The dividing lines between Platform-as-a-Service (PaaS) and Infrastructure-as-a-Service (IaaS) are blurring. But the dominance of the latter belies the importance of the former in the cloud computing arena, and there are several reasons why both will remain as distinct layers and product sets.
PaaS has rapidly become the darling of cloud services, thanks to the rocketing demand for applications and the need to find faster, more cost-effective models for their development and delivery. However, IaaS has a greater reliance on the end user to manage the service, which can be a more convoluted process that’s costly in terms of time and resources, while more complex applications require sophisticated infrastructure and can prove difficult to scale or update. There’s also the scenario where a new business requirement calls for a change in the application and results in a lengthy development, test, and redeployment cycle.
PaaS was conceived to remove all of these headaches by enabling consumers to access custom applications built in the cloud in the same way they do with those delivered under Software as a Service (SaaS).
By enabling consumers to spin up dedicated environments optimised for their applications in an instant, PaaS makes it possible to write entire platforms in Open Source, release small work packages regularly, and switch seamlessly between test and development and production.
Although independent software developers (ISVs), IT organisations, and e-commerce providers have long recognised the benefits of PaaS, the evolution of Infrastructure as a Service (IaaS) has made the market considerably more confusing for enterprise consumers when it comes to distinguishing between the two.
In its purest form, IaaS would consist only of compute, storage, network, leaving the consumer to deploy, manage, and maintain the OS. Since there are few scenarios in which a consumer would want to acquire IaaS without the OS necessary to run that infrastructure, the majority of Cloud Service Providers (CSPs) deliver IaaS together with an OS as standard.
CSPs have muddied the waters by evolving their IaaS offerings further. They’ve added management and security components around the OS, as well as features such as automated virtual machine deployment, and badged these services as ‘PaaS’. Although buying a service in this way enables consumers to benefit from the flexibility, scalability, and utility consumption model that public cloud brings, they don’t receive any form of management or monitoring of that infrastructure and associated data centres from the CSP.
Because Public IaaS/PaaS is based on shared resources (multi-tenanted), often across multiple sites and multiple countries, it represents additional risk for enterprise consumers if they’re looking to migrate business-critical applications or sensitive data.
Conversely, when PaaS is sourced from a Managed Service Provider (MSP), it is delivered on Dedicated or Private Cloud Infrastructure. With the infrastructure managed and operated solely for the consumer (i.e. it is provisioned on dedicated physical systems), the ‘Private PaaS’ model is preferred by security conscious outsourcers, since the MSP can provide access controls, encryption, and segregation to ensure the confidentiality, integrity, and availability of their applications and data.
A further key difference between Public IaaS/PaaS and Private PaaS lies in the resources that fall within the customer-managed stack. Under Public IaaS/PaaS, the consumer remains responsible for the middleware that sits between the application/web layer and the database, such as Microsoft Exchange, SQL, or the database application server or web server.
With Private PaaS, the MSP is responsible for managing both the underlying cloud infrastructure and an agreed set of applications including the middleware. The consumer retains control over the deployed applications and, potentially, the configuration settings for the application-hosting environment.
As such, Private PaaS allows consumers to develop, run, and manage applications without the associated complexities of maintaining the underlying infrastructure. Instead, they can focus on their core business, whether it’s delivering SaaS to internal or external customers, enhancing their storefronts, or adding value to other areas of their organisation.
IaaS may still be the fastest growing segment of cloud computing, but it’s PaaS that will allow developers to create new ‘cloud-aware’ applications with the potential to transform both their own business and those of their customers and their customers’ end users too.
There are varying degrees of PaaS in terms of levels of monitoring, flexibility, and front-end control; however, these are all interwoven with IaaS.
Drawing a distinction between the two types of service requires a meaningless definition of where infrastructure stops and platform architecture begins. When developing a service, if a provider would fail to consider the two at once there would be serious flaws. It is only in the delivery of the service that a real distinction is drawn between the two; dependent on the function of the service and the stage in the value chain it meets the customer.
If the customer wants to extract the most value from the solution they must make a choice in provider that gets the balance right. In some cases, PaaS will be little more than an easily accessible inflexion of traditional IaaS, where in others it could exhibit a host of features, including tools for the design and development of applications, as well as the operating system they are deployed on.
Ultimately, a more nuanced view of PaaS as a composite IaaS service is required for customers to ensure they derive value from their provider.
Phil Bindley, CTO at The Bunker