Cloud Computing Essentials - Part 3 (Cloud Service Models)

*** Note: The following statements are for information purposes only. ***

Greetings everyone. Continuing from my last article on "who" provides cloud services, today let us focus on "how". How are services provided within these environments? The three types of cloud service models aka CSMs are: IAAS (Infrastructure-As-A-Service), PAAS (Platform-As-A-Service), and SAAS (Software-As-A-Service). Each service model has benefits and drawbacks. One of the most important aspects of choosing which service model or combination of service models is a proper understanding of the "Shared Responsibility Model" aka SRM. Please note the lines are sometimes blurred between service offerings -- the classification of CSM components are not always absolute. Let's begin exploring each CSM.

1. According to NIST, the definition of IAAS is, "the capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications" (https://csrc.nist.gov/glossary/term/Infrastructure-as-a-Service). Each CSP (Cloud Service Provider -- remember the acronym from my original article???) provides consumers with the core infrastructure for their cloud framework.

• The "Compute" component is a combination of vCPUs, RAM, and OS. CSPs may refer to their compute component as a "Virtual Machine", "Instance", etc. These are grouped into families/flavors/series -- each has a number of different tiers. Compute families are logically organized based on the use case of allocated resources (from 1 x Core and 2 GB RAM to 44 x Cores and 350+ GB RAM). Each CSP will have an overview page of their compute offerings.

If you're just getting started on your cloud journey, make sure to use your CSPs "economical" or "development" VM series to minimize your expenditures

• Next, we have the "Network" or "Virtual Network" aka VNET component. Networks in the cloud are defined similarly to those on-premise. The virtual network will be defined using CIDR notation. After the VNET is deployed, the consumer will have the option to define custom subnets based on design requirements.

If you are concerned about your IP address allocation size -- ALWAYS over commit your IP address block! You may NOT have the option to increase your VNET size post-deployment!

• The last IAAS component is "Storage". This is block storage to be used as persistent and/or ephemeral for your virtual machine. Your OS, application files, development code, etc. will reside within the storage disk of your choosing. Pay attention not only to the type of storage device (HDD or SSD), but also the size. IOPS, throughput, and cost typically scale linearly with disk size.

2. "The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider" (https://csrc.nist.gov/glossary/term/Platform-as-a-Service), is the definition of Platform-As-A-Service given by NIST. Each CSP has their own proprietary method for abstracting the underlying infrastructure to offer a service as part of their PAAS platform (*** this will be a major talking point in my next article on the Shared Responsibility Model). To explain the difference between IAAS and PAAS, I will use a database server as an example. For a Production IAAS deployment of a database server, a cloud infrastructure team and DBA team must coordinate their efforts to manage: OS and database edition patching, database edition updates/upgrades, backup policies with associated retention policies for the VM(s) and database(s), and high-availability (to eliminate a single point of failure). When switching to a PAAS implementation of a database server, all of the aforementioned items are managed by the CSP. For a more in-depth explanation of this example, check out Azure's documentation on What is Azure SQL Database managed instance?

As there are a large number of PAAS service offerings, each unique to its own CSP, I will simply list a few PAAS services.

• DBaaS: Database-As-A-Service
• DaaS (VDI): Desktop-As-A-Service
• BaaS: Backup-As-A-Service

3. Finally, Software-As-A-Service is specified by NIST as, "The capability provided to the consumer is to use the provider’s applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser (e.g., web-based email), or a program interface" (https://csrc.nist.gov/glossary/term/Software-as-a-Service). SAAS offerings are characterized by the following: subscription based licensing, distributed hosting of the underlying platform, user access through a thin client, e.g. via a web browser, and nearly unlimited scalability.

SAAS examples: Google Apps, Dropbox, Office 365, Salesforce, Dropbox, Slack, and Adobe Creative Cloud

In my next article, I will explain how the Shared Responsibility Model applies to each Cloud Service Model.

-- Joseph Kupiec over and out until next time...