All Articles
A woman working on her laptop inside a big server room

PaaS vs. IaaS vs. running your own Server Network

Jens Kuerschner
April 2, 2021

Cloud: The final frontier.
These are the voyages of the starship [put your company’s name here] …

No matter if you see the “cloud” as some mysterious concept, a technological masterpiece, or just someone else’s computer: It enables new opportunities for basically every business.

However, this is not about the cloud, but about the basics of how you can host your application, tooling, website, and basically every code, which needs to run somewhere.
In the end, it is always a server. But thanks to modern cloud offerings, you have exciting choices from an operations perspective.

What to expect

This article is going to introduce you to the three most important hosting concepts at this time. It also provides you with a scheme to guide your decision.

Comparing differences, mind those three examples:

  1. Abstractly: Traveling from A to B.
  2. Running a website (which could also be any web application).
  3. Running a file sharing service (e.g. using ownCloud). Think about this as an example for an application dealing with sensitive internal data.

Own Network

“Wild wild west.”

This is the traditional way. Running one or multiple servers right under your desk or at your own data center.

It requires at least one person, which is able to maintain not only the servers itself, but also the whole infrastructure around them.
This includes carefully connecting each machine to each other and the overall network, making sure there is no backdoor open for any attacker, while also taking care of physical security (from fire extinguishers to physical backup protocols).

  1. If you want to get from A to B, it is completely up to you, how you handle it. You might even die along the way and have no chance to blame anyone for it.
  2. Thinking of a simple website, it feels extremely complicated, since you need a whole tech team, which is physically available 24/7, keeping it up and running. And if you need to scale the system, you need to order a server, wait for it, install it, manage load balancing, … this can take weeks.
  3. For a critical internal application, the effort is even higher. Still, since you are 100% in control, you do not need to fear any other party to fuck up. But can you be sure to employ real security experts, who can defend the system from attackers 365/24/7? To be fair, if you are looking at a pure internal network, without access to the internet, this is the only choice for you, while security efforts could be a little bit smaller.

Infrastructure as a Service (IaaS)

“Driving down the road.”

Think about the above, but outsourcing the whole physical part to an external service provider.

This can be one of the leading cloud hosters (AWS, Google Cloud Platform, Microsoft Azure) or one out of many smaller service providers (e.g. hetzner in Germany, or DigitalOcean).
Basically, having your server somewhere else, paying another company to take care of its connection to the internet and the physical security — that’s IaaS.

You save on the “server janitor”, who takes care of the hardware part. But you still need experienced system administrators to manage the server on the operating system level.

  1. If you want to get from A to B, you still have to manage a huge part of the travel — buying a car or deciding to rather walk, or manage riding on a horse. Anyway, you have roads built for you, gas stations, restaurants and hotels along the way.
  2. Running a website becomes way easier. When your tech team needs to fix things in the middle of the night, they can do it from their bedroom. Still, it takes some time to set it up and requires monitoring. Scaling can be achieved faster. You can usually add additional machines within minutes, but still need to take care of the setup and load balancing.
  3. Sensitive applications are open to the public. There is a level, that you no longer have control over — the network level. So, be sure to select a service provider, you can trust (and sue). At the same time, you still have to secure the operating system level.

Platform as a Service (PaaS)

“The rental car.”

This is some new development, mainly driven by Google (GCP) and Microsoft (Azure).
You no longer need to take care of any infrastructure or platform issues (only if you want to).
Hundreds of experts make sure your application can run on a stable, reliable, and secure system.
You can automate any scaling and even do not need to think about complicated backup and distribution setups.

The only thing, you need to do:
Push your application to the system, and see it just working.
In some cases (e.g. AWS Beanstalk), you still need to think about the webserver, but that’s it.

  1. This is traveling from A to B with a rental car. You decide where to go and the comfort class of the car. You need to refuel/recharge from time to time, but that’s it. Get in the car and drive.
  2. Running a website becomes extremely easy. You simply push it to the system. You still need to monitor your application, but that’s your core business anyway. No worries about 24/7 support. Basically 99% is automated or outsourced. If something breaks, basically any developer will be able to restart it with two clicks (not considering bugs in the application itself).
  3. Thinking of highly sensitive applications, it can be more secure, since you can rely on the experience of extremely talented people. It comes to the questions, who you trust more. Your own tech team (who sometimes may be on vacation) or those hundreds of high-paid security experts at the world’s leading tech corporations.

Decision Helpers

Overview

PaaS vs. IaaS vs. dedicated - Overview

About the costs

PaaS vs. IaaS vs. dedicated - Cost

Matching it with your needs

PaaS vs. IaaS vs. dedicated - Decision Table

More aspects

Complexity of your service:
In my opinion, this usually does not make a difference. You find PaaS offerings, which even cover satellite communication.

Security:
There are cases, where you should not put your data and operations on an infrastructure, which is operated by a company from another country.
Still, from a tech (and even hacker or intelligence) perspective, this is only critical for intelligence services themselves or governments.
For basically every other company, it might be even riskier to have an own network with maybe more critical loopholes in place.

Some final common issues

This is a high-level overview. It does not consider more detailed differences of various offerings. Two things might immediately pop up in the heads of more experienced people.

What about shared vs. dedicated hosting?

Web hosters often provide “shared hosting” packages.
This basically means, that there is one server, which is used by many of their customers.
The server, therefore, is virtually divided. Those offers usually limit you in what software you are allowed to run and might provide poor performance at times of high traffic.
Still, those plans could also be seen as “pseudo PaaS”, since the hoster takes care of the operating system.
It can be a good alternative for small websites, if this is your only web application.

Bear in mind, that cloud hosting is also usually “shared hosting”.
However, there, it is not about simply dividing one server into many parts, but more about virtualizing the server itself and distributing compute resources to those virtual servers.

What about automating IaaS for my own PaaS?

There are ways, you can minimize effort of managing the operating system part or web server as well as scaling and more.
For example, working with containers (Docker, Kubernetes) became quite popular in the last years. I do not want to go into detail here. Of course, you can automate many parts up to basically building your own PaaS.
However, this requires highly skilled and always available engineers.
If you already employ them, if you can be sure to always have backup resources, and if this is cheaper than respective offerings, awesome.

This was a short intro to the different types of hosting.
For a deeper dive and discussion, consult your engineers or respective tech consultants.

Share it:

Continue Reading:

Placedise — Story of a failed Startup. My full Movie-like Founder Story In 2014, I founded my startup Placedise. It failed as a company, but came with a crazy adventure. This is the more or less complete story.
Random people standing in line in front of a bakery, forming a strange pattern. What waiting in line can tell us about user behavior Observing the physical world and the people within, can teach us a lot about user behavior and experience. How to use this in digital product design.