Living in the Cloud Stack – Understanding SaaS, PaaS, and IaaS APIs Kristopher Sandoval July 8, 2015 The API world is rapidly changing — the average consumer of an API is far different from the data-processing clients of old, and the business-to-business landscape has steadily pushed the evolution of the API into bigger, bolder directions. In a world so documented and maintained, however, there remains a Wild West — unique in its applications and relatively misunderstood to those who don’t live in it. Today, we’re going to tackle the world of Cloud Computing to explore how the cloud computing stack functions within the API space. We’ll discuss the three layers of the cloud computing space — Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS), and Infrastructure-as-a-Service (IaaS) — and how these services are utilized using APIs. Along the way, we’ll look at some cloud-based APIs, and highlight the strengths and weaknesses of each particular architecture choice. The Cloud Computing Stack — What’s a Stack, Anyhow? One of the most misunderstood terms in the information technology (IT) space is the term “stack”. When most users think of a “stack”, they think of a pile of interrelated “things”, such as a stack of paper or a stack of business cards. In the world of IT, however, a stack is a very clearly defined thing with several special characteristics: A stack is a series of interconnected systems or protocols that transport data between each other for a function. The elements of a stack are called layers, and function as individual functions or services of a greater whole. Data in a stack flows from one end to the other in sequential order, i.e. from Layer 1 to 2, then to 3, never Layer 1 directly to 3. To better understand how a stack works in the networking world, let’s first take a look at two models that represent how networks communicate. The most general model for network interaction is the OSI Model. Created by the International Organization for Standardization (ISO), this system breaks up communication into various “layers”: The OSI Model As data passes through these layers, it is changed into different forms. For instance, when a user connects to the Internet, their IP address at Layer 3 (Network Layer) of the OSI Model has to be converted into a MAC Address at Layer 2 for transmission, and when the data from the user reaches the other end, this process must be done in reverse. A hybrid form of this OSI Model is often used in cloud computing, and is notated as thus: Hybrid Cloud Computing OSI Model So why is it important to understand this model? Cloud computing is a strange thing — it inhabits different layers of the stack depending on what type of service it is. Understanding this stack will go a long way towards informing you of your best cloud computing API system. SaaS – Software-as-a-Service Software-as-a-Service (Saas) is a particular realm of cloud computing, and is likely the most common form of service in the API world. Software-as-a-Service is akin to a subscriber TV channel — when a user connects to HBO, they are connecting to a remote resource hosted on a central server, utilizing a license to access data. SaaS functions the same way; the software owner licenses use of their software, and allows for remote connections to a central server or load-balanced group of servers for utilization. These systems can either be based on subscriptions or presented as “free” (though nothing is ever “free” — if you are not paying a subscription, you are the product, and monetization of data streams and user information is a prime form of revenue for such a monetization plan). SaaS is the one of the most commonly used types of services in the API world due to the wealth of APIs designed to take advantage of them. A great example of the SaaS format in the API world is the Google Apps collection. Mail, maps, calendar – all of these apps tie into a central server and deliver data to the account holder through an agreed upon methodology, utilizing either first person or third party APIs. The software — in this case the mail server, geolocation system, and calendar generator — is centrally located on Google servers and is monitored by a team of dedicated administrators. These services are provided “free of charge”, with data stream and advertisement revenue picking up the operational cost. One of the greatest benefits of a SaaS style API is the fact that local overhead is all but eliminated, removing the need to install applications on the client system. APIs that tie into this type of system often handle basic calls for data management, session IDs, and even basic collaboration. This also comes with the caveat that all the application processing and data storage is done remotely, removing physical local control from the user. Depending on your point of view, this could be a very good thing, but for many, the idea of losing physical control over your personal or corporate data is worrying at best, and a massive security risk at worst. In terms of the OSI Hybrid Model, SaaS rests comfortably on the Application Layer — data is transferred and operated on the client level, with the user modifying data before sending it to lower layers for storage. Whereas both PaaS and IaaS reside in physical or logical network layers, SaaS is squarely within the Application Layer, and is thus the “top-most” form of cloud computing. Accordingly, the APIs that connect to these services are superficial in relation to the network resources and transportation methods employed by the applications. SaaS Strengths and Weaknesses Strengths include: Reduction of local overhead Centralized management resulting in decreased maintenance cost for the user Potential transparent and passive revenue stream for the developer Centralized authentication and general security Weaknesses include: Increased transit time when translating client API call to SaaS API Market is flooded with SaaS, meaning competition is high Without proper planning, versioning can break an entire network of users Read More: How APIs Are Evolving the B2B Landscape PaaS – Platform-as-a-Service Platform-as-a-Service provides a development platform to clients remotely. Unlike Software-as-a-Service, where remotely hosted applications are accessed via an API by a client, Platform-as-a-Service supplies the entire development and program environment as a platform for the consumer. Unlike the TV analogy above, which connected a remote client to a subscription service that was centralized, PaaS is more akin to renting cameras for developing a show whose format and script has been purchased from the TV station. You pay for the initial show details, you develop the script, you film using the equipment, and then you host the show via the network’s broadcasting system. PaaS APIs are generally not generic calls for resources (such as a URI call to delete or create strings of information), but are rather geared toward massive collaborative calls for data manipulation. Unlike a SaaS API which commands a remote application server to perform a task, a PaaS API describes that task in detail to the PaaS server, which then performs and shares the manipulation on behalf of the client’s requesting application. A great example of this is Microsoft’s Azure service. Let’s say your company has created a data management solution that allows users to utilize your custom API to upload data, tagging it with specific terms or categories before compressing it for long-term storage. As the API provider, you would need a lot of server space to store the data, a lot of processing power to compress that data into a manageable form, and a service platform that provides good compression and decompression of system functionality. Unfortunately, you have neither the rack space, the platform, nor the processing power to do so. Enter PaaS. Contracting with a PaaS provider such as Azure, you can utilize their own APIs to tie into your compression algorithm and data stream, allowing you to provide the service at a lower cost than traditional server farms while still maintaining profitability. The platform the functionality is built on, especially the compression and decompression, is handled by the proprietary system platform functionality hosted by the PaaS provider. Keep in mind that in the cloud computing industry, PaaS usually suggests a platform-centric model for development of other applications or services, and not necessarily the provision of both infrastructure and services hosted on that platform. While the industry definition is correct in application, the actual definition of PaaS is simply provision of infrastructure with added services or platforms to a customer or set of customers. In terms of our OSI Hybrid Model, PaaS operates somewhere in between the Network and Transport Layers. Resources hosted on the Network Layer are utilized via basic transport methodologies, specifically utilizing the Transmission Control Protocol (TCP) and Internet Protocol (IP) suite known as TCP/IP. In our pyramid representation, PaaS sits in the middle due to the fact that it utilizes both physical processing systems and sub-application style connectivity. PaaS Strengths and Weaknesses Strengths include: Additional processing power and platform capabilities without the physical footprint Lower API developer overhead Scalable processing and memory provisions utilizing third party software Weaknesses Include: Increased liability: encrypted or compressed data can’t be monitored without decryption, which increases system load Limited revenue stream outside of subscriptions due to integrity demand IaaS – Infrastructure-as-a-Service Infrastructure-as-a-Service is an interesting beast. Though it shares many characteristics with Platform-as-a-Service (PaaS), it is focused more on the physical properties of a system rather than the platform or applications on the system as a whole. Furthering our TV analogy, if SaaS is a subscription to HBO and PaaS is creating your own show on a network, IaaS is like renting the actual physical cables and transmission mediums used by a tv station to broadcast your own television network. IaaS is the base physical layer of the cloud computing stack. This makes it difficult to discuss without simply defining it as “all the infrastructure designed to allow the other stack layers to function”. Whereas PaaS provides added benefit through the inclusion of a platform, IaaS provides the physical infrastructure for data transmission, calculation, manipulation, and presentation. And where SaaS provides a virtualized or remote system to work within, IaaS is the mode through which these services are provided. A great example of this is the provision of Virtual Data Centers to corporations. As a burgeoning startup, your company might have a large need for storage space, high-throughput fibre-optics, and extreme processing. Examples in this area include AWS, Rackspace, and Joyent, services which provide either disk space, processing, or physical network assets for remote use. Because the development of such an ecosystem is costly and prohibitively complicated for a small team, leasing these services from an IaaS provider using basic APIs to convert Application Layer level functions to Physical and Data Link protocols for remote processing is a great solution. When considered within the OSI Model, Infrastructure occupies the bottom three layers — Layer 1 Physical, Layer 2 Data Link, and Layer 3 Network — as data is handled both through physical means (fibre-optic cable, copper STP/UTP), and basic Layer 2 and 3 devices (Switches and Routers, respectively). IaaS Strengths and Weaknesses Strengths include: Reduction of total operating cost High scalability: it’s easier to add a few more virtual servers than to install a whole new rack Location flexibility: your servers are located elsewhere, so you can operate from literally any place that has an internet connection Weaknesses Include: Lack of control over the physical network Decreased security due to lack of physical network access and development lifecycle Dependence on constant connection Varying Development Approaches Deciding whether or not to develop or integrate with a SaaS, PaaS, or IaaS solution depends entirely on the approach you take towards development. If your development already has a strong platform with proven results, IaaS is a great solution, providing connectivity. If you lack a strong platform but need to collaboratively create, PaaS is a wonderful solution. If you have a basic functionality that needs a platform, infrastructure, and system in place to operate, SaaS is your choice.