- By Craig Zacker
- Skill 1.1: Detail and understand the benefits and considerations of using cloud services
- Skill 1.2: Understand the different types of cloud services available
- Thought experiment
- Thought experiment answer
Skill 1.2: Understand the different types of cloud services available
Flexibility is an important aspect of cloud computing, and Microsoft 365 can accommodate a wide variety of IT environments. While some organizations might be building a Microsoft 365 deployment from scratch, others might have existing infrastructure that they want to incorporate into a Microsoft 365 solution. Before it is possible to explore how this can be done, it is important to understand the various types of cloud architectures and service models.
Organizations today use cloud resources in different ways and for various reasons. A new business or division of a business might decide to build an entirely new IT infrastructure using only cloud-based resources. Meanwhile, a business that has already invested in a traditional IT infrastructure might use the cloud for expansions or for the addition of selected services. Organizations planning their infrastructures can use any of the three cloud architecture permutations described in the following sections.
A public cloud is a network of servers owned by a third-party service provider at a remote location, which provides subscribers with access to virtual machines or services through the Internet, often for a fee. Prices are based on the resources or services you use. Microsoft Azure, Amazon Web Services, and Google Cloud are all examples of public cloud service providers that organizations use to host their virtual machines and access other services.
These major players in the public cloud industry maintain thousands of servers in data centers located around the world. They can accommodate large enterprise clients by providing services on a global scale. There are other, smaller cloud providers offering the same services, which might not be able to function on such a massive scale, but these can have their advantages as well. Because the cloud service providers are responsible for managing and maintaining the physical servers, the subscribers save a great deal of time, expense, and human resources.
There are two basic types of public cloud deployment that organizations can use, as follows:
Shared public cloud Subscribers access services that a third-party provider implements on hardware that might be used by other subscribers at the same time. For example, a physical host server at a provider site can run virtual machines belonging to different subscribers simultaneously, as shown in Figure 1-3. The VMs are secured individually and functionally isolated from each other. This is what is typically meant by a public cloud.
Dedicated public cloud Subscribers contract with a third-party provider for a hardware infrastructure that is dedicated to their exclusive use. (See Figure 1-4.) The services provided are the same as those in a shared public cloud; the only difference is the hardware the provider uses to furnish the services. Obviously, this arrangement is more expensive than a shared public cloud, but some organizations need the additional security and fault tolerance provided by having hardware dedicated to their own use.
Figure 1-3 Virtual servers running in a shared public cloud
Figure 1-4 Virtual servers running in a dedicated public cloud
Therefore, the term public cloud can refer to a provider that enables businesses to build their IT networks virtually instead of physically. Microsoft 365 subscribers can make use of these services to implement all or part of their productivity infrastructure. However, this is not the only function of the public cloud. When people stream movies to their televisions, use web-based banking services, access their email online, or use the Office 365 productivity applications, they are using public cloud providers. The difference in these cases is that the provider is furnishing specific services instead of an IT infrastructure.
A private cloud is a network of servers owned and operated by a business solely for its own use. While the services can be the same and appear identical to their end users, the primary difference is that the organization has control over the physical hardware as well.
In a public cloud deployment of an IT infrastructure, either the subscriber creates virtual machines on the provider’s servers and uses them to install and run specific applications or contracts with the provider for access to services running on the provider’s own virtual machines. A private cloud deployment usually works in much the same way. The organization still creates and utilizes virtual machines to run its applications in most cases, but it creates those virtual machines on physical host servers that it owns.
Another variation on the private cloud is the hosted private cloud, in which hardware that is owned or leased by an organization is housed and managed by a third-party provider. The organization has exclusive use of the hardware and avoids the expenses of building and managing a data center. They do have to pay ongoing fees to the provider, and this arrangement might not satisfy all data storage stipulations, but the overall cost is likely to be less than an on-premises private cloud.
The private cloud architecture can provide a level of security and privacy that a public cloud provider might not be able to meet. An organization might have government contract stipulations or legal requirements that compel them to maintain their own hardware and store sensitive data on site rather than use third-party hardware that is not subject to the same stipulations or requirements. For example, the Health Insurance Portability and Accountability Act (HIPAA) dictates how medical data must be secured and protected in the United States. Whether a third-party cloud provider is involved, a company is legally responsible for all the data stored on its servers. An organization might also need to run a legacy application that requires a specific hardware or software configuration that a third-party provider cannot supply.
A private cloud also provides a greater degree of customization than public cloud resources. Public cloud providers are successful because of the scale of their businesses; their services are configurable using the options that are most desired by most of their clients. They are not likely to provide access to obscure software options that only a few of their clients will need. In the case of a private cloud, an organization has access to any and all the customization options provided by the software they choose to install.
The advantages of a private cloud are its disadvantages as well. The owner of the hardware is responsible for purchasing, housing, deploying, and maintaining that hardware, which can add greatly to the overall expense, as described earlier in this chapter. There are no ongoing subscriber fees for a private cloud, as there are with a public cloud provider, but there are ongoing fees for operating a data center, including floor space, power, insurance, and personnel.
The organization is also responsible for purchasing and maintaining licenses for all the software products needed to provide the necessary services. This can include operating system licenses, application server licenses, and user licenses, as well as the cost of additional software utilities. Typically, the overall costs of a private cloud infrastructure are higher than that of a public cloud and can be enormously higher. It is up to the organization to determine whether the advantages of the private cloud are worth the additional expense.
A hybrid cloud combines the functionality of a public and a private cloud, enabling an organization to enjoy the best of both architectures. There are a variety of scenarios in which an organization might prefer to implement a hybrid cloud architecture.
If an organization has existing services implemented on its own physical hardware, it might want to maintain those services while adding others from a public cloud provider. For example, the organization might have reached the physical capacity of its own data center and does not want to invest in a major facility expansion.
An organization might also use public cloud resources to extend the capacity of its private cloud or its in-house network during temporary periods of greater need, such as seasonal business increases. This technique, called cloudbursting, eliminates the need for the organization to pay for hardware and other resources that are only required for brief periods of time. Because it is possible to connect the public and private services, the resources can interact in any way that is necessary. For example, a business with an e-commerce website implemented in a private cloud can add public cloud-based servers to its web server farm to accommodate the increase in traffic during its Christmas busy season.
Another possibility is that an organization might be subject to the type of data storage or other security requirements described in the previous section, but they do not want to build out their entire infrastructure in a private cloud. In this scenario, the organization could conceivably deploy a database containing the sensitive data in a private cloud and use a public cloud provider for a website implementation that is linked to the database. This way, the network can comply with the storage requirements without having to go to the expense of deploying web servers and other services in the private cloud. The same is true for a variety of other services; organizations can keep their sensitive data and services in the private cloud and use the public cloud for the nonsensitive services. Organizations can also use private cloud resources to run legacy equipment or applications, while all the other services run on a less expensive public cloud.
Some cloud providers supply tools that enable administrators to manage their public and private cloud resources through a single interface. Microsoft Azure provides Azure Active directory, for example, which enables a subscriber to use the same directory service for public and private cloud resources, so that administrators can access both with a single sign-on. Azure also provides management and security interfaces, both of which have built-in support for hybrid cloud architectures.
Cloud service models
The offerings of cloud service providers are typically broken down into service models, which specify what elements of the cloud infrastructure are included with each product. There are three primary cloud service models, called Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS).
A cloud infrastructure can be broken down into layers forming a stack, as shown in Figure 1-5. The functions of the layers are as follows:
People The users working with the application
Data The information that the application creates or utilizes
Application The top-level software program running on virtual machine
Runtime An intermediate software layer, such as .NET or Java, that provides the environment in which applications run
Middleware A software component that provides intermediate services between an operating system and applications
Operating system The software that provides the basic functions of a virtual machine
Virtual network The logical connections between virtual machines running on servers
Hypervisor The software component on the physical servers that enables virtual machines to share the server’s physical resources
Servers The physical computers that host the virtual machines that provide cloud services
Storage The hard drives and other physical components that make up the subsystem providing data storage for the physical servers
Physical network The cables, routers, and other equipment that physically connect the servers to each other and to the Internet
Figure 1-5 The layers of the cloud infrastructure
In an organization that uses its own on-premises servers for everything, there is no cloud involved, and the organization is obviously responsible for managing all the layers of the stack. However, when an organization uses cloud-based services, the cloud service provider manages some layers of the stack, and the organization manages the rest. This is called a shared responsibility model. Which layers are managed by the organization and which are managed by the provider depends on the service model used to furnish the cloud product. The three basic cloud service models are described in the following sections.
Infrastructure as a Service (IaaS) is a cloud computing model in which a cloud service provider furnishes the client with the physical computing elements: the network, the storage subsystem, the physical servers, and the hypervisor running on the servers. This provides subscribers with everything they need to create their own virtual machines and manage them by themselves. Therefore, all the cloud infrastructure layers above the hypervisor are the responsibility of the subscriber, as shown in Figure 1-6.
Figure 1-6 The shared responsibility model for IaaS
For example, when a subscriber uses Microsoft Azure to create a virtual machine, the provider is furnishing access to a physical server with hypervisor software—presumably Microsoft Hyper-V—running on it. The server has a physical storage subsystem and is connected to a physical network that provides it with access to the provider’s other servers and to the Internet. Using the management tools that Azure provides, the subscriber can create a virtual machine containing a specific amount of memory and storage, and a number of CPUs, all of which are realized virtually.
The end result is a virtual machine that the subscriber can install, configure, and use to run applications just like a VM running on an on-premises server. The difference is that the subscriber does not have to outfit a data center, build a network, procure a physical computer, and install the hypervisor. Instead, the subscriber pays a regular fee for the actual resources that the VM uses. The subscriber can add memory, storage, and CPUs to the VM or remove them, as needed, and the subscriber can configure many other settings through a remote management interface. Additional resources incur additional fees, but the process of building a new server takes a matter of minutes instead of days or weeks.
With the IaaS model, the provider is responsible for the physical servers and the physical network, but the subscriber is responsible for managing and maintaining its virtual machines and the virtual network on which they run, as shown earlier in Figure 1-6. Therefore, the provider installs operating system updates on the physical servers, but the subscriber must install any operating system and application updates needed on the virtual machines. Any other VM software, maintenance, and management issues that arise also are the subscriber’s responsibility.
Of all the cloud service models, IaaS places the greatest amount of responsibility on the subscriber, and in many instances, this is how administrators want it. By creating and configuring their own virtual machines, administrators can duplicate the environment of their on-premises servers, creating a hybrid cloudbursting infrastructure that can handle overflow traffic during a busy season.
Organizations with high traffic websites often use a dedicated web hosting service provider to run their sites. However, building the site using virtual machines furnished by a cloud service provider using the IaaS model often can be a far less expensive proposition.
Subscribers can also use IaaS to create a testing and development environment for applications. Rapid deployment and modification of VMs makes it possible for administrators to create multiple temporary evaluation and testing platforms and take them down just as easily.
IaaS can also provide subscribers with VMs containing massive amounts of virtual hardware resources that would be impractical to implement in on-premises servers. Large data sets and high-performance computing can require huge amounts of memory and processing power to perform the tasks required for applications, such as weather patterning, data mining, and financial modeling. The resources of a high-end cloud service provider make it far less expensive to equip VMs with the necessary virtual hardware than to build equivalent physical servers.
In what is sometimes referred to as a tiered cloud service model infrastructure, Platform as a Service (PaaS) is the second tier, in that it builds on the provider’s responsibilities from the first (IaaS) tier. PaaS is designed to provide subscribers with a ready-made developmental platform that enables them to avoid spending time repeatedly building out the hardware and software infrastructure for a test system before they can run a new application.
Because the platform is accessible through the Internet like all cloud services, an organization with multiple developers working on the same project can provide them all with access to the test environment, even if they are located at different sites.
The PaaS model expands the responsibility of the cloud service provider over the IaaS model by adding the virtual network, operating system, middleware, and runtime layers, as shown in Figure 1-7. The greater the responsibility of the provider, the less that of the subscriber.
Figure 1-7 The shared responsibility model for PaaS
Unlike virtual machines on the IaaS model, the cloud provider is entirely responsible for the VM operating system, applying updates and patches and performing maintenance as needed. The platform can also include (for an extra fee) additional components specified by the subscriber, such as development tools, middleware, and database management systems. The object of the PaaS model is to eliminate the need for software developers to do anything but actually develop, build, customize, test, and deploy their applications.
The fees for PaaS and IaaS virtual machines are typically based on the resources they are configured to use and the time they are running. However, there is another cloud service model for application development, related to PaaS, called serverless computing. In serverless computing (sometimes known as Function as a Service, or FaaS), the cloud provider takes on even more of the server management responsibility by dynamically allocating virtual machine resources in response to application requests or events.
Pricing is based on the VM resources as they are actually used. Therefore, this model can be less expensive than a PaaS VM that is incurring charges all the time it is running. The term serverless, in this instance, does not mean that there is no server involved; the name derives from the fact that the cloud subscriber does not have to provision a virtual machine on which the developer’s code will run.
Software as a Service (SaaS) is the third tier of the cloud service model infrastructure, and in this model, the cloud provider is responsible for nearly all the layers. Only the people and data layers are left to the subscriber, as shown in Figure 1-8. This means that the provider is responsible for the applications, as well as all the layers beneath.
Figure 1-8 The shared responsibility model for SaaS
The SaaS model enables endusers to access cloud-based applications using a web or other thin-client interface, without the need to install the applications first. Office 365 is an example of an SaaS product, as are Microsoft Teams and other Microsoft 365 components. While Office 365 makes it possible to install its productivity applications on a client computer, it is not necessary for the user to do so. The applications are accessible directly through a web browser, with everything but the user’s own data files provided through the cloud.