How to choose a PaaS or IaaS that aligns with DevOps 5 PaaS security best practices to safeguard the app layer

IaaS vs. PaaS options on AWS, Azure and Google Cloud Platform

Looking to shift your organization's workloads to the cloud? Understand the advantages and disadvantages of IaaS and PaaS options on AWS, Azure and Google Cloud Platform.

IaaS and PaaS are two of the oldest and most widely used categories of cloud computing services, and although they overlap in some ways, they're fundamentally different types of cloud offerings.

Enterprises must understand those differences in order to choose the right type of cloud service or architectural strategy for a given use case. This article explains the benefits and drawbacks of IaaS vs. PaaS and surveys the main IaaS and PaaS offerings available from AWS, Microsoft Azure and Google Cloud Platform.

IaaS vs. PaaS, defined

IaaS provides on-demand access to virtualized IT infrastructure via the internet. Typically, IaaS provides access only to core infrastructure components: compute, networking and storage. From there, users install and manage the software they want to run on top of that cloud-based infrastructure.

Cloud providers maintain and monitor the physical infrastructure to deliver IaaS, but it's the user's responsibility to secure and monitor the workloads that run on that platform. Thus, the primary value of IaaS is that it eliminates the need for users to purchase, set up and maintain physical servers.

IaaS doesn't offer special benefits when it comes to workload deployment and management, since deploying and managing workloads remains the responsibility of IaaS users, not cloud providers.

Originally, IaaS was the backbone of major public clouds such as AWS, which released database and VM-hosting services in the mid-2000s. Only later did those vendors add service options -- including PaaS -- that enabled enterprises to focus more on development rather than management.

PaaS provides software tools to help customers develop and deploy applications, in addition to the infrastructure needed to host those applications. By addressing requirements related to host infrastructure as well as application deployment, PaaS simplifies workload management from an end-to-end perspective.

PaaS is less flexible than IaaS because most PaaS platforms support only certain approaches to application development or deployment; for example, some restrict development to particular programming languages. Thus, there are limitations on the types of workloads you can run using a PaaS, and a PaaS typically can't serve as a general-purpose replacement for an organization's entire IT infrastructure and software development workflow.

Heralded by offerings from vendors such as Heroku, PaaS offerings became popular in the mid-2000s. That was the same time IaaS emerged, but PaaS evolved independently from IaaS because, in most cases, the early major IaaS providers -- like AWS -- did not originally include PaaS among their cloud services. AWS didn't launch its first PaaS offering, Elastic Beanstalk, until 2011, by which time AWS was already an established IaaS provider. Likewise, most PaaS providers did not branch off to provide standalone IaaS services alongside their PaaS offerings.

Where the lines blur between IaaS vs. PaaS

At the outset, the differences between IaaS and PaaS were clear. Each type of offering worked in a different way and was delivered from different types of vendors. But that has changed in recent years, as the lines separating IaaS vs. PaaS have blurred.

The main reason why is that, over the past decade, IaaS providers have introduced a variety of tools their customers can use to build and deploy applications directly within their clouds. These products provide a PaaS-like experience, although it's debatable whether they represent PaaS in the traditional sense. Key differences include the following:

  • In most cases, cloud providers' PaaS systems are built using open source tools and technology, like Docker containers, whereas traditional PaaS platforms depend mostly on proprietary technology.
  • Use of application development and deployment tools within IaaS platforms is optional. If you just want IaaS, cloud providers will still sell it to you and leave it up to you to decide how you develop and deploy the applications. In contrast, traditional PaaS offerings require customers to use both their software delivery tools and hosting infrastructure.

A second reason why the difference between IaaS and PaaS is ambiguous today is that many cloud providers now offer IaaS products coupled with management services that make the offerings similar to traditional PaaS.

For instance, AWS, Azure and Google Cloud Platform (GCP) each offer fully managed Kubernetes distributions -- namely, Amazon Elastic Kubernetes Service (EKS), Microsoft Azure Kubernetes Service and Google Kubernetes Engine. Although these distributions don't include application development tooling, which makes them dissimilar to a PaaS, they provide the type of turnkey hosting experience customers used to receive only from a PaaS. They also reduce the amount of provisioning, monitoring and other management work associated with traditional IaaS platforms.

Other Kubernetes distributions -- ones not linked to major IaaS providers -- go even further in emulating the features of a traditional PaaS. The best example is Red Hat OpenShift, which couples Kubernetes with other tooling to provide a full application development and deployment offering that's compatible with both cloud-based and self-hosted infrastructure.

The bottom line is that although IaaS and PaaS remain fundamentally different types of cloud offerings, many IaaS providers now offer services that extend their platforms into PaaS-like products in certain key ways. Gone are the days when the IaaS and PaaS market were cleanly differentiated from one another.

When to use IaaS or PaaS

With a basic grasp of the benefits and differences of IaaS vs. PaaS, now you can consider which one is right for a given workload.

IaaS is typically the best option for companies with the resources to develop, deploy and manage applications using tools they're willing to set up and manage on their own. IaaS is also preferable if a user requires components that aren't provided by a PaaS offering, such as a specific development tool or custom OS.

The most common use case for IaaS is when an organization has its app -- or the in-house resources to develop it -- and simply needs infrastructure to host it. For example, a retailer that has built an online marketplace might turn to an IaaS provider to host that workload. Or a company could choose an IaaS hosting product to migrate its on-premises payroll system to the cloud.

PaaS is a better option for organizations that have fewer resources to develop and manage applications, and will therefore benefit from a ready-to-use, all-in-one offering for software delivery and hosting. PaaS doesn't eliminate the need for developers, but it streamlines development and deployment operations and bundles them with hosting infrastructure. For that reason, PaaS can be more attractive to SMBs that want to get apps out the door quicker.

In general, IaaS costs less than PaaS for workloads with comparable resource consumption, but you might need to pay for software tools from other sources, which can be more expensive than acquiring them as part of a PaaS. There are other cost factors as well, including potential overhead for infrastructure maintenance. And the extent to which you use cloud optimization tools and techniques will likely have a larger overall effect on your spending than whether you choose IaaS or PaaS.

IaaS vs. PaaS vs. SaaS comparison
Compare the three cloud computing service categories.

How cloud IaaS and PaaS services compare

Today, the major cloud computing vendors -- AWS, Microsoft and Google -- offer both IaaS and PaaS options. However, they vary in how they organize those PaaS-related cloud services.

AWS doesn't provide PaaS in the traditional sense. Elastic Beanstalk comes close, but its narrow feature set makes it a poor substitute for a traditional, full-featured PaaS like Heroku. However, AWS makes it easy for customers to integrate various AWS products to create a PaaS tailored to their needs.

In contrast, Microsoft Azure and Google Cloud Platform have bundled collections of tools and services to provide an end-to-end PaaS option, although they provide different software tools and hosting options within those service collections.

AWS IaaS and PaaS offerings

On AWS, the primary IaaS to host VMs is Amazon EC2. Like other major IaaS providers, AWS offers a broad range of instance types among the major cloud providers, with a range of general-purpose VMs and instances tailored to memory, compute and storage.

Users often combine EC2 with one or more AWS data storage services to host an application and the data it requires to operate. AWS offers several storage options, including the following:

  • Amazon S3
  • Amazon Elastic Block Store
  • Amazon Elastic File System
  • Amazon FSx

Although no single Amazon cloud service constitutes a traditional PaaS, AWS offers several services that customers can easily integrate to create a PaaS:

  • AWS Cloud9. This cloud-based integrated development environment is used to develop applications.
  • AWS CodePipeline. Developers can use this tool to build and deploy applications. It supports deployment to a variety of AWS hosting options, such as EC2 VMs or containers on Amazon ECS.
  • AWS CodeDeploy. This deployment service enables enterprises to automate deployments to various AWS compute services. Combined with CodePipeline, CodeDeploy can be used to create something closely resembling a PaaS on top of an IaaS.
  • AWS Elastic Beanstalk. Developers use Elastic Beanstalk -- which, as we've noted, is the closest thing AWS offers to a conventional, standalone PaaS -- to upload code for web apps and services and run them on AWS servers. AWS handles the deployment, provisioning and load balancing. Beanstalk optionally supports containerized applications, but it doesn't include the application orchestration features available from a dedicated orchestration engine like Kubernetes.
  • AWS EKS. As noted above, EKS, the AWS managed Kubernetes platform, provides a simple solution to host and orchestrate applications with minimal infrastructure management required on the part of customers. The caveat is that the applications must run in containers, so EKS isn't compatible with all apps.

Compared to the other major cloud vendors, AWS offers the least integration between its various PaaS-related services. To provide PaaS features, users must connect several services together to build a complete application development and deployment pipeline. This approach appeals to organizations that prefer to pick and choose their tooling, but they must familiarize themselves with multiple AWS offerings and take steps to integrate them.

IT management responsibilities

Enterprises' infrastructure management responsibilities change based on whether they choose an on-premises, IaaS, PaaS or SaaS deployment.

Microsoft IaaS and PaaS offerings

Azure Virtual Machines is Microsoft's main compute offering to host VMs in the cloud. There are compute-optimized, memory-optimized, burstable and general-purpose VM types. For data storage, Azure provides Azure Storage and Azure Databases. Its storage offerings are divided into subcategories, including the following:

  • Azure Disk Storage
  • Azure File Storage
  • Azure Blob Storage

Azure's PaaS offerings are grouped into a category of services called Azure App Service, which provides hosting and tools to streamline application development and deployment using a variety of languages and frameworks. App Service also offers flexibility for organizations that want to customize how their PaaS runs. The tools incorporated in App Service include the following:

  • Azure Web Apps
  • Azure Web App for Containers
  • Azure API Apps

Among cloud providers, Azure arguably comes closest to offering a single, turnkey PaaS offering via App Service. Thus, Azure is a good choice for businesses that seek an easy on-ramp to set up tools needed to run a PaaS within an IaaS platform.

Google IaaS and PaaS offerings

Like AWS and Azure, Google provides a compute IaaS offering -- Google Compute Engine -- which offers predefined and custom machine types. Google also has storage services, such as the following:

Google's main PaaS platform, App Engine, is similar to Azure App Service in that it supports the development and deployment of applications written in a variety of languages and frameworks. It also features a variety of deployment tools and approaches, including the following:

  • a standard environment for sandbox deployments, certain specific source codes, low-cost apps and rapid, spike-filled scaling demands; and
  • a flexible environment for containerized apps run on Google Compute Engine, apps that rely on the Compute Engine network, as well as those with steady traffic, custom runtimes and a reliance on frameworks with native code.

Developers can also combine the standard and flexible environments in App Engine as needed. Because of these options, App Engine has more flexibility than Azure App Service overall.

Google also offers Cloud Run, another PaaS-like service in GCP. Cloud Run streamlines the process of building container-based apps and deploying them on GCP, whereas App Engine is geared toward non-containerized apps.

Next Steps

SaaS vs. IaaS vs. PaaS: Differences, Pros, Cons and Examples

5 PaaS security best practices to safeguard the application layer

PaaS and containers: Key differences, similarities and uses

Dig Deeper on Cloud deployment and architecture

Data Center