SkarpSkarp

Chapter 3 of 20

Cloud Deployment Models: Public, Private, and Hybrid Cloud

Walk through the real-world scenarios that drive organizations to choose public, private, or hybrid cloud, and see how each model shapes architecture, security, and operations.

27 min readen

Module Overview and Why Deployment Models Matter

From Cloud Basics to Deployment Models

You know that cloud computing delivers services over the internet. Now we focus on where those services run and who controls the infrastructure.

Canonical Deployment Models

For AZ-900 you must know the canonical cloud deployment models, in order: 1) public cloud, 2) private cloud, 3) hybrid cloud.

What You Will Learn

You will learn the exact definitions, see real-world scenarios, understand architecture and security impacts, and practice with quizzes and flashcards.

Exam Context

This topic sits mainly in Cloud Concepts (28%) and links to Azure Architecture and Services (38%) when you apply it to real Azure environments.

The Canonical Deployment Models and How to Memorize Them

Canonical List in Order

The three cloud deployment models, in order, are: 1) public cloud, 2) private cloud, 3) hybrid cloud. This order is exam-critical.

Public Cloud Definition

A public cloud is a cloud deployment model in which a cloud provider owns and operates the infrastructure and delivers computing resources over the public internet to multiple tenants.

Private Cloud Definition

A private cloud is a cloud deployment model in which cloud resources are used exclusively by a single organization, either hosted on-premises or by a third-party provider.

Hybrid Cloud Definition

A hybrid cloud is a computing environment that combines public and private clouds, allowing data and applications to be shared between them.

Key Phrases to Notice

Notice: public → multiple tenants; private → exclusively by a single organization; hybrid → combines public and private clouds with shared data and apps.

Public Cloud in Practice (with Azure Examples)

Public Cloud Reminder

Public cloud: the provider owns and operates infrastructure and delivers computing resources over the public internet to multiple tenants.

Azure as Public Cloud

In Azure, Microsoft owns datacenters and regions. Customers rent Azure resources through subscriptions, sharing infrastructure but staying logically isolated.

Apartment Building Analogy

Think of Azure like an apartment building: Microsoft is the owner; each customer is a tenant with separate, locked apartments but shared utilities.

Typical Public Cloud Uses

Common uses: startups launching apps, dev/test environments, and global services that need quick scaling and worldwide reach.

Exam-Focused Benefits

Key cues for public cloud on AZ-900: no hardware ownership, fast provisioning, pay-as-you-go, and global scalability.

Private Cloud in Practice (On-Prem and Hosted)

Private Cloud Reminder

Private cloud: cloud resources are used exclusively by a single organization, either hosted on-premises or by a third-party provider.

Single-Organization Focus

Only one organization uses the private cloud. It can live in your own datacenter or be hosted, but no other customers share it.

Office Building Analogy

Think of a single-tenant office building: your company occupies the entire building, possibly managed by someone else, but used only by you.

Private Cloud vs Plain On-Prem

Private cloud uses on-prem or dedicated hardware with cloud-like features: virtualization, self-service, elasticity, and automation for one organization.

When Private Cloud Fits

Look for cues like exclusive use, strict regulation, data residency, or big existing datacenter investments that must stay in-house.

Hybrid Cloud: Bridging Public and Private

Hybrid Cloud Reminder

Hybrid cloud: a computing environment that combines public and private clouds, allowing data and applications to be shared between them.

Two Worlds Connected

Hybrid means you use a public cloud like Azure plus a private cloud or on-premises datacenter, with connectivity between them.

Skybridge Analogy

Imagine two buildings with a secure skybridge: one is your datacenter, the other is Azure. The skybridge is your VPN or ExpressRoute link.

Common Hybrid Scenarios

Typical uses: gradual migrations, cloud bursting for peak loads, or keeping sensitive data on-prem while using Azure for compute.

Exam Clues for Hybrid

Exam phrases like “use both on-premises and cloud” or “keep some data on-prem but scale in the cloud” usually signal hybrid cloud.

Scenario Walkthroughs: Matching Business Needs to Deployment Models

Scenario 1: Mobile Game Startup

No datacenter, low budget, global scale needed. Best fit: public cloud, using Azure services without buying hardware.

Scenario 2: Tax Authority

Strict legal control and data residency requirements. Best fit: private cloud with exclusive use by one agency.

Scenario 3: Retail Mainframe

Legacy mainframe stays on-prem while new apps run in Azure and connect back. Best fit: hybrid cloud.

Scenario 4: Seasonal Bursting

Core workloads stay in the company datacenter; peaks go to Azure for extra capacity. Best fit: hybrid cloud.

Pattern Recognition

Think: no hardware and rapid scale → public; exclusive and regulated → private; mix of on-prem and cloud → hybrid.

How Deployment Models Shape Architecture, Security, and Operations

Architecture Differences

Public: design around Azure regions and services. Private: constrained by your datacenter. Hybrid: must handle connectivity and data flow between both.

Shared Responsibility Model

The shared responsibility model defines how security and compliance duties are divided between the cloud provider and the customer.

Security by Model

Public: provider handles physical; you handle identities and data. Private: you own almost all security. Hybrid: you secure both and the link.

Operational Impacts

Public: use Azure tools for automation and monitoring. Private: also manage hardware and facilities. Hybrid: coordinate operations across both.

Exam Clues

If a scenario stresses who secures what or mentions VPN/ExpressRoute and latency, it is really asking about the deployment model choice.

Thought Exercise: Classify Your Own or a Hypothetical Organization

Apply what you have learned to a real or hypothetical organization. Take 3–5 minutes to think this through.

Step 1: Pick an organization

  • It can be your university, a part-time employer, a non-profit, or a fictional company (for example, “CityBike Rentals”).

Step 2: List 3 workloads

Examples:

  • Student portal or HR system
  • Public website
  • Internal finance or payroll app

Step 3: For each workload, answer these questions:

  1. Does this workload handle sensitive or regulated data?
  2. Does it need to scale up and down quickly with demand?
  3. Are there existing on-premises systems it must integrate with?

Step 4: Choose a deployment model per workload

  • If the workload is mostly public-facing, needs global scale, and has no extreme regulatory constraints → lean toward public cloud.
  • If the workload handles highly sensitive data and must stay under tight organizational control → lean toward private cloud.
  • If it must integrate closely with existing on-prem systems or share data across both environments → lean toward hybrid cloud.

Step 5: Justify your choices in one sentence each

For example:

  • “Our public website would use public cloud because we need global reach and do not store sensitive data there.”
  • “Our payroll system would use private cloud because it contains sensitive employee data and must stay under strict control.”

This exercise mirrors the reasoning you will use on AZ-900 scenario questions: identify constraints, then map them to public, private, or hybrid cloud.

Quick Check: Canonical Definitions and Scenarios

Test your recall of the canonical definitions and how to apply them to scenarios.

Which statement is the canonical definition of a public cloud?

  1. A public cloud is a cloud deployment model in which a cloud provider owns and operates the infrastructure and delivers computing resources over the public internet to multiple tenants.
  2. A public cloud is a computing environment that combines public and private clouds, allowing data and applications to be shared between them.
  3. A public cloud is a cloud deployment model in which cloud resources are used exclusively by a single organization, either hosted on-premises or by a third-party provider.
  4. A public cloud is any on-premises datacenter that uses virtualization and automation.
Show Answer

Answer: A) A public cloud is a cloud deployment model in which a cloud provider owns and operates the infrastructure and delivers computing resources over the public internet to multiple tenants.

The canonical definition you must memorize is: "A public cloud is a cloud deployment model in which a cloud provider owns and operates the infrastructure and delivers computing resources over the public internet to multiple tenants." The other options describe hybrid cloud, private cloud, or are incorrect.

Scenario Quiz: Choose the Best Deployment Model

Decide which deployment model best fits the described situation.

A hospital must keep patient records in its own datacenter due to health data regulations, but wants to run a new analytics app in Azure that reads anonymized data copies. Which deployment model is this?

  1. public cloud
  2. private cloud
  3. hybrid cloud
  4. none of the above
Show Answer

Answer: C) hybrid cloud

The hospital keeps sensitive records on-premises (private environment) but also uses Azure public cloud for analytics, sharing data between them. This matches the definition of hybrid cloud: a computing environment that combines public and private clouds, allowing data and applications to be shared between them.

Flashcards: Lock In the Canonical List and Definitions

Use these flashcards to reinforce the exact order and wording of the cloud deployment models.

Cloud deployment models (canonical list, in order)
The three cloud deployment models, in order, are: 1) public cloud, 2) private cloud, 3) hybrid cloud.
Public cloud (canonical definition)
A public cloud is a cloud deployment model in which a cloud provider owns and operates the infrastructure and delivers computing resources over the public internet to multiple tenants.
Private cloud (canonical definition)
A private cloud is a cloud deployment model in which cloud resources are used exclusively by a single organization, either hosted on-premises or by a third-party provider.
Hybrid cloud (canonical definition)
A hybrid cloud is a computing environment that combines public and private clouds, allowing data and applications to be shared between them.
Key exam clue for public cloud
Look for phrases like: provider-owned infrastructure, delivered over the public internet, pay-as-you-go, rapid scaling, and multiple tenants sharing resources.
Key exam clue for private cloud
Look for: exclusive use by a single organization, strict regulatory or data residency requirements, and environments that may be on-premises or hosted but not shared.
Key exam clue for hybrid cloud
Look for: combining on-premises and cloud, keeping some data/apps on-prem while using Azure for others, or sharing data between private and public clouds.

Wrap-Up and How This Connects to the Rest of Your AZ-900 Prep

What You Can Do Now

You should be able to list public, private, and hybrid cloud in order, state their canonical definitions, and match scenarios to each model.

Definitions One More Time

Public, private, and hybrid cloud definitions are exam-critical. Make sure you can say them back, focusing on multiple tenants, exclusive use, and combining clouds.

Exam Domain Connection

This topic supports Cloud Concepts (28%) and leads into Azure Architecture and Services (38%) when you design actual Azure solutions.

Your Next Steps in Skarp

Take the diagnostic for this topic, then use mock exams and the gap guide to reinforce any weak spots around deployment model scenarios.

Key Terms

Azure region
A set of Azure datacenters deployed within a specific geographic area, connected through a dedicated regional low-latency network.
hybrid cloud
A hybrid cloud is a computing environment that combines public and private clouds, allowing data and applications to be shared between them.
public cloud
A public cloud is a cloud deployment model in which a cloud provider owns and operates the infrastructure and delivers computing resources over the public internet to multiple tenants.
private cloud
A private cloud is a cloud deployment model in which cloud resources are used exclusively by a single organization, either hosted on-premises or by a third-party provider.
Azure datacenter
A physical facility that houses Azure servers, networking, and storage hardware that provide cloud services.
Azure subscription
A logical container for Azure resources that defines billing, access control, and limits for the resources used by an organization.
cloud deployment models
The canonical list of cloud deployment models consists of three items, in order: public cloud, private cloud, hybrid cloud.
shared responsibility model
The shared responsibility model is a framework that defines how security and compliance responsibilities are divided between the cloud provider and the customer.

Finished reading?

Test your understanding with a custom practice exam on this chapter.

Test yourself