PaaS cloud computing is the middle ground between Infrastructure as a Service (IaaS) and Software as a Service (SaaS). With PaaS clouds consumers don't determine server size, storage (at least directly—you may be able to choose how much you want), networking, or even the operating system installed like they can with IaaS. Instead, consumers use the resources provisioned by the provider, and can utilize any programming language, utility, or tool provided by them to deploy their own applications. Consumers can thus focus on their application and not worry about all the underlying infrastructure, backups (potentially), etc. Be sure to read the terms and conditions and service level agreements (SLAs) provided by the cloud provider to ensure that your needs are met, especially with regard to any backups, uptime guarantees, etc. With SaaS, on the other hand, you only get an application to run (think email for example), without access to programing tools and other platform services provided with PaaS.
The advantage of PaaS is that developers don't have to worry about creating the infrastructure needed to write apps and worry about how big the servers need to be, or how many they need, or possibly even where they are located. With PaaS none of those are issues—a developer can just go to work and interface with the services he or she requires. The downside is that if an application is running slowly or storage is a bottleneck, there isn't much that can be done to fix the issue, as you have no control over those things (more on this later).
In this model, all the underlying infrastructure may be shared across developers, divisions, and/or companies, with very little control over whom the infrastructure is being shared with.
Before we get started discussing what was originally envisioned as PaaS, let's start with some related offerings that can be considered as platform services that can be leveraged. These services may be sold as stand-alone offerings or integrated with more traditional PaaS offerings, or potentially integrated with IaaS, where some parts of a cloud deployment are IaaS, giving users the control they need over the elements they care about (for example application server sizing or network speed), while not having the cost, time, and expense of maintaining other infrastructure components, such as directory services or a database. The acronyms used in this section are for convenience in this document only; there are no standard abbreviations throughout the industry, with different companies using different acronyms to describe essentially the same offerings.
The first of these services is DBaaS. Many organizations find that sizing, maintaining, and optimizing a database, to say nothing of selecting the underlying platform (MySQL, Microsoft SQL, Oracle, etc.) and keeping it patched and maintained, is a daunting task that requires a full time Database Administrator (DBA) or a team of them. What if some, if not all, of that complexity could be removed? That is the concept of DBaaS. There are still going to be some decisions that need to be made (for example, if you use Microsoft's offering, it will be using Microsoft SQL, not a competitor), but patching it and configuring it for high availability will not be tasks you need to worry about. Storage space and performance are also issues for the DBaaS provider, not the consumer.
Companies that offer products in this area include Microsoft Azure SQL Database for Microsoft SQL databases on the Azure cloud; EnterpriseDB for PostgreSQL database in the cloud (the Advanced Edition even supports many Oracle functions and uses its command syntax, is accessible from anywhere, and runs on Amazon Elastic Compute Cloud (EC2) infrastructure); and Amazon's Relational Database Service (RDS), which supports multiple databases including Microsoft SQL, MySQL, Oracle, and PostgreSQL, along with Amazon's own Aurora.
Next is STaaS, which is a broad category of aaS products, from the home user wanting to share photos on an iPhone via iCloud, to desktop products, to business products that offer controls on what can be shared with whom and for how long, to enterprise class storage of data (usually using Object Storage of some sort). In addition, and not described here, some IaaS providers consider their shared storage offerings as STaaS for their infrastructure.
Companies with offerings in this area include products for personal use like Dropbox, Google Drive, and Microsoft OneDrive, all of which offer the ability to synchronize data across devices, access data online, and share documents with others. If you are looking for similar functionality, but with access controls, remote wipe capability in case a device gets lost, single sign on, and other business type features, you may prefer Syncplicity instead. Note that many vendors that offer a personal version also offer a business version (for a fee), like Dropbox and OneDrive. If you are looking for bulk storage, you can use products like Amazon's S3 (Simple Storage Service), an object storage service in the cloud, or Glacier, which is essentially a permanent, static archive and thus not a living backup solution like those described next. Many other companies also offer object storage in the cloud as well.
Similar to STaaS, BaaS backs up to storage in the cloud, but it also provides a backup and restore engine that STaaS does not. Also, like STaaS, there are services aimed at end users, business customers, and enterprises. The advantage in all cases, however, is that data is stored off-site, so if a fire, flood, or some other disaster, destroys the primary copy of the data on-site, it can be retrieved. Backups are much simpler, but you need sufficient bandwidth to run the backups without impacting other uses of the network and to be able to complete the backup in a reasonable amount of time and confidence that your provider will keep your data safe and secure.
As a side note, some vendors specialize in just backup, while others extend the capabilities to full disaster recovery, providing Disaster Recovery as a Service (DRaaS). That is covered in the IaaS clouds white paper.
Companies with offerings in this area include products for personal use like Crash Plan and Carbonite. Other vendors bundle cloud backup in with other products, such as Norton Security with Backup. All three products offer the ability to back up, some for just Windows, some for Windows and Mac, and others for tablets and smart phones. Some allow for restores to other devices, while others are restricted to the device from where it was backed up only, and some allow access via a tablet or smart phone app to data that was backed up from a PC, blurring the lines between this and STaaS. If you are looking for similar functionality, but typically with Active Directory® integration, the ability to back up servers, a central management console, upgraded tech support, regulatory compliance (like HIPPA or SOX), and other business type features, you may prefer MozyPro or Enterprise, iDrive, or Zoolz instead. Note that many vendors that offer a personal version also offer a business version (for a fee), like Crash Plan and Carbonite.
Lastly is DaaS, sometimes also referred to as DSaaS. The idea is that instead of installing and maintaining servers just to keep track of directory information to log in to other servers and services, this information can be stored in the cloud (where your servers may be living already) and/or linked in the cloud to your on-premises directory platform. Most offer single sign-on (SSO), directory synchronization with an existing on-premises directory, the ability to authenticate many SaaS applications, etc.
Companies that offer products in this area include Salesforce, Amazon Web Services (AWS) Directory Service, JumpCloud, and of course Azure Active Directory. All of them can integrate with Active Directory, and most offer various other directory repositories that they can connect with.
There are many questions you should ask and answers you should get before selecting your PaaS provider. As we consider these areas, we are not talking about step-by-step directions or anything vendor specific, but rather a high-level review of what is involved in any PaaS deployment from any vendor. You can compare and contrast this with the other offerings (IaaS and SaaS) and what they require in terms of setup and configuration.
It is worth noting that you should also check other nontechnical issues as well, such as how to get pricing discounts, whether long-term contracts are needed for those discounts, what SLA they offer and what it covers, and other such business issues.
There are many things to consider in using PaaS.
First and foremost are the platforms that the provider offers. There are many languages and language stacks, and most vendors only offer a handful of those that exist. Click here to check out the platforms offered by various PaaS providers. You will want to see what runtime options (such as Java, Ruby, and Perl—even niche ones like COBOL), middleware options (such as Jboss, WebSphere, IIS, Apache, or Tomcat), and frameworks (for example Rails, Spring, CakePHP, or Kohana) are supported.
Next look at the options for scalability: can the provider scale up (adding more resources to handle demand), scale out (adding more systems to handle demand), or automatically scale as needed to handle the demand. As performance will be an issue at some point, you will need to understand how the provider can make sure they meet your performance requirements, especially if that demand is unexpected.
Next, you will need to see if the platform is extensible in some fashion. The most popular option today is buildpacks. This concept allows a developer to specify what is needed to run the app from a language perspective and then when the app is deployed, the underlying system checks to see what is needed (updates to existing software or even other languages); download them; and then install them so they are ready for use by the application. Buildpacks can even set environmental variables that may be required. There are many, many buildpacks out there, and several platforms have their own default sets of them, making it easier to deploy apps that just work. Buildpacks are not the only option, however, so check with your PaaS provider to see what they support.
You may also want to look into containers. They are all the rage in virtualization today. With containers (such as Docker, arguably the most popular at the moment), you don't install an entire VM (which is really an IaaS function anyway), but get the basic VM and platform stack already configured so each container effectively runs as an isolated application stack on the same underlying operating system instead of a separate VM for each. This lowers the load on the virtualization infrastructure of having many copies of the same OS in memory. This really doesn't matter much to you as a PaaS consumer, but the benefit to you is that containers are usually prebuilt and ready to go (or at least almost so), making them simple and easy to use. Other vendors base things on VMs. Again, not too big of an issue to you, but you should understand what they offer.
Another big area to check out is the cloud provider's support. Do they offer an uptime guarantee? The best platform in the world is of no use if it's not available when you want to run your app.
Of course you will also want to understand the billing consequences of your choices. Some platforms have a free tier and then you pay as you grow (metered billing), while others offer fixed pricing.
Another issue that may have legal implications is where the service resides. Some countries, like those in the EU, require data on their citizens to be stored in country (or another EU member country). Do you have a choice as to where the application and data live? Can the provider change locations on you? Some companies provide VMs that you can deploy on-site to get rid of this issue, leveraging your existing virtualization infrastructure without building and configuring a bunch of VMs.
When deciding to deploy your solutions on a PaaS cloud, there are additional things you need to consider.
First, how is your data and code backed up? You will need to check with your provider to see what, if anything, they provide in this area, as well as how to copy anything out to an external site or your corporate location. This protects you in case of a disaster in the provider's data center, but also from contractors or others that might not be friendly to your company in the future. This one decision could spell the success or failure of your company in the future. I'd suggest that you consider backing up to a different provider's cloud or to your on-premises facilities for many reasons, including the next one.
What is your plan of action if your provider goes out of business or drops their PaaS offering? The latter issue is probably less concerning because the provider would give advance notice and a window of time to make alternate plans. The odds of the former happening to a large, established player like Amazon, IBM, or Microsoft, is very remote, but possible. But far more likely it could happen to a new startup company or one that fills a specific niche. In any case, having a plan is key in this scenario. It may be as simple as an account with a few development projects with a different provider or as complicated as doing development in one environment and running production in another. It may be a melding of some specific services together, such as STaaS with DaaS in conjunction with a traditional PaaS provider, all backed up to a BaaS provider. You will need to determine what works best for you.
Finally, and related to the previous two, is how to get your existing data into the solution and any new or updated data back out again. You'll need to understand options, data amounts, and time frames in deciding what is best.
Some popular PaaS providers include:
As with any decision involving IT infrastructure (in this case your development platform and possibly your production platform as well), there are many variables that should be considered to ensure you find a solution that will fit your current and future needs, budget, and support requirements.
John Hales (A+, Network+, CTT+, MCSE, MCDBA, MOUS, MCT, VCA-DCV, VCA-Cloud, VCA-Workforce Mobility, VCP, VCP-DT, VCAP-DCA, VCI, EMCSA) is a VMware instructor at Global Knowledge, teaching all of the vSphere and View classes that Global Knowledge offers. John has written a book called Administering vSphere 5: Planning, Implementing, and Troubleshooting published by Cengage, as well as other technical books—from exam-preparation books to quick-reference guides, as well as custom courseware for individual customers. John lives with his wife and children in Sunrise, Florida.