This page includes an overview and notes on full production deployment of Crazy Ivan. A step-by-step walkthrough for setting up a secured, single-node deployment is also available in the Advanced Walkthrough.
A full deployment of Crazy Ivan involves several steps:
Each component has it’s own encryption and authentication layers.
Crazy Ivan instances are deployed in clusters, with each cluster managing a particular set of scenes. The clusters which contain scenes that may interact should all be connected to the same Neo4j cluster. In other words, User Devices cannot move between Crazy Ivan clusters that run against different Neo4j clusters.
Crazy Ivan can load configuration values from Consul and/or Vault, and uses SSL encryption with HTTP Basic Authentication for transactions. Events (sent via UDP) utilize AES symmetric encryption.
Many configuration values are cluster-specific. This allows us to set, for example, separate encryption keys by cluster.
Deploying a Consul Cluster is covered in detail on the Consul webpage.
Crazy Ivan uses the Consul KV Store for unsecured configuration values, as well as using Consul for Service Discovery. It can utilize SSL encryption, as well as the ACL layer.
Deploying a Neo4j Cluster is covered in detail here. Note that only HA Clusters are currently supported, utilizing Causal Clustering will provide little to no benefit.
Neo4j in containers is also supported. Either way, once Neo4j servers are active, they need to be registered with Consul in order to be picked up by Service Discovery. This can be done with curl, for example:
curl -X PUT -d ‘{“ID”: “neo4j”, “Name”: “neo4j”, “Tags”: [“Primary”], “Address”: “localhost”, “Port”: 7687}’ http://127.0.0.1:8500/v1/agent/service/register
In addition, there are several schema optimizations that are recommended. To apply them, run the following against any Neo4j servers:
CREATE CONSTRAINT ON (scn:Scene) ASSERT scn.key IS UNIQUE
CREATE INDEX ON :Scene(key)
Note that these are optional, but are highly recommended in production settings.
Deploying a Vault Cluster is covered in detail on the Vault webpage.
Crazy Ivan can utilize the following Secret Stores:
