L2. Cloud Service Models: IaaS, PaaS, and SaaS
Video generating
Check back soon for the video lesson on Cloud Service Models: IaaS, PaaS, and SaaS
IaaS, PaaS, and SaaS define how much control you retain versus how much the cloud provider manages. The AZ-900 exam tests which model applies to specific Azure services and customer scenarios.
The Three Cloud Service Models
The AZ-900 exam tests these three service models extensively because they define the boundary between what Microsoft manages and what you manage. Getting this boundary wrong leads to security misconfigurations and exam failures.
IaaS: Infrastructure as a Service
With IaaS, the cloud provider manages the physical hardware, network, and virtualization layer. You manage everything above that: the operating system, middleware, runtime, data, and application. What you manage: OS, patches, runtimes, middleware, applications, data, networking configuration What Azure manages: Physical servers, storage hardware, physical network, hypervisor Azure IaaS examples: Azure Virtual Machines, Azure Disk Storage, Azure Virtual Network Use case: Migrating an existing on-premises workload ("lift and shift") where you want maximum control over the environment.
PaaS: Platform as a Service
With PaaS, the cloud provider manages the infrastructure AND the operating system and runtime. You focus on deploying and managing your application and data. What you manage: Applications and data What Azure manages: Everything below the application: OS, middleware, runtime, infrastructure Azure PaaS examples: Azure App Service, Azure SQL Database, Azure Functions, Azure Kubernetes Service (managed control plane), Azure Cosmos DB Use case: Developers want to focus on writing code without managing servers or patching operating systems.
SaaS: Software as a Service
With SaaS, the provider manages everything. You consume the software through a web browser or client. You only configure and use the application. What you manage: User configuration and data (within the application) What Azure manages: Everything including the application itself Azure SaaS examples: Microsoft 365, Microsoft Teams, Dynamics 365, Azure DevOps (hosted) Use case: End-users who need a ready-to-use business application.
Shared Responsibility Summary
| Responsibility | IaaS | PaaS | SaaS |
|---|---|---|---|
| Applications | Customer | Customer | Provider |
| Runtime | Customer | Provider | Provider |
| OS | Customer | Provider | Provider |
| Virtualization | Provider | Provider | Provider |
| Physical hardware | Provider | Provider | Provider |
- ✓IaaS: you manage the OS and above; Azure manages hardware and virtualization
- ✓PaaS: you manage applications and data only; Azure manages OS, runtime, and infrastructure
- ✓SaaS: you configure and use the app; Azure manages everything including the software
- ✓Azure Virtual Machines = IaaS; Azure App Service = PaaS; Microsoft 365 = SaaS
- ✓The shared responsibility boundary shifts with each model: more to the provider as you move from IaaS to SaaS
1. A development team wants to deploy a web application without managing the underlying operating system or runtime. Which service model is most appropriate?
2. Which of the following is an example of SaaS in the Microsoft Azure ecosystem?
Recommended: Pluralsight
This free course covers the theory. Pluralsight adds guided video paths, hands-on Azure labs, and timed practice exams to help you pass AZ-900 with confidence.