This chapter covers the three primary cloud service models: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). These concepts are essential for the CompTIA A+ 220-1101 exam under Objective 4.2, and they appear in roughly 5–10% of exam questions. Understanding the differences, use cases, and shared responsibility models will help you answer scenario-based questions about cloud computing. This chapter provides a deep technical explanation of each model, including how they work, their advantages and disadvantages, and how to choose the right one for a given scenario.
Jump to a section
Imagine you want to host a pizza party. With On-Premises (traditional IT), you do everything: grow the wheat, mill the flour, make the dough, add toppings, bake the pizza, and serve it. With IaaS (Infrastructure as a Service), you order a pre-made pizza crust (the virtual machine) from a store, but you still add your own sauce, cheese, and toppings (your software). The store provides the oven (hypervisor) and the building (data center). With PaaS (Platform as a Service), you order a frozen pizza that includes the crust, sauce, and cheese—you just add your specific toppings (your code) and bake it. The platform manages the runtime environment. With SaaS (Software as a Service), you order a fully baked pizza delivered to your door—you just eat it (use the software). The provider handles everything from ingredients to delivery. The key distinction is what you manage versus what the provider manages. In IaaS, you manage the OS, apps, and data; the provider manages the physical hardware and virtualization. In PaaS, you manage only your applications and data; the provider manages the runtime, OS, and infrastructure. In SaaS, you manage only user access and data; the provider manages everything else.
What Are Cloud Service Models?
Cloud computing delivers computing resources over the internet on a pay-as-you-go basis. The three main service models—IaaS, PaaS, and SaaS—define the level of abstraction and the division of responsibility between the cloud provider and the customer. The CompTIA A+ 220-1101 exam expects you to know the differences, typical use cases, and examples of each.
Infrastructure as a Service (IaaS)
IaaS provides virtualized computing resources over the internet. You rent virtual machines (VMs), storage, and networking instead of buying and managing physical hardware. The provider manages the physical data center, servers, storage, and networking hardware, as well as the hypervisor (virtualization layer). You are responsible for everything above the hypervisor: the guest OS, middleware, runtime, applications, and data.
What you manage: OS, applications, data, network configuration (firewalls, load balancers), and security patches for the OS.
What the provider manages: Physical servers, storage, networking, hypervisor, and physical security.
Common use cases: Hosting websites, running enterprise applications, disaster recovery, development and test environments, and migrating on-premises workloads.
Examples: Amazon Web Services (AWS) EC2, Microsoft Azure VMs, Google Compute Engine, Rackspace.
Pricing: Typically per hour or per second for compute, per GB for storage, and per GB for data transfer.
IaaS gives you the most control but also the most management overhead. You can install any software, configure the OS, and apply custom security settings. However, you must also handle patching, backups, and high availability for the OS and applications.
Platform as a Service (PaaS)
PaaS provides a platform allowing customers to develop, run, and manage applications without the complexity of building and maintaining the underlying infrastructure. The provider manages the hardware, OS, runtime, and middleware. You only manage your applications and data.
What you manage: Applications and data.
What the provider manages: Physical infrastructure, virtualization, OS, runtime (e.g., .NET, Java, Python), middleware (e.g., databases, web servers), and sometimes scaling.
Common use cases: Web application development, API development and hosting, mobile backends, and IoT platforms.
Examples: Google App Engine, AWS Elastic Beanstalk, Microsoft Azure App Services, Heroku.
Pricing: Typically based on resource consumption (CPU, memory, storage) or per user.
PaaS is ideal for developers who want to focus on writing code without worrying about infrastructure. The platform automatically handles scaling, load balancing, and patching of the underlying OS and runtime. However, you are limited to the languages and frameworks supported by the provider.
Software as a Service (SaaS)
SaaS delivers software applications over the internet on a subscription basis. The provider hosts and manages the entire application, including the infrastructure, platform, and application itself. You only access it via a web browser or API.
What you manage: User accounts, data, and sometimes configuration settings.
What the provider manages: Everything else—physical infrastructure, OS, runtime, application code, and security.
Common use cases: Email (Gmail, Office 365), customer relationship management (Salesforce), collaboration tools (Slack, Microsoft Teams), and file storage (Dropbox, Google Drive).
Examples: Google Workspace, Salesforce, Zoom, Slack, Microsoft 365.
Pricing: Typically per-user per-month.
SaaS requires the least management effort. You just sign up and use the software. However, you have limited control over features, performance, and security. Data is stored on the provider's infrastructure, which can raise compliance concerns.
Shared Responsibility Model
A critical concept for the exam is the shared responsibility model. It defines which security and management tasks are handled by the provider vs. the customer for each service model.
On-Premises: You manage everything.
IaaS: You manage OS, applications, data, and network access; provider manages physical and virtualization layers.
PaaS: You manage applications and data; provider manages OS, runtime, and infrastructure.
SaaS: You manage data and user access; provider manages everything else.
The exam may present a scenario and ask which model gives the customer the most/least control, or which model is best for a specific need (e.g., full control over OS vs. minimal management).
Key Differences Between IaaS, PaaS, and SaaS
Control: IaaS gives the most control, SaaS the least.
Management overhead: IaaS requires significant management, SaaS requires almost none.
Flexibility: IaaS is highly flexible; you can run any software. SaaS is the least flexible—you use what the provider offers.
Scalability: All three can scale, but PaaS and SaaS often offer automatic scaling, while IaaS may require manual scaling or auto-scaling configuration.
Cost: IaaS is typically pay-as-you-go for resources; PaaS may charge per resource or per user; SaaS is usually per-user subscription.
Example Scenario: Hosting a Web Application
IaaS: You provision a VM, install a web server (e.g., Apache), configure the OS, deploy your code, and manage backups and scaling.
PaaS: You upload your code to a platform like AWS Elastic Beanstalk; the platform automatically provisions the web server, scales, and patches the OS.
SaaS: You use a hosted content management system like Wix or Squarespace; you just design the site without managing any infrastructure.
Exam Tips
Memorize examples for each model: AWS EC2 (IaaS), Google App Engine (PaaS), Salesforce (SaaS).
Know that IaaS provides virtual machines and networking; PaaS provides a development platform; SaaS provides ready-to-use software.
Understand that in IaaS, you must patch the OS; in PaaS, the provider patches the OS; in SaaS, the provider patches everything.
The exam may ask which model allows you to install custom software on the OS—that is IaaS only.
Be aware of hybrid models: for example, a company might use IaaS for some workloads and SaaS for others.
Related Technologies
Cloud service models often interact with virtualization (hypervisors), containers (Docker), and orchestration (Kubernetes). Containers can run on IaaS or PaaS and offer a lightweight alternative to VMs. The exam may mention these in the context of cloud computing but focuses on the service models themselves.
Identify Business Requirements
The first step in choosing a cloud service model is to assess the organization's needs. Determine the level of control required over the operating system, runtime, and infrastructure. Consider compliance requirements, existing technical expertise, and budget. For example, if the organization needs to run custom software with specific OS configurations, IaaS is likely the best choice. If developers want to focus on code without managing servers, PaaS is appropriate. If the need is for standard business applications like email or CRM, SaaS is the simplest option.
Evaluate Management Overhead
Each model shifts management responsibilities differently. IaaS requires the customer to manage the OS, applications, and data, including patching and security. PaaS reduces overhead by managing the OS and runtime, but the customer still handles application code and data. SaaS offloads almost all management to the provider, leaving only user access and data management to the customer. The exam expects you to know that IaaS has the highest management overhead and SaaS the lowest.
Assess Scalability Needs
Scalability varies by model. IaaS typically requires manual scaling or configuration of auto-scaling groups. PaaS often provides built-in automatic scaling based on demand. SaaS applications are usually multi-tenant and scale automatically as the provider adds resources. For unpredictable or rapidly growing workloads, PaaS or SaaS may be more suitable. The exam may test your understanding of which model offers the easiest scaling.
Consider Security and Compliance
Security responsibilities differ by model. In IaaS, the customer is responsible for securing the OS, applications, and data, while the provider secures the physical infrastructure. In PaaS, the provider secures the platform, but the customer must secure their application code and data. In SaaS, the provider secures the application, but the customer must manage user access and data privacy. Compliance requirements (e.g., HIPAA, GDPR) may dictate which model is acceptable, as some providers offer compliance certifications.
Determine Cost Structure
Cost models vary: IaaS charges for compute, storage, and network usage; PaaS charges for resources consumed by the application; SaaS charges per user per month. IaaS can be cost-effective for variable workloads but may require over-provisioning. PaaS eliminates infrastructure management costs but may have higher runtime costs. SaaS has predictable per-user costs but can become expensive at scale. The exam may ask you to compare cost implications for different scenarios.
Enterprise Scenario 1: Migrating On-Premises Workloads to IaaS
A large financial institution needs to migrate its legacy customer relationship management (CRM) system from an on-premises data center to the cloud. The CRM runs on a custom Linux distribution with specific kernel modules. The IT team wants full control over the OS to maintain compatibility and security. They choose IaaS (e.g., AWS EC2) to replicate their on-premises environment as virtual machines. They configure virtual networks, security groups, and load balancers. The migration involves creating AMIs of the existing servers and deploying them to EC2. The team must manage patching, backups, and disaster recovery themselves. They use auto-scaling to handle variable loads during peak trading hours. A common pitfall is underestimating the cost of data egress; they implement a cost monitoring dashboard to avoid surprises.
Enterprise Scenario 2: Developing a Web Application with PaaS
A startup is building a new web application for online collaboration. The development team wants to focus on writing code in Python and deploying quickly without managing servers. They choose PaaS (e.g., Google App Engine). The platform automatically provisions the runtime environment, scales the application based on traffic, and handles load balancing. The developers simply push their code via git, and the platform builds and deploys it. They use a managed database service (Cloud SQL) as part of the PaaS offering. The startup benefits from reduced operational overhead and faster time to market. However, they encounter vendor lock-in when they need a specific Python library not supported by the platform. They mitigate this by using containerization (Docker) and a container-based PaaS like Google Cloud Run.
Enterprise Scenario 3: Adopting SaaS for Enterprise Communication
A multinational corporation with 10,000 employees needs a unified communication platform including email, instant messaging, video conferencing, and file sharing. They choose Microsoft 365 (SaaS). The provider manages the infrastructure, platform, and application. The IT department configures user accounts, sets up security policies, and manages data retention. Employees access the services via web browsers or mobile apps. The corporation benefits from predictable per-user pricing, automatic updates, and global scalability. A challenge is ensuring compliance with data residency laws; they use Microsoft's data center regions to store data in specific geographic locations. Another issue is integration with existing on-premises systems; they use Azure Active Directory Connect to synchronize identities. The main risk is service outages; they implement a business continuity plan that includes fallback to on-premises email servers.
What the 220-1101 Tests
CompTIA A+ 220-1101 Objective 4.2 requires you to "Compare and contrast cloud computing concepts." Specifically, you must know the differences between IaaS, PaaS, and SaaS, and be able to identify which model is being used in a given scenario. The exam typically presents a short description of a company's cloud usage and asks you to select the correct service model. You may also be asked about the level of control or responsibility associated with each model.
Common Wrong Answers and Why Candidates Choose Them
Confusing IaaS with PaaS: Candidates see that the company manages its own applications and think it must be PaaS, but if the company also manages the OS, it is IaaS. The key is who manages the OS. If the customer manages the OS, it's IaaS.
Thinking SaaS always means web-based email: While web email is a common example, SaaS includes many applications like Salesforce, Slack, and Zoom. Candidates may incorrectly assume that any application accessed via a browser is SaaS, but a web application hosted on IaaS is not SaaS.
Assuming PaaS gives full control over the runtime: In PaaS, the provider manages the runtime environment. Candidates may think they can install custom libraries or modify the OS, but that is not typically allowed. PaaS abstracts the underlying platform.
Mixing up shared responsibility: Candidates may think that in SaaS, the customer is responsible for patching the application. In reality, the provider patches everything. The customer only manages user access and data.
Specific Numbers, Values, and Terms That Appear on the Exam
Examples: AWS EC2 (IaaS), Google App Engine (PaaS), Salesforce (SaaS)
Key phrases: "most control over the operating system" refers to IaaS; "least management overhead" refers to SaaS; "develop and deploy applications without managing servers" describes PaaS.
Shared responsibility: Know that in IaaS, the customer manages the OS; in PaaS, the provider manages the OS; in SaaS, the provider manages the entire application.
Edge Cases and Exceptions
Containers and PaaS: Some PaaS platforms allow you to bring your own container images, blurring the line between IaaS and PaaS. The exam focuses on traditional definitions, so assume PaaS provides a managed runtime unless stated otherwise.
Desktop as a Service (DaaS): This is a subset of SaaS where virtual desktops are delivered. The exam may mention DaaS as an example of SaaS.
Function as a Service (FaaS): This is serverless computing, often considered a subset of PaaS. The exam does not require deep knowledge of FaaS, but be aware it exists.
How to Eliminate Wrong Answers
If the scenario mentions "virtual machines" or "compute instances," it is likely IaaS.
If the scenario mentions "deploying code" or "platform for development" without managing servers, it is PaaS.
If the scenario mentions "ready-to-use software" or "subscription-based application," it is SaaS.
If the question asks who is responsible for patching the OS, the answer is the customer for IaaS, the provider for PaaS and SaaS.
IaaS provides virtual machines; you manage the OS, apps, and data.
PaaS provides a development platform; you manage only your code and data.
SaaS provides ready-to-use software; you manage only user access and data.
The shared responsibility model defines who manages what: IaaS gives most control to customer; SaaS gives least.
Common examples: AWS EC2 (IaaS), Google App Engine (PaaS), Salesforce (SaaS).
IaaS requires OS patching by the customer; PaaS and SaaS have the provider handle OS patching.
Scalability: PaaS and SaaS often auto-scale; IaaS may require manual or auto-scaling configuration.
Cost models: IaaS pay-per-resource, PaaS pay-per-consumption, SaaS pay-per-user.
These come up on the exam all the time. Here's how to tell them apart.
IaaS
Provides virtual machines, storage, and networking.
Customer manages the OS, applications, and data.
Highest level of control and flexibility.
Requires significant management overhead.
Examples: AWS EC2, Azure VMs.
PaaS
Provides a platform for developing and deploying applications.
Customer manages only applications and data.
Less control; provider manages OS and runtime.
Reduced management overhead.
Examples: Google App Engine, Azure App Services.
PaaS
Customer develops and deploys their own applications.
Customer manages application code and data.
Provider manages OS, runtime, and infrastructure.
Some configuration of the platform is possible.
Pricing based on resource consumption.
SaaS
Customer uses ready-made software applications.
Customer manages only user access and data.
Provider manages everything including the application.
Minimal configuration; software is used as-is.
Pricing per user per month.
Mistake
IaaS and PaaS are the same because both provide virtual machines.
Correct
IaaS provides virtual machines with full control over the OS. PaaS provides a platform to run applications without managing the underlying VMs or OS. In PaaS, you do not have access to the OS; you only deploy your code.
Mistake
SaaS means any web-based application.
Correct
SaaS is specifically a cloud delivery model where the provider hosts and manages the entire application. A web application hosted on IaaS is not SaaS—it is just a web app running on IaaS.
Mistake
In PaaS, the customer is responsible for patching the operating system.
Correct
In PaaS, the provider manages the OS and runtime. The customer is only responsible for their application code and data. Patching the OS is the provider's responsibility.
Mistake
Cloud service models are mutually exclusive; you can only use one.
Correct
Organizations often use a mix of IaaS, PaaS, and SaaS for different workloads. This is called a hybrid cloud strategy. For example, a company might use SaaS for email, PaaS for development, and IaaS for legacy applications.
Mistake
IaaS is always cheaper than PaaS or SaaS.
Correct
IaaS can be more expensive due to management overhead, licensing, and the need for skilled staff. PaaS and SaaS may have higher per-unit costs but reduce operational expenses. Total cost of ownership depends on the specific use case.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
IaaS provides virtualized computing resources (VMs, storage, networking) where you manage the OS and applications. PaaS provides a platform to develop and deploy applications without managing the underlying infrastructure. In IaaS, you have full control over the OS; in PaaS, the provider manages the OS and runtime. Use IaaS for custom environments, PaaS for application development.
IaaS gives the customer the most control because they manage the operating system, applications, and data. The provider only manages the physical hardware and virtualization layer. This allows installation of custom software and full configuration of the OS.
Common examples of SaaS include Google Workspace (Gmail, Google Docs), Microsoft 365, Salesforce, Zoom, and Slack. These are fully managed applications accessed via a web browser or client app, with the provider handling all infrastructure and maintenance.
In PaaS, the cloud provider is responsible for patching the operating system and runtime environment. The customer is only responsible for their application code and data. This reduces management overhead for the customer.
No, in PaaS you cannot run a custom OS. The provider manages the OS and runtime. You are limited to the supported languages, frameworks, and configurations. If you need a custom OS, you should use IaaS instead.
The shared responsibility model defines which security and management tasks are handled by the cloud provider versus the customer. For IaaS, the provider manages physical infrastructure; the customer manages OS, apps, and data. For PaaS, the provider manages OS and runtime; the customer manages apps and data. For SaaS, the provider manages everything except user access and data.
IaaS pricing is typically based on resource usage (compute hours, storage GB, data transfer). PaaS pricing is based on resource consumption by the application (CPU, memory, storage). SaaS pricing is usually a per-user monthly subscription fee. Each model has different cost structures suitable for different use cases.
You've just covered IaaS, PaaS, SaaS for A+ — now see how well it sticks with free 220-1101 practice questions. Full explanations included, no account needed.
Done with this chapter?