This chapter dives into Platform as a Service (PaaS) and its advantages over Infrastructure as a Service (IaaS) in Microsoft Azure. Understanding the differences between PaaS and IaaS is critical for the AZ-900 exam, as it tests your ability to recommend the right service model for business scenarios. The Cloud Concepts domain (15-20% of the exam) includes objective 1.2: 'Describe the benefits of using cloud services, including high availability, scalability, elasticity, agility, and disaster recovery.' PaaS advantages directly tie into agility, scalability, and reduced management overhead. By the end of this chapter, you will clearly articulate why PaaS often outperforms IaaS for application development and deployment.
Jump to a section
Imagine you are starting a new business and need an office. With IaaS (unfurnished), you rent an empty space. You must buy desks, chairs, computers, install lighting, set up internet, and manage cleaning yourself. You have full control but must handle everything. With PaaS (furnished), you rent a fully equipped office: desks, chairs, computers, internet, and cleaning service are all included. You just bring your employees and start working. The landlord (Azure) handles maintenance, upgrades, and security. You focus on your business, not the office. In Azure, IaaS gives you VMs, storage, and networking—you manage the OS, middleware, and runtime. PaaS provides a complete platform—you deploy your code, and Azure manages the underlying infrastructure, OS updates, scaling, and high availability. The mechanism: Azure abstracts the hardware and OS layer, providing APIs and runtime environments (e.g., App Service, Azure SQL Database) so you only worry about your application and data.
What is PaaS and the Business Problem It Solves
Platform as a Service (PaaS) is a cloud computing model where the cloud provider (Azure) delivers a managed platform that includes operating system, middleware, runtime, and infrastructure. You deploy your applications without worrying about the underlying hardware or software layers. The business problem PaaS solves is the operational overhead of managing infrastructure. In traditional on-premises or IaaS models, IT teams spend significant time patching OS, configuring firewalls, managing load balancers, and scaling hardware. PaaS eliminates this, allowing developers to focus on writing code and delivering business value.
How PaaS Works – Step by Step
Provisioning: You create a PaaS resource in Azure (e.g., App Service, Azure SQL Database, Azure Functions). Azure automatically allocates compute, storage, and networking resources behind the scenes.
Deployment: You upload your application code (e.g., a web app built in .NET, Java, or Node.js) or data schema. Azure handles the runtime environment (IIS, Tomcat, etc.) and dependencies.
Scaling: You configure scaling rules (e.g., scale out to 10 instances when CPU > 70%). Azure automatically adds or removes resources horizontally.
Maintenance: Azure applies OS and middleware patches, performs backups, and manages hardware failures transparently.
Monitoring: You use Azure Monitor and Application Insights to track performance, errors, and usage.
Key Components of PaaS in Azure
Azure App Service: Host web apps, REST APIs, and mobile backends. Supports multiple languages and auto-scaling.
Azure SQL Database: Fully managed relational database with built-in high availability, backups, and patching.
Azure Functions: Serverless compute for event-driven code. No infrastructure management at all.
Azure Logic Apps: Workflow automation without code.
Azure Kubernetes Service (AKS): Managed Kubernetes – you manage containers, Azure manages the control plane.
Pricing Models
PaaS typically uses consumption-based or reserved pricing. For example, App Service has a Free tier (shared infrastructure, limited features) and paid tiers (Basic, Standard, Premium) with dedicated compute and SLA. Azure SQL Database offers DTU (Database Transaction Unit) or vCore-based pricing. You pay for the compute and storage you allocate, not the underlying VMs.
Comparison to On-Premises
On-premises: You buy servers, install OS, configure networking, patch everything, and manage physical failures. With PaaS, you abstract all that. For example, moving an on-premises SQL Server to Azure SQL Database eliminates the need for DBA tasks like index maintenance, backup management, and patching.
Azure Portal and CLI Touchpoints
Portal: Navigate to App Services -> Create -> Fill in name, runtime stack, region, and pricing tier. The wizard provisions everything.
CLI:
az webapp create --name MyApp --resource-group MyRG --plan MyPlan --runtime "node|14-lts"This command creates an App Service plan and web app in seconds.
Advantages of PaaS over IaaS
Reduced Management: Azure manages OS, middleware, and runtime. In IaaS, you manage the VM, OS, and all software.
Faster Deployment: PaaS allows you to deploy code in minutes vs. hours/days for IaaS (provision VM, install OS, configure).
Built-in Scalability: PaaS services have auto-scaling built-in. In IaaS, you must configure scale sets and load balancers manually.
High Availability: PaaS often includes built-in redundancy (e.g., Azure SQL Database has 99.99% SLA with geo-replication). In IaaS, you must architect HA yourself.
Cost Efficiency: PaaS eliminates idle resources because scaling is dynamic. IaaS often leads to overprovisioning.
Security: Azure patches the platform; you only secure your application and data. In IaaS, you must patch OS and middleware.
Disadvantages of PaaS (Important for Exam)
Vendor Lock-in: PaaS services may have proprietary APIs. Migrating away from Azure App Service may require code changes.
Less Control: You cannot modify the underlying OS or install custom software. IaaS gives full control.
Compatibility: Some legacy applications may not run on PaaS (e.g., require specific Windows features).
Cost at Scale: Very large, consistent workloads may be cheaper on IaaS reserved instances.
When to Choose PaaS vs. IaaS
Choose PaaS when: building new cloud-native apps, want rapid development, need built-in scaling, or lack infrastructure expertise.
Choose IaaS when: need full control, running legacy apps, have specific compliance requirements, or want to migrate existing VMs as-is.
Create an App Service Plan
In the Azure portal, navigate to App Services and click 'Create'. First, you create an App Service Plan – this defines the region, number of instances, size (e.g., S1, P1v2), and pricing tier. The plan determines the underlying VMs that host your web app. You can choose a shared (Free/Shared) or dedicated (Basic/Standard/Premium) plan. For production, Standard or Premium is recommended. Azure provisions the plan immediately; you see it in your resource group.
Deploy Your Application Code
After creating the web app, you deploy code via FTP, Git, Azure DevOps, or directly from the portal (Quickstart). Azure App Service supports multiple runtime stacks: .NET, Java, Node.js, Python, PHP, Ruby. Behind the scenes, Azure sets up IIS (for Windows) or a containerized environment (for Linux) and mounts your code. The deployment takes seconds to minutes depending on size. You can configure deployment slots (e.g., staging) for zero-downtime updates.
Configure Auto-Scaling
In the App Service plan, go to 'Scale out (App Service plan)'. You can set rules based on metrics like CPU percentage, memory, or HTTP queue length. For example, scale out by 1 instance when CPU > 70% for 5 minutes, scale in when CPU < 30%. Azure automatically adds or removes VM instances behind the load balancer. The minimum and maximum instance counts define the range. Auto-scaling is free; you pay for the instances used.
Set Up Monitoring and Alerts
Enable Application Insights to monitor request rates, response times, and failures. In the portal, under 'Monitoring', you can create alerts (e.g., send email when HTTP 500 errors exceed 10 in 5 minutes). Azure Monitor collects metrics and logs. For example, you can query logs with Kusto to diagnose slow requests. This is crucial for maintaining SLA and troubleshooting.
Enable Backup and Restore
Under 'Backups' in the web app, configure a storage account and schedule (e.g., daily). Azure takes snapshots of your app content and configuration. Backups include the database if you use Azure SQL Database. You can restore to a different slot or app. This protects against accidental deletion or corruption. The backup process uses Azure Blob Storage and is incremental to save costs.
Scenario 1: E-Commerce Startup
A startup building an online store chooses Azure App Service (PaaS) over IaaS. They deploy a Node.js web app with auto-scaling to handle Black Friday traffic spikes. The team uses deployment slots to test new features before swapping to production. Azure SQL Database stores product and order data with geo-replication for disaster recovery. Cost: ~$200/month for Standard tier. Without PaaS, they would need to hire a sysadmin to manage VMs, causing delays and higher costs. When incorrectly set up (e.g., no auto-scaling rules), the site crashes under load, losing revenue.
Scenario 2: Enterprise Data Warehouse
A large retailer uses Azure Synapse Analytics (PaaS) to process petabytes of sales data. They ingest data from on-premises SQL Server using Azure Data Factory. Synapse automatically scales compute resources during heavy ETL jobs and pauses during idle periods to save costs. The team writes SQL queries without managing clusters. When misconfigured (e.g., wrong performance tier), queries run slowly and exceed budget. PaaS abstracts the complexity of distributed computing.
Scenario 3: Serverless Backend for Mobile App
A mobile app startup uses Azure Functions (PaaS) to process user uploads and send push notifications. Each function runs only when triggered (e.g., new blob in storage). They pay per execution (consumption plan) – millions of executions cost pennies. No servers to manage. When they accidentally set the function timeout too low, long-running tasks fail. PaaS allows them to focus on app features rather than infrastructure.
Objective 1.2: Describe the benefits of using cloud services
The AZ-900 exam tests your ability to compare PaaS and IaaS and recommend the appropriate model. Questions often present a business scenario (e.g., 'A company wants to deploy a web app with minimal management overhead') and ask which service model to use.
Common Wrong Answers and Why
'IaaS because it gives more control' – While true, if the scenario emphasizes 'minimal management' or 'focus on code,' IaaS is wrong. Candidates choose IaaS because they think control is always better, but the question asks for the best fit.
'SaaS because it's fully managed' – SaaS is for end-user applications (e.g., Office 365). PaaS is for deploying custom apps. Candidates confuse PaaS and SaaS because both are managed.
'On-premises because it's more secure' – The exam assumes cloud is the choice. On-premises is not a cloud service model.
Specific Terms and Values
PaaS = Platform as a Service. You manage only your application and data.
IaaS = Infrastructure as a Service. You manage OS, middleware, and runtime.
SaaS = Software as a Service. You manage nothing except configuration.
Shared responsibility model: In PaaS, Azure manages the platform (OS, network, storage); you manage app and data. In IaaS, you manage more.
Edge Cases
What about Azure Functions? It's serverless PaaS – you upload code, Azure runs it. No VM management. The exam may ask: 'Which service model allows you to run code without provisioning servers?' Answer: PaaS (specifically serverless).
Containers: AKS is PaaS for containers (managed Kubernetes). You manage containers, Azure manages the control plane. Some candidates think containers are always IaaS, but AKS is PaaS.
Memory Trick
'PaaS = P for Platform, but think 'P for Painless'' – PaaS removes the pain of managing infrastructure. When a question says 'minimal management,' 'focus on development,' or 'auto-scaling,' think PaaS. If it says 'full control,' 'custom OS,' or 'legacy app,' think IaaS.
PaaS = Platform as a Service; you manage only your apps and data.
Azure App Service is a key PaaS offering for web apps and APIs.
PaaS reduces management overhead vs. IaaS (no OS patching, no hardware management).
PaaS includes built-in auto-scaling, high availability, and disaster recovery.
Serverless (Azure Functions) is a subset of PaaS with even less management.
AZ-900 tests your ability to choose between IaaS, PaaS, and SaaS based on management level.
PaaS can lead to vendor lock-in due to platform-specific APIs.
These come up on the exam all the time. Here's how to tell them apart.
PaaS (App Service)
Azure manages OS, middleware, runtime
Auto-scaling built-in
Deploy code in minutes
Pay per app plan (compute + storage)
Limited to supported runtime stacks
IaaS (Virtual Machines)
You manage OS, updates, and software
Must configure scale sets and load balancers
Provision VM, install OS, configure (hours)
Pay per VM (compute + storage + licensing)
Full control over OS and custom software
Mistake
PaaS is the same as SaaS because both are fully managed.
Correct
SaaS provides ready-to-use software (e.g., Office 365). PaaS provides a platform to build and run your own applications. In PaaS, you manage the app and data; in SaaS, you only configure settings.
Mistake
PaaS always costs more than IaaS.
Correct
PaaS can be cheaper because you only pay for what you use (consumption model) and avoid idle resources. IaaS often requires overprovisioning. However, very large, predictable workloads may be cheaper on IaaS reserved instances.
Mistake
You cannot migrate an existing on-premises app to PaaS without rewriting it.
Correct
Many apps can be migrated to PaaS with minimal changes if they use supported runtimes (e.g., ASP.NET to App Service). However, apps requiring custom OS features may need IaaS.
Mistake
PaaS provides no control over security.
Correct
You still control application security, data encryption, and identity management. Azure secures the platform. The shared responsibility model applies.
Mistake
PaaS services do not support Windows applications.
Correct
Azure App Service supports both Windows and Linux. Many PaaS services like Azure SQL Database run on Windows. The platform is OS-agnostic in terms of management.
The main difference is the level of management. In PaaS, Azure manages the operating system, middleware, and runtime; you only manage your application and data. In IaaS, you manage the OS, middleware, and runtime, while Azure manages the physical hardware. For AZ-900, remember that PaaS reduces your management responsibilities compared to IaaS.
Azure SQL Database is a PaaS offering. It provides a fully managed relational database engine. You do not manage the underlying OS or SQL Server installation. Azure handles patching, backups, and high availability. This is different from SQL Server on an Azure VM (IaaS), where you manage everything.
No. PaaS supports specific runtime stacks (e.g., .NET, Java, Node.js, Python). If your application requires custom OS components or a specific version of Windows, you may need IaaS. For the exam, remember that PaaS is best for cloud-native apps, while IaaS is for legacy or custom environments.
In PaaS, Azure is responsible for the physical infrastructure, network, storage, operating system, and middleware. You are responsible for your application code, data, and access management. This is a key exam concept: PaaS shifts more responsibility to Azure compared to IaaS.
PaaS services like App Service have built-in auto-scaling. You define rules based on metrics (e.g., CPU > 70%) and Azure automatically adds or removes instances. In IaaS, you must configure Virtual Machine Scale Sets and load balancers manually. PaaS scaling is easier and faster.
Serverless computing is a subset of PaaS where you write code (functions) that run in response to events. Azure Functions is the main serverless offering. You do not provision or manage any servers; you pay only for execution time. The exam may ask which service model allows 'zero infrastructure management' – answer: serverless (PaaS).
Azure App Service offers a 99.95% SLA for Standard tier and above when deployed across multiple instances. The SLA covers connectivity to the web app. For 99.99% SLA, you need Premium tier with multiple instances. Always check the SLA for the specific service tier.
You've just covered PaaS Advantages over IaaS — now see how well it sticks with free AZ-900 practice questions. Full explanations included, no account needed.
Done with this chapter?