Chapter 2. Cloud Shapes: Service Models
This chapter covers the following topics:
Service Providers and Information Technology
This chapter covers the following exam objectives:
1.2 Describe Cloud Service Models
1.2.a Infrastructure as a Service (IaaS)
1.2.b Software as a Service (SaaS)
1.2.c Platform as a Service (PaaS)
After the mild sense of disappointment that followed its initial hype in the late 2000s, cloud computing began to morph into different shapes in a similar way as its atmospheric counterparts. Currently, cloud services seem to be bound only by the creative limitations of providers and their execution capacity, providing IT resources that range from simple processing capacity to fully provisioned applications at the click of a browser button.
To identify important aspects of cloud computing and to serve as a means for broad comparisons of cloud services and deployment strategies, the National Institute of Standards and Technology (NIST) Special Publication 800-145, “The NIST Definition of Cloud Computing,” describes three service models that classify cloud services according to their flexibility and readiness to support consumer needs: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS).
Tip
Due to its initials, these service models are also known as IPS Stack.
The CLDFND exam requires that you understand these service models, so this chapter focuses on providing a detailed explanation of them, including basic concepts, applicability, benefits, and challenges. To illustrate specific aspects of each of these service models, the chapter also introduces some examples from well-known cloud providers. The chapter concludes with an overview of new hybrid models that are on the horizon.
“Do I Know This Already?” Quiz
The “Do I Know This Already?” quiz allows you to assess whether you should read this entire chapter thoroughly or jump to the “Exam Preparation Tasks” section. If you are in doubt about your answers to these questions or your own assessment of your knowledge of the topics, read the entire chapter. Table 2-1 lists the major headings in this chapter and their corresponding “Do I Know This Already?” quiz questions. You can find the answers in Appendix A, “Answers to Pre-Assessments and Quizzes.”
1. Which of the following represent key aspects of a service-level agreement between a data center service provider and a consumer? (Choose all that apply.)
a. Performance
b. Mean time to recover
c. Contract changes
d. Data handling
e. Uptime
2. Which of the following represents the service models described by NIST?
a. XaaS, PaaS, SaaS
b. SaaS, IaaS, PaaS
c. Private, public, hybrid
d. On-premise, off-premise, managed
e. EaaS, XaaS, IaaS
3. Which of the following are true about Infrastructure as a Service? (Choose all that apply.)
a. Most typical consumers are IT administrators.
b. Virtualization technologies are mandatory for the implementation of IaaS.
c. IaaS basically offers computing hardware for its consumers.
d. Among all service models, IaaS is the least flexible option.
4. Which of the following are correct about cloud regions and availability zones? (Choose all that apply.)
a. Regions represent data center installations from a cloud provider that can be used as options for the consumer resource deployment.
b. Availability zones represent data center installations from a cloud provider that can be used as options for the consumer resource deployment.
c. Regions are independent locations within a single data center facility.
d. Availability zones are independent locations within a single data center facility.
5. Which of the following are offered by the cloud provider in PaaS? (Choose all that apply.)
a. Application
b. Operating system
c. Computing hardware
d. Virtualization layer
e. Development tools
6. Which of the following represents the typical PaaS consumers?
a. IT administrators
b. Application end users
c. Application developers
d. Cloud brokers
7. Which of the following represents the typical SaaS consumers?
a. IT administrators
b. Application end users
c. Application developers
d. Cloud brokers
8. Which of the following must be provided by the consumer in SaaS?
a. Application
b. Operating system
c. Computing hardware
d. Virtualization layer
e. None of the above
9. Which of the following is correct about SaaS? (Choose all that apply.)
a. Among all cloud service models, SaaS requires less customization from a consumer standpoint.
b. SaaS provides full control over hardware for a cloud consumer.
c. SaaS has had the slowest adoption among all cloud service models.
d. SaaS providers may use PaaS resources for development and IaaS resources for production.
Foundation Topics
Service Providers and Information Technology
A service provider (SP) is a company that offers specialized services to organizations. These services may include pretty much anything these corporations need to properly function (from toilet paper supply to business consulting). In the context of information technology, the term service provider applies to outsourced suppliers that can provide a set of technologies to an organization during an agreed (and compensated) period of time.
Since the dawn of computing, corporations have been hiring service providers for several different reasons, such as to reduce CAPEX, to sharpen business focus, or simply because they lacked the capacity to internally support an IT system. And although there are service providers that can provide services covering the entirety of IT systems, most organizations typically work with a mix of in-house environments and outsourced systems hired from highly specialized SPs.
Figure 2-1 portrays a scenario with some specialized service providers.
The service providers supporting the company represented in Figure 2-1 are described in Table 2-2.
Throughout the many decades of relationships between service providers and their customers, many SPs have bundled services to both simplify service contracts and leverage the synergy between technologies (such as a network and Internet access, for example). And unsurprisingly, the world has witnessed a consolidation trend among IT service providers since the early 2000s.
As academic and consulting studies have discussed extensively, there is not a unique and definitive answer to the question “should my company outsource IT system X?” In fact, the number of factors that must be considered essentially dictates the complexity of such decision. Notwithstanding, one important aspect that must be taken into account is how critical to the business the IT system in consideration is. Because noncritical systems do not have any impact on the competitiveness of a company, they are usually the ideal candidates for outsourcing, as long as the pricing makes sense for the customer’s budget.
To summarize why this discussion has endured for a very long time, I will simply paraphrase a teacher of mine who joked that, each year, one-third of companies outsource their IT, 33.3% bring their systems back to the company premises (in a process called insourcing), and the remaining organizations decide not to change their outsourcing policy (for at least a year).
Service-Level Agreement
A service is formally defined in a service contract signed by both the service provider and its customer. Additionally, as a way to regulate the expectation about the scope and quality of the service, both parties typically define another contract called a service-level agreement (SLA).
Obviously, the parameters defined in an SLA highly differ depending on the type of service that is being offered and the parties involved in the agreement. But generally speaking, SLAs usually address the following aspects:
Performance: Defines a number of operations that the service provider must guarantee in a time interval, offered capacity, or time that will be spent in the service deployment.
Uptime: Measure of the amount of time an IT system must work correctly. It is generally represented as a percentage of availability over the total interval.
Mean time to recover (MTTR): Average time the service provider will take to recover a failed system.
Customer data handling: Defines data management strategies to avoid data loss (e.g., backup policies), how long the customer data is available to the customer after the service agreement is terminated, data confidentiality, and deletion policies.
Service providers may also use the SLA to control unrealistic customer expectations by including terms regarding maintenance windows, unavoidable accidents (force majeure), payment policies, and noncompliance fines and penalties.
Cloud Providers
Cloud computing services share many similarities with traditional service provider offerings. As an illustration, Figure 2-2 exhibits some of the most popular cloud services available at the time of this writing.
As indicated in Figure 2-2, a cloud provider can possibly offer the following services to its consumers (end users):
Servers: Specialized computers running software that processes client requests and provides appropriate responses to them
Storage: Capability to store consumer data for a certain period of time
Networking: Connectivity between cloud elements and external resources, domain name registration, and IP addressing, among others
Desktops: Computers to be used for traditional end-user applications
Middleware: Supplementary software, including libraries, programming language interpreters, database services, user authentication services, account management, and so forth
Applications: Software created to achieve objectives of an end user
Collaboration tools: Applications that are especially designed to optimize the joint work among different people
Publishing: Applications that facilitate the publication of texts such as blogs on the Internet
Databases: Organized collection of data that can be queried by other applications
Streaming: Media, such as audio and video, that is delivered to end users as a constant flow of data and is generally rendered by a desktop application
Web services: Standardized methods of communication between two systems over an IP network
Potentially, this list may encompass all IT services available from service providers. Nevertheless, as you have learned in Chapter 1, “What Is Cloud Computing?”, some common parameters defined in traditional SLAs may collide with the essential characteristics of cloud computing. In that chapter, I have juxtaposed opposite characteristics from traditional SP practices such as catered services, rigidity, silos, and overprovisioning to further highlight the NIST definitions for cloud services.
Over time, cloud providers started to attract interest from corporations that desired more dynamic services and less complex hiring procedures. However, all cloud computing companies still constitute SPs, sharing many concerns and responsibilities with these long-established providers. And for such reason, a certain service provider mentality is very welcome in cloud deployments, regardless of whether they are strictly internal or not.
Because Internet access is sometimes all you need to deploy external cloud resources, many companies started to deal with a menace called shadow IT. In these relatively new scenarios, cloud services are hired by employees without approval from the organization, exposing the whole company to uncontrolled risks. As a reaction, an IT department may either act as a cloud broker, intermediating cloud service hiring on behalf of the employees and according to predefined compliance policies, or become a cloud provider itself for its internal customers. In the latter case, a private cloud can offer the same level of service of external cloud providers without their associated risks for the business.
Note
Cloud deployment models such as private cloud will be fully discussed in Chapter 3, “Cloud Heights: Deployment Models.”
To categorize the benefits and issues related to cloud services and help IT decision makers that are dealing with such projects, NIST has released Special Publication 800-146, “Cloud Computing Synopsis and Recommendations.” Besides providing valuable information about service-level agreements, the publication also details the IPS stack, which will be further explored in the next sections.
Infrastructure as a Service
As the first service model that was widely advertised as a cloud computing platform in the late 2000s, Infrastructure as a Service (IaaS) consists of cloud services developed for consumers looking for pure processing, storage, networking, or other fundamental computing resources.
When compared to traditional service providers, IaaS-based cloud providers correlate to CSPs, SSPs, and NSPs. To reinforce the comparison, Figure 2-3 represents the distribution of responsibilities between an IaaS provider and its consumers through the use of a simplified computing component stack.
As shown in Figure 2-3, the cloud provider controls the most basic layers of the stack (server, storage, network, and virtualization), empowering IaaS consumers to run any compatible software over them, including operating system, infrastructure software (such as middleware, databases, and authentication services), and custom server applications.
To exhibit the essential characteristics of a cloud computing environment, especially elasticity and resource pooling, cloud providers typically deploy virtualization technologies on top of the cloud infrastructure hardware (server, storage, and network). However, what exactly does “virtualization” mean in such context? Unfortunately, virtualization is perhaps the only term that is more overloaded than “cloud” in IT. Epitomizing another technology gold rush that happened during the mid-2000s, virtualization can be generically defined as a set of techniques that enables the creation of logical servers, logical storage, and logical networks from their physical counterparts. And specifically in the context of data centers, these logical devices can be simply defined as transparent emulations of computing resources, producing benefits that were unavailable in their original physical form.
Of course, within such a broad umbrella, there are multiple types of virtualization techniques, which are listed and described in Table 2-3.
Note
Throughout this certification guide, you will learn in detail about examples of each type of virtualization technology such as hypervisors (partitioning), explained in Chapter 5, “Server Virtualization;” virtual switches (abstraction), explored in Chapter 6, “Infrastructure Virtualization;” and RAID groups (pooling), addressed in Chapter 8, “Block Storage Technologies.”
Regardless of their type, all virtualization technologies share a very important “collateral effect:” virtual servers, virtual storage, and virtual networks can be provisioned without physical operations. As a consequence, it is much easier for an IaaS cloud to offer a virtual resource to its consumers than a physical one. Still, there are multiple IaaS cloud providers whose service is based on provisioning physical computing resources to support consumers with specific requirements for their applications (such as high performance or control).
Although their customers could potentially deploy any choice of software over the offered computing resources (virtual or physical), most IaaS cloud providers deliver prepackaged software, such as an operating system, to simplify software installation procedures.
The target consumers for IaaS-based cloud providers are systems admins that prefer to rent computing hardware rather than acquire and manage hardware in their IT projects. For this reason, IaaS cloud providers offer a wide range of plans that include variable charges based on amount of processing used during a period, data stored for a period, consumed bandwidth, number of assigned public IP addresses, and many other creative choices.
The fact that an IaaS provider offers plain hardware to its consumers facilitates the migration of stored data and legacy applications from a standard data center to the cloud. Furthermore, the simplicity of IaaS potentially allows an easier portability among cloud providers when compared to the other service models (which will be explained in later sections).
Such flexibility may also pose some risks and challenges that must be addressed before any IaaS resource is put into production:
Application security: IaaS consumers must be aware that legacy applications migrated to the cloud will take with them all inherent vulnerabilities. Moreover, these applications likely will be exposed to a less secure environment when compared to the native protection of a company-owned data center. For this reason, many cloud providers offer add-on security services that can be combined (with an associated fee) to the consumer-provisioned resources.
Noisy and suspect neighbors: Due to its native multitenant infrastructure, SPs of IaaS clouds deploying partitioning virtualization technologies may contractually disavow any liability for harm that a tenant suffers as a result of the operations of other tenants sharing hardware components ... or worse, harm that a tenant suffers from data theft or denial-of-service attacks because of intentional tampering from other tenants. To mitigate such risks, many IaaS cloud providers offer dedicated hardware for a single tenant, though at a premium charge.
Directly competing with hardware manufacturers, IaaS cloud providers initially gained the most traction among small businesses and midsized companies. Through the gradual addition of security features, these providers have slowly attracted the attention of enterprise corporations and public sector organizations.
Regions and Availability Zones
Although it is not considered one of the essential characteristics of cloud computing, nonlocalization of resources is very commonly associated with these environments. Hence, it is common to assume that a cloud consumer “does not care” from where its service is being provisioned: what matters is the service itself.
Notwithstanding, with more responsibilities on their shoulders when compared to consumers of other service models, IaaS cloud tenants may not want to risk loss of application availability if all of its resources are provisioned in the same failure domain, which can be understood as the area of a data center facility that can be impacted during a major system malfunction. Consequently, knowing where a resource is located is an advantage for most consumers with critical applications.
IaaS cloud providers have supported such a requirement through localization services known as regions and availability zones. Originally created by Amazon Web Services (AWS, discussed in the next section), and afterward adopted by other cloud providers under different names, both concepts are represented in Figure 2-4.
Figure 2-4 depicts a global cloud provider with four regions (US, Latin America, Europe, and Asia), which correspond to the choices of data center facilities from which a cloud consumer resource can be provisioned. Characteristics such as Internet latency and application user locations may help the cloud consumer choose a region.
Note
A cloud provider can also create exclusive regions for specific customers to fulfill specific security or compliance requirements.
Each region may contain multiple availability zones, which are basically independent failure domains (or subfacilities) within a single region. Consequently, any disruption in an availability zone should not impact the availability zone or zones. Through this arrangement, a consumer can access IaaS resources from two availability zones within a region of the consumer’s preference and use cheaper connectivity with lower latency when compared to cloud resources installed in two different regions.
IaaS Example: Amazon Web Services
As the early pioneer of cloud computing, AWS offers an impressive number of cloud services, as indicated in the AWS Management Console shown in Figure 2-5. Table 2-4 outlines several of the main AWS IaaS offerings, most of which are pointed out in Figure 2-5.
Tip
Block storage, file storage, and object storage are distinct storage technologies that will be properly defined and discussed in Chapter 8 and Chapter 9, “File Storage Technologies.”
Now, let’s put ourselves into the shoes of an IaaS consumer. Figure 2-6 exhibits 5 of the 22 operating system choices that are available for immediate instantiation on AWS after selecting the EC2 link in the AWS Management Console.
As you can see in Figure 2-6, AWS offers a good variety of Amazon Machine Image (AMI) files that can be used to boot EC2 instances. For demonstration purposes, I selected a Red Hat Linux image and configured several other settings to reach the page shown in Figure 2-7, which reviews all of my options for the instance before its proper launch.
Observe that this particular virtual server is installed in the North California region, in a VPC called vpc-49aa4b22 and an availability zone defined by the subnet-4faa4b24 IP subnet. This EC2 instance precludes dedicated hardware (tenancy default means shared hardware) and has 10-GiB EBS storage (/dev/sda) attached to it.
Additionally, I have inserted a tag called “CCNA Cloud” to help resource selection during massive operations with EC2 instances. After clicking the Launch button, my instance was provisioned and accessible in less than a minute.
Figure 2-8 displays my EC2 dashboard and the recently created instance.
By selecting the instance in the dashboard, it is also possible to verify all the details about the virtual server, including the image used and external access information (the public IP address is 54.193.67.163 and the name is ec2-54-193.67.163.us-west-1.compute.amazonaws.com).
Besides Amazon Web Services, many other cloud providers offer IaaS, such as Microsoft Azure, Google, Rackspace, CenturyLink, Virtustream, IBM SoftLayer, and Dimension Data.
Tip
One of the advantages of studying cloud computing is the fact that lab resources are just a click or tap away (and may include a credit card charge). Therefore, I encourage you to replicate the operations I execute in this chapter. If you were not previously familiar with these cloud services, I assure you that these simple tasks will greatly contribute to your learning experience.
Platform as a Service
Paraphrasing NIST SP 800-146, Platform as a Service (PaaS) is a cloud service that offers to its consumers the capability to deploy their customized applications through cloud-provided programming languages and tools.
Unlike IaaS, whose cloud providers are focused on the offer of (virtual or physical) hardware, a PaaS cloud service supplies a much more sophisticated environment for its consumers. To draw a fair comparison with IaaS, Figure 2-9 represents the division of responsibilities between provider and consumer in a PaaS component stack.
In Figure 2-9, you can observe that in PaaS, the cloud provider fully renders all hardware, the virtualization layer, the operating system, and the software infrastructure. PaaS consumers can build applications that interact with this infrastructure, which may contain programming languages, libraries, databases, authentication services, middleware, and other elements that are required for software development.
The quintessential PaaS consumers are application developers, who traditionally do not want to manage the underlying infrastructure (network, servers, operating systems, and storage) that is required for their jobs, but still desire control over the deployed applications and their configuration settings. Other PaaS consumers include
Application testers
Application publishers
Application administrators
Application end users
At heart, a PaaS cloud is similar to a traditional computing system, composed of hardware and software, which constitutes a platform that can be used for application development and execution. Because PaaS represents an additional layer of software over IaaS, it is not unusual to see IaaS cloud providers extending their portfolio to support PaaS. Through a template composed of hardware resources and customized software, an IaaS cloud provider can, for example, build a Java development platform consisting of two server instances with loaded Java infrastructure software, one shared storage device, and a single network segment with access to the Internet.
In yet another situation, a PaaS cloud provider can support its consumers through the use of a third-party IaaS-based cloud for their hardware fulfillment in the background.
Service charging in PaaS can use a wide range of metrics, such as total number of end users (concurrent or over a period), successful requests serviced, dynamically allocated hardware (processing, storage, or network), or simply the time the platform is in use.
Application developers traditionally employed integrated development environments (IDE) to carry out their daily tasks. An IDE usually contains a source code editor, automation tools, debuggers, programming language compilers or interpreters, and version control systems, among other development tools. However, PaaS offerings leverage cloud characteristics to compete against IDEs for the interest of application developers. Some advantages of PaaS over IDEs are
Minimal software tool footprint: All a consumer needs is a web browser, rather than an application installation in a workstation.
Resource allocation: A consumer can reserve an amount of computing resources to perform tests during the development.
Data management: Where different tenants, which may be collaborating in the same software development project, may share data and use backup services from the cloud provider.
In addition to enabling developers to create and test applications in a relatively easy and inexpensive way, the PaaS service model can also help during the deployment phase of an application. With such intention, PaaS cloud providers typically offer automatic scaling of hardware resources to enable these customized applications to function without issues during peaks of user interest.
Also, according to the Cisco Global Cloud Index: Forecast and Methodology, 2014-2019, PaaS had a relatively slower adoption when compared to other service models such as IaaS in 2014. One of the justifications for this trend is the lack of portability between PaaS clouds, mostly caused by proprietary tools, languages, runtimes, and interfaces. To alleviate the fear of lock-in among developers, many PaaS cloud providers have adopted open standards as one of their strategic flagships.
NIST SP 800-146 calls attention to the delicate balance between isolation of consumers and the efficiency a PaaS environment can achieve. To illustrate how this tradeoff can be addressed within a cloud provider, Figure 2-10 depicts three PaaS isolation designs.
From left to right in Figure 2-10, the first design (shared process) represents the most efficient approach because multiple consumers access the same platform process and database. In this scenario, the process must control scheduling issues to prevent actions by one consumer degrading the performance of another. However, a failure in any of the shared resources can disrupt services for all consumers that are accessing the structure.
In the middle design (dedicated process), the cloud provider runs a separate process and database for each consumer, which reinforces the separation between PaaS consumers with the concession of more resources being spent per client.
Finally, the third approach (virtualized) depicts separate virtual servers as the isolation point between consumers. Although, in this design, the cloud provider is certainly diminishing efficiency of its infrastructure, it is certainly enforcing more isolation than the other designs, because a major failure on any software component (operating system, process, or database) cannot influence the environments of other consumers.
Regardless of the provider isolation design (or designs), consumers should always try to discover if more hardened approaches are available in case the development environment is submitted to stress tests or put into production.
Tip
Linux containers are yet another isolation feature that can be applied to PaaS (you will find more details about this partitioning technique in Chapter 5). Additionally, cloud providers can also leverage the concept of application containers to deploy the virtualized isolation approach depicted in Figure 2-10 (refer to Chapter 7, “Virtual Networking Services and Application Containers,” for further information about this concept).
Another point of attention for PaaS consumers is the security protection offered with the cloud service. Because applications may access external resources, the PaaS cloud provider must deliver tools to mitigate attacks and exploits in typical languages and protocols such as HTTP, HTML, Java, XML, and Microsoft .NET.
Many PaaS cloud providers have taken steps to address these issues, and a result adoption of the PaaS model has increased among web application developers, with enterprise-class application development close behind.
PaaS Example: Microsoft Azure
Microsoft Azure currently is one of the main providers of PaaS cloud services in the world. Figure 2-11 illustrates the variety of cloud services that are available in its main portal.
Besides PaaS, Microsoft Azure also supplies IaaS cloud services, including virtual machines (with Windows and other operating systems), data services (including SQL databases and other options of data storage), and virtual networks that allow cloud services to connect to each other and to a customer premises.
Aligning the expertise from the large community of Microsoft developers with its own innovation drive, Microsoft Azure offers a wide range of application development environments.
After selecting Web Apps in the portal shown in Figure 2-11, an extensive list of development platforms becomes available, as Figure 2-12 displays.
For purposes of demonstration, at the wizard step shown in Figure 2-12, I chose to deploy an ASP.NET environment, which is essentially a Microsoft-developed open source web application framework for dynamic web sites, which may include web applications and web services. Figure 2-13 depicts my site settings for this new service.
Having chosen the suggestive name of ccnacloud for my application environment and the region where I want this service to be deployed (West US), I have concluded the settings for the service. Please observe that I could also have created a new App Service plan to enable automatic scaling in this ASP.NET environment.
Some seconds after I clicked the check symbol, the new provisioned service was available in my Azure console, as shown in Figure 2-14.
Figure 2-15 shows that the ASP.NET starter page is already online and ready for development tasks.
Back to the portal, after selecting the recently created service, Microsoft Azure enables many customization options such as the addition of a new deployment slot, which is a copy of the development environment that can be used for quality assurance or production, as Figure 2-16 demonstrates.
Besides ASP.NET, Microsoft Azure offers ready-to-go platforms such as Apache Tomcat, BlogEngine.NET, HTML5, PHP, WordPress, and many others.
Competing with Microsoft Azure in the PaaS market, there are other eminent cloud providers such as Salesforce.com, Red Hat OpenShift, SAP, and Google.
Software as a Service
Software as a Service (SaaS) embodies cloud services whose consumers want access to fully functional applications but do not want to manage or control the underlying hardware or software infrastructure. According to the Cisco White Paper The Cloud Value Chain Exposed: Key Takeaways for Network Service Providers, as of 2012, SaaS was already widely adopted and had already disrupted approximately 25 percent of the enterprise application market.
Note
You can find the white paper at https://www.cisco.com/web/about/ac79/docs/sp/Cloud-Value-Chain-ExposedL.pdf.
SaaS cloud providers are similar in some respects to application service providers (ASPs), which became popular in the 1990s, in that they offer applications to corporate and individual users. However, unlike the large majority of ASPs, SaaS providers leverage essential cloud characteristics to provide robust support, automated scalability, and native multitenancy.
Undoubtedly, SaaS is by far the most varied service model as it reflects the wide spectrum of applications in IT. Appropriately, there are many ways for providers to charge for the usage of SaaS cloud services, including by number of users (which is the most typical), total period of use, successful requests serviced, bandwidth (for video-related applications), and storage size.
Following the tradition established in the previous two sections, Figure 2-17 represents the delegation of responsibilities between a SaaS cloud provider and a consumer in the component stack.
As Figure 2-17 reinforces, a SaaS cloud provider is completely responsible for the application fulfillment (as well as its SLA), which must be robust and free of errors in order to offer customers a level of performance similar to that of locally deployed software.
Similarly to PaaS, the main benefit of SaaS is that it has minimal requirements from users (essentially web browsers). Additionally, SaaS offerings allow efficient use of software licenses within the cloud provider because the number of server machines and desktops is irrelevant in this service model.
Besides hardware and software infrastructure, a SaaS provider also hides from its users support preoccupations such as version management and data protection (backup). According to the aforementioned Cisco white paper, SaaS vastly simplifies the customization of enterprise applications for the multitude of mobile platforms and form factors. Using modern presentation technologies such as HTML5, SaaS services have achieved great success with collaboration applications as they can quickly include such devices.
SaaS also shares some of the drawbacks and concerns that affect PaaS, such as the lack of portability between SaaS clouds and the compromise between isolation and resource efficiency in SaaS deployments.
Although some best practices (such as the ones described in NIST SP 800-146) do not recommend deploying real-time and critical applications on SaaS clouds, some SaaS providers are developing methods to overcome the effects of Internet latency, such as wide-area network (WAN) accelerators and direct connections to the customer premises.
Note
WAN accelerators, as well as other networking services, will be discussed in more detail in Chapter 7.
SaaS Examples
SaaS cloud services abound. In fact, some of them existed before the term “cloud computing” was even coined, such as many of the web mail providers that were established in the late 1990s.
Figures 2-18 and 2-19 show the interfaces of two prominent SaaS clouds, Google Docs and Cisco WebEx.
Figure 2-18 displays the main web page from Google Docs, which provides free office productivity tools such as text editors, spreadsheets, and presentation software.
As a cloud service, Google Docs can be accessed from any device or location, which brings great advantages over traditional desktop applications. Its simplicity has motivated many small and midsized companies to completely forego any internal infrastructure in favor of the services offered by Google Docs and similar providers.
Cisco WebEx is a very popular web conferencing SaaS application, offering on-demand collaboration, video conferencing, and many other options. This service has been used to schedule and conduct millions of meetings (without unnecessary commuting) and remote training sessions with a great intercommunication experience among participants.
Other SaaS services include applications such as enterprise resource planning (ERP) solutions, customer relationship management (CRM) software, blog tools, and many other offers.
Curiously, many SaaS clouds use IaaS and PaaS services from other providers in the background for production and development purposes, respectively.
Around the Corner: Anything as a Service
The unprecedented popularity of cloud computing explains the “as a Service” fever that has been spreading since the cloud hype began in the late 2000s. New cloud services are launched each day, a few of which immediately attract the attention of millions of users, while most others quickly fade into obscurity. The sheer number of offerings has created a new role called cloud broker, which was briefly discussed in the section “Cloud Providers” earlier in this chapter. In summary, a cloud broker is a third-party company or professional that hires cloud computing services on behalf of a corporation. Commonly, this role offers comparison information about different cloud providers as well as recommendations that will better support the contractor’s business goals.
Interestingly, cloud brokerage can also be offered as a service, where a consolidated interface offered to the consumer hides background requests to a multitude of cloud providers and may even include additional services such as resource management and security.
As other services that are built with the combination of multiple cloud services continue to gain traction in the cloud market, they directly challenge the IPS stack classification. Therefore, informally, these mixed offerings have created another service model called Anything as a Service (XaaS).
Tip
You may also encounter some publications that refer to these offerings as Everything as a Service.
Figure 2-20 exemplifies two XaaS cloud services.
The first example is called Desktop as a Service (DaaS), where the cloud consumer requests a remotely accessible personal computer to carry out standard PC functions (such as web browsing, document editing, and application execution). A DaaS provider can offer the service through the combination of a computing instance provisioned via an IaaS cloud and desktop software provisioned by one or more SaaS providers.
Figure 2-20 depicts another XaaS offering called Disaster Recovery as a Service (DRaaS), which enables companies to hire a backup data center (to store data, run applications, and receive end-user requests) in case they do not want, or simply cannot afford, the investment necessary to build their own data center. In these scenarios, a SaaS provider can manage resources in the customer data center as well as servers and storage deployed in an IaaS cloud (owned by the same provider or another provider).
Other XaaS offerings include
Backup as a Service (BaaS): SaaS-provided backup software that can transparently use storage from an IaaS cloud.
IP Telephony as a Service (IPTaaS): IP telephony control software is coordinated through a SaaS cloud, while signaling servers are scaled in an IaaS cloud. Additionally, the provider may offer a SaaS service to support IP telephony application development.
VPN as a Service (VPNaaS): Allows users to control bandwidth scaling and the deployment of features on their VPNs, including monitoring and security services. These modifications can be simultaneously supported by SaaS-based management software and IaaS-provided virtual servers deployed inside the customer premises.
Further Reading
“Want to hear Cisco’s POV on the top 5 questions about the Future of Cloud?” (Cisco Blog): http://blogs.cisco.com/tag/xaas
Exam Preparation Tasks
Review All the Key Topics
Review the most important topics in this chapter, denoted with a Key Topic icon in the outer margin of the page. Table 2-5 lists a reference of these key topics and the page number on which each is found.
Table 2-5 Key Topics for Chapter 2
Complete the Tables and Lists from Memory
Print a copy of Appendix B, “Memory Tables” (found on the CD), or at least the section for this chapter, and complete the tables and lists from memory. Appendix C, “Answers to Memory Tables,” also on the CD, includes completed tables and lists so that you can check your work.
Define Key Terms
Define the following key terms from this chapter, and check your answers in the glossary:
Infrastructure as a Service (IaaS)