Hi, I’m freelance engineer Makoto.
In this article, I will explain the differences between cloud service models.
When using Azure services such as virtual machines, understanding which service model applies is also related to understanding the scope of responsibility for that service.
This is a topic that often comes up in the AZ-900 exam, but if you understand the features and differences, I think this is an area where you can easily score points, so please read to the end.
What are Service Models?
We don’t usually think about it, but behind the applications we use, such as shopping sites like Amazon, or social networking sites like X (Twitter) and Facebook, there is a foundation (infrastructure) and group of software that supports the service.
- Server
- Storage
- Network
- OS
- Database, etc.
When using the cloud, the “what is provided as a service” of the infrastructure for running these applications is classified into the following three service models.
- IaaS
- PaaS
- SaaS
The aaS in each word is an abbreviation for “as a Service”.
In addition, the initial letters indicate what the service provides, as follows:
- I: Infrastructure
- P: Platform
- S: Software
Reference:
There are several other terms that have aaS at the end, such as FaaS, but the service models defined by the National Institute of Standards and Technology (NIST) are IaaS, PaaS, and SaaS. These three are also clearly specified as the scope of testing for the AZ-900.
Differences Between Service Models
First, take a look at the following diagram.
It shows how much is provided by the cloud provider for each of on-premises, IaaS, PaaS, and SaaS, and which parts should be managed by the user.
In addition to the basic infrastructure components such as virtual machines, networking, and storage that run operating systems such as Windows Server and Linux, it is easier to read if you have a picture of the layered structure represented by middleware, runtime, applications, and data.
What is IaaS (Infrastructure as a Service)?
IaaS is a service that provides physical hardware resources such as servers, storage and networking, and virtualization.
For example, it provides computing functions such as virtual servers, storage functions such as disk and shared servers, and networking functions such as routers and firewalls.
For virtual servers, you can choose between Windows and Linux operating systems. Because it is cumbersome for users to install the operating system, the operating system image is also provided by the cloud provider.
Azure provides the following IaaS services.
- Virtual Machines
- Virtual Machine Scale Sets
- Azure Storage (Managed Disk for VM)
- Azure Load Balancer
What is PaaS (Platform as a Service)?
PaaS is a service that provides a complete platform for running applications in addition to the infrastructure provided by IaaS.
For example, it provides web server functions such as IIS, which responds to HTTP requests from a browser; database functions such as SQL Server, which stores structured data; and software functions that run programs such as Java.
The term middleware is used to refer to the software that is necessary to run these applications, but is not a function of the operating system (sometimes the term runtime software is used to refer to this type of software).
Software that is necessary for applications to run, but is not a function of the operating system.
Refers to software such as web servers and databases.
When you hear the word platform, it may not be immediately clear what it is, but it is safe to assume that it refers to the underlying parts of an application, such as the operating system, middleware, and runtime, all of which are collectively referred to as the platform.
Let’s look at the benefits of PaaS.
For example, if you plan to build a web application using PHP, SQL Server, and IIS with on-premises or IaaS, you must install PHP, SQL Server, and IIS separately after setting up the various operating system settings.
With PaaS, the environment required for development is pre-configured, allowing developers to focus on development rather than tedious installation and configuration.
Key Points:
PaaS frees you from OS and middleware management so you can focus on development.
Azure provides the following PaaS services.
- App Service
- SQL Database
- Cosmos DB
- Azure Backup
What is SaaS (Software as a Service)?
SaaS is a service that provides applications themselves.
The advantage is that you can start using the functionality you want immediately after signing a contract, without having to develop new applications.
Some common examples of SaaS include the following services.
There is no SaaS offered under the Azure brand, but the features are tested in the AZ-900 exam.
- Microsoft 365 (旧 Office 365)
- Gmail
- Dropbox
How to Select a Service Model
The diagram shown at the beginning is reproduced here.
In the traditional on-premises model, the user had to procure, configure, and manage everything from the bottom layer to the top layer. Some of these pieces are provided and managed by the cloud service provider, so as you move to the right in this diagram, the burden on the user side decreases and the benefits increase.
On the other hand, if you choose IaaS, you will need to configure and manage the layers on top of the OS, but there are also benefits, such as the ability to freely customize the OS settings and installed software (the farther to the left, the higher the level of customization).
In other words, there is a tradeoff between reduced management overhead and customizability, and prioritizing one over the other makes it harder to enjoy the benefits of the other.
In general, when migrating an existing on-premises system to the cloud, there is a tendency to choose IaaS, which makes it easier to migrate the existing configuration and settings as-is. However, even if the server running the application is migrated to IaaS, operational services such as backup and monitoring are easier to migrate to PaaS, so you should actively consider this.
If you want to use a new feature or build a system, consider SaaS/PaaS. If your needs can be met with services that already exist in the world, using SaaS is the fastest way to go, and even if you are developing a new application, using PaaS in combination will greatly reduce the operational burden.
Shared Responsibility Model
The AZ-900 exam also asks about the boundary of responsibility between the user and the cloud service provider. In the case of Azure, the cloud service provider is Microsoft.
The term “Shared Responsibility Model” refers to the division of responsibility between the user and the cloud service provider.
The bottom three physical layers are easy to understand.
For example, replacing a failed physical server and data center security measures are Microsoft’s responsibility. Users are not responsible for this, but it is important to design for redundancy and other availability measures because users may be affected by a physical server failure.
I think it is easy to imagine the top three layers.
The responsibility for everything each user needs to use the application – such as ID/PW, access rights, devices such as PCs and smartphones, and data management – lies with the user.
The complicated part is the shared responsibility of the middle tier.
For example, in the case of applications, Microsoft is responsible for the platform structure, but the user is responsible for settings such as encryption.
In the AZ-900 exam, it is difficult to ask about the shared responsibility of the middle tier, so as long as you have a good understanding of the two points of responsibility on the part of the user and the cloud service provider, you should be fine.
Summary
今回はサービスモデルの違いと共同責任モデルについて解説しました。サービスモデルの比較をまとめると次の表のような形になります。
Service Model | Customizability | Easy to build and operate |
---|---|---|
IaaS | ◎ | △ |
PaaS | 〇 | 〇 |
SaaS | △ | ◎ |
On the exam, you may be asked which service corresponds to which IaaS/PaaS. Let’s learn the names of typical IaaS/PaaS services along with the characteristics of each service model.
- The features provided to users are defined in the service model.
- There are three service models in the cloud.
- IaaS (Virtual Machines, Azure Storage, Azure Load Balancer, etc.)
- PaaS (App Service, SQL Database, etc.)
- SaaS
- Who is responsible for what is defined in the Shared Responsibility Model.