GPT-RAG on Azure AI Landing Zone

[placerda]

Why are we doing this?
To standardize and harden GPT-RAG deployments by adopting the Azure AI Landing Zone (AILZ) as the foundational architecture. This ensures GPT-RAG inherits enterprise-ready patterns for networking, security, identity, and governance, while preserving a consistent and reliable deployment experience for customers and contributors.

By aligning GPT-RAG with AILZ, we reduce architectural drift, simplify compliance with enterprise requirements, and make GPT-RAG easier to adopt in production-grade environments.

What does it do?

• Landing Zone–based foundation – Uses the Azure AI Landing Zone as the base infrastructure, inheriting standardized network isolation, identity, security, and governance controls.

• Component mapping to AILZ modules – Maps existing GPT-RAG infrastructure components to AI Landing Zone modules, identifying gaps and defining clear integration points.

• End-to-end GPT-RAG deployment – Deploys all GPT-RAG components on top of the Landing Zone in a predictable and repeatable way:

  • Deploy Landing Zone
  • Run post-provisioning scripts (e.g., create Azure AI Search indexes)
  • Deploy GPT-RAG Orchestrator
  • Deploy GPT-RAG UI
  • Deploy GPT-RAG Ingestion
  • Deploy GPT-RAG MCP

• Consistent developer experience – Keeps the existing GPT-RAG deployment flow familiar, minimizing breaking changes while improving the underlying architecture.

• Enterprise readiness – Enables GPT-RAG to be deployed in regulated, private, or zero-trust environments with minimal customization.

Technical Guidelines

• The Azure AI Landing Zone is deployed first and treated as the system of record for networking, identity, and shared services.
• GPT-RAG modules are deployed as workload components on top of the Landing Zone, not as standalone infrastructure.
• Post-provisioning scripts are used only for workload-specific setup (for example, search index creation), not for core platform configuration.
• Clear separation is maintained between platform responsibilities (Landing Zone) and application responsibilities (GPT-RAG).

High-Level Solution Architecture

• Azure AI Landing Zone (networking, security, identity, governance)

• Shared AI platform services provisioned via AILZ

• GPT-RAG workload components deployed into the Landing Zone:

  • Orchestrator
  • Ingestion
  • MCP
  • UI
  • Search indexes and supporting resources

References

• https://github.com/microsoft/Deploy-Your-AI-Application-In-Production
• Azure AI Landing Zone documentation
• GPT-RAG Solution Accelerator architecture
• AI Landing Zone AVM modules and patterns