What Is Infrastructure as a Service (IaaS)?

Cloud services can be provided in various models, and they differ by the levels of services under the control of the cloud provider versus the cloud customer. Infrastructure as a Service (IaaS) is the cloud model that provides the cloud customer with the greatest level of control over their infrastructure stack. In the IaaS model, the cloud provider virtualizes compute, storage and networking.

Request a Demo Learn More

What Is Infrastructure as a Service (IaaS)?

How Does IaaS Work?

All cloud service models offer on-demand access to cloud services with built-in resiliency, high availability, and access to resources on an as-needed basis. Cloud customers pay for these services under a pay-as-you-go model where they only pay for the resources and services that they use.

With IaaS, compute, networking, and storage hardware devices are provided and managed by the cloud provider. Computational resources are commonly provided as preconfigured Virtual Machines or VMs (sometimes referred to as “instances”) that the customer can quickly deploy. Similarly, cloud providers offer virtualized storage and networking resources.

Infrastructure as a Service (IaaS) Architecture

Like all cloud models, the IaaS delivery model splits responsibility for infrastructure between the cloud provider and customer. Under the cloud provider’s control are:

  • Physical Servers: The cloud provider is responsible for maintaining the physical servers within the cloud data center.
  • Storage: The cloud provider is responsible for maintaining the physical storage hardware devices within the cloud data center.
  • Networking: The cloud provider operates the physical network infrastructure (routers, etc.) as well as implementing software-defined networking (SDN) to carry traffic inside the cloud environment or out to the public Internet.
  • Virtualized Resources: The cloud provider is responsible for the hypervisor managing the VMs and the compute, networking, and storage resources that these VMs can access.

The cloud customer is also responsible for certain aspects of the cloud infrastructure stack, including:

 

    • Virtual Machines: The cloud customer deploys VMs within the provided environment and is responsible for correctly and securely configuring and managing these VMs.
    • Virtual Storage: The cloud customer deploys virtual storage services and is responsible for securing the access to these services and securing the data therein.  
  • Virtual Networking: The cloud customer is also responsible for virtualized networking infrastructure, such as the network capabilities of deployed instances and software-defined networking (SDN) solutions deployed within a cloud environment.
  • Data and Applications: The cloud customer is also responsible for everything deployed inside their cloud infrastructure, including the operating system (OS), applications, and data.

Benefits of IaaS

IaaS and other cloud deployment models are rapidly growing in popularity due to their many benefits. Some of the main selling points of IaaS include:

  • Cost Savings: Cloud environments enable cloud customers to outsource responsibility for their underlying infrastructure. The pay-as-you-go model can provide significant cost savings compared to an on-prem data center where the company needs to pay for resources whether or not they are used. Cloud customers are able to reduce their up-front costs of purchasing physical infrastructure (CapEx) by moving to a monthly operating cost model (OpEx) by switching to a cloud environment.
  • Flexibility and Scalability: Cloud providers use resource pooling to offer customers access to a set of available resources. This enables organizations to rapidly scale their cloud footprint up or down, and adapt to evolving business needs.
  • Agility: IaaS allows companies to access virtualized network, storage, and compute resources in a managed environment. This permits significant agility since companies can deploy or spin down virtual resources on an as-needed basis.
  • Simplified Management: IaaS outsources management of physical infrastructure to the cloud provider. This enables the organization to focus its resources on higher levels of its software stack.
  • Redundancy and Fault Tolerance: Cloud service providers enable  fault tolerance and redundancy via multiple availability zones. This provides greater resiliency than many organizations can achieve with traditional data centers.
  • Focus on core business: IaaS eliminates the responsibility of owning, deploying, maintaining and managing physical infrastructure. As a result, companies can focus their efforts and resources on their core business.

Infrastructure as a Service vs. Platform as a Service

IaaS and Platform as a Service (PaaS) are both common cloud service models (see diagram below). They mainly differ in the division of control between the cloud provider and customer.

With IaaS, the cloud customer is provided with an environment where they can deploy virtual compute, storage and networking services. The security of those virtual services is the customer’s responsibility. With PaaS, the cloud customer is provided with a managed software platform where they can deploy applications. The runtime environment — the underlying virtual infrastructure, including storage, compute and networking, etc. — is managed by the cloud provider.

Infrastructure as a Service Security

With all cloud service models, an understanding of the cloud shared responsibility model is vital for cloud security. This model describes the security responsibilities of the cloud provider, the cloud customer, and those shared between them.

In an IaaS environment, the cloud customer is responsible for cloud computing security, including their virtual machines, storage, networking and the data and applications within them. To protect against multi-layer cloud security threats and ensure a robust cloud security posture, the cloud customer should implement a multi-layered and unified cloud security platform. The tools and services offered by cloud providers to help users uphold their end of the shared responsibility model are important elements of any cloud security solution. However, cloud providers are not specialists in security; these cloud provider tools and services must be complemented and enhanced by specialized partner solutions in order to achieve enterprise-grade cloud security.

A key foundational layer is cloud network security, where cloud customers should deploy virtual security gateways to provide next generation firewall capabilities of advanced threat prevention, traffic inspection and micro-segmentation. Such security solutions use multiple layered security technologies

including Firewall, IPS, Application Control, DLP and others.

Securing IaaS with CloudGuard

Companies are still responsible for their security in the cloud, and the best way to protect IaaS environments is by using solutions designed to address cloud security challenges.

Check Point CloudGuard makes it easy for companies to extend enterprise-grade network security to the cloud and integrate it with their existing network security architecture. To learn more about how CloudGuard can help secure your cloud environment, sign up for a free demo today.

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK