Infrastructure as a Service (IaaS)
Infrastructure as a Service, shown in Figure 21-8, is when the consumed services can be defined as “infrastructure.” These are the resources of servers (in this case, usually virtualized), but there are special cases where even dedicated physical servers are offered. Other infrastructure services are storage, communication, and so on.
Figure 21-8 IaaS NIST Definition and Responsibilities Demarcation
With IaaS, as the customer uses VMs or storage, the provider is responsible for the underlying infrastructure as well as the reliability, compliance, and availability of the resources. The customer is responsible for any software or data used or stored on top of the resources. For example, if the customer decides to use a virtual server, which is a VM, the provider is responsible for providing and securing the resources up to the level of the virtual machine; from there, the operating system and installed applications are the responsibility of the customer, including the needed measures to be taken to safeguard the data. Some IaaS offerings also include the operating system, but this is more for convenience, as the customer is still responsible for maintaining and operating it.
Here are some examples of IaaS:
- Amazon EC2 (virtual servers in the cloud)
- Amazon Simple Storage Service (S3, storage services)
- Microsoft Azure VMs
- Microsoft Azure Storage
- GCP Compute Engine
- GCP Cloud Storage
Platform as a Service (PaaS)
Platform as a Service, shown in Figure 21-9, goes a step further, as the customer is capable of ordering not only the needed virtualized infrastructure, but also the needed software environment and communication, in a way that creates a “platform,” ready for the deployment of the customer’s data and applications.
Figure 21-9 PaaS NIST Definition and Responsibilities Demarcation
This also shifts the responsibilities, as now the cloud provider is responsible for the whole environment, the access, the communication, the needed middleware, and the runtime. The customer has to deploy the application, which will provide services, or the data if the PaaS is a cloud database or data warehouse. The customer has to patch and update the software under their control, define the access control, and back up the data.
Here are some examples of PaaS:
- GCP App Engine
- AWS Lambda
- Amazon Aurora
- Amazon Elastic Container Service (ECS)
- Azure App Service
- Azure Kubernetes Service
- Azure Cosmos DB
One interesting Platform as a Service that’s offered by all the three major cloud service providers (that is, AWS, Azure, and GCP) is microservices. With GCP App Engine, AWS Lambda, and Azure App Service, the consumer can provision the whole environment in which to directly publish their application. But this application is still more or less a traditional monolithic application. Microservices comprise a new architectural and design approach for creating applications, as the applications are divided into separate processes, and only the process needed to service a user request will run and then stop afterward. This approach provides the benefit of extremely efficient utilization of the resources, as there is no need to run all the processes of the applications and to keep them idle waiting for the next request. The cloud providers have created and offer such environments where the customers can utilize this approach.