16 min read

Learning Objectives

By the end of this module, you will be able to:

  • Explain the three main cloud service models (IaaS, PaaS, and SaaS) and their key characteristics
  • Compare the levels of control and responsibility across different service models
  • Describe the shared responsibility model and how security duties are divided between cloud provider and customer
  • Identify which IONOS Cloud services map to each service model category

Unit 1.3: Cloud Service Type Categories

Introduction

Imagine you're planning to make a pizza. You have three choices: buy all the raw ingredients and make it from scratch at home, order a take-and-bake pizza from the grocery store where the dough and toppings are prepared but you bake it yourself, or have a fully cooked pizza delivered to your door. Each option gives you a different level of control and convenience.

Cloud computing works the same way. Depending on your needs, technical expertise, and how much infrastructure management you want to handle, you can choose from three main service models: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). Each model represents a different level of abstraction, with the cloud provider taking on more operational responsibility as you move from IaaS to PaaS to SaaS. Understanding these service categories is essential for selecting the right cloud approach for your workloads and knowing exactly what you're responsible for managing versus what the provider handles.

1. Infrastructure as a Service (IaaS)

Infrastructure as a Service provides the fundamental building blocks of a data center: virtual CPUs, memory, storage, and networking. Think of IaaS as having the raw materials and tools to build your own custom solution. The cloud provider supplies and maintains the physical hardware and virtualization layer, while you have complete control over everything above that layer.

1.1 What IaaS Provides

With IaaS, the cloud provider delivers virtual compute resources that you can provision on demand. You receive access to virtual machines with configurable CPU cores, RAM, and storage, along with networking components like virtual networks, IP addresses, and firewalls. The provider owns and operates the physical data centers, handles hardware maintenance, ensures power and cooling, and manages the hypervisor that creates your virtual machines.

In the IONOS IaaS model, the provider manages the underlying hardware, the hypervisor, and the shared control-plane infrastructure. You have the flexibility to install, configure, patch, and manage the operating system of each virtual machine according to your specific requirements. This is a core characteristic of IaaS: while the infrastructure is managed for you, you maintain full control over the operating system that runs on your virtual machines.

1.2 Customer Responsibilities in IaaS

When you use IaaS, you gain maximum control and flexibility over your environment. You manage the operating system, including applying security patches and updates according to your schedule and requirements. You install and configure all middleware (web servers, application servers, databases) and your application code exactly as needed. You're also in control of data management, including backups, encryption, and compliance with regulatory requirements.

You configure network security by setting up firewall rules, Network Security Groups, and routing tables to meet your specific security policies. User access management, including role-based permissions and authentication, is under your control. You have the ability to detect, classify, and remediate security events within your virtual machines or applications through vulnerability scanning and compliance audits.

1.3 IONOS IaaS Services

IONOS offers a comprehensive IaaS portfolio designed to give you maximum flexibility and control. The core compute offerings include Compute Engine, which provides flexible virtual machines with either Dedicated Core or vCPU options, and Cubes, which are pre-configured virtual private server instances with fixed vCPU, RAM, and NVMe storage resources.

Supporting these compute resources are essential infrastructure services. Cloud Block Storage provides persistent, network-attached storage volumes up to 4TB (larger volumes available on request) with options for HDD or SSD (Standard and Premium) delivered in dual-redundant configurations. Network File Storage offers managed shared file systems accessible over private LANs. IONOS Cloud Object Storage delivers S3-compatible object storage for unstructured data at massive scale.

Networking services round out the IaaS layer with NAT Gateway for outbound internet access, VPN Gateway for secure site-to-site connectivity, and Cloud DNS for domain name resolution. All these services provide the raw infrastructure components you need to build, deploy, and scale your applications while maintaining full control over the software stack.

2. Platform as a Service (PaaS)

Platform as a Service provides a complete runtime environment where infrastructure management is handled for you. With PaaS, you focus on writing code and deploying applications while the platform handles servers, operating systems, scaling, and often includes managed services like databases and container orchestration.

2.1 What PaaS Provides

A PaaS environment gives developers a ready-to-use platform where they can deploy code, databases, or containers without managing the underlying servers. The platform includes built-in scalability that automatically adjusts resources based on demand, monitoring capabilities to track application health, and often integrates managed services that would require additional setup in an IaaS environment.

The key difference from IaaS is abstraction. Instead of provisioning virtual machines and installing software, you deploy your application directly to the platform. The provider manages the operating system patches, runtime updates, capacity planning, and infrastructure scaling. You concentrate on application logic, data, and business functionality.

2.2 Customer Responsibilities in PaaS

In a PaaS model, your responsibilities focus on your application and data. You write, test, and deploy your applications, manage application-level configurations, and ensure your code is secure and performant. Data management remains your responsibility, including how data is structured, accessed, and protected within the application.

You still control user access to your applications and data. The platform provider handles operating system security, server patches, and runtime environment updates through automated maintenance windows and rolling updates that minimize service interruption.

2.3 IONOS PaaS Services

IONOS provides several PaaS offerings that sit on top of the IaaS foundation. Managed Kubernetes gives you fully Managed Kubernetes clusters where you can deploy containerized workloads without managing the control plane. The service handles cluster upgrades, security patches, and scaling, allowing you to focus on deploying and managing your applications.

The Database-as-a-Service portfolio includes managed databases that eliminate infrastructure management. Managed PostgreSQL provides dedicated clusters with vertical and horizontal scaling, high availability, automated backups, point-in-time recovery, and TLS encryption. Similarly, Managed MariaDB and Managed MongoDB offer fully managed database clusters with automated patching, upgrades, and monitoring. In-Memory DB delivers managed Redis clusters with automatic failover and backups.

Event Streams for Apache Kafka provides managed streaming data infrastructure, while the Backup Service offers integrated, Acronis-based backup for compute and storage resources. These PaaS services integrate seamlessly with the underlying IaaS layer, connecting via private networks to ensure security while delivering the operational simplicity of a managed platform.

3. Software as a Service (SaaS)

Software as a Service represents the highest level of abstraction. The provider delivers fully functional applications over the internet, owning and managing the entire technology stack from infrastructure to the application itself. Users simply consume the software through a web interface or API.

3.1 What SaaS Provides

SaaS applications are ready to use immediately after signup. The provider handles all infrastructure provisioning, platform management, application updates, scaling, and availability. Updates roll out automatically without requiring any action from users. The application runs in a provider-controlled environment, often using containerized infrastructure that allows seamless updates and scaling without service interruption.

From an end-user perspective, SaaS eliminates infrastructure and platform management entirely. You don't install software, manage licenses, or worry about compatibility. You access the application through a browser or mobile app, and the provider ensures it's always available, secure, and running the latest version.

3.2 Customer Responsibilities in SaaS

In a SaaS model, your responsibilities are limited to using the application and managing your data within it. You configure user accounts, set permissions, and manage how your organization uses the software. You're responsible for the data you create or upload to the application, including ensuring it complies with your organization's security and privacy policies.

You don't manage infrastructure, platforms, or application code. You don't handle updates, patches, or scaling. Your interaction is purely at the application and data level. This makes SaaS suitable for business applications where you need specific functionality without operational management.

3.3 SaaS in the IONOS Ecosystem

IONOS does offer a SaaS product: Nextcloud Workspace, a fully managed, sovereign SaaS collaboration and productivity suite hosted exclusively in IONOS Cloud data centers in Europe. Beyond that, IONOS also provides the complete IaaS and PaaS foundation that enables you to build and deliver your own SaaS applications. This approach gives you full control over your software architecture, features, and business model while leveraging enterprise-grade infrastructure.

By combining IONOS IaaS compute and storage with PaaS services like Managed Kubernetes and managed databases, you can create sophisticated software products and deliver them to your end users as a service. This demonstrates how the service models build on each other: SaaS applications run on PaaS platforms, which in turn run on IaaS infrastructure. IONOS provides the foundational layers that enable you to create whatever solutions your business requires, whether that's a customer-facing application, an internal business system, or a commercial SaaS product for your own customers.

4. Shared Responsibility Model

The shared responsibility model is a framework that clearly defines which security and operational tasks belong to the cloud provider and which belong to the customer. Understanding this model is critical because it determines where your responsibilities begin and end.

4.1 How Responsibilities Are Divided

At the foundation, IONOS is responsible for the physical infrastructure and security of the cloud itself. This includes owning and operating data centers with physical security, power, cooling, and network connectivity. IONOS maintains the hardware, network fabric, virtualization layer, and hypervisor, including host-based firewalls and intrusion detection systems.

The platform layer responsibilities vary by service model. For IaaS, IONOS provides a secure, compliant platform with network security, patching of the management stack, and capacity management of the management cluster. For PaaS services like Managed Kubernetes, IONOS also handles security updates and patches to the control plane and runtime environments.

Customers have control above the platform layer. This includes configuring Network Security Groups, firewall rules, and routing for virtual networks they control. For virtual machines, customers manage patching and updates to the operating system and applications, control access and user accounts, implement encryption for data at rest and in transit, and monitor and remediate security events affecting their workloads.

4.2 Shared Responsibility by Service Model

The exact division of responsibilities shifts depending on which service model you use. The following table illustrates how responsibilities are distributed:

Responsibility Area IaaS PaaS SaaS
Physical Infrastructure IONOS IONOS IONOS
Virtualization & Hypervisor IONOS IONOS IONOS
Operating System Customer IONOS IONOS
Runtime & Middleware Customer IONOS IONOS
Application Code Customer Customer IONOS
Data Customer Customer Customer
Access Management Customer Customer Customer
Network Configuration Customer Shared IONOS

Note: IONOS offers one SaaS product today, Nextcloud Workspace; the SaaS column above otherwise remains a useful educational comparison for services you build yourself.

Notice that as you move from IaaS to PaaS to SaaS, more responsibility shifts to the provider. However, data and access management typically remain the customer's responsibility regardless of service model. You always control who can access your data and how it's used.

4.3 Practical Implications

Understanding the shared responsibility model helps you make informed decisions about security, compliance, and operations. In an IaaS environment, you have control over operating system security, patching processes, and vulnerability management. In PaaS, these tasks are handled by the provider, giving you less control over the underlying platform but allowing you to focus on your applications.

Both parties must collaborate for effective cloud security. IONOS provides the tools such as secure base images, monitoring services, and platform-level security controls. Customers apply best practice security within their environments, including regular operating system patching, access control policies, encryption implementation, backup strategies, and incident handling procedures.

By clearly separating these duties, the shared responsibility model maximizes the benefits of cloud computing while maintaining a robust security posture. You gain the flexibility and scalability of the cloud while understanding exactly which security and operational tasks belong to you versus those managed by IONOS.

5. Choosing the Right Service Model

Selecting the appropriate service model depends on your specific requirements, technical capabilities, and business objectives. Each model offers different trade-offs between control, convenience, and operational responsibility.

5.1 When to Choose IaaS

IaaS is ideal when you need maximum control and flexibility. Choose IaaS when you have specific operating system requirements, need to run custom or legacy applications that require particular configurations, or want full control over the software stack for compliance or security reasons. IaaS works well for workloads that require customization at the infrastructure level or when migrating existing on-premises applications to the cloud with minimal changes.

Organizations with technical teams that want to manage infrastructure, or those with specific performance requirements that need fine-tuned configurations, benefit from IaaS. The IONOS Compute Engine and Cubes offerings give you this flexibility, allowing you to build exactly the environment your applications need.

5.2 When to Choose PaaS

PaaS is the right choice when you want to focus on application development rather than infrastructure management. Choose PaaS when you're building new applications, need rapid development and deployment cycles, or want built-in scalability and high availability without managing the underlying infrastructure. PaaS is excellent for microservices architectures, containerized applications, and managed database workloads.

Development teams that want to concentrate on writing code rather than managing servers, or organizations looking to streamline operations, find PaaS valuable. Services like IONOS Managed Kubernetes and Database-as-a-Service deliver platform capabilities, letting you deploy applications faster and with greater reliability.

5.3 When to Choose SaaS

SaaS makes sense when you need specific business functionality without managing technology. Choose SaaS for standard business applications like email, customer relationship management, collaboration tools, or office productivity software. SaaS eliminates technical management, making it suitable for organizations that want to focus entirely on using software rather than deploying or maintaining it.

Non-technical teams, small organizations without dedicated IT staff, or any use case where the application functionality matters more than infrastructure control benefit from SaaS. While IONOS's core portfolio centers on IaaS and PaaS, with Nextcloud Workspace as its SaaS offering, understanding SaaS helps you make informed decisions about which parts of your technology stack to build on IONOS infrastructure versus consume as ready-made applications.

Common Use Cases

Real-world scenarios where these service models are applied:

  1. E-Commerce Platform on IaaS: An online retailer runs its e-commerce application on IONOS Compute Engine virtual machines, giving complete control over the web server configuration, application middleware, and database tuning. They use Block Storage for persistent data and configure custom firewall rules to meet PCI-DSS compliance requirements. This IaaS approach provides the flexibility needed for their specific performance requirements and regulatory obligations, as described in Section 1.3, while allowing them to optimize costs by scaling compute resources based on seasonal traffic patterns.
  2. Microservices Application on PaaS: A software company deploys its microservices-based application on IONOS Managed Kubernetes, as covered in Section 2.3. The development team focuses on writing and deploying containerized services while Managed Kubernetes handles cluster upgrades, scaling, and security patches automatically. They connect to Managed PostgreSQL databases over private networks (Section 2.3 integration), eliminating infrastructure management. This PaaS approach accelerates development velocity by removing infrastructure operations discussed in Section 2.2, allowing the team to ship features faster.
  3. Custom SaaS Alternative on IONOS: A healthcare company needs CRM functionality but cannot use public SaaS due to strict data sovereignty requirements. Instead, they build a custom CRM application on IONOS IaaS (Compute Engine for the application servers) and PaaS (Managed PostgreSQL for patient data). This gives them SaaS-like functionality for their users while maintaining complete control over where data resides and how it's secured.
  4. Hybrid Service Model Strategy: A financial services firm uses both IaaS and PaaS strategically. They run core banking systems on IaaS Compute Engine for maximum control and compliance, and use Managed PostgreSQL (PaaS) for customer data requiring automated backups and high availability (Section 2.3). This demonstrates how the shared responsibility model (Section 4) varies by workload, with each service model chosen based on specific control, compliance, and operational requirements.

Summary

Cloud service models represent different levels of abstraction and responsibility. IaaS provides raw infrastructure components like virtual machines, storage, and networking, giving you maximum control over operating systems, middleware, and applications. PaaS offers a complete runtime environment where you deploy code and data while the platform handles infrastructure, scaling, and operational tasks. SaaS delivers fully functional applications where the provider manages everything from infrastructure to application updates, leaving you to focus solely on using the software.

The shared responsibility model defines the security and operational boundary between cloud provider and customer. IONOS always manages physical infrastructure, data centers, and the virtualization layer. As you move from IaaS to PaaS to SaaS, more responsibility shifts to the provider, but you always retain control over your data and who can access it. Understanding this model is essential for proper security implementation and compliance management.

IONOS Cloud offers a comprehensive portfolio spanning IaaS, PaaS, and SaaS (Nextcloud Workspace). The IaaS layer includes Compute Engine, Cubes, Block Storage, Object Storage, Network File Storage, and networking services. The PaaS layer delivers Managed Kubernetes, Database-as-a-Service offerings (PostgreSQL, MariaDB, MongoDB, In-Memory), Event Streams for Apache Kafka, and the Backup Service. These services integrate seamlessly, allowing you to choose the right level of abstraction for each workload.

Key Points:

  • IaaS provides infrastructure building blocks (compute, storage, networking) with customer control over operating systems and applications
  • PaaS delivers managed runtime environments where customers focus on code and data while the platform handles infrastructure operations
  • SaaS offers fully managed applications with the provider handling all infrastructure, platform, and application management
  • The shared responsibility model clearly divides security and operational duties between cloud provider and customer, varying by service model
  • IONOS Cloud services span IaaS (Compute Engine, Cubes, storage, networking), PaaS (Managed Kubernetes, managed databases, backup), and SaaS (Nextcloud Workspace)
  • Choosing the right service model depends on your need for control, technical capabilities, and operational preferences

Important Terminology:

  • IaaS (Infrastructure as a Service): Cloud service model providing virtualized compute, storage, and networking resources with customer control over operating systems and applications
  • PaaS (Platform as a Service): Cloud service model providing a managed runtime environment where developers deploy applications without managing underlying infrastructure
  • SaaS (Software as a Service): Cloud service model delivering fully managed applications accessible via web interfaces or APIs
  • Shared Responsibility Model: Framework defining which security and operational tasks belong to the cloud provider versus the customer
  • Compute Engine: IONOS flexible virtual machine service with configurable dedicated-core or vCPU options (IaaS)
  • Managed Kubernetes: IONOS fully managed Kubernetes service handling control plane operations and scaling (PaaS)

Next Steps

Continue Learning: Unit 2.1: Core Architectural Components

Related Topics: