Azure-Native Infrastructure
The Clinical Temporal Decision Engine runs on Azure App Service with Managed Identity, Key Vault for secrets, Cosmos DB for structured data, and Log Analytics for observability. Designed for multi-institution deployment with per-tenant isolation.
Service Topology
Representative Azure topology
The public site summarizes the service relationships without exposing environment-specific identifiers or sensitive operational details.
- App Service for API and operator console
- Key Vault for secrets and references
- Cosmos DB for structured application state
- Log Analytics for PHI-safe observability
Architecture diagrams remain available in internal documentation and deployment assets.
Azure App Service
Hosts the Python pipeline, operator console (Next.js), and MCP agent surface. Deployment slots enable zero-downtime updates.
Azure Key Vault
Stores API keys, connection strings, and secrets. Accessed via Managed Identity — no long-lived credentials in code.
Azure Log Analytics
PHI-safe operational telemetry. 10-event taxonomy covers pipeline, auth, MCP, and API surfaces. No patient data in logs.
Application Insights
Smart detection, anomaly alerts, and performance monitoring. Integrated with Azure Monitor for incident response.
Azure Storage
Customer-controlled storage for FHIR input, pipeline results, and clinical flag exports. Encryption at rest by default.
GitHub Actions
CI/CD pipeline with 2,279 automated tests, CodeQL analysis, and dependency scanning. SHA verification gate post-deploy.
Deployment Model
Single Institution
Azure App Service + Key Vault + Storage. Deployed via Bicep in customer subscription. 1–2 day setup.
Multi-Institution
Per-tenant API key isolation. Shared infrastructure with logical separation. Designed for 5–50 hospital networks.
Pilot / Evaluation
Minimal Azure footprint (~$45/month). Synthetic data ingestion. Full feature set available for evaluation.
Note: Pricing estimates are illustrative only. Actual Azure costs depend on data volume, region, and SKU selection.