Service Models
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Time
9 hours 59 minutes
Difficulty
Intermediate
CEU/CPE
10
Video Transcription
00:01
>> In this video, we're going to progress through
00:01
the Cloud computing concepts and talk about
00:01
the three major service models for the Cloud.
00:01
Below you'll see where the service models
00:01
is depicted in the NIST infograph.
00:01
By these service models, we're putting it really
00:01
into three separate categories.
00:01
Software as a Service,
00:01
also referred to as SaaS,
00:01
Platform as a Service,
00:01
PaaS, and Infrastructure as a Service, IaaS.
00:01
We're going to dive into each of these three.
00:01
Commonly and collectively,
00:01
these are referred to also as the SPI layers,
00:01
software platform, and infrastructure.
00:01
I'm going to walk through these,
00:01
but I'm going to go through them in a reverse order.
00:01
Starting with Infrastructure as a Service,
00:01
that's a model where the Cloud provider
00:01
hosts the servers,
00:01
the storage, the network,
00:01
all those physical aspects of it.
00:01
Then the Cloud consumer,
00:01
they come in and they provision virtual equivalents
00:01
on top of that infrastructure
00:01
that's being hosted by the Cloud provider.
00:01
This includes processing, storage,
00:01
networks, other fundamental computing resources.
00:01
The consumer is able to do this arbitrarily.
00:01
This is the traditional first phase
00:01
of the Cloud Infrastructure as a Service.
00:01
You don't own the machines,
00:01
but you manage, control,
00:01
and design virtual versions of these machines.
00:01
The next step in Cloud is the PaaS model,
00:01
Platform as a Service.
00:01
This is a model where the Cloud provider hosts
00:01
an application development platform
00:01
on its own infrastructure,
00:01
and then it makes that platform available for
00:01
the Cloud users and accessible through the Internet.
00:01
This includes application development frameworks,
00:01
middleware capabilities, functions such as the databases,
00:01
messaging, and queuing.
00:01
With PaaS, the big difference,
00:01
and you can see it in
00:01
that picture on the right hand side,
00:01
all that physical infrastructure is there,
00:01
even the virtual infrastructure but
00:01
you're not managing any of that as a user.
00:01
Rather, you are taking advantage
00:01
of the published capabilities,
00:01
the platform level capabilities.
00:01
Some examples, storage, such
00:01
as file system storage and providers,
00:01
so you talking about Amazon S3
00:01
bucket or storage accounts on Azure.
00:01
They expose the file systems and they
00:01
actually provide the capabilities to expose
00:01
them in such ways that you can mount and
00:01
connect to these file systems from your virtual machines.
00:01
They're taking care of a lot of
00:01
the hassle with respect to
00:01
NFS or CIFS mounting methods.
00:01
They also will explode blob style storage so you can
00:01
access the contents that reside in that storage
00:01
then over HTTP or HTTPS.
00:01
That wouldn't be something you just natively can do,
00:01
so they are providing a little layer on top of
00:01
just pure storage as functionality and value-add.
00:01
Thinking a little bit further,
00:01
more PaaS just to give you
00:01
some real context around these,
00:01
AWS, they have the concept of auto-scaling groups.
00:01
Azure has these VM scale sets,
00:01
where you have basically
00:01
multiple instances of
00:01
the same virtual machine, and you have a pool of them.
00:01
When load and demand goes up,
00:01
you scale out that pool.
00:01
When demand goes down,
00:01
you scale down that pool
00:01
and reduce the number of machines.
00:01
That's the horizontal scaling
00:01
that we were previously talking about.
00:01
Databases, another big area for PaaS.
00:01
Managed Postgres, there's a lot of
00:01
proprietary managed databases between
00:01
the different providers of AWS,
00:01
Azure, Google, AWS Lambda,
00:01
serverless functions,
00:01
becoming a real big topic right now.
00:01
Function Apps is Azure equivalent.
00:01
I think that the similar in GCP,
00:01
even Kubernetes can be a real barrier to manage.
00:01
Providers have come in there and they've offered a way
00:01
to abstract all the details
00:01
that you might need to use and be aware of,
00:01
if you want it to manage a cluster of microservices or
00:01
container-based capabilities and services.
00:01
For example, Azure-Kubernetes service,
00:01
rather than provisioning a bunch of virtual machines,
00:01
installing Kubernetes on them,
00:01
and building them together
00:01
and getting the multiple nodes of those machines
00:01
communicating with each other and then
00:01
distributing loads of individual containers
00:01
across those machines.
00:01
You are abstracted from that and having to
00:01
deal with Kubernetes, even at that layer,
00:01
you give up some control when you take this model,
00:01
but you get some ease and simplicity at the same time.
00:01
Last but not least,
00:01
is Software as a Service.
00:01
In this model, you're giving up a lot of control in
00:01
terms of the underlying architecture
00:01
and how it's configured.
00:01
It's a distribution model where
00:01
the Cloud provider hosts applications on
00:01
its own infrastructure and they make them
00:01
available to users over the network.
00:01
Typically, it's accessed through the Internet.
00:01
The consumer uses the applications themselves,
00:01
but they don't have to worry
00:01
about the Infrastructure as a Service,
00:01
virtual machines; they don't
00:01
worry about Platform as a Service.
00:01
In fact, they're not even going to be aware of
00:01
the nuances of what a database
00:01
is this Software as a Service using?
00:01
How is the information being persisted?
00:01
For example, how's messaging and routing taking place?
00:01
You are really abstracted from that.
00:01
When you go to Software as a Service model, again,
00:01
you have less control, but
00:01
it's greater simplicity for you.
00:01
Great examples of Software as a Service.
00:01
Salesforce is a customer relationship management system.
00:01
Very popular. Concur is
00:01
expense reports management system
00:01
used by a lot of big companies.
00:01
Zendesk is a service and help
00:01
desk system for your internal support,
00:01
customer support, technical support, albeit.
00:01
You access those all through
00:01
a web-based interface and you have
00:01
a certain degree of configuration you have,
00:01
but you don't have any interaction
00:01
with the underlying databases,
00:01
virtual machines, storage, and so forth.
00:01
There can be a blurry line between SaaS and PaaS as well.
00:01
I think a good example of that is Webflow,
00:01
so that's a no-code,
00:01
low-code type solution for
00:01
you to build interactive websites.
00:01
Is that a SaaS? Is that a PaaS? I don't know.
00:01
Not everything you're going to come across in
00:01
the real-world fits extremely
00:01
cleanly into one of these three categories.
00:01
But these are how NIST defines the categories,
00:01
and what the CSA guidance really leans
00:01
on is the NIST perspective on Cloud.
00:01
For the purposes of your test,
00:01
knowing that SPI layers is very important.
00:01
Just to recap, we covered SPI;
00:01
SaaS, PaaS, and IaaS.
00:01
IaaS being the resource pool
00:01
of virtualized infrastructure,
00:01
and then you as the Cloud consumer have
00:01
the ability to do that or you as the Cloud provider,
00:01
you expose capabilities that allow them to build
00:01
virtualized abstract versions of
00:01
these things on that actual infrastructure,
00:01
Platform as a Service: Bringing
00:01
things up to a little higher level of abstraction,
00:01
simplifying certain things,
00:01
giving up a little bit of control,
00:01
but reaping the benefits as well.
00:01
Then finally, Software as a Service where everything
00:01
is really abstracted except for the application itself.
00:01
You just have no insight into
00:01
how the underlying resources are managed.
00:01
In fact, they themselves may not be
00:01
managed on an IaaS or PaaS basis.
00:01
The SaaS provider themselves could have a bunch of
00:01
physical machines or virtual machines on
00:01
physical machines that they themselves manage.
00:01
Like we said, it really gets confusing in
00:01
the real-world scenarios and there's a very blurry line.
00:01
That wraps it up for this lesson.
00:01
It was a very quick one with these three key concepts,
00:01
but you're going to be hearing about them a lot,
00:01
and so hopefully they've resonated with you.
00:01
I look forward to seeing you as we continue going through
00:01
the Cloud Compute Domain for the CCSK exam.
Up Next
Similar Content
