CompTIA Cloud+ CV0-003 Exam: Different Types of Cloud Models

This guide covers the following official CompTIA Cloud+ exam objective:
- 1.1 Compare and contrast the different types of cloud models.

Topics:
- Cloud Deployment Models
- Cloud Service Models
- Advanced Cloud Services
- Cloud Shared Responsibility Model

In this guide you will learn about the different types of cloud deployment models. You will explore the differences between public, private, hybrid, and community cloud environments.
You will also learn how cloud providers offer a variety of features that relate to one of three service models: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). An important aspect of these service models, the shared responsibility model, is also covered at the end of this guide.
Toward the end of this guide, you will explore different advanced cloud services, including the Internet of Things (IoT), serverless applications, machine learning (ML), and artificial intelligence (AI).

Questions:

1. What are some of the advantages of a public cloud versus a private cloud?

2. What are some of the advantages of a private cloud versus a public cloud?

3. Describe the main features of an IaaS model.

4. Describe the main features of a PaaS model.

5. What are the main components of an IoT device?

6. What are some advantages of serverless applications versus applications that are deployed in an IaaS or a PaaS environment?

Answers:

1. A public cloud tends to be more flexible and affordable than a private cloud.

2. A private cloud is typically more secure than a public cloud. Also, private clouds can more easier to adhere to strict regulatory requirements.

3. With an IaaS model, the customer is provided access to the underlying hardware.

4. With a PaaS model, the customer is provided access to a cloud-based application but is not required to maintain any part of the application.

5. The main components of an IoT device are that it has some computing power (a processor) and the capability to communicate over the Internet.

6. The advantage of creating serverless applications is that they are much more cost effective. An application runs only when needed (typically an action called a trigger starts the application), and the customer pays only when the application is running. After the application completes its tasks, it stops, and the customer isn’t charged until the application starts again. In a PaaS scenario, the customer pays for the platform, regardless of whether the application is performing any tasks.

Cloud Deployment Models
For many organizations, moving their applications and services to the cloud is not a simple decision. For example, an organization must consider what applications or services can be candidates to migrate to the cloud, who is responsible for the migration, and who is responsible for administering these services after they are deployed in the cloud.

Another consideration is what sort of cloud deployment model to leverage. There are four primary cloud types:
- Public
- Private
- Hybrid
- Community
In addition, a few terms (multicloud and multitenancy) are related to deployment models and are important to understand when considering which deployment model to utilize.

Public Cloud
When most people think about “The Cloud,” they are likely thinking of a public cloud. A public cloud is a shared platform that can be leveraged for cloud computing needs by anyone. This way, consumers (cloud customers) can scale their cloud deployments while leveraging economies of scale. The advantage of using a public cloud is that you typically pay only for what you use by the minute or hour (or you can have upfront commitments to bring ongoing costs down provided you know the organization’s minimum compute, storage, bandwidth, and consumption for the next one to three years). For example, if you create a virtual machine (VM) in a public cloud, you typically pay for when it is active, and if you decommission it, you don’t need to pay for that service any longer (there are exceptions, like reservations, which will be covered later in this book). This is better known as a pay-as-you-go (or PAYG) or subscription-based service.
There are several well-known public cloud platform providers, including
- Amazon Web Services (AWS)
- Microsoft Azure
- Google Cloud Platform (GCP)

Although public clouds are a more affordable solution, they may not always be a viable solution for an organization. Because the hardware resources are shared, there is a high chance that services “live” in the same environment as services from other organizations (shared infrastructure or resource pooling). This is called multitenancy (think “multiple tenants”). For compliance and security reasons, this setup might not be ideal or even permitted for some organizations—for example, defense and research.
Public cloud providers attempt to address this concern in many ways. For example, many public cloud providers allow an organization to reserve an entire server for their use only. This is better known as dedicated hosting. However, there can still be concerns (for example, the system will be on the same physical network as another organization).
A public cloud may not address the needs of all organizations—for example, defense or public utilities, where possession of and access to the data is of paramount importance. Another solution that these and other similar organizations should consider is a private cloud.

Private Cloud
When an organization needs a high level of security and needs to adhere to very strict regulatory, governance, or compliance requirements, a private cloud might be a better solution than a public cloud. In a private cloud, all physical resources—for example, the servers, the storage devices, and the network—are reserved for the organization that hosts these services. Think about the U.S. Department of Defense (DoD) hosting all its services in its private cloud; in this case, everything belongs to the DoD, and it has full control of resources and data in the private cloud.
While this solution sounds great, it comes with some disadvantages. For example, a private cloud tends to be much more expensive (compared to a public cloud deployment) because the organization must pay for all of the hardware resources up front, regardless of whether they are being used currently. This is known as capital expense or capex. Another disadvantage is that it may not be possible to quickly scale up (leverage overprovisioned or large amounts of unused hardware resources) because private clouds typically don’t have as many hardware resources available that public cloud environments have. As a result, you will rarely see an organization move all of its services to a private cloud, but rather make use of a hybrid cloud. This is, of course, outside of an organization such as the DoD.

Hybrid Cloud
A hybrid cloud is a construct that exists when both public cloud and private clouds are used concurrently. With a true hybrid cloud, the merging of the private and public cloud should be as seamless as possible.
An organization that utilizes a hybrid cloud is able to take advantage of the best of both public and private clouds. In this case, resources that need a high level of security or that must follow strict regulatory compliance requirements are hosted in the private cloud. Rules are put into place as to which resources are “private” and which are “public.” This allows for more flexibility at an overall lower cost. Applications that need “bursting” can be hosted on a public cloud (see the “Cloud Bursting” section in Chapter 3, “High Availability and Scaling in Cloud Environments, for details on this topic,”).

Community Cloud
Consider a situation in which several medical research organizations are working together on a project. These organizations need to be able to share resources, but because each organization also has its own projects, it needs to keep the details private. So, using the cloud environment of any of these organizations isn’t a good solution for security reasons.
In this case, a community cloud should be used. With a community cloud, multi-tenancy is handled differently than in a typical public cloud. The goal of multi-tenancy on a public cloud is to completely separate resources between tenants. On a community cloud, multitenancy allows for the sharing of resources or applications. A community cloud allows for greater collaboration between these organizations while still allowing each organization a measure of control over its users, resources, and services.

Cloud Within a Cloud
Recall that on a public cloud, multitenancy means that different organizations are utilizing the same hardware resources concurrently. Public cloud providers want to ensure that these organizations can’t see each other’s resources, so they make use of a virtual private cloud (VPC). Note in some environments, like Azure, a VPC is the same as a virtual network (VNet).
A VPC has features that permit an organization to see only its own resources, even if other organizations have resources on the same hardware. For example, two organizations could be sharing a physical network, but they can only see traffic that is being sent from or to their own resources.
The concept of VPC is referred to as a “cloud within a cloud.”

Multicloud
While it isn’t considered one of the four standard cloud deployment models, a multicloud is a solution that some organizations may leverage. A multicloud is a heterogenous construct that is born when an organization leverages more than one cloud platform, private or public, to host its services. For example, an organization can host its IaaS workloads in AWS, its PaaS workloads in Azure, and data-focused workloads in GCP. The databases can still be on-premises.
Multiclouds can be very complex and may require specialized software to integrate the different public cloud environments. Often this specialized software isn’t readily available, meaning it needs to be created by the organization that is utilizing the multicloud.
Why use a multicloud? Different cloud vendors provide different solutions and in different geographic regions. In large organizations, the solutions provided by one cloud vendor might not meet the needs of one department in the organization but might be a great fit for the needs of another department in the organization. Using a multicloud also helps mitigate contractual and unavailability risks, such as vendor lock-in.

Multitenancy
Note that this exam objective is covered in the “Public Cloud” section in this guide.

Tip: You are likely to be given a scenario on the exam that outlines the needs of an organization and then be asked which cloud deployment solution would best fit the organization’s requirements. Be aware of the advantages and disadvantages of public (flexible, low cost, easy to use), private (higher cost, more secure, and more likely to adhere to regulatory compliance requirements), and hybrid cloud deployment models.

Cloud Service Models
A cloud service model is a way of categorizing cloud features into one of three categories:
- Infrastructure as a Service (IaaS)
- Platform as a Service (PaaS)
- Software as a Service (SaaS)
There are some advantages to categorizing services into one of these service models.
One of the primary advantages is to get an idea of what components of the service are the responsibility of the cloud provider and which components of the service are the responsibility of the customer. This is referred to as the shared responsibility model. The key advantage is to understand the type of workload as it would exist in a cloud as opposed to on-premises. For example, a virtual machine on-premises can be modernized to a container architecture natively hosted as a PaaS service in the cloud platform of your choice. The patching process and underlying infrastructure specifics are no longer relevant because the underlying operating system and hardware are now a responsibility of the cloud provider.

Infrastructure as a Service (IaaS)
Suppose you want to deploy a service that has access to the hardware that is provided by the cloud platform. For example, you might want to deploy a virtual machine in the cloud. This service would be referred to as Infrastructure as a Service (IaaS). With IaaS, the service requires some sort of access to the underlying hardware.

Examples of IaaS include
- Azure Compute
- Google Compute Engine
- AWS EC2
With an IaaS solution, most of the responsibility of the service lies with the customer. See the “Cloud Shared Responsibility Model” section in this guide for more details.

Note: Any virtual machine hosted in the cloud is better known as an instance.

Platform as a Service (PaaS)
In a PaaS service model, the cloud platform provider delivers a platform to clients, thereby enabling them to develop, run, and manage applications without worrying about the need to build and maintain the underlying infrastructure. A PaaS model allows developers to create software without having to worry about maintaining an operating system or the underlying hardware—for example, patching the OS or updating disk drives. The developers can focus on installing and running their development environments.

Examples of PaaS services include
- AWS Elastic Beanstalk
- Azure App Service
- Google App Engine
With a PaaS solution, more of the responsibility is shifted to the cloud provider (compared to IaaS). See the “Cloud Shared Responsibility Model” section in this guide for more details.

Software as a Service (SaaS)
Odds are you have used a SaaS, in fact probably more than one. If you have leveraged any of the following, you have used SaaS:
- Microsoft Office 365
- Google Apps (like Google Docs and Google Mail)
- DocuSign
- Dropbox
- Zoom
- Salesforce

You might be thinking “these are just applications that run via my web browser” and that is exactly the point. With SaaS, the customer uses software that is hosted remotely (typically in the cloud).
With an SaaS solution, all of the responsibility is shifted to the cloud provider. See the “Cloud Shared Responsibility Model” section in this guide for more details.

Advanced Cloud Services
Several cloud-based services can be considered advanced. For the Cloud+ exam, you should know at least the following: Internet of Things, serverless, machine learning, and artificial intelligence.

Internet of Things (IoT)
The IoT market has exploded in recent years, with many commercial products now readily available. They include “controller” devices like Amazon Echo, smart doorbells, smart light bulbs, smart appliances (washing machines, refrigerators, and the like), and many more.
The industry that creates these devices often uses the term smart to distinguish regular devices from IoT devices.
What does it mean that a device is an IoT device? The main components of an IoT device are that it has localized compute and the capability to communicate over the Internet to a hub, where it can send the data collected and receive further instructions on the next set of activities.
IoT devices are not limited to home appliances. In fact, IoT originated as part of the manufacturing industry leveraging automation and remote machine-to-machine communications. IoT devices are used to monitor automobile traffic, determine the effectiveness of factories that produce products, and manage shipping from large shipping containers to millions of individual packages daily.

Serverless
Recall from the “Platform as a Service (PaaS)” section earlier in this guide that a cloud provider provides a platform (the cloud-based operating system) and a developer creates an application that runs on the platform. In some cases an application may be complicated enough to need a full platform, but for smaller applications this might not be necessary. Instead, the application could be run as a “serverless” application, which uses less resources and is more cost effective.
In a sense, the term serverless is a bit misleading. The application still runs on a server/hardware. A serverless application is packaged code that can run on hardware, abstracting the hardware and any underlying dependencies from the user, typically a developer. For example, a Java developer may not know what hardware and operating system (Windows or Linux) are being used to run the Java environment and can focus only on development.
The advantage of creating a serverless application is that it is much more cost effective. The application runs only when needed (typically an action called a trigger starts the application), and the customer pays only when the application is running. After the application completes its tasks, it stops, and the customer isn’t charged until the application starts again. In a PaaS scenario, the customer pays for the platform, regardless of whether the application is performing any tasks.

Examples of serverless products include the following:
- Azure Functions
- Google Cloud Functions
- AWS Lambda

For the Cloud+ exam, know the differences between running a serverless application versus running an application in a PaaS model.

Machine Learning/Artificial Intelligence (AI)
Mat Velloso famously tweeted: “Difference between machine learning and AI: If it is written in Python, it’s probably machine learning. If it is written in PowerPoint, it’s probably AI.” This joke plays on the machine intelligence community’s dismay for how the term artificial intelligence has been diluted recently. The joke also attempts to address the difference between machine learning and AI in a humorous manner.
The preceding tweet makes it seem as if machine learning and AI are different things, but in reality, machine learning is a component of AI.
The goal of AI is to create software that can reason in a manner similar to how a human can reason. This topic is potentially very complex, but the concept is to move software beyond “follow these directions” to a point where software can make decisions on its own.
Machine learning is an important component of AI. For software to be able to make independent decisions, the software needs to be able to learn new information and concepts without having to be explicitly programmed to learn these things. Consider how you can learn something new (a new language, how to play a musical instrument) without someone telling you to learn that topic or even how to learn the topic. Yes, you can take a class on how to play the piano, but depending on your natural abilities, you might be able to just figure it out on your own. Machine learning attempts to have software programs learn in a similar manner to the way we humans learn. These are known as learning models, and ML leverages new models to learn about possible inputs, events, actions, and outputs.
You may wonder why AI and machine learning are included in the objectives of the Cloud+ exam. AI and machine learning require massive amounts of computing power, which is available largely in cloud environments. As a result, cloud technologies are very important to the advancement of AI.

Cloud Shared Responsibility Model
Cloud platform providers want customers to realize what parts of a cloud service the customer is responsible for maintaining and what parts the cloud provider is responsible for. Table 1.1 provides a typical summary of these responsibilities.

TABLE: Shared Responsibility Model by Service Model

Note that On-Prem means “hosted on premises, or physically in the customer’s environment.” While customers may create their own private cloud in their server rooms, on-prem means “not hosted by a cloud provider.”

In the Table above, the boxes with gray background indicate the responsibility of the cloud provider, and the boxes with white background indicate the responsibility of the customer. The following examples are designed to provide further clarity:
- A customer creates a virtual machine using Amazon EC2 in the AWS cloud. The customer is responsible for patching the OS and maintaining any software that is installed on the OS. Amazon is responsible for securing and maintaining the servers where the virtual machine is installed.
- A customer creates an application and hosts it on Azure App Service. The customer is now responsible for making sure the application security is sound and that updates are made to the application in a timely manner. Azure is responsible for patching the OS, ensuring the storage is secure and reliable, and making sure the network is secure and responsive.
- A customer uses Google Docs to create a document. Google is responsible for just about everything related to the application, although the customer is responsible for the data placed in the document and, in some cases, the security of this data. For example, Google Docs allows the user to share the document, making that function the responsibility of the user, not Google’s responsibility.
For the Cloud+ exam, you should know Table 1.1 by heart. You will be asked scenario-based questions and expected to know which entity is responsible for each component of the application.


Quiz Questions:
Answer these questions. The answers follow the last question. If you cannot answer these questions correctly, consider reading this guide again until you can.

1. Your organization deploys virtual machines on AWS. This is an example of which deployment model? A.Public B.Private C.Hybrid D.Community

2. A VPC is an example of using _____. A.Multitenancy B.Multicloud C.Cloud within a cloud

3. Which of the following is an example of IaaS? A.Google App Engine B.Google Compute Engine C.Google Apps D.AWS Elastic Beanstalk

4. Which of the following is an example of SaaS? A.AWS Elastic Beanstalk B.AWS EC2 C.Azure Compute D.Dropbox

5. A serverless application runs in which of the following environments? A.IaaS B.PaaS C.SaaS D.None of these answers are correct

Quiz Questions: Answers

1. Public

2. Cloud within a cloud

3. Google Compute Engine

4. Dropbox

5. None of these answers are correct