This chapter covers the four primary cloud deployment models: public, private, hybrid, and community clouds. Understanding these models is critical for the CompTIA A+ 220-1101 exam, as they appear in roughly 5-8% of questions under Domain 4.0 (Virtualization and Cloud Computing). You must be able to distinguish each model's characteristics, benefits, drawbacks, and typical use cases. The exam tests not just definitions but also scenarios where one model is more appropriate than another.
Jump to a section
Think of cloud deployment models like real estate options for a business. A public cloud is like leasing office space in a shared high-rise building where many companies occupy different floors. The building owner (cloud provider) handles all maintenance, security, and utilities. You pay only for the space you use, and you can expand or shrink your footprint easily. However, you have limited control over the building's infrastructure and must share common areas (network bandwidth, physical security) with other tenants. A private cloud is like owning or leasing an entire standalone building exclusively for your company. You control every aspect—from the foundation to the roof—ensuring maximum security and customization, but you bear all costs and maintenance responsibilities. A hybrid cloud is like having a primary office building (private) but also leasing temporary meeting rooms in a co-working space (public) during peak periods. Sensitive data stays in your building, while burst workloads use the co-working space. A community cloud is like a shared office building occupied by several related companies, such as law firms or medical practices, that share common security and compliance requirements. They pool resources to meet specific regulations while maintaining some privacy. This analogy maps directly to cloud models: public cloud is multi-tenant, private is single-tenant, hybrid combines both, and community is multi-tenant with shared compliance needs.
What Are Cloud Deployment Models?
Cloud deployment models define how cloud infrastructure is provisioned, who has access, and who manages it. The four main models are public, private, hybrid, and community. Each model answers three key questions:
Who owns the infrastructure? (the cloud provider, the organization, or a third party)
Who has access? (single organization, multiple organizations, or the general public)
Where is the infrastructure located? (on-premises, off-premises, or both)
Public Cloud
The public cloud is the most common model. Infrastructure is owned and operated by a third-party cloud service provider (e.g., Amazon Web Services, Microsoft Azure, Google Cloud Platform) and delivered over the internet. Resources are shared across multiple tenants (multi-tenant architecture), but each tenant's data is logically isolated.
Key characteristics: - Ownership: Cloud provider - Access: Open to the general public or large industry groups - Location: Off-premises (provider's data centers) - Management: Provider manages physical hardware, virtualization, and often the OS or runtime (depending on service model) - Scalability: Virtually unlimited; pay-as-you-go pricing - Cost: Low upfront; operational expenditure (OpEx) - Security: Provider secures physical infrastructure; tenant secures their data and applications (shared responsibility model)
How it works internally: The provider uses hypervisors (e.g., VMware ESXi, Microsoft Hyper-V, KVM) to partition physical servers into virtual machines (VMs). Each VM runs a guest OS and is isolated from other VMs on the same host. The provider also offers orchestration layers (e.g., OpenStack, Kubernetes) for automated provisioning, load balancing, and scaling. Tenants access resources via APIs, web consoles, or CLI tools (e.g., AWS CLI, Azure CLI). Metering tracks usage (CPU hours, storage GB-months, data transfer) for billing.
Exam-relevant details: - Public cloud is ideal for variable workloads, startups, and test/dev environments. - Common exam scenario: A company wants to avoid capital expenditure on hardware. Public cloud is the answer. - Trap: Candidates think public cloud is always cheaper. Reality: For steady-state, predictable workloads, private cloud or dedicated hosting may be cheaper.
Private Cloud
Private cloud is dedicated to a single organization. It can be hosted on-premises or by a third-party provider exclusively for that organization. The organization has full control over infrastructure, security, and compliance.
Key characteristics: - Ownership: Organization or third-party provider (exclusive use) - Access: Single organization - Location: On-premises or off-premises (hosted private cloud) - Management: Organization manages (if on-prem) or co-manages with provider - Scalability: Limited by physical hardware; scaling requires procurement - Cost: High upfront capital expenditure (CapEx) for hardware; operational costs for power, cooling, staff - Security: Highest level of isolation; meets strict compliance requirements (e.g., HIPAA, PCI DSS)
How it works internally: Private cloud uses the same virtualization technologies as public cloud but on dedicated hardware. The organization deploys a hypervisor cluster, a storage area network (SAN) or network-attached storage (NAS), and a management platform (e.g., VMware vSphere, Microsoft System Center, OpenStack). Self-service portals allow internal users to provision VMs on demand. Automation tools (e.g., Ansible, Puppet) manage configuration.
Exam-relevant details: - Private cloud is chosen for sensitive data, regulatory compliance, or predictable workloads. - Common exam scenario: A hospital needs to store patient records and must comply with HIPAA. Private cloud is the answer. - Trap: Candidates think private cloud must be on-premises. Reality: Hosted private cloud (e.g., a dedicated server from a provider) is also private.
Hybrid Cloud
Hybrid cloud combines public and private clouds, allowing data and applications to be shared between them. It offers the best of both worlds: security and control for sensitive workloads (private) plus scalability and cost-efficiency for variable workloads (public).
Key characteristics: - Ownership: Mixed (private + public) - Access: Single organization (private) and general public (public) - Location: On-premises and off-premises - Management: Organization manages private; provider manages public - Connectivity: Requires secure, high-bandwidth connection (e.g., VPN, dedicated leased line, AWS Direct Connect) - Scalability: Bursting to public cloud for peak loads - Cost: Combination of CapEx (private) and OpEx (public)
How it works internally: A hybrid cloud requires orchestration between environments. Common setup: an organization runs core applications on a private cloud (on-premises) and uses a public cloud for burst capacity, disaster recovery, or development. Data synchronization is critical; often uses replication (e.g., AWS Storage Gateway, Azure Site Recovery) to keep data consistent. Load balancers and DNS can route traffic between environments. For example, a web application might run on private cloud normally, but during a flash sale, additional VMs spin up in public cloud and traffic is distributed via a global load balancer.
Exam-relevant details: - Hybrid cloud is chosen to balance security, cost, and scalability. - Common exam scenario: A company has a private cloud for sensitive data but needs extra compute for seasonal spikes. Hybrid cloud is the answer. - Trap: Candidates think hybrid cloud requires identical hardware/software in both environments. Reality: Interoperability is achieved through APIs, VPNs, and standardized protocols (e.g., HTTPS, SSH). - Key exam term: "Cloud bursting" — the practice of using public cloud resources during peak demand.
Community Cloud
Community cloud is shared by several organizations with common concerns (e.g., mission, security requirements, policy, compliance). Infrastructure may be owned and managed by one of the organizations, a third party, or a combination.
Key characteristics: - Ownership: Shared among community members or third party - Access: Limited to community members (e.g., government agencies, healthcare providers, universities) - Location: On-premises or off-premises - Management: Managed by one or more community members or third party - Cost: Shared among members; lower than private cloud for each - Security: Meets specific industry regulations; members trust each other
How it works internally: Community cloud is essentially a private cloud shared by a group. For example, a consortium of banks might build a cloud that meets financial regulations (e.g., SOX, PCI DSS). Each member has its own isolated VMs or containers, but they share the same physical infrastructure and management layer. Federation services (e.g., SAML, OAuth) enable single sign-on across member organizations. Compliance audits are performed for the entire community.
Exam-relevant details: - Community cloud is chosen when multiple organizations have identical compliance needs. - Common exam scenario: Several healthcare providers want to share a cloud for research while maintaining HIPAA compliance. Community cloud is the answer. - Trap: Candidates confuse community cloud with public cloud. Difference: community cloud is restricted to specific groups, not the general public.
Comparison Table (Exam Focus)
| Feature | Public | Private | Hybrid | Community | |---------|--------|---------|--------|-----------| | Ownership | Provider | Organization | Mixed | Community | | Access | General public | Single org | Single org + public | Community members | | Location | Off-premises | On/off-premises | Both | On/off-premises | | Cost | OpEx | CapEx + OpEx | Mixed | Shared | | Scalability | High | Limited | High (via bursting) | Moderate | | Security | Provider + tenant | Organization | Mixed | Community | | Compliance | General | Custom | Mixed | Industry-specific |
Exam Traps and Misconceptions
Trap: Public cloud is always less secure than private. Reality: Public cloud providers invest heavily in security (e.g., AWS Shield, Azure Security Center). Security depends on configuration, not just model.
Trap: Hybrid cloud is just two separate clouds. Reality: Hybrid requires integration and orchestration; otherwise it's just multiple clouds (multi-cloud).
Trap: Community cloud is the same as public cloud. Reality: Community cloud restricts access to a specific group; public cloud is open to anyone.
Trap: Private cloud must be on-premises. Reality: Hosted private cloud (dedicated infrastructure from a provider) is also private.
Exam-Relevant Numbers and Terms
Cloud bursting: Term for using public cloud to handle overflow from private cloud.
Multi-cloud: Using multiple public clouds (e.g., AWS and Azure) — not the same as hybrid.
Shared responsibility model: Provider secures the cloud; customer secures what's in the cloud.
OpEx vs. CapEx: Public cloud is OpEx; private cloud is CapEx.
Compliance standards: HIPAA (healthcare), PCI DSS (payment cards), GDPR (data privacy), FedRAMP (government).
How to Eliminate Wrong Answers
Identify the primary driver: security, cost, scalability, or compliance.
If the scenario mentions "multiple organizations with same compliance needs" → community cloud.
If it mentions "bursting" or "peak loads" → hybrid cloud.
If it mentions "no upfront cost" → public cloud.
If it mentions "full control" or "dedicated" → private cloud.
Configuration and Verification (Conceptual)
While CompTIA A+ does not require specific configuration commands, understanding the concept of connectivity is important. For hybrid cloud, a VPN or dedicated connection (e.g., AWS Direct Connect, Azure ExpressRoute) is used. For private cloud, tools like VMware vCenter, Microsoft SCVMM, or OpenStack Dashboard are used for management. Public cloud management is via web console or CLI (e.g., AWS CLI, Azure CLI).
Example AWS CLI command to launch an EC2 instance (public cloud):
aws ec2 run-instances --image-id ami-0abcdef1234567890 --instance-type t2.micro --key-name MyKeyPair --security-group-ids sg-12345678Example OpenStack CLI command to list VMs (private cloud):
openstack server listSummary
Public: Multi-tenant, pay-as-you-go, off-premises, low control.
Private: Single-tenant, on/off-premises, high control, high cost.
Hybrid: Combines public and private, allows bursting, requires integration.
Community: Shared among organizations with common compliance needs.
Memorize the characteristics and typical use cases. The exam will present scenarios and ask you to select the appropriate model. Focus on the key differentiators: who has access, who owns it, and the primary benefit.
Identify the organization's requirements
Begin by analyzing the organization's needs: security level, compliance regulations (e.g., HIPAA, PCI DSS), scalability demands, budget (CapEx vs. OpEx), and control requirements. For example, a hospital handling patient data requires high security and HIPAA compliance, pointing toward private or community cloud. A startup with variable traffic and limited capital favors public cloud. This step is crucial because the wrong model can lead to security breaches or excessive costs.
Determine access and ownership constraints
Decide who should have access: a single organization (private), the general public (public), a specific group (community), or a combination (hybrid). Ownership can be internal (on-premises), external (provider), or shared. For instance, if multiple government agencies need to share data while meeting FedRAMP, community cloud is appropriate. If a single company needs full control over infrastructure, private cloud is best. This step eliminates models that don't match access requirements.
Assess workload patterns and scalability needs
Classify workloads as predictable or variable. Predictable, steady-state workloads (e.g., database servers) are cost-effective on private cloud. Variable or spiky workloads (e.g., e-commerce during holidays) benefit from public cloud's elasticity. Hybrid cloud allows running baseline on private and bursting to public during peaks. For example, a retail company might run its core ERP on private cloud but spin up additional web servers on public cloud during Black Friday. This step determines if hybrid bursting is needed.
Evaluate connectivity and integration requirements
If hybrid cloud is chosen, plan the connection between environments. Options include site-to-site VPN (IPsec) over the internet, dedicated leased lines (e.g., MPLS), or direct connections like AWS Direct Connect. Bandwidth, latency, and security are key considerations. For example, a hybrid cloud scenario with real-time data synchronization may require a dedicated connection to avoid latency. Also consider orchestration tools (e.g., Kubernetes, Terraform) to manage resources across clouds. This step ensures seamless integration.
Select the appropriate cloud deployment model
Based on the previous steps, choose the model that best fits. Public: low cost, high scalability, low control. Private: high control, high security, high cost. Hybrid: balance of control and scalability. Community: shared compliance. Document the decision with justifications. For the CompTIA A+ exam, you will be given a scenario and must select the correct model. Practice by mapping scenarios: 'A hospital wants to share a cloud with other hospitals for research while meeting HIPAA' → community cloud. 'A startup needs to scale quickly with no upfront cost' → public cloud.
Enterprise Scenario 1: Healthcare Consortium (Community Cloud)
A group of five hospitals in a regional health network wants to collaborate on medical research using patient data (de-identified) while complying with HIPAA. Each hospital has its own IT staff, but they lack the resources to build individual private clouds. They decide to deploy a community cloud hosted by a third-party provider specializing in healthcare. The provider ensures HIPAA-compliant encryption, access controls, and audit logging. Each hospital gets a logically isolated tenant within the community cloud. Data is encrypted at rest and in transit. The community cloud is managed via a shared portal, and costs are split equally. In production, they use VMware Cloud on AWS for the community cloud, with AWS Direct Connect for low-latency access. Common issues: misconfigured access controls can expose data to unauthorized hospitals; regular audits are needed. Scale: about 500 VMs total across all hospitals. Performance considerations: shared storage can become a bottleneck during peak research periods; they use QoS policies to guarantee IOPS per hospital.
Enterprise Scenario 2: E-commerce Company (Hybrid Cloud)
An online retailer with a steady baseline of traffic runs its core database and inventory management on a private cloud in its own data center. However, during holiday sales, traffic spikes 10x. They implement a hybrid cloud: the private cloud runs the database and critical APIs, while the public cloud (AWS) hosts stateless web servers and caching layers. During normal times, only the private cloud is active. When traffic exceeds a threshold, an auto-scaling group in AWS launches additional EC2 instances, and a global load balancer (e.g., AWS Route 53 with latency routing) sends traffic to the public cloud instances. Data synchronization is handled via a message queue (Amazon SQS) and periodic database replication (AWS Database Migration Service). In production, they use a 1 Gbps VPN between the data center and AWS, but later upgrade to AWS Direct Connect (10 Gbps) to reduce latency and improve reliability. Common misconfiguration: failing to set proper security groups in AWS, allowing unauthorized access from the internet to the database replication port. Scale: private cloud hosts 50 VMs; public cloud bursts to 200 VMs during peak. Performance considerations: network latency between environments can affect real-time inventory updates; they use caching (Redis) to reduce database calls.
Enterprise Scenario 3: Government Agency (Private Cloud)
A federal agency handles classified data and must comply with strict security policies (e.g., FedRAMP High, NIST 800-53). They cannot use public cloud due to data sovereignty and control requirements. They build a private cloud on-premises using OpenStack on dedicated hardware in a secure data center. All hardware is procured through approved vendors, and only cleared personnel have physical access. The private cloud provides self-service provisioning for internal teams, but with strict approval workflows. They use network segmentation (VLANs, firewalls) to isolate different security domains. In production, they manage about 1,000 VMs. Common issues: hardware failures require on-site replacement; they maintain a hot spare cluster. Performance considerations: storage performance is critical; they use all-flash SAN. Misconfiguration example: a developer accidentally exposes a VM to the internet via a misconfigured security group, leading to a data breach risk. They implement automated compliance scanning (e.g., OpenSCAP) to detect such issues. Scale: 100 physical hosts, 1 PB storage. Costs: high CapEx but low OpEx compared to public cloud for this scale.
Exactly What 220-1101 Tests
CompTIA A+ 220-1101 Objective 4.2 states: "Given a scenario, set up and configure cloud infrastructure." Within this, you must be able to "compare and contrast cloud deployment models." The exam expects you to:
Identify characteristics of public, private, hybrid, and community clouds.
Select the appropriate model based on a scenario (e.g., security, cost, scalability, compliance).
Understand terms like cloud bursting, multi-cloud, and shared responsibility.
Common Wrong Answers and Why Candidates Choose Them
Choosing public cloud when scenario requires compliance (e.g., HIPAA). Candidates think public cloud is always the answer because it's popular. Reality: Public cloud can be HIPAA-compliant if configured correctly, but the exam often tests that private or community cloud is more suitable for strict compliance.
Choosing hybrid cloud when scenario only mentions two public clouds. That's multi-cloud, not hybrid. Hybrid requires a private component. Candidates confuse hybrid with multi-cloud.
Choosing community cloud when scenario mentions a single organization with compliance needs. Community cloud is for multiple organizations. For a single organization, private cloud is correct.
Thinking private cloud must be on-premises. The exam may present a hosted private cloud (off-premises dedicated infrastructure). Candidates incorrectly label it as public.
Specific Numbers, Values, and Terms That Appear Verbatim
Cloud bursting: This term appears in hybrid cloud questions.
Multi-cloud: Using multiple public cloud providers (not hybrid).
Shared responsibility model: Know that the provider secures the cloud; customer secures what's in the cloud.
OpEx vs. CapEx: Public cloud is operational expense; private cloud is capital expense.
Compliance acronyms: HIPAA (healthcare), PCI DSS (payment cards), GDPR (data privacy), FedRAMP (government).
Edge Cases and Exceptions the Exam Loves to Test
Community cloud vs. public cloud: The key difference is access restriction. Community cloud is limited to a group; public cloud is open to anyone.
Hybrid cloud vs. multi-cloud: Hybrid includes a private component; multi-cloud does not.
Hosted private cloud: It's private even though it's off-premises. The exam may call it "dedicated cloud."
Virtual private cloud (VPC): This is a logically isolated section of a public cloud (e.g., AWS VPC). It is not a separate deployment model; it's a feature of public cloud.
How to Eliminate Wrong Answers Using the Underlying Mechanism
Identify the primary constraint: security, cost, scalability, or compliance.
If the scenario mentions multiple organizations with common compliance needs → eliminate public and private; choose community.
If it mentions bursting or peak loads → eliminate public and private alone; choose hybrid.
If it mentions full control and dedicated resources → eliminate public; choose private or community (if multiple orgs).
If it mentions no upfront cost and pay-as-you-go → eliminate private; choose public or hybrid (if private also mentioned).
Always check if the scenario includes both on-premises and off-premises → that's hybrid.
Memorize the table in the core explanation. Practice with sample questions from CompTIA's official study materials. Focus on the key differentiators: who has access, who owns it, and the primary benefit.
Public cloud: multi-tenant, pay-as-you-go, off-premises, low control.
Private cloud: single-tenant, high control, high cost, can be on or off-premises.
Hybrid cloud: combines public and private, enables cloud bursting, requires secure connectivity.
Community cloud: shared among organizations with common compliance needs, restricted access.
Cloud bursting: using public cloud to handle overflow from private cloud during peak demand.
Multi-cloud: using multiple public cloud providers, not to be confused with hybrid.
Shared responsibility model: provider secures the cloud infrastructure; customer secures data and applications.
These come up on the exam all the time. Here's how to tell them apart.
Public Cloud
Owned and operated by third-party provider
Multi-tenant: resources shared among many customers
Pay-as-you-go pricing (OpEx)
Virtually unlimited scalability
Lower control and customization
Private Cloud
Owned and operated by a single organization or dedicated provider
Single-tenant: dedicated resources for one customer
High upfront cost (CapEx) plus ongoing maintenance
Scalability limited by physical hardware
Full control and customization
Mistake
Public cloud is always less secure than private cloud.
Correct
Public cloud providers invest heavily in security (e.g., encryption, firewalls, DDoS protection). Security depends on proper configuration, not just the model. A misconfigured private cloud can be less secure than a well-configured public cloud.
Mistake
Private cloud must be hosted on-premises.
Correct
Private cloud can be hosted off-premises by a third party using dedicated infrastructure (hosted private cloud). The key is exclusive use by a single organization, not physical location.
Mistake
Hybrid cloud means using multiple public cloud providers.
Correct
Hybrid cloud combines a private cloud (on-premises or hosted) with a public cloud. Using two public clouds (e.g., AWS and Azure) is called multi-cloud, not hybrid.
Mistake
Community cloud is the same as public cloud.
Correct
Community cloud is restricted to a specific group of organizations with shared concerns (e.g., compliance). Public cloud is open to the general public. Community cloud is a private cloud shared among a community.
Mistake
Cloud bursting is only for public cloud.
Correct
Cloud bursting is a hybrid cloud concept where an application runs on a private cloud and "bursts" to a public cloud during peak demand. It requires integration between the two environments.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
Hybrid cloud combines a private cloud (on-premises or hosted) with a public cloud, allowing workloads to move between them (e.g., cloud bursting). Multi-cloud uses multiple public cloud providers (e.g., AWS and Azure) but does not include a private component. The exam tests this distinction: hybrid includes private; multi-cloud does not.
Yes. A private cloud can be hosted on-premises (in your data center) or off-premises by a third party using dedicated infrastructure exclusively for your organization. This is called a hosted private cloud. The key is that resources are not shared with other organizations.
Cloud bursting is a hybrid cloud scenario where an application runs on a private cloud normally but automatically scales to a public cloud during peak demand. For example, a retail website might use private cloud for baseline traffic and burst to AWS during Black Friday. It requires orchestration and a secure connection between environments.
For a single healthcare organization, a private cloud (on-premises or hosted) is best because it provides full control over data and security. For multiple healthcare organizations collaborating, a community cloud can be used, provided it meets HIPAA requirements. Public cloud can also be HIPAA-compliant if configured correctly (e.g., AWS HIPAA-eligible services), but the exam often prefers private or community for strict compliance.
The shared responsibility model defines security obligations in the cloud. The provider is responsible for security OF the cloud (physical infrastructure, hypervisor, network). The customer is responsible for security IN the cloud (data, applications, access management). For example, in AWS, Amazon secures the data centers, but you must configure security groups and encrypt your data.
No. A VPC is a logically isolated section of a public cloud (e.g., AWS VPC) where you can launch resources in a virtual network. It is a feature of public cloud, not a separate deployment model. The four deployment models are public, private, hybrid, and community.
Community cloud is used when multiple organizations with shared compliance or mission requirements need to collaborate. Examples: government agencies sharing a FedRAMP-compliant cloud, healthcare providers sharing a HIPAA-compliant cloud for research, or universities sharing a cloud for academic projects.
You've just covered Public, Private, Hybrid, Community Cloud — now see how well it sticks with free 220-1101 practice questions. Full explanations included, no account needed.
Done with this chapter?