Cloud Models – SY0-601 CompTIA Security+ : 2.2

A cloud-based infrastructure can take many different forms. In this video, you’ll learn about IaaS, SaaS, PaaS, cloud deployment models, and more.

<< Previous Video: Honeypots and Deception Next: Edge and Fog Computing >>

If you’ve contracted with a cloud service provider to outsource your equipment, then you’re probably using the model of Infrastructure as a Service, or IaaS. You may hear this sometimes referred to as hardware as a service because that is what this service is, simply providing you with the hardware required to get your services up and running.

This means a cloud service provider is going to give you a system that has a CPU, there’s storage, there is networking connectivity, but that’s it. You are still responsible for the operating system and the application that will run on that particular infrastructure. This means that you’ll be managing the system from the operating system on up through the application. And that also means that you’ll effectively be responsible for the data security on that system

Although this data is being stored on this third party cloud hosted device, you still have control over how that information is stored. So you could encrypt that data, so that no one at the cloud service provider would be able to look into your private information.

A good example of infrastructure as a service might be a web service provider that gives you a server but nothing else. You still have to load the operating system and the applications that are running on that operating system. And then you pay the web service provider a certain amount a month to be able to have that system running in the cloud.

There are some cloud models that require almost no effort on your part. You don’t have to load an operating system. You don’t have to configure or write any software. You don’t have to make sure that the system is constantly updated and patched. This is called Software as a Service, or SaaS.

Software as a Service is on-demand software that you would simply log in to the system and begin to use. You don’t have to configure the operating system. You don’t have to write the application. And you don’t have to maintain the application or the data. The third party cloud provider does all of that for you. You simply log in and use the service there provided. This means that you could use a third party to provide your email services for your organization, or maybe all of your payroll services are managed through a software as a service model.

In this model, you usually have data and applications all in the cloud and the third party service provider is in charge of managing both the applications and the data. With Software as a Service, you’re not responsible for application development. You’re not responsible for the maintenance of that application. You simply log in and use the application as it’s running on that service.

A good example of Software as a Service would be something like Google Mail, where it’s a complete mail system all ready to go. All you need to do is connect to it and begin sending and receiving email messages.

There is a cloud model that is a middleground between Infrastructure as a Service and Software as a Service. This middleground is called Platform as a service, or PaaS. In this model, the cloud service provider is giving you a platform that you could use to develop your own applications. They would provide the operating system, the infrastructure underneath, some virtualization services, and would provide you with the building blocks you need to write your own applications that are customized just for you.

Like many cloud services, this application development platform is usually hosted with a third party. So they have access to all of your applications, to your data, and anything else that makes up that particular application. You can think of this as a service provider giving you the building blocks you need to create a modular application instead of you having to build or write the programming for that application from scratch.

If you need a login screen, you can simply take the building block for a login screen and start with that. Then you might want an inventory screen, you can grab the building block for the inventory screen and add it to the application. This greatly speeds up the application development process and allows you to create an application that’s customized for your specific needs.

A good example of this is the Platform as a Service offering available from They give you the building blocks and your developers put those building blocks together to create your customized application.

There is another model of cloud computing that covers everything else and that would be Anything as a Service. This is often abbreviated XaaS. This would be a broad description of any type of service that is provided over the cloud. This usually describes a set of services are available on the public cloud rather than being something in a private cloud in your own data center. And it often describes a pricing model that allows you to pay for what you’re using instead of paying a large upfront cost or ongoing licensing. This makes it a little bit more economically feasible for organizations to get started.

The concept between Anything as a Service would be that anything that you’re currently doing in-house with technology could potentially be outsourced into a cloud based system. This would mean that IT would be less of an ongoing break/fix organization and more of one that is focused on taking the technology needed by the organization and applying that into a cloud based service.

If you were managing all of your own services internally in your own data center, this would be an on-premises type of model and everything from the networking, storage, servers, and virtualization, as well as the operating systems, middleware, and runtime, running on those systems would all be in-house along with the data and the applications. All of the technology needed to run this application would be on systems located on your premises.

If you wanted to take some of your on-premises and move it into a cloud based Infrastructure as a Service, you would then take the networking, storage, servers, and virtualization part of this application and have that hosted in the cloud at a cloud provider. All of the other pieces, the operating system the middleware, the runtime, the data, and the application itself, would still be your responsibility to manage.

If you wanted to outsource the entire process to a third party so they managed everything from the application all the way down, that would be Software as a Service. And of course, the middleground as a Platform as a Service, where you are responsible for creating and managing the application and the application’s data but all of the other services associated with that application are provided by the cloud service provider.

As you can see, these cloud service providers are a huge part of what we’re doing with these cloud models. And they’re the ones providing us with the ability to perform Infrastructure as a Service, Platform as a Service, or Software as a Service. Depending on the service, there may simply be a flat fee, where you pay a certain amount for that particular service every month, or the billing may be based on how much you use that service. So as more of your clients are using a cloud based application or transferring data in and out of that application, the costs of using that application may increase.

With these cloud models, you are outsourcing some of this technology but there will still be a need to have people in your organization that are able to manage different parts of this cloud. For example, you may have an internal staff that’s responsible for interacting with the cloud based provider. There may be a development team, especially if you’re using Platform as a Service, and you need to create your own applications. And there’s probably going to be operational support to make sure that the applications that you’re hosting in the cloud are working the way you would expect.

Many organizations will interface with a third party called a managed service provider, or an MSP. These managed service providers handle many aspects of managing technology for their clients. And they might also be a cloud service provider on top of that. Not all MSPs are cloud service providers, but it’s not uncommon to see those two types of services combined within a single MSP.

The traditional role of a managed service provider is to provide things like network connectivity management, make sure that wide area networks and local area networks are up and running, to provide backups and disaster recovery planning, so that you always know that your data will be safe. And an MSP can also provide growth management and planning, especially if your organization is one that’s bringing on more people and you need to be able to grow the infrastructure in the applications to manage this growth. Many MSPs are working with very large organizations and they understand some of the challenges with making sure that your systems are able to scale.

There is a niche of MSPs called a managed security service provider, or an MSSP. This would be a managed service provider that focuses on IT security. So they may manage your firewall, be able to add and remove rules from the firewall rule-base, they may provide patch management, security audits of your systems, and they could provide emergency response services, especially as it relates to IT security.

Although cloud based systems can run from anywhere, it’s sometimes useful to differentiate an on-premises cloud based service from one that is off-premises. An on-premises service, which we sometimes refer to as on-prem, are services that are running in our local data center. We’d be managing the electrical and HVAC for that data center and everything’s located within our building in our facility.

If we are running off-prem, or off-premises services, those servers are not located in our building and very often are located in the building of a third party. It’s common with these hosted and off-premises services to be running on hardware that’s provided by the cloud hosting provider. And we often find that this is a specialized data center environment at this cloud provider that has multiple links to the internet and other types of redundancy built into their data services.

If you hear someone referring to the public cloud, they’re usually referring to a service that is available on the internet for anyone on the internet to be able to access. It is effectively public to everyone. There are some organizations that would like to have their own cloud services but they might find it difficult to implement or it may be too costly to do on their own. In those situations, they may want to use a community model, where several organizations that have a similar set of goals might pull all of their resources together to create a shared set of cloud services that all of them can use together.

If a public cloud service is one that is available to everybody on the internet, the private cloud service would be one that is the opposite. This would be a cloud service that is internal in your own data center that only you would have access to. And in some situations, an organization can use multiples of these models. For example, they might have services they’re running in the public cloud that is accessible by everyone on the internet but there might be some internal services that are only running on their private cloud. In those situations, we have a hybrid model, which would be a mix between those public cloud models and the private cloud models.