IaaS, PaaS & SaaS
Who manages what — responsibility matrix.
Learning objectives
- Define IaaS, PaaS, and SaaS with clear responsibility boundaries
- Map Workshop Co. services to the correct layer
- Choose the right model for new projects
The three service models
Think of a stack from hardware up to application. Each cloud model sells a higher layer — you manage less, the provider manages more.
| Model | You manage | Provider manages | Example |
|---|---|---|---|
| IaaS | OS, apps, data, patching | Hardware, hypervisor, network fabric | Swift Host VPS, AWS EC2 |
| PaaS | App code, data config | Runtime, OS patches, scaling platform | Heroku, Fly.io, Azure App Service |
| SaaS | Users, content, settings | Entire application | Google Workspace, Calendly |
Worked example — Workshop Co. stack
- SaaS:
@workshopco.caemail (Google), class scheduling (Calendly), newsletters (Mailchimp) - IaaS: Swift Host VPS in Montreal for DR; Proxmox VMs in Edmonton (self-hosted IaaS — you own the "I" layer too)
- PaaS (hypothetical): Rebuild booking app on a managed PHP platform — Marcus uploads code, platform handles PHP version and TLS certs
On-prem is still IaaS mindset
Workshop Co.'s basement Proxmox is not "cloud" in the billing sense, but operationally Marcus does the same work as an IaaS customer: patch OS, monitor disk, schedule backups.
Responsibility shift diagram
IaaS
You: everything above hypervisor
PaaS
You: app + data; they run containers/PHP/Node
SaaS
You: configuration; they run Gmail/CRM
When to choose each
| Choose | When |
|---|---|
| SaaS | Commodity need (email, accounting) — not core IP |
| PaaS | Custom app, small team, no sysadmin time |
| IaaS | Full control, existing VM skills, compliance needs custom stack |
Try it yourself
Workshop Co. wants online payments integrated into their custom booking app. Classify these options:
- Stripe Checkout (hosted payment page)
- Self-hosted booking on Swift Host VPS with Stripe API
- Managed database add-on from hosting provider
Answers
- SaaS — Stripe hosts payment UI and PCI scope
- IaaS — you manage VM and app; Stripe is SaaS API
- PaaS — provider runs PostgreSQL; you manage schema and queries
Check your understanding
- Is Google Workspace IaaS?
- Who patches the Linux kernel on a Swift Host VPS?
Answers
- No — it is SaaS. You do not SSH into Gmail's servers.
- You do (Marcus) — classic IaaS responsibility.