This solution accelerator provides a reference architecture for a central AI API gateway, enabling organizations to securely leverage multiple Azure AI services with unified governance, monitoring, and cost management. It targets enterprises seeking to simplify AI adoption through best practices and automation for secure, compliant, and efficient AI service integration. The preview AI Citadel Governance Hub v1 significantly enhances enterprise AI governance.

How It Works

The solution uses Azure API Management as a unified gateway for access control, credential management, and intelligent routing. It integrates with Azure OpenAI, Content Safety, Language Service (PII detection), and others. Key design choices include managed identity for zero-credential authentication, private endpoint connectivity for network isolation, and real-time usage tracking via Event Hub and Cosmos DB. The preview v1 introduces a three-pillar architecture: Governance & Security, Observability & Compliance, and AI Development Velocity, featuring novel components like an AI Registry and Citadel Contracts.

Quick Start & Requirements

Deployment is automated via the Azure Developer CLI (azd).

• Primary Install/Run Command: azd auth login, azd env new ai-hub-gateway-dev, azd up.
• Prerequisites: Azure Account with OpenAI access approval, Subscription with roleAssignments/write permissions, sufficient OpenAI capacity in target regions (East US, North Central US, East US 2), Azure Developer CLI (azd), Azure CLI.
• Links: The citadel-v1 branch is recommended for new deployments. A "Citadel Governance Hub Guide" is mentioned for deployment.

Highlighted Details

• AI Citadel Governance Hub v1 (Preview): Enhances governance with Security, Observability, and Development Velocity pillars, including an AI Registry and Citadel Contracts.
• Enhanced Multi-Cloud Support (Preview): Aims for unified governance across Azure OpenAI, AWS Bedrock, and open-source models.
• Enterprise Security: Features PII detection/masking, Entra ID integration for JWT validation, and Bring Your Own Network (BYOVNet).
• Automated Onboarding: Streamlines per-use-case onboarding to the AI Gateway, automating APIM product, subscription, and Key Vault secret creation.

Maintenance & Community

As an official Azure Sample, it is likely maintained by Microsoft. No specific community channels or contributor details are provided in the README.

Licensing & Compatibility

The README does not specify a license type. Commercial use compatibility cannot be determined from the provided text.

Limitations & Caveats

The AI Citadel Governance Hub v1 is currently in preview, indicating potential instability and incomplete features. Platform AI Evaluations are marked as "Coming Soon," and multi-cloud support is also in preview, suggesting it may not be fully mature or feature-complete across all target platforms.