Cloud Computing Models

Cloud computing has fundamentally transformed how organizations design, deploy, and scale software systems. At the heart of this transformation lies a deceptively simple question: How much of your infrastructure stack do you want to manage yourself, and how much do you want the cloud provider to handle?

The answer to this question determines which cloud service model you adopt. The three canonical models—Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS)—represent a spectrum of control versus convenience, responsibility versus abstraction.

Understanding these models isn't merely academic. Every architectural decision you make in the cloud—from choosing where to run your containers to selecting a database solution—is implicitly a decision about where you want to sit on this spectrum. Get it wrong, and you'll either drown in operational overhead you didn't need to carry, or find yourself constrained by abstractions that don't fit your requirements.

Before diving into individual service models, we must understand the principle that underlies all cloud computing: the Shared Responsibility Model. This model defines the boundary between what the cloud provider manages and what you, the customer, must manage.

In traditional on-premises computing, your organization is responsible for everything—from the physical building and electrical supply to the operating systems and applications. Cloud computing allows you to offload portions of this responsibility stack to the provider, but it's crucial to understand exactly which portions.

Why does this matter architecturally?

Every layer you control is a layer you must:

• Secure: Apply patches, configure firewalls, manage access controls
• Operate: Monitor, troubleshoot, maintain uptime
• Scale: Provision, configure, and manage additional capacity
• Pay for: In terms of both compute resources and engineering time

Conversely, every layer the provider controls is a layer where:

• You lose fine-grained control and customization options
• You gain operational efficiency and reduced toil
• You depend on the provider's roadmap and service levels
• You might face vendor lock-in for that layer

Infrastructure as a Service (IaaS) provides virtualized computing resources over the internet. The cloud provider manages the physical infrastructure—servers, storage, networking, and the virtualization layer—while you control everything from the operating system upward.

Think of IaaS as renting virtual data center equipment. You get raw computing power, storage capacity, and network connectivity, but you're responsible for installing, configuring, and maintaining everything that runs on top of this foundation.

Operating an IaaS environment requires significant engineering investment. Consider what happens when you deploy a web application on IaaS:

Initial Setup:

1. Provision VMs with appropriate instance sizes
2. Configure VPC, subnets, security groups, and routing
3. Install and configure the operating system
4. Install language runtimes, web servers, and dependencies
5. Deploy your application code
6. Configure monitoring, logging, and alerting
7. Set up backup and disaster recovery procedures

Ongoing Operations:

• Apply security patches to OS and all installed software
• Rotate credentials and certificates
• Monitor resource utilization and scale capacity
• Respond to instance failures and replace unhealthy VMs
• Manage configuration drift across instances
• Perform regular security audits and penetration testing

IaaS pricing is typically based on resource consumption:

Compute Costs:

• Per-second or per-hour billing for VM runtime
• Pricing varies by instance family (general purpose, compute-optimized, memory-optimized)
• Reserved instances offer 30-75% discount for 1-3 year commitments
• Spot instances provide 60-90% discount for interruptible workloads

Storage Costs:

• Per-GB-month for provisioned storage
• Additional charges for IOPS (input/output operations per second)
• Tiered pricing for object storage based on access patterns

Network Costs:

• Ingress (data into the cloud) is typically free
• Egress (data out of the cloud) is metered and often the largest surprise cost
• Cross-region and cross-zone transfer incur additional charges

Hidden Costs:

• Engineering time for infrastructure management
• Training and certification for cloud platform expertise
• Third-party tools for monitoring, security, and operations

Platform as a Service (PaaS) provides a complete development and deployment environment in the cloud. The provider manages infrastructure, operating systems, middleware, and runtime environments—you focus solely on your application code and data.

Imagine IaaS as renting an empty commercial kitchen where you bring all your own equipment. PaaS is more like renting a fully-equipped kitchen: the ovens, mixers, and refrigerators are already installed and maintained. You just bring your recipes (code) and ingredients (data).

PaaS offerings vary widely in their level of abstraction and flexibility:

Traditional PaaS (Application Platforms):

• Heroku, Google App Engine, Azure App Service
• You deploy application code directly
• Platform manages OS, runtime, scaling
• Very high abstraction, limited customization

Container-Based PaaS:

• AWS App Runner, Google Cloud Run, Azure Container Apps
• You deploy container images
• Platform manages container orchestration, scaling, networking
• More flexibility than traditional PaaS, but still managed

Serverless PaaS (Function Platforms):

• AWS Lambda, Azure Functions, Google Cloud Functions
• You deploy individual functions
• Platform manages everything; you're billed per invocation
• Highest abstraction, most constraints on execution model

Kubernetes-Based PaaS:

• Google Kubernetes Engine (GKE), Amazon EKS, Azure AKS with managed add-ons
• You deploy to a managed Kubernetes cluster
• Platform manages control plane; you manage workload definitions
• Balance of power and convenience

The operational experience with PaaS is dramatically different from IaaS:

Initial Setup:

1. Create a new application/project on the platform
2. Configure environment variables and secrets
3. Connect your code repository or push code directly
4. Configure scaling rules (if not using defaults)
5. Done. Your application is running.

Ongoing Operations (what you DON'T do):

• No OS patching
• No runtime updates (unless you choose to upgrade)
• No capacity planning (auto-scaling handles it)
• No server replacement (platform handles failures)
• No networking configuration (usually)

What you DO focus on:

• Application code quality and performance
• Feature development
• Application-level monitoring and debugging
• Dependency management within your application
• Cost optimization through efficient code

Software as a Service (SaaS) delivers fully functional applications over the internet. The cloud provider manages everything—infrastructure, platform, and the application itself. You simply use the software through a web browser or API.

Extending our kitchen analogy: if IaaS is an empty commercial kitchen and PaaS is a fully-equipped kitchen, then SaaS is ordering delivery from a restaurant. You don't cook at all; you consume a finished product.

From an architectural perspective, SaaS represents the decision to buy rather than build. Instead of developing and operating your own email system, CRM, or collaboration tools, you subscribe to pre-built solutions.

While SaaS might seem outside the scope of system design, it plays a critical role in modern architectures. Most systems of meaningful complexity integrate with multiple SaaS components:

Common SaaS Categories in Architecture:

• Authentication/Identity: Auth0, Okta, Firebase Auth
• Payment Processing: Stripe, Braintree, Square
• Email/Communications: SendGrid, Twilio, Mailgun
• Analytics: Segment, Amplitude, Mixpanel
• Search: Algolia, Elasticsearch Service, Azure Cognitive Search
• Monitoring/Observability: Datadog, New Relic, PagerDuty
• CDN/Edge: Cloudflare, Fastly, Akamai
• Storage/Media: Cloudinary, ImgIx, Mux

These aren't peripheral tools—they're load-bearing components of production systems that would each require significant engineering investment to build in-house.

Architects must understand how SaaS components integrate into their systems:

API-Driven Integration:

• Most SaaS provides REST/GraphQL APIs
• Your systems call SaaS APIs for specific operations
• Consider: rate limits, latency, error handling, retry logic
• Example: Stripe API for payment processing

Webhook-Based Integration:

• SaaS pushes events to your endpoints
• Enables real-time reactions without polling
• Consider: delivery guarantees, idempotency, webhook verification
• Example: Stripe webhooks for payment confirmations

SDK Integration:

• SaaS provides client libraries for various platforms
• Abstracts API complexity but creates dependency
• Consider: SDK version management, fallback strategies
• Example: Firebase SDK for authentication

Embedded Components:

• SaaS provides widgets or iframes for your UI
• Minimal integration effort, limited customization
• Consider: branding consistency, UX control, PCI compliance implications
• Example: Stripe Elements for payment forms

Now that we've examined each model in depth, let's compare them across multiple dimensions that matter for architectural decisions.

The three models represent points on a fundamental spectrum:

More Control, More Work │                               │ Less Control, Less Work
        IaaS            │           PaaS                │         SaaS
◄───────────────────────┼───────────────────────────────┼──────────────────────►
                        │                               │
 You manage: Everything │  You manage: Code + Data      │ You manage: Configuration
             above VM   │                               │              + Usage

There's no universally 'correct' position on this spectrum. The right choice depends on:

• Your team's skills and size
• Your application's specific requirements
• Your organization's compliance constraints
• Your current scale and expected growth
• Your budget and how you value engineering time

When evaluating which cloud service model to adopt for a given workload, work through this decision framework:

Let's examine how production systems typically combine multiple service models:

A typical e-commerce platform might use:

IaaS Components:

• GPU instances for product recommendation ML models (specialized hardware requirements)
• Self-managed Elasticsearch cluster for product search (performance tuning needs)

PaaS Components:

• Containerized microservices on Cloud Run/ECS Fargate (core business logic)
• Managed PostgreSQL for transactional data (reduced operational burden)
• Managed Redis for session caching (no cluster management)
• Cloud Functions for order confirmation emails (event-driven, low volume)

SaaS Components:

• Stripe for payments
• Auth0 for customer authentication
• Algolia for customer-facing search (faster implementation than Elasticsearch)
• SendGrid for transactional email
• Segment for analytics events
• CloudFlare for CDN and WAF

This hybrid approach optimizes each component: critical performance needs get IaaS control, standard workloads use PaaS efficiency, and non-core functions leverage SaaS expertise.

A B2B SaaS company might architect their system as:

IaaS Components:

• VMs for tenant data isolation in regulated industries (compliance requirements)
• Self-managed database clusters for specific query patterns

PaaS Components:

• Core application on Kubernetes (AKS/EKS/GKE) with managed control plane
• Azure App Service for customer-facing dashboard
• Cloud Functions for webhook processing
• Managed databases for most tenants

SaaS Components:

• Okta for SSO/SAML integration (customer requirement)
• Intercom for customer support chat
• LaunchDarkly for feature flags
• Datadog for monitoring and APM
• PagerDuty for incident management

We've explored the three fundamental cloud service models in depth. Let's consolidate the key takeaways:

What's next:

With a firm understanding of the service model spectrum, we'll next explore Managed Services—the fully-managed building blocks within each cloud provider that let you assemble cloud-native architectures without reinventing fundamental components.