Cloud computing is the on-demand delivery of IT resources over the Internet with pay-as-you-go pricing, fundamentally changing how organizations access and manage technology infrastructure. Rather than investing in and maintaining physical data centers, organizations can provision compute, storage, databases, networking, and other services instantly from cloud providers like AWS, Microsoft Azure, and Google Cloud Platform. The key mental model: cloud computing shifts IT from a capital expenditure (buying servers) to an operational expenditure (renting capacity), enabling unprecedented agility, scalability, and cost efficiency while letting teams focus on innovation rather than infrastructure management.
15 tables, 108 concepts. Select a concept node to jump to its table row.
Table 1: Service Models
Service models answer a single question: how much of the stack does the provider manage versus you? The classic trio β IaaS, PaaS, SaaS β runs from renting raw virtual machines to consuming finished applications in a browser, with each step handing off more of the underlying layers. The newer "as-a-service" rows extend the same idea to functions, containers, databases, and even AI, so you can outsource exactly the layer that isn't your core problem.
| Model | Example | Description |
|---|---|---|
AWS EC2, Azure Virtual Machines, Google Compute Engine | Provides virtualized computing resources over the internet β you manage OS, runtime, middleware, and applications while the provider manages physical infrastructure, networking, and storage hardware | |
AWS Elastic Beanstalk, Azure App Service, Google App Engine | Offers a complete development and deployment environment in the cloud β handles infrastructure, OS, middleware, and runtime so developers focus solely on code and data | |
Microsoft 365, Salesforce, Google Workspace, Dropbox | Delivers fully managed applications over the internet β users access via browser with zero infrastructure management, automatic updates, and subscription pricing | |
AWS Lambda, Azure Functions, Google Cloud Functions | Enables event-driven code execution without managing servers β pay only for actual compute time in milliseconds, with automatic scaling from zero to thousands of concurrent executions | |
Amazon ECS, Azure Container Instances, Google Kubernetes Engine | Offers container orchestration and management β deploy, scale, and manage containerized applications without managing the underlying infrastructure | |
Amazon RDS, Azure SQL Database, Google Cloud SQL | Provides managed database services with automated backups, patching, and scaling β eliminates database administration overhead while maintaining high availability | |
Firebase, AWS Amplify, Azure Mobile Apps | Delivers ready-to-use backend functionality like authentication, databases, and APIs β primarily for mobile and web applications with minimal backend coding | |
Zerto, Azure Site Recovery, AWS Elastic Disaster Recovery | Provides cloud-based disaster recovery β replicates and hosts physical or virtual servers to provide failover in the event of a natural or man-made disaster | |
Cisco Meraki, Megaport, Cloudflare Magic WAN | Delivers virtualized networking services over the cloud β replaces traditional hardware-centric networking with on-demand, software-defined connectivity | |
Amazon SageMaker, Google Vertex AI, Azure AI Services | Provides managed AI and ML platforms β offers pre-trained models, training infrastructure, and inference APIs without building ML pipelines from scratch |
Table 2: Deployment Models
Where the infrastructure lives and who shares it is a separate decision from which service model you pick. Public cloud means shared, provider-owned infrastructure at maximum scale; private cloud is dedicated to one organization for tighter control; and hybrid and multi-cloud blend approaches to balance cost, compliance, and vendor lock-in. The sovereign and community rows reflect the growing pressure to keep data inside specific legal borders.
| Model | Example | Description |
|---|---|---|
AWS, Microsoft Azure, Google Cloud Platform | Infrastructure owned and operated by third-party cloud providers β resources shared among multiple organizations (multi-tenancy) with internet access, offering maximum scalability and cost efficiency | |
VMware Cloud, OpenStack on-premises, Azure Stack | Dedicated infrastructure used exclusively by one organization β can be hosted on-premises or by a third party, providing greater control, security, and compliance at higher cost | |
AWS Outposts, Azure Arc, Google Anthos | Combines public and private clouds with orchestration between them β allows workloads to move between environments based on computing needs, compliance, or cost optimization | |
Using AWS + Azure + GCP simultaneously | Strategy using multiple cloud providers concurrently β avoids vendor lock-in, leverages best-of-breed services, and provides redundancy, but increases management complexity | |
AWS GovCloud, Azure Government | Shared infrastructure for organizations with common concerns β typically regulatory compliance, security requirements, or industry-specific needs like healthcare or finance | |
T-Systems Sovereign Cloud, Google Distributed Cloud | Infrastructure ensuring data stays within national borders under local jurisdiction β addresses data sovereignty and regulatory requirements increasingly mandated by governments in 2026 |
Table 3: Essential Characteristics (NIST SP 800-145)
These five traits are NIST's official definition of what makes something genuinely "cloud" rather than just hosting β and they show up constantly on certification exams. Together they describe a system you can provision yourself, reach from any device, that pools resources across many tenants, scales elastically with demand, and meters everything so you pay only for what you use.
| Characteristic | Example | Description |
|---|---|---|
Launching a VM via AWS console without calling support | Users can provision resources automatically without human interaction with the service provider β typically through web consoles, APIs, or command-line tools | |
Accessing cloud applications from laptop, phone, tablet | Resources accessible over the network via standard protocols β supports heterogeneous client platforms including mobile phones, tablets, laptops, and workstations | |
Multiple tenants sharing same physical servers | Provider's computing resources serve multiple customers using multi-tenancy β physical and virtual resources dynamically assigned based on demand with location independence | |
Auto-scaling web servers during traffic spike | Resources can be scaled up or down quickly and automatically β often seamlessly to the user, appearing unlimited and available in any quantity at any time | |
Pay-per-GB storage, pay-per-hour compute | Resource usage is monitored, controlled, and reported β provides transparency for both provider and consumer, enabling pay-per-use or charge-per-use business models |
Table 4: Core Benefits
This is the "why bother" list β the concrete payoffs that drive organizations off their own data centers. The headline is the shift from capital expense to operational expense, but the rest of the table is just as important: scalability and elasticity to match capacity to demand, agility to ship faster, and the global reach, reliability, and security you'd struggle to build alone. A handy distinction to hold onto is scalability (the ability to grow) versus elasticity (growing and shrinking automatically).
| Benefit | Example | Description |
|---|---|---|
Trading 100K data center investment for 1K/month cloud bill | Eliminates capital expenses for hardware and data centers β converts to variable operational expenses with pay-only-for-what-you-use pricing and economies of scale | |
Adding 100 servers during holiday shopping season | Ability to increase or decrease resources to handle workloads β can scale vertically (bigger machines) or horizontally (more machines) based on demand | |
Auto-scaling from 2 to 200 instances and back to 2 | Automatic scaling of resources based on current demand β scales both up and down dynamically, ensuring optimal resource utilization and cost efficiency | |
Deploying new environment in minutes vs weeks | Faster time-to-market for new capabilities β provision resources in minutes, experiment rapidly, and iterate quickly without long procurement cycles | |
Deploying application to 30+ geographic regions in minutes | Deploy applications in multiple geographic locations worldwide β reduces latency for end users and enables disaster recovery across continents | |
99.99% uptime SLA with automatic failover | Enhanced availability through multiple redundant sites β providers offer backup, disaster recovery, and data replication across geographically distributed infrastructure | |
Built-in DDoS protection, encryption, compliance certifications | Benefit from provider's massive security investments β includes physical security, network security, encryption, compliance certifications, and continuous monitoring at enterprise scale | |
Access to latest CPUs, GPUs, and high-speed networking | Use cutting-edge hardware without capital investment β providers continually upgrade infrastructure with latest processors, storage, and networking technologies | |
AWS targets 100% renewable energy by 2025, Azure carbon-negative by 2030 | Cloud providers invest heavily in energy-efficient data centers and renewable energy β migrating to cloud can reduce carbon footprint by up to 80% compared to on-premises |
Table 5: Global Infrastructure
Cloud providers organize their physical footprint into a nested geography that you'll deploy into deliberately. Regions are broad geographic areas, availability zones are the isolated data centers inside them that let you survive a single failure, and edge and local zones push compute closer to users for lower latency. Data sovereignty is the legal overlay β the rules dictating which region your data is even allowed to sit in.
| Concept | Example | Description |
|---|---|---|
us-east-1 (N. Virginia), eu-west-1 (Ireland) | A geographic area containing multiple isolated data center clusters β choose regions based on latency, compliance, and data residency requirements | |
us-east-1a, us-east-1b, us-east-1c | Isolated data center(s) within a region β connected via low-latency links, designed so a failure in one AZ does not affect others | |
CloudFront PoP in Tokyo caching static content | CDN endpoint closer to end users β caches content at 400+ points of presence worldwide for lower latency content delivery | |
AWS Local Zone in Los Angeles for low-latency gaming | Extension of a region placed in a metro area β provides single-digit millisecond latency for latency-sensitive applications | |
GDPR requiring EU citizen data stays in EU | Legal requirement that data is subject to laws of the country where it is stored β increasingly important as regulations like GDPR, NIS2, and DORA tighten in 2026 |
Table 6: Computing Resources
These are the actual ways you run code in the cloud, arranged loosely from heaviest to lightest. Virtual machines give you a full OS to control, containers package just your app and its dependencies for faster, denser deployment, and serverless functions strip it down to running code on a trigger with no server to manage. The specialty rows β bare metal, GPU, and spot instances β handle performance-critical, accelerated, or cost-sensitive interruptible workloads.
| Type | Example | Description |
|---|---|---|
aws ec2 run-instances --image-id ami-12345678 | Virtualized servers running complete operating systems β provide full OS control with customizable CPU, memory, and storage configurations | |
Docker containers running on Amazon ECS or Kubernetes | Lightweight virtualization packaging application and dependencies β share OS kernel for faster startup and higher density than VMs | |
def lambda_handler(event, context): return {'statusCode': 200} | Event-triggered code execution without server management β scales automatically from zero, charges only for actual execution time | |
AWS i3.metal, Azure Bare Metal, GCP C3 bare metal | Physical servers without virtualization layer β provides maximum performance for workloads sensitive to virtualization overhead or requiring specific hardware access | |
NVIDIA H100 instances for LLM training | Specialized compute with graphics processing units β accelerates machine learning, scientific computing, graphics rendering, and video encoding workloads | |
Bidding for unused EC2 capacity at 90% discount | Unused capacity at significantly reduced prices β can be interrupted with short notice, ideal for fault-tolerant batch processing and stateless workloads |
Table 7: Storage Services
Cloud storage isn't one thing β the type you choose depends on how your data is accessed. Object storage holds unstructured files like media and backups at near-infinite scale, block storage gives VMs fast low-latency volumes for databases, and file storage offers shared network filesystems multiple machines can mount at once. Archive storage trades retrieval speed for the lowest cost, while ephemeral storage is fast but vanishes when the instance stops.
| Type | Example | Description |
|---|---|---|
Amazon S3, Azure Blob Storage, Google Cloud Storage | Stores data as discrete objects with metadata β highly scalable and durable (99.999999999% durability), accessed via HTTP APIs, ideal for unstructured data like images, videos, and backups | |
Amazon EBS, Azure Managed Disks, GCP Persistent Disk | Provides raw storage volumes attached to VMs β low-latency persistent storage for databases and applications requiring direct block-level access | |
Amazon EFS, Azure Files, Google Filestore | Offers network-attached file systems β supports concurrent access from multiple instances using standard file protocols like NFS or SMB | |
Amazon S3 Glacier, Azure Archive Storage | Long-term cold storage at lowest cost β optimized for data accessed rarely, with retrieval times from minutes to hours | |
EC2 instance store volumes | Temporary storage physically attached to host β high performance but data lost when instance stops, suitable for temporary caches and buffers |
Table 8: Networking Concepts
The VPC is the foundation of cloud networking β your own isolated, software-defined network where you control IP ranges, subnets, and routing. The rest of the table builds outward from there: subnets segment it into public and private zones, load balancers and CDNs distribute traffic, and gateways and connectivity options (VPN, Direct Connect, Transit Gateway, Private Link) govern how traffic flows in, out, and between networks securely.
| Concept | Example | Description |
|---|---|---|
Isolated network: 10.0.0.0/16 with private subnets | Logically isolated network within cloud provider β provides complete control over IP addressing, subnets, routing tables, and network gateways | |
Public subnet: 10.0.1.0/24, Private: 10.0.2.0/24 | Segment of VPC's IP address range β resources in public subnets have internet access while private subnets remain isolated | |
Distributing traffic across 10 web servers | Distributes incoming traffic across multiple targets β improves availability and fault tolerance by routing around unhealthy instances | |
CloudFront caching static assets at 400+ edge locations | Globally distributed cache servers β serve content closer to end users, reducing latency and bandwidth costs for static and dynamic content | |
Route 53 resolving example.com to load balancer IP | Domain Name System management β translates domain names to IP addresses with routing policies for failover, geolocation, and latency-based routing | |
Encrypted tunnel between on-premises and cloud VPC | Secure encrypted connection over public internet β connects on-premises networks to cloud resources with IPsec encryption | |
Dedicated 10 Gbps fiber connection to AWS | Private dedicated network connection β bypasses internet for more reliable, lower-latency, and higher-throughput access to cloud resources | |
Private instances accessing internet for software updates | Enables instances in private subnets to reach the internet β outbound-only connectivity that prevents unsolicited inbound connections | |
Connecting 50 VPCs and on-premises networks through a hub | Central hub that connects multiple VPCs and on-premises networks β simplifies network architecture by replacing complex peering relationships | |
Accessing S3 from VPC without traversing public internet | Private connectivity to cloud services β keeps traffic within provider's network without exposure to the public internet |
Table 9: Database Services
There's no universal database, so the cloud offers a managed engine for every data shape. Relational databases handle structured, transactional data with ACID guarantees; NoSQL trades that rigidity for flexible schemas and horizontal scale; and in-memory stores deliver microsecond latency for caching. The specialized rows β data warehouses, time-series, graph, and lakehouse β exist because analytics, sensor streams, relationship data, and mixed structured/unstructured workloads each query very differently.
| Type | Example | Description |
|---|---|---|
Amazon RDS (MySQL, PostgreSQL), Azure SQL Database | SQL databases managed by provider β automated backups, patching, scaling, and high availability for ACID-compliant transactional workloads | |
DynamoDB, Azure Cosmos DB, MongoDB Atlas | Non-relational databases for flexible schemas β supports key-value, document, column-family, and graph models with horizontal scaling | |
Redis, Memcached on Amazon ElastiCache | RAM-based databases for microsecond latency β ideal for caching, session management, real-time analytics, and leaderboards | |
Amazon Redshift, Azure Synapse Analytics, Google BigQuery | Columnar storage optimized for analytics β handles petabyte-scale data with fast query performance for business intelligence and reporting | |
Amazon Timestream, Azure Data Explorer | Specialized for timestamped data β efficiently stores and queries IoT sensor data, metrics, and events with time-based aggregations | |
Amazon Neptune, Azure Cosmos DB (Gremlin API) | Optimized for relationships between data β uses nodes, edges, and properties for social networks, recommendation engines, and fraud detection | |
AWS Lake Formation, Databricks Lakehouse, Azure Data Lake | Centralized repository storing structured and unstructured data at any scale β lakehouse architecture combines data lake flexibility with warehouse performance for both analytics and ML |
Table 10: Pricing Models
How you pay for the same resource can swing the bill dramatically. On-demand is the flexible default with zero commitment, while reserved instances and savings plans trade a one-to-three-year commitment for discounts of up to 72%. Spot pricing offers the deepest cuts on spare capacity that can be reclaimed at any moment, and the free tier and data transfer rows are the two that catch newcomers out β one for what's free, the other for the egress charges that quietly add up.
| Model | Example | Description |
|---|---|---|
0.10/hour for compute, 0.023/GB-month for storage | Pay only for resources actually consumed β no upfront costs or long-term commitments, billed by second, hour, or GB with usage-based pricing | |
1-year commitment for 40% discount, 3-year for 72% | Commit to usage for discounted rates β pay upfront or monthly for 1β3 year terms, saving up to 72% over on-demand pricing | |
Commit to $10/hour for 72% discount vs on-demand | Flexible pricing model β commit to consistent usage measured in $/hour for 1β3 years, applies automatically across eligible compute services | |
Bidding for unused capacity at up to 90% discount | Purchase spare capacity at deep discounts β prices fluctuate based on supply and demand, instances can be interrupted with 2-minute notice | |
750 hours/month EC2 t2.micro, 5 GB S3 storage | Limited free usage for new accounts β typically 12 months of certain services plus always-free offerings to experiment and learn | |
Free inbound, $0.09/GB outbound to internet | Charges for data movement β inbound typically free, outbound to internet charged per GB, inter-region transfer also incurs costs |
Table 11: Security and Compliance
Security in the cloud starts with the shared responsibility model β understanding the line between what the provider secures and what stays on you is the single most important concept here. The remaining rows are the controls you own on your side of that line: IAM for who can access what, encryption at rest and in transit for protecting data, MFA and zero trust for verifying identity, and security groups, KMS, and WAF for guarding traffic, keys, and applications.
| Concept | Example | Description |
|---|---|---|
Provider secures infrastructure; customer secures data and config | Defines who is responsible for what β provider manages security of the cloud (physical, network, hypervisor), customer manages security in the cloud (data, IAM, encryption, app config) | |
Creating user with read-only S3 access policy | Controls who can access what β manages authentication and authorization with users, groups, roles, and fine-grained permissions using least-privilege principle | |
S3 bucket with AES-256 server-side encryption | Data encrypted while stored on disk β uses provider-managed or customer-managed keys to protect data from unauthorized physical access | |
TLS 1.3 for HTTPS connections to cloud services | Data encrypted during transmission β uses SSL/TLS protocols to protect data moving between clients and cloud services or between cloud services | |
Requiring password + authenticator app token | Additional authentication factor beyond password β requires something you know (password) and something you have (device) for critical operations | |
Allow port 443 from 0.0.0.0/0Allow port 22 from 10.0.0.0/8 | Virtual firewalls controlling inbound and outbound traffic β stateful rules applied at instance level based on protocol, port, and source/destination | |
Verifying every request regardless of network location | "Never trust, always verify" security model β requires strict identity verification for every user and device, even inside the network perimeter | |
Creating and rotating encryption keys automatically | Centralized encryption key management β create, rotate, and control cryptographic keys used to encrypt data with audit logging | |
Blocking SQL injection and XSS attacks | Application-layer protection β filters malicious traffic based on rules for common web exploits before reaching applications | |
SOC 2, ISO 27001, HIPAA, PCI DSS, GDPR | Third-party validated compliance β providers maintain certifications for industry standards and regulations, simplifying customer compliance |
Table 12: Migration Strategies (The 7 Rs)
When moving existing workloads to the cloud, the "7 Rs" are the standard menu of approaches, ranging from minimal change to total reinvention. Rehosting is the fast lift-and-shift that changes nothing, replatforming makes small cloud optimizations along the way, and refactoring fully re-architects for cloud-native benefits. The rest cover the choices to repurchase a SaaS alternative, relocate at the hypervisor level, retire what's no longer needed, or simply retain it on-premises for now.
| Strategy | Example | Description |
|---|---|---|
Moving VM from VMware to AWS EC2 unchanged | Migrate without modifications β move applications as-is to cloud infrastructure, fastest approach but doesn't leverage cloud-native features | |
Migrating database from self-managed MySQL to Amazon RDS | Minor optimizations during migration β make targeted cloud optimizations without changing core architecture, like switching to managed services | |
Redesigning monolith as microservices with containers | Redesign for cloud-native β completely rearchitect applications to leverage cloud features like auto-scaling, serverless, and managed services | |
Replacing on-premises CRM with Salesforce SaaS | Switch to different product β typically moving from traditional software to SaaS, abandoning existing application for cloud-native alternative | |
VMware Cloud on AWS moving entire vSphere environment | Move at infrastructure level β migrate existing VMs to cloud without purchasing new hardware, using hypervisor-level compatibility | |
Decommissioning unused legacy application | Eliminate unnecessary systems β identify and turn off applications no longer needed, reducing migration scope and costs | |
Keeping mainframe system on-premises for now | Keep in current environment β defer migration for applications not ready for cloud or requiring specialized on-premises infrastructure |
Table 13: Management and Monitoring
Once workloads are live, these practices keep them healthy, affordable, and under control. Infrastructure as code makes deployments repeatable and auditable, monitoring and observability tell you what's actually happening, and auto scaling adjusts capacity to demand. Rounding it out are the disciplines that keep an estate sane at scale β backup and DR for continuity, FinOps for spend, tagging for organization, landing zones for governance, and SLAs for the uptime you're promised.
| Concept | Example | Description |
|---|---|---|
Terraform, AWS CloudFormation, Pulumi, OpenTofu | Define infrastructure in code β version-controlled templates that provision and manage resources consistently, enabling repeatable and auditable deployments | |
CloudWatch, Datadog, Grafana tracking CPU and latency | Collect and correlate metrics, logs, and traces β monitors resource utilization, application performance, and operational health with dashboards and alerting | |
Scale from 2 to 10 instances when CPU > 70% | Automatic capacity adjustment β adds or removes resources based on demand using policies (target tracking, step, scheduled), ensuring performance while controlling costs | |
Automated daily snapshots with 30-day retention | Automated data protection β scheduled backups, point-in-time recovery, and cross-region replication for business continuity | |
Budget alerts when spending exceeds $1,000/month | Track and optimize cloud spending β provides cost visibility, budgets, forecasting, rightsizing recommendations, and anomaly detection to reduce waste | |
Environment: Production, Team: Engineering | Metadata labels for resources β enables organization, cost allocation, access control, and automation based on tag key-value pairs | |
AWS Control Tower setting up multi-account environment | Pre-configured multi-account environment with guardrails β establishes security baselines, network architecture, and governance policies for cloud adoption at scale | |
EC2 SLA: 99.99% monthly uptime (~4.3 min downtime/month) | Contractual uptime guarantees from provider β defines availability targets (e.g., three nines = 99.9%, four nines = 99.99%) and credits for breaches |
Table 14: Development and DevOps
These are the building blocks of modern cloud-native applications and the pipelines that ship them. CI/CD automates build-test-deploy, container orchestration manages fleets of containers, and API gateways expose and protect your services. Message queues and event streaming decouple components for resilience, while artifact registries, secrets management, and service mesh handle storing builds, guarding credentials, and securing service-to-service traffic.
| Concept | Example | Description |
|---|---|---|
GitHub Actions, GitLab CI, AWS CodePipeline, Azure DevOps | Automated build, test, and deployment β continuous integration and delivery workflows that validate and deploy code changes automatically | |
Kubernetes managing 100 containerized microservices | Automated container lifecycle management β handles scheduling, scaling, networking, load balancing, and self-healing for containerized applications | |
Exposing Lambda functions as REST/HTTP APIs | Managed API creation and management β create, publish, and secure APIs at scale with authentication, throttling, rate limiting, and monitoring | |
Amazon SQS, Azure Service Bus, Google Pub/Sub | Asynchronous message passing β decouples components using queues for reliable message delivery between distributed systems | |
Amazon MSK (Kafka), Amazon Kinesis, Azure Event Hubs | Real-time data streaming β processes high-throughput event streams for analytics, log aggregation, and event-driven architectures | |
Amazon ECR, Azure Container Registry, Google Artifact Registry | Store and manage build artifacts β private registries for container images, packages, and dependencies with vulnerability scanning | |
Storing database credentials with automatic rotation | Centralized secrets storage β securely stores and rotates credentials, API keys, and certificates with encryption and access control | |
Istio, Linkerd, Consul Connect on Kubernetes | Dedicated infrastructure layer for service-to-service communication β provides traffic management, observability, and security (mTLS) for microservices |
Table 15: Well-Architected Framework Pillars
These six pillars are the lens cloud providers use to evaluate whether a workload is built well, and they make a useful checklist for any architecture review. Each one names a tension worth balancing β operational excellence and reliability for running smoothly and recovering from failure, security for protecting it, performance efficiency and cost optimization for doing more with less, and sustainability for minimizing environmental impact.
| Pillar | Example | Description |
|---|---|---|
Automated runbooks, IaC deployments, incident response plans | Run and monitor systems to deliver business value β focuses on automating operations, responding to events, and continuously improving processes | |
Least-privilege IAM, encryption everywhere, audit logging | Protect information and systems β implement strong identity controls, enable traceability, apply security at all layers, and automate security best practices | |
Multi-AZ deployments, auto-recovery, chaos engineering | Ensure workloads perform correctly and consistently β design for automatic recovery from failure, test disaster procedures, and scale horizontally | |
Right-sizing instances, using serverless, caching layers | Use computing resources efficiently as demand changes β select the right resource types, monitor performance, and evolve with new technologies | |
Reserved instances, spot usage, rightsizing, idle shutdown | Deliver value at the lowest price point β understand spending, select the right pricing models, and eliminate waste through continuous optimization | |
Choosing efficient instance types, reducing idle resources | Minimize environmental impact of cloud workloads β select efficient hardware, right-size resources, and use managed services to share infrastructure |