Zero-Trust, Azure-Native Architecture
DevOps AI deploys entirely within the client's Azure tenant — no data ever leaves the VNet. Multi-model AI orchestration, private endpoints, and defense-in-depth at every layer.
DevOps AI is an Azure Managed Application that provisions a complete, isolated infrastructure stack within each client's Azure tenant. The architecture is designed around three non-negotiable principles: full data sovereignty, zero-trust networking, and human-in-the-loop safety at every AI decision boundary.
Every component — from the AI orchestration layer to the database tier — runs within the client's own Azure subscription, governed by their own policies, and accessible only through private endpoints. No data transits RainTech's infrastructure. No public AI APIs are called. Every model runs on Azure OpenAI Service within the tenant's own API quota.
Architecture Layers
Presentation Layer
React 18 SPA with Fluent UI components, zone-specific navigation, role-based views, and real-time WebSocket connections for live updates. Progressive Web App (PWA) capable.
API Gateway
FastAPI on Azure App Service with JWT/OAuth2 authentication, rate limiting, request validation, and comprehensive audit logging. Every request is traced end-to-end.
Intelligence Layer
Multi-model AI orchestration with Azure OpenAI Service. Chain-of-thought reasoning with explainable decisions. Model routing selects the optimal model per task type and cost constraints.
Control Plane
15 operational zones with unified taxonomy, role-based access control, sensitivity labels, and event bus for cross-zone communication. Pydantic-based domain models throughout.
Integration Layer
Connector framework for NinjaRMM, ConnectWise, ServiceNow, Microsoft Intune, Wazuh, QuickBooks, and more. OAuth2 credential management with Zero-Knowledge Vault for secrets.
Data Layer
Azure SQL with row-level security, Azure Blob Storage with encryption at rest, and Azure Key Vault for secrets management. All within the client's Azure tenant.
Defense in Depth
Zero-Trust Network
Private endpoints on every Azure resource. No public IP addresses. Network Security Groups enforce least-privilege communication between components. VNet-isolated deployment.
HITL Gate System
Four-tier Human-in-the-Loop classification (L0-L3) on every process area. AI never executes sensitive operations without explicit human approval. Full audit trail on every decision.
Encryption & Key Management
AES-256 encryption at rest, TLS 1.3 in transit, Azure Key Vault for secrets, and Zero-Knowledge Vault for client credentials where even RainTech cannot access the plaintext.
HITL Gate Classification System
Every process area across all 15 zones is classified with a Human-in-the-Loop gate level that defines the boundary between AI autonomy and human oversight.
AI executes autonomously with full logging. No human approval needed. Examples: ticket classification, monitoring alerts, report generation.
AI executes and notifies the assigned human. Human can review, override, or escalate after the fact. Examples: SLA predictions, patch scheduling.
AI prepares and recommends, but a human must explicitly approve before execution. Examples: change requests, contract modifications.
Humans perform the action with AI providing decision support only. Examples: legal review, privileged access approval.