Data systems architecture

IV

Pillar IV of V

Data, AIOps & Infrastructure

The technical foundation under every AI feature at Bizzi. Data architecture, the five-stage Agentic Development Lifecycle, and the runtime layers keeping agents observable and bounded.

A general-purpose AI feature on top of a monolithic database is one outage away from corrupting customer financial data, and one analytical query away from blocking invoice posting. Every architectural decision in this pillar starts from one constraint. AI workloads must never compete with the transactional path customers rely on to close their books.

Context

Bizzi runs three workload classes against the same customer data. Real-time transaction processing covers invoice posting and approval state changes. Analytical queries cover dashboards and agent SQL. Similarity search covers RAG retrieval over policy documents and vendor records. Each has incompatible performance characteristics. Forcing them onto one engine means analytical scans block transactional writes, vector search degrades both, and a single tuning decision never satisfies all three.

Principle: The separation rule

Bizzi runs a three-tier data architecture. An OLTP database holds the source of truth with full ACID guarantees. An OLAP columnar database serves analytical and agent queries. A vector database serves RAG retrieval. Change Data Capture (CDC) keeps them consistent with under two seconds of lag.

Tier 1 Surfaces

Bizzi Apps

Customer-facing surfaces

AI Gateway + LLMs

Routing · fallback · gating

↓ Writes AI reads ↑

Tier 2 Source of truth

OLTP database

ACID · all writes land here first

CDC stream · < 2s lag

Tier 3 Derived stores

OLAP database

Columnar · agent reads

Vector database

Embeddings · RAG retrieval

Three-tier data architecture. Writes flow top-down through OLTP. Derived stores in Tier 3 serve AI reads through the gateway.

How we implement

• OLTP holds the source of truth. Every invoice insert, approval state change, and audit record lands first in the OLTP database with full ACID guarantees. AI workloads never write here directly.
• OLAP serves analytics and agents. Columnar storage runs aggregation queries roughly 100x faster than the OLTP engine on the same data. Isolation means a runaway agent query does not block invoice posting. The text-to-SQL agent receives read-only credentials against this tier.
• Vector DB serves RAG. Embeddings live in a dedicated store optimized for approximate nearest-neighbor search. Treat embeddings as a separate security surface. Embedding inversion attacks recover source content, so access control matches the underlying classification.
• CDC keeps tiers consistent. A streaming pipeline replicates writes from OLTP to OLAP and Vector DB with under two seconds of lag. A document uploaded at 10:00:00 is queryable in agent workflows by 10:00:02.
• Encryption at every layer. AES-256 at rest. TLS 1.3+ in transit. Row-level security for multi-tenant isolation on shared infrastructure.
• Two isolation models. SMB customers run on shared infrastructure with logical (row-level) isolation. Enterprise and banking customers run on dedicated database instances, optionally inside a private VPC.

Standards mapping

Standards Mapping

ISO/IEC 42001. A.7.2 (Data quality), A.7.4 (Resources). NIST AI RMF. MAP-2 (Data and inputs). ISO/IEC 27001. A.10 (Cryptography), A.13 (Communications security).