Cloud Terminology
In A Nutshell

A cloud, by any other name, would be... a lot less confusing.

— Rob Vandenbrink

by Jason Robert Carey Patterson, Dec 2007

"Cloud" computing is the latest buzzword of the moment, and it seems everybody wants in on the concept. But what does cloud computing really mean?

Some people talk about storing their data in the cloud or running cloud applications, so they no longer have to run and maintain the systems themselves, while others talk specifically about running their servers in the cloud, or moving to a cloud "platform".

Several new terms are being thrown about, trying to characterize this new idea of outsourced, remotely accessed, on-demand, utility-based, service-oriented computing. Chief among them are three acronyms (we love our acronyms in computing, don't we!) – SaaS, PaaS and IaaS – standing for "software as a service", "platform as a service" and "infrastructure as a service".

Is your company thinking of switching to cloud computing? If so, what kind? And how is that different from the tried and true models of today?

Luckily, things are quite a bit simpler than they seem. The word "cloud" is really just a metaphor for the Internet, and cloud computing is therefore just computing over the Internet. As such, three main types of cloud computing fall neatly out as possibilities, mapping directly to the classic computing ideas of hardware, OS, and applications.

Let's work our way up from the bottom...

IaaS – Infrastructure as a Service

Better known as: virtual machines (VMs)

Think: rent generic virtual computers, outsource the actual hardware

Examples: Amazon EC2 & S3

With IaaS you pay per hour, day, month, compute cycle or megabyte of storage. And what do you pay for? Remote, networked access to basic, uninstalled, unconfigured, virtual computers as a service, or perhaps just virtual hard drives as a storage service.

As an example, today your company probably owns its own servers to run your company's database and email system, and they idle away at 10% utilization, going mostly unused. In the future, you might instead pay a monthly fee to rent some virtual servers on which to run the database and email system remotely. They start as basic, generic servers, without any software installed on them, just like a new computer with a fresh copy of the OS and nothing else. It's up to you to install, configure and deploy your database, email system, or any other applications you might want. Just like real computers, you can put more-or-less any software you want on them, and just like real computers, it's up to you to monitor them, update them, patch them, and keep them secure.

The servers you're renting are not really independent physical servers, they're "virtual" servers. Behind the scenes, many virtual servers are actually running in software on top of, and sharing the hardware of, a much smaller number of real servers that are shared between all of the vendor's customers. This is called virtualization, and it makes sense because most servers are idle most of the time, so there's a lot of spare capacity. In theory, this should also mean renting a virtual server should be cheaper than owning one, though in practice that is less clear. It will depend on how the pricing models evolve over the next few years.

Who it's for: IaaS is a good choice for companies who need or want the control and flexibility of running their own systems, and have the expertise to do so in-house, but don't want to pay for the hardware up front and pay to colocate it in some data center or provide their own machine room – they would rather rent time on shared servers to save equipment costs and colocation or machine-room hassles. Often the need is quite small, and wouldn't really justify the cost of even a single "full" server. Another reason to adopt IaaS might be to allow for the possibility that demand might suddenly increase dramatically, but the company can't afford to have dozens of servers colocated in some data center sitting idle "just in case".

Pros: Little or no initial outlay for hardware. No physical hardware maintenance issues. Ability to scale up quickly without having to buy and install new hardware.

Cons: Just as in any other area of life when it comes to money, renting/leasing is generally more expensive than buying in the long term, unless your need is only temporary or intermittent. This is especially true in computing, where hardware costs are already low and continue to fall year after year. Performance can also be an issue, since some aspects of performance tuning are unavailable to you. Typically this means storage-system performance, since the virtual servers only see a fake, virtualized storage system, and network performance, since virtualized network I/O is generally slower than an equivalent real system. Security and data privacy can also be a potential issue – ultimately, your data is stored on shared systems owned and maintained by somebody else, and a rogue system administrator working for the vendor can often access your data quite easily, in many cases without you ever knowing.

Major Players: Amazon (based on the Xen virtualization software), Rackspace (based on VMware).

PaaS – Platform as a Service

Better known as: web hosting

Think: host my web site or web application on their servers/platform

Examples: classic web hosting, Java/Ruby/.NET-specific hosting

With PaaS you pay per month to host your web site or web application on the vendor's existing server infrastructure and software stack (platform). Compared to IaaS, you're giving up flexibility and control of the platform, which is now handled by the vendor. They provide the hardware. They do the OS updating and patching. They install and maintain the web servers, database software, middleware software, scripting languages and so on. They're responsible for scaling and capacity issues. Essentially all of the system administration work is done by the vendor, and you just provide your web site and/or application to run on top of their underlying system.

In many cases, the underlying platform is the relatively generic, widely used de facto standard known as the LAMP stack – consisting of the Linux OS, the Apache web server, the MySQL database, and the PHP/Perl/Python scripting languages. Other vendors provide the ASP.NET platform running on Windows Server, or the Java EE platform, or Ruby on Rails etc.

Between different vendors who offer more or less the same platform, they differ mainly in performance, reliability, security, and pricing. In other words, you can generally move your PHP-based or Perl-based web site from one LAMP stack vendor to another without too much difficulty, or similarly your Java web app from one vendor to another so long as both provide a standard Java servlet container.

This should all sound very familiar, and it's been the normal way things are done for well over a decade. PaaS is nothing really new, unlike IaaS and SaaS.

Who it's for: PaaS is the sensible choice for most web sites and web applications unless you're a very large company, since it outsources both the infrastructure and the system administration work, where a small company probably can't really add any value, and lets the small company focus on its web site or application, where it can add value. It also gives a small company the performance of the vendor's infrastructure, which is usually vastly more costly to provide than the small company could justify.

Pros: Typically the lowest cost option. Also the quickest to get started – no time spent setting up virtual or real servers, just a few clicks to sign up and you're off and running.

Cons: You're giving up control, not just of the hardware as in IaaS, but of most of the major security, reliability and performance-tuning aspects of your computing platform. This is the idea of outsourcing, of course, but it's worth thinking about – you're now completely dependent on your vendor's security, reliability and performance, and if something goes wrong your only recourse is to email or phone them and hope they can sort it out ASAP. That's why picking a good web hosting vendor is critical. At a higher level, you're also locking yourself to the platform you chose, so be careful not to lock yourself to a niche platform where you can't switch vendors because nobody else provides that platform. Scaling up can be an issue with smaller hosting vendors, who generally don't have a lot of spare capacity. Many low-cost hosting services also routinely oversell – that is, 50 customers might each be promised 5% of the available network bandwidth and disk space (yes, that's 250%). You know what they say about offers which sound "too good to be true".

Major Players: There are many, many LAMP-based web hosting vendors, with no single dominant player. The options cover everything from single server hosting at a local ISP, to DreamHost/Rackspace style en-masse shared hosting in one enormous centralized facility, through to globally distributed content delivery networks (CDNs) such as Akamai and Limelight with servers spread all over the world to offer better regional performance. Smaller, more niche-focused players also abound for other platforms, especially for Java, Ruby on Rails and ASP.NET.

SaaS – Software as a Service

Better known as: web applications

Think: application running as a web site rather than native installed software

Examples: Hotmail/Gmail, Flickr, Google Docs, Salesforce.com

With PaaS you pay (one way or another) for access to a web-based application as an alternative to installing and running traditional software on your computer. Key successes in this area have been email tools, with many people now using web-based email such as Gmail rather than a native email program like Outlook or Eudora, and photo storage, with many people preferring to keep their photos on Flickr rather than on their laptop (which they don't back up). Other specific business niches have also been quite successful, such as the Salesforce.com CRM system used by many companies instead of an in-house customer database.

Software as a service is still in its infancy, and we have yet to see many large, heavy-duty applications tried as web applications. It will probably take several years before we begin to see web applications which compete with native applications for tasks such as software development, image/video/audio editing and other content creation, or games. The early successes of web applications have mostly been in the relatively "easy" areas of productivity applications, communications tools and databases.

Who it's for: SaaS appeals directly to end users, who dislike having to install, configure and update their software, usually don't back up their systems, and generally don't want to deal with technical issues. Many such users would rather outsource all of that to the software vendor, and simply have access to the application using a web browser, even if that means lower performance and a reduced feature set. Perhaps counter-intuitively, at the other extreme SaaS may also appeal to large corporations, who generally like the idea of outsourcing their "non-core" competencies to other, more specialized companies. In this way, SaaS can be seen as an evolution of software to a utility model, like the electricity supply – there was once a time when large companies routinely had their own power generators and supplied their own electrical power, but eventually economies of scale meant that dedicated power companies could do things more cost-efficiently, even after the addition of a profit margin.

Pros: No software installation or updating for the end user to do, it's always the latest version. No need to worry about backups. Available from any web browser, anywhere. Initial up-front cost becomes a smaller monthly fee (although the total may be more in the long run).

Cons: Web applications generally have poor performance and reduced feature sets compared to their native application counterparts - they feel limited and "clunky". You're also trusting your data to the vendor, so data ownership and control becomes an issue. Be careful not to get locked into a vendor's web application so tightly that you can never leave them – remember that if your SaaS vendor goes bankrupt, your data disappears along with them. Data privacy is also a major concern. For many years, Gmail didn't use HTTPS, so every interaction with your email was potentially visible to the world, including all of those messages which would historically have stayed internal to your company's own network. This is still true for many web applications today, such as web-based calendars, word processors and slide show presentation tools.

Major Players: Google (Gmail, Google Docs), Microsoft (Hotmail), Yahoo! (Flickr), Salesforce.com.