Cloud computing has fundamentally changed how networks are designed and managed. Objective 1.3 of the CompTIA Network+ N10-009 exam tests your understanding of cloud service models, deployment models, and the connectivity options that tie everything together — VPN, SD-WAN, MPLS, and more.

Whether you’re studying for the exam or looking to understand how modern enterprise networks actually work, this post has you covered.

Cloud Service Models

There are three core cloud service models you need to know. The easiest way to think about them is how much the cloud provider manages vs. how much you manage.

IaaS — Infrastructure as a Service

What it is: The cloud provider gives you the raw infrastructure — virtual machines, storage, networking. You manage everything above that: the OS, middleware, runtime, apps, and data.

You manage: OS, applications, data, runtime, middleware Provider manages: Virtualization, servers, storage, networking

Examples: AWS EC2, Microsoft Azure VMs, Google Compute Engine

Use cases: Hosting your own servers without buying physical hardware, development/test environments, disaster recovery

🧠 Exam tip: IaaS = most control, most responsibility. You’re renting the hardware but still managing everything above it.

PaaS — Platform as a Service

What it is: The cloud provider manages the infrastructure AND the platform (OS, runtime, middleware). You focus only on building and deploying your application and managing your data.

You manage: Applications and data Provider manages: OS, runtime, middleware, virtualization, servers, storage, networking

Examples: AWS Elastic Beanstalk, Google App Engine, Microsoft Azure App Service, Heroku

Use cases: Developers who want to focus on writing code without worrying about server management, CI/CD pipelines

🧠 Exam tip: PaaS = the platform is managed for you. Think “developer-friendly” — you just push code.

SaaS — Software as a Service

What it is: The complete application is delivered over the internet. The provider manages everything — infrastructure, platform, and the software itself. You just use it through a browser or app.

You manage: Your data and user settings Provider manages: Everything else

Examples: Microsoft 365, Google Workspace, Salesforce, Zoom, Slack, Dropbox

Use cases: End-user productivity apps, email, CRM, collaboration tools

🧠 Exam tip: SaaS = least control, least responsibility. You’re just a user of the software — the provider handles all the complexity.

The Responsibility Stack

                  IaaS        PaaS        SaaS
Applications       YOU        YOU        Provider
Data               YOU        YOU        Provider
Runtime            YOU      Provider    Provider
Middleware         YOU      Provider    Provider
OS                 YOU      Provider    Provider
Virtualization   Provider   Provider    Provider
Servers          Provider   Provider    Provider
Storage          Provider   Provider    Provider
Networking       Provider   Provider    Provider

XaaS — Everything as a Service

You may also see these on the exam:

ModelFull nameWhat it delivers
DaaSDesktop as a ServiceVirtual desktops in the cloud
DBaaSDatabase as a ServiceManaged database (RDS, Cloud SQL)
SECaaSSecurity as a ServiceCloud-delivered security (CASB, SIEM)
NaaSNetwork as a ServiceCloud-managed networking
FaaSFunction as a ServiceServerless computing (AWS Lambda)

Cloud Deployment Models

How and where the cloud resources are hosted determines the deployment model.

Public Cloud

Resources are owned and operated by a third-party cloud provider and shared across multiple customers (multi-tenant). Access is over the public internet.

  • Examples: AWS, Microsoft Azure, Google Cloud Platform (GCP)
  • Pros: No upfront cost, instant scalability, pay-as-you-go
  • Cons: Less control, potential compliance concerns, shared infrastructure

🧠 Exam tip: Public cloud = multi-tenant, managed by a provider, accessed over the internet.

Private Cloud

Cloud infrastructure dedicated to a single organization. Can be hosted on-premises or by a third party, but resources are not shared.

  • Examples: VMware vSphere, Microsoft Azure Stack, on-prem OpenStack
  • Pros: Full control, better security/compliance, customizable
  • Cons: Higher cost, requires in-house expertise to manage

🧠 Exam tip: Private cloud = single-tenant, dedicated infrastructure, more control and security.

Hybrid Cloud

A combination of public and private cloud environments connected together, allowing data and applications to move between them.

  • Use case: Keep sensitive workloads on private cloud while bursting into public cloud during peak demand (“cloud bursting”)
  • Examples: Azure Hybrid, AWS Outposts, VMware Cloud on AWS

🧠 Exam tip: Hybrid = best of both worlds. Sensitive data stays private, scalable workloads go public.

Community Cloud

Shared cloud infrastructure used by a specific group of organizations with common concerns (compliance, security, industry regulations).

  • Examples: Government agencies sharing a FedRAMP-compliant cloud, healthcare organizations on a HIPAA cloud
  • Less common on the exam but know what it is

Multi-Cloud

Using multiple cloud providers simultaneously — not a hybrid (that’s public + private), but multiple public clouds.

  • Example: Using AWS for compute, Azure for AI services, and GCP for analytics
  • Pros: Avoids vendor lock-in, best-of-breed services
  • Cons: Complexity, multiple billing, varied toolsets

Cloud Connectivity Options

How do you actually connect to the cloud securely? This is a big part of Objective 1.3.

VPN (Virtual Private Network)

An encrypted tunnel over the public internet that connects your on-premises network (or individual users) to the cloud.

Types:

  • Site-to-site VPN — connects an entire office network to a cloud VPC/VNet
  • Remote access VPN — individual users connect to the cloud or corporate network
  • Client VPN — software-based, uses SSL/TLS or IPsec

Pros: Inexpensive, easy to set up, encrypted Cons: Relies on public internet (variable latency/reliability), not ideal for high-bandwidth workloads

SD-WAN (Software-Defined Wide Area Network)

SD-WAN is a modern WAN technology that uses software to dynamically route traffic across multiple connection types (MPLS, broadband, LTE, 5G) based on real-time performance.

Key concepts:

  • Centralized control plane — a controller manages routing policies across all sites
  • Dynamic path selection — automatically chooses the best path per application
  • Application-aware routing — voice and video prioritized over best links, bulk transfers over cheaper ones
  • Zero-touch provisioning — new branch sites can be configured automatically

SD-WAN vs. traditional WAN:

Traditional WANSD-WAN
LinksMPLS onlyMPLS + broadband + LTE + 5G
ManagementManual, per-deviceCentralized, policy-based
CostHigh (MPLS)Lower (mix of links)
AgilitySlow to changeFast, software-driven
Cloud optimizationPoorExcellent (direct internet breakout)

Examples: Cisco Viptela, VMware SD-WAN (VeloCloud), Fortinet SD-WAN, Meraki SD-WAN

🧠 Exam tip: SD-WAN = software-defined, centrally managed, uses multiple link types, application-aware routing. It replaces or augments MPLS with cheaper broadband while maintaining QoS.

MPLS (Multiprotocol Label Switching)

A private WAN technology that routes traffic using labels rather than IP addresses. Packets are assigned a label at the edge of the MPLS network, then forwarded at high speed through the core based on that label.

Key concepts:

  • Label Edge Router (LER) — adds/removes labels at the network edge
  • Label Switch Router (LSR) — forwards packets based on labels in the core
  • LSP (Label Switched Path) — the predetermined path packets follow
  • Traffic engineering — MPLS allows fine-grained control over traffic paths

Pros: Predictable latency, QoS guarantees, private (not over internet), reliable Cons: Expensive, long provisioning times, not optimized for direct cloud access

🧠 Exam tip: MPLS = private, reliable, expensive, carrier-provided. Great for voice/video. Being replaced by SD-WAN in many environments.

Direct Connect / ExpressRoute

Dedicated private connections from your data center directly to a cloud provider — bypassing the public internet entirely.

ProviderProduct name
AWSAWS Direct Connect
Microsoft AzureExpressRoute
Google CloudCloud Interconnect

Pros: Consistent bandwidth, low latency, more secure than internet VPN, predictable performance Cons: Expensive, requires physical circuit provisioning, longer setup time

🧠 Exam tip: Direct Connect / ExpressRoute = dedicated private circuit to the cloud. More reliable and secure than internet VPN, but costs more.

Internet (Public Connectivity)

Standard internet connectivity for cloud access. Used for:

  • SaaS applications (Microsoft 365, Salesforce)
  • Public API access
  • Less sensitive workloads

SD-WAN direct internet breakout allows branch offices to send cloud-bound traffic directly to the internet rather than backhauling it through headquarters — improving performance and reducing WAN costs.

Cloud Storage Models

TypeDescriptionExample
Object storageStores unstructured data as objects with metadataAWS S3, Azure Blob
Block storageRaw storage volumes attached to VMsAWS EBS, Azure Disk
File storageShared file system accessible over NFS/SMBAWS EFS, Azure Files

Virtualization Concepts

Cloud computing is built on virtualization. Key terms for the exam:

  • Hypervisor — software that creates and manages virtual machines
    • Type 1 (bare-metal): runs directly on hardware — VMware ESXi, Microsoft Hyper-V, KVM
    • Type 2 (hosted): runs on top of an OS — VirtualBox, VMware Workstation
  • VM (Virtual Machine) — a complete software emulation of a physical computer
  • Container — lightweight, isolated application environment sharing the host OS kernel (Docker, Kubernetes)
  • VDI (Virtual Desktop Infrastructure) — virtual desktops delivered to end users

Quick Reference Cheat Sheet

ConceptKey PointExam Keyword
IaaSYou manage OS upEC2, Azure VMs
PaaSYou manage app + dataApp Engine, Elastic Beanstalk
SaaSProvider manages everythingMicrosoft 365, Salesforce
Public cloudMulti-tenant, internet-accessibleAWS, Azure, GCP
Private cloudSingle-tenant, dedicatedOn-prem VMware, Azure Stack
Hybrid cloudPublic + private connectedCloud bursting
Community cloudShared by specific groupGov, healthcare
VPNEncrypted tunnel over internetSite-to-site, remote access
SD-WANSoftware-defined, multi-link WANDynamic path selection
MPLSPrivate label-switched WANLER, LSR, LSP
Direct ConnectDedicated private circuit to cloudExpressRoute, Direct Connect
Type 1 hypervisorRuns on bare metalESXi, Hyper-V
Type 2 hypervisorRuns on top of OSVirtualBox, Workstation

Practice Questions

Click each question to reveal the answer:

1. A developer wants to deploy an application to the cloud without managing the underlying OS or infrastructure. Which service model should they use?
PaaS — Platform as a Service. The provider manages everything below the application layer. The developer only needs to deploy their code and manage their data.
2. A company stores all customer data on-premises in a private cloud but uses AWS for burst computing during peak periods. What deployment model is this?
Hybrid cloud. Hybrid combines private and public cloud environments — sensitive workloads stay on-prem while scalable/burst workloads move to the public cloud.
3. What technology dynamically routes traffic across multiple WAN links (MPLS, broadband, LTE) based on application performance requirements?
SD-WAN — Software-Defined Wide Area Network. SD-WAN uses a centralized controller to apply application-aware routing policies across multiple link types in real time.
4. Which cloud connectivity option provides a dedicated private circuit to a cloud provider, bypassing the public internet?
AWS Direct Connect / Azure ExpressRoute. These dedicated circuits offer consistent bandwidth, lower latency, and better security than an internet-based VPN — at a higher cost.
5. A Type 1 hypervisor differs from a Type 2 hypervisor in what way?
Type 1 (bare-metal) runs directly on the physical hardware — examples: VMware ESXi, Microsoft Hyper-V. Type 2 (hosted) runs on top of an existing OS — examples: VirtualBox, VMware Workstation. Type 1 is faster and used in production; Type 2 is common for labs and testing.
6. Which cloud service model gives the customer the most control over their environment?
IaaS — Infrastructure as a Service. The customer manages everything from the OS up. More control comes with more responsibility — you handle patching, security, and middleware.
7. A government agency shares cloud infrastructure with other agencies that have the same compliance requirements. What deployment model is this?
Community cloud. Infrastructure is shared among organizations with common goals, regulatory requirements, or security concerns — such as FedRAMP for government or HIPAA for healthcare.
8. What is the primary advantage of SD-WAN over traditional MPLS-only WAN?
Cost and flexibility. SD-WAN uses multiple link types (MPLS + broadband + LTE) with software-defined routing policies, dramatically reducing WAN costs while maintaining application performance through dynamic path selection and QoS.

What’s Next?

You’ve now covered the first three objectives of the Network+ exam:

Keep the momentum going — subscribe to the it-learn YouTube channel for the full video series. Good luck on the exam! 💪