Cloud Concepts
AZ-900 Session 1 · Covers the entire "Describe cloud concepts" domain
1 of 6 sections visited
What is cloud computing?
Cloud computing is the delivery of computing services over the internet — including compute, networking, and storage — enabling faster innovation, flexible resource allocation, and cost efficiency. Rather than owning and maintaining physical hardware, you rent infrastructure from a cloud provider whose data centers are operated worldwide.
Exam tip: The three core resource types are compute (the brain — CPU/processing), networking (the circulatory system — data flow), and storage (the warehouse — data retention). Hosted by third-party providers in globally distributed data centers.
Why organizations move to the cloud
Before cloud, owning and operating your own data center was the only option — large upfront hardware purchases, staff to maintain equipment, managing physical security, power and cooling, and full cost of upgrades. The cloud removes all of that overhead, allowing organizations of any size to access enterprise-grade infrastructure on demand, pay only for what they use, and focus on building products rather than maintaining servers.
The three cloud deployment models
| Factor | Private | Public | Hybrid |
|---|---|---|---|
| Owned by | The organization | Third-party provider | Both |
| Cost model | High upfront CapEx | Pay-as-you-go OpEx | Mix of both |
| Control | Maximum | Limited — no hardware access | Mixed |
| Scalability | Limited — buy more hardware | Near-instant | Flexible — burst to public |
| Best for | Regulated industries, data sovereignty | Variable workloads, startups | Migration phase, compliance split |
| Analogy | Owning a car | Taking a bus | Drive to station, take the train |
Private cloud — deep dive
Who controls it
The organization itself — full control over all hardware, software, access policies, and data governance.
Cost structure
High upfront capital expenditure. Must purchase hardware, cables, racks, cooling, and security systems. Ongoing maintenance is also the organization's responsibility.
Technical expertise
Required. The organization must hire and retain staff to set up, maintain, and troubleshoot all infrastructure. No "panic button" — if something breaks, your team fixes it.
Best use cases
Highly regulated industries (defense, government, banking) where data sovereignty is non-negotiable. Organizations with consistent, predictable workloads that justify the investment.
Key disadvantage
High overhead and responsibility. Scaling requires additional hardware purchases. Technology becomes obsolete. No elasticity — provision for peak and pay for idle capacity.
Public cloud — deep dive
Who controls it
The cloud provider (Microsoft, in the case of Azure). They manage all physical infrastructure, power, cooling, hardware maintenance, and data center security.
Cost structure
Operational expenditure (OpEx). Pay-as-you-go — charged based on actual usage. No upfront hardware investment needed.
Best use cases
Variable or unpredictable workloads, startups, development/test environments, applications needing global scale quickly, disaster recovery targets.
Key advantage
No CapEx, instant scalability, global reach, no maintenance overhead. Resources can be provisioned in minutes and decommissioned just as quickly.
Hybrid cloud — deep dive
Real-world example
An accounting firm hosts its public-facing website on Azure (public cloud) for speed and accessibility, while connecting it to a secure on-premises database (private cloud) to comply with data governance regulations.
Key advantage
Maximum flexibility. Keep sensitive regulated data on-premises while bursting workloads to the public cloud during peak demand. Enables a gradual migration path to the cloud.
Key disadvantage
Most complex to manage. Requires integration between private and public environments, consistent security policies across both, and staff capable of managing both.
Best use cases
Organizations mid-migration to cloud, regulated industries needing data locality, companies with legacy systems that cannot yet move to cloud, seasonal burst capacity.
Capital expenditure (CapEx) vs operational expenditure (OpEx)
This distinction is one of the most commonly tested concepts on AZ-900.
Exam rule: Cloud computing = OpEx. On-premises hardware = CapEx. Always.
CapEx — Capital Expenditure
Large upfront investment in physical infrastructure. The cost is incurred once and the asset is owned by the organization.
- Buying server racks, cables, wires
- Building a dedicated network
- Purchasing company laptops outright
- Buying a new car
Risk: technology becomes obsolete. A server bought today may be underpowered in 3 years. You've already paid.
OpEx — Operational Expenditure
Ongoing spending on services over time. No large upfront cost — pay periodically for what you consume.
- Monthly Azure subscription bill
- Renting a convention center
- Leasing a company car
- SaaS software subscription
Advantage: pay only for actual usage. Scale up when needed, scale down (or stop) when not. No sunk cost in idle hardware.
Why cloud = OpEx — the consumption-based model
No idle cost
If you don't use any IT resources this month, you pay nothing. With on-premises hardware, you pay for power, cooling, and maintenance whether or not servers are running workloads.
No hardware purchase
You never buy servers, cables, racks, or storage drives. The provider owns all physical assets. You consume capacity on demand.
No facility costs
No paying for electricity, physical security, heating/cooling, or building space. All that is the provider's cost, rolled into service pricing.
Flexible billing
Pay based on actual consumption — compute hours used, gigabytes stored, data transferred. As usage rises, costs rise proportionally. As usage drops, costs drop immediately.
The 8 key advantages of cloud computing
Each is testable on AZ-900. Know the definition, the mechanism, and a real example.
1 — High availability
Ensures maximum uptime regardless of component failures. Azure delivers this through Service Level Agreements (SLAs) guaranteeing specific uptime percentages. Redundant systems pick up automatically if one component fails.
2 — Scalability
Ability to adjust resources to meet demand. Vertical: increase/decrease resource capabilities (add RAM to a VM). Horizontal: add or remove instances (run 3 VMs instead of 1). Can be manual.
3 — Elasticity
Automatic scaling in response to demand — no manual intervention required. A toy store website automatically adds compute during holidays and scales back in January. Pay only for what's actually running.
4 — Reliability
Ability to recover from failures and continue operating. Azure deploys across regions worldwide — if one region has a catastrophic event, others continue. Applications can automatically fail over, sometimes without any customer action.
5 — Predictability
Performance predictability: knowing your app responds consistently even during traffic spikes (auto-scaling, load balancing). Cost predictability: track spending in real time, set budgets, forecast future bills — no surprise hardware replacement costs.
6 — Security
Azure provides enterprise-grade security: data encryption at rest and in transit, identity and access management, continuous AI-powered threat monitoring, and dedicated security teams. Organizations benefit from Microsoft's security investment that most businesses couldn't replicate alone.
7 — Governance
Predefined templates ensure deployed resources follow approved configurations. Azure Policy automatically audits, enforces, or remediates non-compliant resources. Software patches can be applied automatically — no manual patching cycles.
8 — Manageability
Deploy from preconfigured templates (no manual setup), track resource health in a unified dashboard, automatically replace faulty resources, and receive alerts when metrics cross thresholds. Accessible via Portal, CLI, PowerShell, REST API, and mobile apps.
Exam trap: Scalability = manual resource adjustment. Elasticity = automatic scaling. All elastic systems are scalable — not all scalable systems are elastic. Also: reliability (failover/recovery) is different from high availability (uptime guarantees via SLA).
The three cloud service models
IaaS, PaaS, and SaaS represent different levels of abstraction. More provider management = less control, but easier to get started.
Pizza analogy: On-premises = cook from scratch. IaaS = ingredients delivered. PaaS = pizza delivered. SaaS = eat at a restaurant.
Shared responsibility model — who manages what
| Layer | On-premises | IaaS | PaaS | SaaS |
|---|---|---|---|---|
| Physical data center | You | Provider | Provider | Provider |
| Physical network | You | Provider | Provider | Provider |
| Physical hosts / hardware | You | Provider | Provider | Provider |
| Operating system | You | You | Provider | Provider |
| Applications | You | You | You | Provider |
| Data / information | You | You | You | You — always |
| Devices (endpoints) | You | You | You | You — always |
| User accounts | You | You | You | You — always |
Critical exam point: Data, user accounts, and devices are ALWAYS the customer's responsibility — regardless of IaaS, PaaS, or SaaS. These never transfer to the provider.
IaaS — Infrastructure as a Service
Provider manages
Physical hardware, data center security, power/cooling, and physical network connectivity. Everything you can touch in a data center.
You manage
OS installation and patching, middleware, applications, network settings, storage management, database installations. Full control, full responsibility above the hardware layer.
Best use cases
Lift-and-shift migrations, test/dev environments, high-performance computing, backup and disaster recovery, workloads needing specific OS configurations.
Azure examples
Azure Virtual Machines, Azure Virtual Networks, Azure Disk Storage, Azure Load Balancer.
PaaS — Platform as a Service
Provider manages
Everything in IaaS, plus: the OS and its patches, middleware, runtime environments, database engines and licensing, development tools, and scaling infrastructure.
You manage
Your application code, application configurations, and your data. No OS patching, no database engine licensing or patching.
Best use cases
Web application development, API development, rapid prototyping. Supports full app lifecycle: development, testing, deployment, management, and updates.
Azure examples
Azure App Service, Azure SQL Database, Azure Functions, Azure Kubernetes Service.
SaaS — Software as a Service
Provider manages
Everything — physical infrastructure, OS, application code, databases, updates, patches, availability, and scaling. The entire stack beneath your data.
You manage
Only three things: the data you put into the system, the devices used to access it, and the user accounts and permissions you grant.
Best use cases
Collaboration tools, email, CRM, HR systems, financial software — any situation where you need a fully functional application with no IT team to build it.
Real examples
Microsoft 365 (Outlook, Word, Teams), Salesforce, Mailchimp, Dynamics 365, Dropbox, Zoom — all subscription-based, fully managed applications.
Key terms — flash reference
Cloud computing
Delivery of computing services (compute, networking, storage) over the internet. Hosted by third-party providers in globally distributed data centers.
Private cloud
Owned and operated exclusively by one organization. Full control, full responsibility, high CapEx. No external access required.
Public cloud
Built and maintained by a third-party provider. Open to anyone. Pay-as-you-go OpEx. No infrastructure management for the customer.
Hybrid cloud
Combines private and public cloud. Maximum flexibility, most complex to manage.
CapEx
Capital expenditure — large upfront investment in physical assets. On-premises hardware = CapEx.
OpEx
Operational expenditure — ongoing pay-as-you-go spending. Cloud = OpEx. Pay only for what you consume.
High availability
Guaranteed uptime through SLAs. Redundant systems ensure service continues if components fail.
Scalability
Manual resource adjustment. Vertical = resize. Horizontal = add/remove instances.
Elasticity
Automatic scaling without manual intervention.
Reliability
Recovery from failures via geographic distribution and automatic failover.
IaaS
Provider manages hardware. You manage OS, apps, and data. Maximum control.
PaaS
Provider manages hardware and OS. You manage app and data only.
SaaS
Provider manages everything. You manage data, devices, user accounts only.
Shared responsibility
Data + devices + user accounts are ALWAYS the customer's responsibility regardless of service model.
A healthcare company must keep patient data on their own infrastructure for compliance, but wants to host their public appointment website on a faster platform. Which cloud model fits?
Hybrid cloud. Patient data stays in the private cloud (compliance). The public-facing website is hosted on Azure (public cloud) for speed and scalability. Hybrid connects the two environments.
A company is evaluating whether to build an on-premises data center or move to Azure. How would you explain the cost structure difference?
On-premises = CapEx. Azure = OpEx. Building on-premises requires large upfront capital — servers, racks, cables, facility. Azure operates on an operational expenditure model — pay monthly based on actual consumption. No upfront investment, no idle capacity cost.
A retail company has huge traffic spikes every December but normal traffic the rest of the year. Which cloud benefit is most relevant?
Elasticity. Elasticity automatically scales resources up during December spikes and back down in January — paying only for the additional capacity during the months it's actually used.
What is the difference between scalability and elasticity?▼
Scalability is the ability to adjust resources to meet demand — but this can be manual. Vertical scaling = increasing or decreasing a single resource's capacity (e.g. giving a VM more RAM). Horizontal scaling = adding or removing instances (e.g. running 3 VMs instead of 1). Elasticity is automatic scalability — the system responds to demand changes without human intervention based on real-time metrics. All elastic systems are scalable; not all scalable systems are elastic. Azure VM Scale Sets provide elasticity; manually resizing a VM is scalability but not elasticity.
What three things are always the customer's responsibility in the shared responsibility model?▼
Regardless of which service model (IaaS, PaaS, or SaaS) is used, customers are always responsible for: (1) Their data and information — classification, handling, and protection policies. (2) User accounts and identities — who has access, what permissions, and ensuring accounts are managed. (3) End-user devices — the laptops, phones, and tablets connecting to services. These never transfer to the provider under any model.
A startup wants to launch a mobile app backend paying only for API calls when users make requests. Which service model and compute type fits?▼
PaaS — specifically Azure Functions (serverless). The startup doesn't want to manage servers or OS (eliminating IaaS). They don't need a fully ready-made application (eliminating SaaS). Azure Functions under PaaS lets them deploy code that triggers on API calls and charges only per execution. If no users call the API, they pay nothing — the perfect consumption-based OpEx model.