Cloud Computing Models & Services
Key Takeaways
- The three service models are IaaS (you manage the OS and up), PaaS (you manage only apps and data), and SaaS (the provider manages everything and you just use the software).
- Deployment models are public (shared multi-tenant), private (dedicated to one organization), hybrid (public plus private with workloads moving between them), and community (shared by organizations with common needs).
- NIST defines five essential cloud characteristics: on-demand self-service, broad network access, resource pooling, rapid elasticity, and measured (metered) service.
- Ingress (data uploaded to the cloud) is usually free, while egress (data downloaded from the cloud) is metered and billed, which is a frequent surprise on cloud invoices.
- File synchronization services (OneDrive, Google Drive, iCloud, Dropbox) automatically replicate files across devices and are the SaaS storage example most often referenced on the A+ Core 1 exam.
The Three Service Models
Cloud service models answer one question: who manages which layer of the stack? As you move from IaaS to SaaS, the provider takes over more layers and you manage fewer. This shared-responsibility ladder is the single most tested concept in Domain 4's cloud objective.
| Layer | On-Premises | IaaS | PaaS | SaaS |
|---|---|---|---|---|
| Applications | You | You | You | Provider |
| Data | You | You | You | Provider |
| Runtime / Middleware | You | You | Provider | Provider |
| Operating System | You | You | Provider | Provider |
| Virtualization | You | Provider | Provider | Provider |
| Servers / Storage / Network | You | Provider | Provider | Provider |
IaaS — Infrastructure as a Service
The provider runs the physical hardware, network, and hypervisor; you get bare virtual machines and install everything above the OS. Examples: Amazon EC2, Azure Virtual Machines, Google Compute Engine, DigitalOcean Droplets. Use it when you need full OS control or are lifting a legacy server into the cloud.
PaaS — Platform as a Service
The provider also manages the OS, runtime, and middleware; you deploy only your application code and data. Examples: Heroku, Azure App Service, AWS Elastic Beanstalk, Google App Engine. Use it when developers want to ship code without patching servers.
SaaS — Software as a Service
The provider manages the entire stack; you simply log in and use the app, usually in a browser. Examples: Microsoft 365, Google Workspace, Salesforce, Zoom, Dropbox. Use it when end users just need working software.
Pizza memory aid: IaaS is cooking at home with delivered ingredients, PaaS is a take-and-bake you finish in your own oven, and SaaS is delivery pizza that arrives ready to eat.
Deployment Models
| Model | Definition | Typical Buyer |
|---|---|---|
| Public | Multi-tenant resources shared across many customers | Startups, general workloads, cost-sensitive teams |
| Private | Dedicated infrastructure for one organization | Government, healthcare, finance under strict compliance |
| Hybrid | Public and private linked so workloads move between them | Enterprises keeping sensitive data private, bursting to public for scale |
| Community | Shared by organizations with common requirements | Healthcare consortiums, research and education networks |
The Five NIST Characteristics
The U.S. National Institute of Standards and Technology (NIST) definition lists five essential traits, all fair game on the exam:
- On-demand self-service — provision resources through a portal without calling the provider.
- Broad network access — reach services from laptops, phones, and tablets over standard networks.
- Resource pooling — the provider's pooled hardware is shared across tenants (multi-tenancy).
- Rapid elasticity — capacity scales up and down automatically, often within minutes, to match demand.
- Measured service — usage is metered and billed, giving the pay-as-you-go model.
Metered Billing, Ingress, and Egress
Metered (measured) utilization means you pay for exactly what you consume: CPU-hours, gigabytes of storage, and gigabytes of data transfer.
| Term | Meaning | Typical Cost |
|---|---|---|
| Ingress | Data uploaded TO the cloud | Usually free |
| Egress | Data downloaded FROM the cloud | Usually metered and charged |
| Reserved instance | Commit to long-term use for a discount | Lower hourly rate |
| Spot / preemptible | Spare capacity at a deep discount | Cheapest, can be reclaimed |
The ingress-versus-egress split is the most-missed billing fact: moving data in is free, but pulling large backups or media out of the cloud generates the surprise charges on a monthly invoice.
Common Cloud Services for End Users
- File synchronization (SaaS storage): OneDrive (Windows/Microsoft 365), Google Drive (Android/Workspace), iCloud (macOS/iOS), and Dropbox (cross-platform) automatically replicate a folder across every signed-in device, so an edit on a laptop appears on a phone within seconds.
- Virtual Desktop Infrastructure (VDI) / Desktop as a Service: Amazon WorkSpaces, Azure Virtual Desktop, and Citrix DaaS stream a full desktop to thin clients or browsers, centralizing management and supporting bring-your-own-device.
- Cloud email: Exchange Online (Microsoft 365) and Gmail (Google Workspace) remove the on-premises mail server, adding spam filtering, mobile access, and automatic updates.
Why Organizations Move to the Cloud
Exam scenarios often hinge on a business reason, so tie each cloud trait to a benefit. Rapid elasticity lets an online store survive a holiday traffic spike by automatically adding servers, then scale back down at midnight so it stops paying for idle capacity. Measured service turns a large up-front capital purchase (buying servers) into a predictable operating expense (a monthly bill). Broad network access means a remote workforce reaches the same apps from home laptops and phones with no VPN hardware to maintain.
On-demand self-service removes the multi-week wait for IT to rack a new server: a developer provisions a virtual machine from a web console in minutes.
The trade-offs matter too. Public cloud is cheapest and most elastic but places data on shared, multi-tenant hardware. Private cloud satisfies strict regulators (HIPAA for healthcare, financial rules) at higher cost and lower elasticity. Hybrid is the common enterprise compromise.
Synchronization Apps vs Cloud Backup
Candidates frequently confuse file synchronization with backup. A sync service such as OneDrive or Dropbox mirrors the current state of a folder to every device, which means a deletion or ransomware encryption is also synced everywhere almost instantly. A true backup keeps point-in-time copies you can restore even after corruption. On the job, recommend versioning or a separate backup in addition to sync.
Quick Reference: Matching Scenarios to Models
| Scenario | Correct Answer |
|---|---|
| Rent bare virtual servers and install your own OS | IaaS |
| Push application code; the provider patches the OS | PaaS |
| Log in to a finished app in a browser | SaaS |
| Regulator requires single-tenant dedicated hardware | Private cloud |
| Keep sensitive data private, scale public for bursts | Hybrid cloud |
| Several hospitals share one purpose-built platform | Community cloud |
| Surprise charge for pulling backups out | Egress |
Lock in the responsibility ladder, the five NIST characteristics, and the ingress-free/egress-billed rule, and you can answer almost every cloud question in Domain 4 quickly and confidently.
A developer wants to deploy a web application without managing the underlying operating system, runtime, or servers, supplying only the application code. Which cloud service model fits best?
An organization stores sensitive patient records in a dedicated single-tenant environment but bursts to a shared multi-tenant provider for seasonal analytics. Which deployment model is this?
Match each cloud service model to its example:
Match each item on the left with the correct item on the right
A company is shocked by high charges after restoring several terabytes of backups from its cloud provider. Which billing concept explains the cost?