For information on how to obtain and set trial and Enterprise license keys for CockroachDB, see the Licensing FAQs.

Cluster optimization

Feature Description
Follower Reads Reduce read latency in multi-region deployments by using the closest replica at the expense of reading slightly historical data.
Multi-Region Capabilities Row-level control over where your data is stored to help you reduce read and write latency and meet regulatory requirements.
Node Map Visualize the geographical distribution of a cluster by plotting its node localities on a world map.

Recovery and streaming

Feature Description
Enterprise BACKUP and restore capabilities Taking and restoring incremental backups, backups with revision history, locality-aware backups, and encrypted backups require an Enterprise license. Full backups do not require an Enterprise license.
Changefeeds into a Configurable Sink For every change in a configurable allowlist of tables, configure a changefeed to emit a record to a configurable sink: Apache Kafka, cloud storage, Google Cloud Pub/Sub, or a webhook sink. These records can be processed by downstream systems for reporting, caching, or full-text indexing.

Security and IAM

Feature Description
Encryption at Rest Enable automatic transparent encryption of a node's data on the local disk using AES in counter mode, with all key sizes allowed. This feature works together with CockroachDB's automatic encryption of data in transit.
GSSAPI with Kerberos Authentication Authenticate to your cluster using identities stored in an external enterprise directory system that supports Kerberos, such as Active Directory.
Cluster Single Sign-on (SSO) Grant SQL access to a cluster using JSON Web Tokens (JWTs) issued by an external identity provider (IdP) or custom JWT issuer.
Single Sign-on (SSO) for DB Console Grant access to a cluster's DB Console interface using SSO through an IdP that supports OIDC.

See also

Yes No
On this page

Yes No