Cloud Service Models for CompTIA A+ 220-1101

Cloud service models define how much the provider manages vs how much the customer manages. IaaS (Infrastructure as a Service): provider manages physical hardware, networking, and virtualization. Customer manages: operating systems, middleware, applications, and data. Examples: Amazon EC2 (virtual machines), Microsoft Azure VMs, Google Compute Engine, DigitalOcean Droplets. Use case: organizations that need virtual servers with full control of the OS. PaaS (Platform as a Service): provider manages infrastructure AND operating system and runtime. Customer manages: applications and data only. Examples: Microsoft Azure App Service, Google App Engine, Heroku, AWS Elastic Beanstalk. Use case: developers who want to deploy applications without managing servers. SaaS (Software as a Service): provider manages everything — infrastructure, OS, runtime, middleware, application. Customer manages: data and user configuration. Examples: Microsoft 365 (Outlook, Teams, SharePoint online), Google Workspace (Gmail, Drive, Docs), Salesforce CRM, Dropbox, Zoom. Use case: end users accessing software through a browser or app — no installation or maintenance required.

Public cloud: infrastructure owned and operated by a third-party provider (AWS, Azure, Google Cloud). Resources shared among many customers (multi-tenant). Accessed over the internet. Pay-as-you-go pricing. Most scalable, least expensive upfront. Security responsibility shared between provider and customer. Private cloud: dedicated infrastructure for a single organization. Can be on-premise (data center) or hosted exclusively for one tenant (hosted private cloud). Full control over security and compliance. Higher cost than public. Used by highly regulated industries (healthcare, finance, government). Hybrid cloud: combination of public and private cloud. Example: sensitive data in private cloud, compute-intensive workloads in public cloud. Enables cloud bursting (overflow public cloud capacity when private cloud is stressed). Most common model for large enterprises. Community cloud: shared infrastructure among organizations with common concerns (government agencies, research institutions, healthcare providers). Shared costs, meets specific regulatory requirements.

Cloud providers and customers share security responsibility — the division depends on the service model. Provider always manages: physical security, hardware, hypervisor/virtualization, network infrastructure. SaaS customer responsibility: data, user accounts, access controls, compliance. PaaS customer responsibility: applications, data, identity and access management. IaaS customer responsibility: OS, applications, middleware, data, identity, network security groups, firewall rules. Key principle: security is not automatically provided by using cloud — customers are responsible for configuring security correctly. Common cloud misconfigurations that cause breaches: publicly accessible S3 buckets (AWS object storage), overly permissive IAM roles, unencrypted data at rest, no MFA on admin accounts, default security groups too permissive. Cloud security best practices: enable MFA on all accounts, encrypt data at rest and in transit, use least-privilege IAM policies, regularly audit access, enable logging (CloudTrail, Azure Monitor).

Accessing cloud services: public internet (standard — uses HTTPS, TLS encryption), VPN (site-to-site VPN connects on-premise network to cloud VPC/VNet — all traffic encrypted), Direct Connect / ExpressRoute (dedicated private fiber circuit from on-premise to cloud provider — higher bandwidth, lower latency, consistent performance — used for high-traffic enterprise workloads). Cloud portal: web-based management console (AWS Management Console, Azure Portal, Google Cloud Console). CLI: AWS CLI, Azure CLI, gcloud — manage cloud resources from command line. APIs: REST APIs for programmatic cloud management. IaC (Infrastructure as Code): Terraform, CloudFormation, ARM templates — define infrastructure in code for repeatable, version-controlled deployments. CDN (Content Delivery Network): distributes content to geographically dispersed edge servers (AWS CloudFront, Azure CDN, Cloudflare). Reduces latency for users by serving content from the nearest edge location.