Technical Architecture

Built for Enterprise. Deployed in Minutes.

A multi-tier Azure PaaS architecture with AI-native inference, multi-tenant data isolation, and Azure Marketplace deployment — from zero to operational in under 35 minutes.

Deploy from Marketplace Security Center →

System Overview

A clean four-tier architecture on Azure PaaS. Every layer is independently scalable, observable, and secured.

01

Presentation Layer

Responsive SPA delivered via Azure CDN. Role-adaptive dashboards, real-time WebSocket updates, and WCAG 2.1 AA accessibility. Server-side rendering for SEO-critical pages.

Azure CDN React SPA WebSockets
02

API Gateway Layer

Azure API Management with rate limiting, OAuth 2.0/OIDC authentication, request validation, and tenant-aware routing. API versioning with backward compatibility guarantees.

Azure APIM OAuth 2.0 Rate Limiting
03

Service Layer

Microservices running on Azure Container Apps. Each zone has dedicated service boundaries. Event-driven communication via Azure Service Bus. CQRS patterns for high-throughput operations.

Container Apps Service Bus CQRS
04

Data Layer

Azure SQL with row-level security for tenant isolation. Azure Cosmos DB for document store. Azure Blob Storage for artifacts. Redis Cache for session and query caching. All encrypted at rest with customer-managed keys.

Azure SQL Cosmos DB Redis
Multi-Tenancy

3-Tier Branding. Complete Data Isolation.

Every deployment supports three distinct branding layers — Platform, MSP, and Client — each with its own visual identity, data scope, and access controls.

Platform Layer

RainTech's core platform. Global configuration, model management, and infrastructure controls.

MSP Layer

Custom branding, role configuration, zone activation, and cross-client analytics for each MSP.

Client Layer

Per-client data isolation, white-labeled portals, and scoped access — your clients see only their environment.

Platform
MSP Alpha
Client A Client B Client C
MSP Beta
Client D Client E

Tenant routing & data isolation at every layer

AI/ML Inference Pipeline

Azure AI first for inference — Azure OpenAI is the default. Admins, security engineers, and DevOps have granular controls to configure third-party providers as fallback.

Request Ingestion

AI requests enter the pipeline through zone-specific service endpoints. Each request carries tenant context, role permissions, and confidence requirements.

InferenceRouter

The admin control plane routes requests to the optimal model. Azure OpenAI is the default. Admins can configure fallback providers, set rate limits, and enforce cost caps.

Response & HITL

Results are validated, confidence-scored, and routed through human-in-the-loop workflows when required. Full audit trail for every inference action.

Admin Control Plane

Model Selection

Choose which Azure OpenAI models power each zone. GPT-4o for complex reasoning, GPT-4o-mini for high-throughput classification.

Rate Limiting

Per-tenant, per-zone, and per-model rate limits. Prevent noisy-neighbor issues and ensure fair resource allocation across MSP clients.

Cost Caps

Set monthly inference spend limits per tenant and per zone. Alerts at 80% threshold. Hard caps prevent runaway costs.

Fallback Providers

Admins can configure third-party LLM providers as fallback. Full control over when and how fallback is triggered.

Integration Ecosystem

Pre-built connectors for the tools MSPs already use. Bi-directional sync keeps everything in lockstep.

PSA Integrations

ConnectWise Manage, Datto Autotask, HaloPSA, and more. Bi-directional ticket, client, and configuration sync.

ConnectWise Autotask HaloPSA

RMM Platforms

ConnectWise Automate, Datto RMM, NinjaOne, and more. Endpoint data, alerts, and automation script execution.

CW Automate Datto RMM NinjaOne

Identity Providers

Azure Entra ID (Azure AD) and Google OIDC. SSO, MFA enforcement, conditional access, and group-based role mapping.

Entra ID Google OIDC

Monitoring & Observability

Azure Monitor, Log Analytics, and Application Insights. Centralized dashboards, alerting, and custom metric collection across all zones.

Azure Monitor Log Analytics
Deployment

Zero to Operational in <35 Minutes

Deploy directly from Azure Marketplace. ARM templates provision the entire infrastructure stack — compute, networking, storage, identity, and AI services — in a single automated pipeline.

1

Azure Marketplace

Find DevOps AI on the Azure Marketplace. Select your plan and click Deploy.

2

Configure & Provision

Select your Azure region, configure tenant settings, and connect your identity provider. ARM templates handle the rest.

3

Go Live

Platform is operational. Activate zones, onboard your team, and start processing tickets with AI-assisted workflows.

<35 Minutes to Deploy
100% Azure PaaS — No VMs to Manage
15 Zones Available at Launch
157+ Process Areas Pre-Configured

See the Architecture in Action

Schedule a technical deep-dive to explore the multi-tier architecture, AI pipeline, and deployment experience.

Request a Demo Security Center →