Deployment
Deployment on Azure
Reference patterns for private networking, identity, and observability in regulated environments.
Network isolation
Deploy into a VNet with private endpoints for storage and model access. Use outbound restrictions and centralized egress.
Identity & access
Entra ID / SSO, role-based access controls, and scoped service principals. Support least privilege by default.
Observability
Centralize logs and audit trails (runs, approvals, exports). Integrate into your SIEM.
Data residency
Region-aligned storage and compute with tenant separation where required.
Example (high-level)
A simplified representation of components (not a full IaC template).
architecture
VNet
├─ Private Subnet: App (αlpha Quant Agent)
├─ Private Endpoint: Blob/ADLS
├─ Private Endpoint: Key Vault
├─ Private Endpoint: Azure OpenAI (optional)
└─ Log Analytics / Monitor -> SIEM
Identity: Entra ID (SSO) + RBAC
Secrets: Key Vault
Exports: Blob (encrypted, immutable policies if needed)