49 |
50 | | Governance Feature |
51 | Description |
52 |
53 |
54 | | Unified AI Gateway |
55 | Central gateway that mediates every AI call. It applies global policies (rate limits, authentication, routing) and provides a single secure endpoint for clients. This ensures all AI usage is centrally visible and controlled. |
56 |
57 |
58 | | Policy Engine |
59 | Rich rule framework to enforce business rules – e.g. restrict certain models to specific regions, apply token quotas per user, or inject safety prompts. Administrators can write custom policies or use built-in templates for common requirements. |
60 |
61 |
62 | | Managed Credentials |
63 | Uses gateway-keys with/without Identity Platform issued tokens (like Microsoft Entra ID) to abstract backend secrets. Developers no longer handle raw AI services master keys – the gateway issues tokens/keys with scoped access. This prevents key leakage and allows instant revocation if needed. |
64 |
65 |
66 | | Content Safety Filters |
67 | Automated checks on prompts and responses using Azure AI Content Safety. Flags or removes profanity, hate, sexual or violent content, and can block outputs that violate compliance policies (e.g. privacy or confidential data). |
68 |
69 |
70 | | AI Registry & Catalog |
71 | A registry (via Azure API Center) for discovering and managing AI endpoints and tools (known as MCP servers). This catalogue lets teams securely share AI “skills” (Agents, APIs, functions) across the enterprise with proper metadata and governance. |
72 |
73 |
74 | | Multi-cloud Connectors |
75 | Built-in support to govern AI services beyond Azure. The gateway can proxy requests to open-source model APIs or other cloud’s AI endpoints (e.g. Bedrock) securely. This ensures consistent security and monitoring even for third-party AI services. |
76 |
77 |
78 | | Azure Key Vault |
79 | Secure store for secrets and credentials by AI Apps/Agents. All API keys, connection strings, etc., used by agents or the gateway are kept in spoke Key Vault, and accessed via managed identities. This eliminates hard-coded secrets and protects sensitive data at rest. |
80 |
81 |
82 |
83 | **In practice, these governance features mean AI applications can be deployed with confidence.** For example, if you build a GPT-based internal assistant, it will run through Citadel’s gateway – **ensuring it only answers within approved data sources, filters any policy-breaking content, and logs its activity**. Administrators remain in control: they can update a policy to block a newly discovered prompt attack pattern, or quickly see which prompts are costing the most. FCP thus fosters **strong customer and stakeholder trust in AI** by providing the oversight needed beyond just “having a model”. Governance is no longer a roadblock – it’s baked into the platform so that **compliance officers and developers can collaborate effectively** without endless manual reviews. The result is faster deployment of AI solutions **“with the guardrails on”**, avoiding the common pitfalls of unchecked AI experimentation (data leaks, runaway costs, or reputational damage).
84 |
85 | ***
86 |
87 | ## **2. Observability & Compliance Pillar** – *End-to-End Monitoring, Evaluation & Trust*
88 |
89 | > ### Full Visibility = Trust & Confidence
90 | > Citadel provides **holistic observability** for AI systems through a **dual-layer approach**: centralised monitoring at the platform level and detailed tracing at the agent level. This ensures teams can debug issues, assure quality, and govern compliance in real time. *"You need a dashboard, not a crystal ball"* to manage AI.
91 |
92 | The **Observability & Compliance** pillar of **Foundry Citadel Platform** equips organisations with the tools to **monitor, trace, and evaluate** AI agents and LLMs behaviour continuously through a structured **layered observability approach**. This ensures that AI applications are not a "black box" – instead, they are transparent and auditable at both platform and agent levels, which is essential for maintaining reliability and trust in their outputs.
93 |
94 | ### **🏗️ Platform-Level Observability**
95 |
96 | Platform observability provides **centralised monitoring and governance** across all AI workflows, offering enterprise-grade visibility without requiring any agent code changes:
97 |
98 | * **📊 Central Application Performance Monitoring (APM):** Citadel integrates seamlessly with **Azure Monitor Application Insights** to provide comprehensive platform-wide APM capabilities. This centralised monitoring captures infrastructure-level metrics, performance data, and system health indicators across all AI workloads. Teams gain visibility into resource utilisation, system bottlenecks, and overall platform performance without needing to instrument individual agents.
99 |
100 | * **📈 Detailed Usage Tracking per Team/Use Case/Agent:** The platform provides **granular usage analytics** that can be segmented by team, use case, or individual agent. This includes tracking metrics such as:
101 | * **Token consumption trends** broken down by team, project, or agent
102 | * **Request volumes and patterns** across different use cases
103 | * **Cost allocation and budgeting** with detailed spend visibility per organisational unit
104 | * **User adoption patterns** and engagement metrics across different AI applications
105 |
106 | For example, operations teams can see that *"the Sales team's Q&A Bot consumed 1.2M tokens (cost ~£60) today across 5,000 requests, while the Legal team's document analysis agent used 800K tokens across 200 complex queries."* This granular tracking enables accurate **cost management, capacity planning, and resource allocation** across the organisation.
107 |
108 | * **🔍 Centralised AI Evaluation (No Code Changes Required):** One of FCP's key strengths is its ability to run **comprehensive AI evaluations** without requiring any modifications to agent code. The platform can:
109 | * **Automatically intercept and evaluate** AI outputs using predefined and custom metrics
110 | * Run **periodic batch evaluations** on historical data (e.g., evaluate 10% of conversations overnight)
111 | * Provide **comparative analysis** between different time periods, agent versions, or teams
112 | * Support **custom business-specific evaluators** that can be deployed centrally and applied across multiple agents
113 |
114 | The evaluation framework includes a comprehensive suite of **pre-defined metrics**:
115 | * *Response Quality Metrics:* **groundedness** (did the answer stick to the provided data sources?), **relevance** (did it address the user's query?), **coherence and fluency** of the language, and **completeness** (did it follow all instructions and provide all parts of the answer?)
116 | * *Retrieval Accuracy:* for agents using knowledge bases, Citadel checks whether facts in answers occur in retrieved documents (measuring **truthfulness** to sources)
117 | * *Safety Metrics:* evaluation for **potential harms** – offensive language, biased content, and **"jailbreak" susceptibility** (was the agent tricked into breaking rules?)
118 |
119 | This centralised approach means quality assurance and safety evaluations are **consistent across all AI applications** and can be managed by a central AI governance team without requiring development resources from individual agent teams.
120 |
121 | * **🚨 Enterprise Alerts and Automated Remediation:** For sensitive AI use cases, the platform provides **sophisticated alerting and automated response capabilities**:
122 | * **Configurable alert rules** on critical metrics (e.g., groundedness scores below thresholds, token usage spikes, error rate increases)
123 | * **Automated remediation actions** such as temporarily disabling agents, switching to backup models, or escalating to human oversight
124 | * **Integration with enterprise notification systems** (Teams, email, ITSM platforms) for immediate response
125 | * **Compliance monitoring** with automated reporting for regulatory requirements
126 |
127 | For high-stakes scenarios, teams can configure cascading responses – for instance, if safety scores drop below acceptable levels, the system can automatically route queries to human reviewers while alerting the responsible teams. Early warning of anomalies (maybe a new version of the model started "hallucinating" more, or an API that agents rely on is down) is critical for maintaining **high uptime and trust**.
128 |
129 | ### **🤖 Agent-Level Observability**
130 |
131 | Agent observability provides **detailed, granular insights** into individual AI agent behaviour, enabling deep debugging and optimisation:
132 |
133 | * **📋 Detailed Execution Traces:** Citadel guidance for agent deployments allows records comprehensive **execution traces** for each AI query or conversation. These traces capture **every step an agent takes** – from the initial user prompt, to system and tool prompts, all intermediate reasoning or chain-of-thought messages, calls to external tools or knowledge bases, and the final response. Along with the content, traces log **parameters, model identities, and timing** (latency and token counts) for each step. These traces are visualised in a **structured timeline** for developers and engineers.
134 |
135 | For example, if an AI agent uses a calculator API as part of its reasoning, you will see the exact API call and result in the trace. This level of insight makes it far easier to **debug issues** – such as figuring out *why* an agent gave a wrong answer (maybe it chose a flawed chain of actions), or why latency spiked (perhaps one tool took too long). Traces are stored durably (via Azure Application Insights/Log Analytics), allowing comparative analysis between runs and even between different versions of an agent. In short, **every conversation or action path is observable**; nothing is truly "hidden" behind an AI magic curtain.
136 |
137 | * **⚡ Performance Monitoring:** Agent-level monitoring captures detailed performance metrics including:
138 | * **Response latency** broken down by reasoning steps, tool calls, and model inference
139 | * **Token usage patterns** for each component of the agent's workflow
140 | * **Tool utilisation efficiency** and success rates
141 | * **Memory and resource consumption** during agent execution
142 |
143 | This granular performance data enables developers to identify bottlenecks, optimise agent workflows, and ensure consistent performance across different scenarios.
144 |
145 | * **🎯 Agent-Specific Quality Evaluations:** Beyond platform-wide evaluations, agent-level observability includes metrics tailored to specific agent behaviours:
146 | * **Intent fulfilment** (did the agent actually achieve what the user asked?)
147 | * **Tool use correctness** (did it call the right tool with correct parameters?)
148 | * **Reasoning efficiency** (were there unnecessary steps or redundant operations?)
149 | * **Multi-step coordination** (for complex agents with multiple reasoning phases)
150 |
151 | These agent-specific metrics provide developers with actionable insights for improving agent design and prompt engineering.
152 |
153 | * **🔧 Advanced Debugging & Diagnostics:** FCP's guidance provides rich tools to **search and inspect logs and traces** for any session or conversation. It has powerful filtering capabilities. This helps in **root cause analysis**. Moreover, developers can **replay traces**: taking a stored conversation and running it step-by-step (either on the same or updated version of the agent) to reproduce issues or test fixes.
154 |
155 | * **🔄 Continuous Improvement Integration:** Agent observability feeds directly into the **development and deployment lifecycle**:
156 | * **CI/CD integration** with automated testing using historical prompt datasets
157 | * **A/B testing capabilities** for comparing different agent versions
158 | * **Performance regression detection** when deploying new agent versions
159 | * **Feedback loop integration** allowing insights from production to inform development
160 |
161 | For example, AI Evaluation tests can be integrated with your CI/CD pipeline: whenever a new version of an agent is deployed, a battery of **automated tests and evaluations** can run (using stored prompt datasets) to compare its performance versus the previous version. If any metric regresses or new safety issues appear, the deployment can be halted or flagged. This DevOps-style approach – sometimes called **"AIOps"** – ensures that quality is maintained even as the AI system evolves.
162 |
163 | ### **🔗 Unified Platform & Agent Observability**
164 |
165 | The true power of FCP's observability recommendations lies in the **seamless integration** with platform layer and **clear guidance** for agent layers:
166 |
167 | * **🎛️ Unified Dashboards:** Ready-to-use dashboards provide both **platform-wide overviews** and **agent-specific drill-downs**. Operations teams can monitor overall system health while developers can dive deep into individual agent performance. These dashboards give a **bird's-eye view** of the system including:
168 | * **Platform metrics:** Overall usage, cost trends, system performance, and compliance status
169 | * **Agent metrics:** Individual performance, quality scores, and usage patterns
170 | * **Comparative analytics:** Performance trends across teams, use cases, and time periods
171 |
172 | For example, an operations engineer can see that *"today, across all teams, we served 15,000 AI requests, consumed 4.2M tokens (cost ~£180), with average platform latency 1.5s and 99.2% uptime, while the Sales Q&A Bot specifically had 1.8s average response time with 2 minor safety flags."* Having this in one place allows both **technical and business stakeholders to stay informed**. The dashboard is dynamic – teams can drill down into specific time windows or filter by scenario/agent.
173 |
174 | * **🚨 Coordinated Alerting:** Alerts can be configured at both platform and agent levels, with **intelligent escalation paths** that consider both individual agent issues and platform-wide concerns. For instance, if multiple agents start showing performance degradation simultaneously, this might indicate a platform-level issue rather than individual agent problems.
175 |
176 | * **📊 Cross-Layer Analytics:** The platform provides **correlation analysis** between platform metrics and agent performance (when Azure Monitor used end-to-end), helping teams understand how infrastructure changes, model updates, or usage patterns affect individual agent behaviour and overall system performance.
177 |
178 | **Key Observability Tools in Citadel:**
179 |
180 |
181 |
182 | | Observability Feature |
183 | Purpose |
184 | Layer |
185 |
186 |
187 | | Central APM Monitoring |
188 | Infrastructure-level monitoring, resource utilisation, and system health indicators across all AI workloads without requiring agent code changes. |
189 | Platform |
190 |
191 |
192 | | Usage Analytics & Cost Tracking |
193 | Granular tracking of token consumption, request patterns, and cost allocation segmented by team, use case, or agent for enterprise resource management. |
194 | Platform |
195 |
196 |
197 | | Centralised AI Evaluations |
198 | Automated quality, safety, and compliance evaluations applied consistently across all agents without requiring code modifications from development teams. |
199 | Platform |
200 |
201 |
202 | | Enterprise Alerting & Remediation |
203 | Sophisticated alerting with automated responses for sensitive use cases, including agent disabling, human escalation, and compliance notifications. |
204 | Platform |
205 |
206 |
207 | | End-to-End Tracing |
208 | Captures every step of an AI agent's reasoning and interactions (prompts, tool calls, responses), enabling transparent debugging and post-mortem analysis. |
209 | Agent |
210 |
211 |
212 | | Agent Performance Monitoring |
213 | Detailed real-time metrics including response latency breakdown, token usage patterns, tool efficiency, and resource consumption per agent. |
214 | Agent |
215 |
216 |
217 | | Agent-Specific Evaluations |
218 | Tailored quality metrics for individual agent behaviours including intent fulfilment, tool use correctness, and reasoning efficiency. |
219 | Agent |
220 |
221 |
222 | | Advanced Debugging Tools |
223 | Powerful querying, filtering, and trace replay capabilities for root-cause analysis and issue reproduction at the agent level. |
224 | Agent |
225 |
226 |
227 | | Unified Dashboards |
228 | Integrated visual dashboards providing both platform-wide overviews and agent-specific drill-downs for comprehensive operational visibility. |
229 | Both |
230 |
231 |
232 | | Continuous Improvement Loop |
233 | Connects operational data back to development with CI/CD integration, A/B testing, and regression detection for ongoing AI system enhancement. |
234 | Both |
235 |
236 |
237 |
238 | All these observability measures ensure AI systems are **reliable and accountable**. Teams using Citadel principals can confidently answer **"What is my AI doing and why?"** at any time – a question that's otherwise hard to address. This pillar thus mitigates one of the biggest barriers to enterprise AI adoption: the fear of not knowing what the AI might do. With Citadel, **governance and observability go hand-in-hand**: if the Governance pillar is about setting the rules and guardrails, the Observability pillar is about **watching and verifying** adherence to those rules, and catching anything that falls outside. Together, they create a closed-loop system for responsible AI management, where issues are not only prevented but also detected and learned from in an ongoing cycle.
239 |
240 | ***
241 |
242 | ## **3. AI Development Velocity Pillar** – *Accelerating Innovation with Templates & Tools*
243 |
244 | > ### Build Fast, Build Right
245 | > Citadel provides both **low-code and pro-code** pathways to build AI agentic solutions, so teams can experiment and innovate quickly. Pre-built templates, integratable DevOps guidance, and flexible model choices enable rapid iteration *without* sacrificing governance or quality.
246 |
247 | While governance and oversight are crucial, **Foundry Citadel Platform** is not a single tool but an **AI Landing Zone**—a pre-configured set of Azure resources designed to help organizations **move quickly** and capitalize on AI opportunities. The **AI Development Velocity** pillar ensures that the platform **empowers AI developers and data scientists** with a spectrum of agentic platform choices, frameworks, and reusable assets. FCP strikes a critical balance: it enables rapid development **within established guardrails** through a template-based approach, so speed doesn’t come at the cost of security or oversight. Key aspects of this pillar include:
248 |
249 | * **🚀 Pre-built Deployment Templates:** FCP accelerates the provisioning of cloud environments with predefined deployment templates that can target single or multiple types of agents. These templates are integrated with the platform's central governance and security, allowing teams to quickly establish a production-ready environment for building and operating agents without manual configuration.
250 |
251 | * **🤖 Flexible Agent Development Models:** FCP supports a variety of agent types, allowing teams to choose the right approach for their needs. Customers may use one or a mix of these agent types, even within a single multi-agent system. The built-in types include:
252 |
253 | * **Copilot Studio Agents:** For a low-code approach, FCP integrates with **Copilot Studio**, a fully managed graphical interface for building and deploying AI agents. This drag-and-drop environment allows developers and power-users to design AI workflows visually. Within FCP, Copilot Studio agents are enhanced by integrating with the **Citadel AI Registry**, enabling them to securely discover and reuse existing agents and tools (like Model Context Protocol servers), ensuring governance even in a low-code context.
254 |
255 | * **Managed Runtime Agents:** For developers who want more control without managing the underlying infrastructure, FCP offers managed runtimes. Options include the **AI Foundry Agent Service**, which provides a scalable environment for hosting agent logic, and **Logic Apps Agent Loop**, which allows for the creation of serverless agent workflows. These runtimes provide a balance of flexibility and operational simplicity.
256 |
257 | * **Bring-Your-Own (BYO) Agents:** For maximum flexibility, FCP allows teams to bring their own agent architectures. Developers can leverage Microsoft's first-party AI orchestrators like **Semantic Kernel**, **Agent Framework**, and **AutoGen**, or third-party orchestrators such as **LangChain**. These agents can be containerized and deployed into Citadel’s environment, inheriting the platform's governance, security, and observability benefits.
258 |
259 | * **📚 The Citadel AI Registry:** At the heart of the platform's governance is the **Unified AI Gateway (CGH)** and its native capability to expose an **AI Registry**, which serves as a central catalog for all AI assets. Integration with the Citadel Governance Hub AI Gateway happens in two primary ways:
260 | * Getting **Managed AI Access:** Agents get secure access to LLMs, AI services, and published AI tools from the registry. This ensures that only approved models and tools are used within predefined capacity and security context.
261 | * **Publishing:** Service and team owners can publish their own tools and agents into the central AI Registry, making them discoverable and reusable by other teams across the organization. This fosters a secure collaborative environment and prevents duplication of effort.
262 |
263 | * **📦 One-Click Deployment & Reusable Blueprints:** To truly accelerate time-to-value, FCP provides automation for **environment setup and deployment**. The entire FCP reference architecture can be deployed via an **automated script or template** (e.g., Bicep), essentially a **“one-click deploy”** of the agent AI landing zone. This drastically reduces the initial setup time. On top of this, Microsoft offers **Gold Standard** assets—ready-made AI solution blueprints for common patterns like "Chat with your data" or "Conversation summarization." These blueprints come with code, configuration, and deployment scripts, serving as accelerators that allow teams to adapt proven solutions rather than starting from scratch.
264 |
265 | * **🔄 DevOps Integration & Lifecycle Management:** FCP treats AI solutions with the same rigor as any software project, embedding them into the DevOps toolchain. It provides seamless integration with **GitHub and Azure DevOps**, allowing developers to use pre-configured environments like **GitHub Codespaces**. Automated CI/CD pipelines can run evaluation suites on pull requests to ensure quality and deploy updated agents to staging or production environments. With **APIs and CLI tools**, teams can programmatically manage AI Gateway policies and safety settings as part of a release. FCP also supports **A/B testing and shadow deployments**, enabling teams to run multiple versions of an agent in parallel, compare their performance using observability data, and bring Agile principles to AI development.
266 |
267 | **Key Development Tools & Components:**
268 |
269 |
270 |
271 | | Development Accelerator |
272 | Role in Citadel |
273 |
274 |
275 | | Deployment Templates |
276 | Pre-built, one-click templates (i.e. Bicep) to provision a secure, governed cloud environment for single or multiple agent types, accelerating time-to-production. |
277 |
278 |
279 | Flexible Agent Runtimes
(Copilot Studio, Managed Runtime, BYO) |
280 | Supports a spectrum of development models, from low-code (Copilot Studio) to managed services (AI Foundry Agent Service) and fully custom "Bring-Your-Own" orchestrators (Semantic Kernel, LangChain), allowing teams to choose the best fit for their use case. |
281 |
282 |
283 | | Citadel AI Registry |
284 | A central, governed catalog for discovering, managing, and reusing AI assets. It provides managed access to LLMs and tools and allows teams to publish their own, fostering collaboration and preventing redundant work. |
285 |
286 |
287 | Reusable Blueprints
(Gold Standard Solutions) |
288 | End-to-end solution examples that demonstrate common AI patterns. They serve as accelerators for new projects, embodying proven architectures and best practices. |
289 |
290 |
291 | | DevOps Integration |
292 | Integrates with GitHub and Azure DevOps for CI/CD, automated testing, and lifecycle management of AI solutions. Supports A/B testing and canary releases to bring modern software engineering speed to AI development. |
293 |
294 |
295 |
296 | All these capabilities mean that teams can innovate **rapidly** with AI. They can start with an idea, quickly assemble an MVP agent using existing building blocks, test it with real data (with governance in place), and iterate to improve it – all in a matter of days or weeks rather than months. Citadel’s approach of providing both low-code and pro-code options also ensures that **different personas can collaborate**: a business analyst could craft an initial agent behavior in Copilot Studio, then a software engineer could refine it using the code SDK for more complex logic – all deploying to the same managed environment.
297 |
298 | Crucially, **development speed does not mean throwing caution to the wind**. Every agent built on Citadel pillars and guidance, no matter how fast it was created, **runs within the secure, monitored framework** described in the previous sections. This means organisations can encourage experimentation and pilot projects without fear: if something grows in importance, the governance and reliability scaffolding is already there for it. Citadel effectively frees teams from the heavy lifting of creating a safe AI infrastructure from scratch, so they can focus on applying AI in ways that differentiate their business (be it new customer experiences, process automation, or decision support).
299 |
300 | Finally, this pillar embodies the idea of **scaling AI responsibly**. Once you’ve built one successful solution, Citadel makes it easier to rollout others (since the platform is already in place) and to templatise your approach. Over time, the catalogue of internal tools and connectors will grow – a “**network effect**” where each new AI project potentially adds reusable pieces for future projects. This accelerates AI adoption across the organisation in a governed way, helping build an **“AI factory”** capability. In summary, Citadel turns the typically slow, risky journey of AI solution development into a **fast, repeatable, and governed process**, accelerating innovation while maintaining **enterprise-grade standards**.
301 |
302 | ***
303 |
304 | ## **Architecture Overview:** *Inside the Foundry Citadel Platform Landing Zone*
305 |
306 | To support the three pillars above, **Foundry Citadel Platform (FCP)** implements a **reference architecture** that covers all necessary layers – from networking and compute to integration and data. It is essentially an **extension of your Azure Landing Zone** tailored for AI workloads, meant to run alongside your existing cloud setup (reusing things like your networking, identity, and governance foundations). Here is a high-level look at the key components of the FCP architecture and how they relate to the pillars:
307 |
308 | 
309 |
310 | The above architecture ensures that FCP is not a monolithic product but a **collection of Azure services** wired together in a reference design. This modularity means it can be adapted – e.g., if an organisation has an existing logging solution, that can be integrated, or if they prefer AKS over Container Apps for specific compliance reasons, the design supports that swap.
311 |
312 | Critically, the **governance, observability, and dev velocity features are achieved by these components working in harmony**.
313 |
314 | For instance, the **Unified AI Gateway (Governance)** is a single point of entry for LLMs, published agents and tools, which allows it to mediate the traffic, enforcing governance policies and have observibility at a platfrom level across all AI agents and apps.
315 |
316 | Also, because the **landing zone is separate but connected** to the main enterprise landing zone, it can be introduced without disrupting existing applications – it’s an **add-on landing zone for AI** that still connects back to the core (network peering to the company’s Hub VNet, adhering to central governance via Azure Policy, etc.).
317 |
318 | To summarise the architecture in simpler terms: **Citadel’s landing zone is like a secure factory for AI agents**. The **Unified AI Gateway** is the fortified front door and guard for LLMs, tools & agents, the **Agent hosting** (AI Foundry, containers, apps,...) is the assembly line where work gets done, and the **observability layer** is the set of instruments and dials that supervisors use to monitor the process and outcomes both at platform-level and agent-level.
319 |
320 | All of this is delivered with a blueprint so that organisations can set it up quickly and be confident that nothing was left out in the design (security, networking, ops, all accounted for). It gives you the **peace of mind** that as you scale up AI usage, you have an architecture that can handle **growth in users, agents, and integrations** without sacrificing control or performance.
321 |
322 | **Foundry Citadel Platform** is divided into two deployments: the central **Citadel Governance Hub (CGH)** landing zone representing the **governance and security** pillar, and **Citadel Agent Spoke (CAS)** landing zones for single agents or multi-agent systems serving specific use cases or business units, representing the **AI development velocity** pillar.
323 |
324 | The **Observability and compliance** pillar spans both CGH and CAS landing zones, providing unified monitoring and evaluation capabilities.
325 |
326 | ### **Citadel Governance Hub (CGH)**: Central governance & security
327 |
328 | The **Citadel Governance Hub (CGH)** is an enterprise-grade solution accelerator that establishes a centralized, governable, and observable control plane for all AI service consumption across multiple teams, use cases, and environments. Often referred to as the **AI Hub Gateway**, CGH replaces fragmented, unmonitored, key-based model access with a **unified AI gateway** pattern built on Azure API Management (APIM), adding intelligent routing, security enforcement, compliance guardrails, usage analytics, AI registry and automated onboarding.
329 |
330 | This elevates AI consumption from ad hoc experimentation to a scalable, auditable, and cost-attributable platform capability.
331 |
332 | > **🔗 Explore the AI Hub Gateway Repo:**
333 | > For detailed guidance on deploying and operating the AI Hub Gateway—including architecture, templates, and best practices—visit the official [**AI Hub Gateway repository**](https://aka.ms/ai-hub-gateway).
334 | >