Contact Us


Azure Marketplace series: My take on three cloud service models for ISVs

In the previous article of this series, "A deep dive into Azure’s billing system", we talked about the billing and listing of your SaaS offer. In fact, in addition to SaaS services, Azure Marketplace has other service models. This article will use the practical experience of NebulaGraph as an example to talk about several ways that are suitable for combining technical products like graph databases with cloud vendors, here I distinguish them as:

  • SaaS Fully managed service
  • Azure Application Self-service provisioning
  • Managed Service

The above-mentioned service types have their corresponding similar service models in all major cloud vendors and are not unique to Azure, so this article is a general discussion of solutions separate from cloud vendor platforms.

SaaS Fully managed service

Fully managed service is the most widely known cloud service model, where the service provider manages the machine and service resources, assumes all operations and maintenance responsibilities, guarantees service stability, and provides customers with an out-of-the-box experience. It has the following advantages.

Provide SaaS services, allowing users to build their own business quickly out of the box without the effort of service operation and maintenance

With a fully managed cloud service model, resources and manpower are allocated in a reasonable manner, making cloud services more advantageous in terms of the overall cost.

  1. Software providers usually pre-purchase resources in bulk and can bargain with the cloud vendor for resources based on the advantage of high volume, and the price of obtaining the same amount of computing resources is usually more affordable than what the average user sees when purchasing.
  2. Cloud service users, considering that they don’t need additional investment in operation and maintenance effort, essentially save their own costs.

Provide a full set of solutions, supporting products are better integrated and easier to use, and make it easier for users to get started. And with the volume of fully managed cloud services, it is often easier to receive comprehensive feedback and develop a more universal solution.

With the above advantages, users of fully managed SaaS services generally only need to think about:

  1. Whether they trust the software vendor enough to be willing to leave the machine and service resources to the vendor to manage their DevOps.
  2. Weighing this against their own situation, they conclude that using cloud services is a more cost-effective solution.

Azure application self-service provisioning

Compared to fully managed SaaS services, self-service provisioning is actually similar to the traditional On-Premise model, except that it uses machine resources on the cloud and is more closely integrated with the cloud vendor. The software vendor can quickly help users automatically request machine resources to create standalone services on the cloud by defining deployment templates for the services and the corresponding execution scripts. This service model has the following benefits.

  1. Compared with the traditional On-Premise model, the self-service provisioning model is better integrated, integrating the steps of machine resource preparation, service deployment and network allocation, saving the installation and deployment time of users or delivery implementers and standardizing the delivery process. And it is closely integrated with the cloud vendor, relying on the cloud vendor platform commonality function to facilitate daily resource control and observation.
  2. Compared to the fully managed SaaS model, the self-service provisioning model often uses the BYOL (Bring your own license) model of payment. Users pay the cloud vendor for the resources used to run the service, and then buy a software license from the software provider to activate the service. The overall fee is generally higher than fully managed, but the advantage is that the data and machine resources are controlled by the user, which is suitable for customers who have extremely high requirements for data security and do not allow data to be stored in a third party.

Since the machine and data resources exist under the user's private cloud VPC, when the service is deployed, the operation and maintenance of the subsequent service need to be borne by the user. Even if vendors can be invited to provide operation and maintenance by purchasing consulting services, they cannot respond as quickly as fully-managed services.

Managed service

The managed service model is a compromise between a fully managed cloud service and a self-service model, based on a hypothetical scenario: let the machine and data services remain in the user's VPC, and the machine and service operations and maintenance responsibilities to the software vendor. The integrity of cloud vendors’ intermediate operations and maintenance is either guaranteed by audit logs provided by them or by third-party security assessment agencies.

Here is how the managed service model is realized in Azure:

  • The deployment of services is similar to the self-service model, where the software vendor defines the deployment templates and corresponding scripts for the services, enabling the user to complete one-click deployment of the generated services.
  • The subscriber authorizes their VPC rights to the software vendor either temporarily or permanently through the authorization capabilities provided by the cloud vendor, so that the software vendor can intervene to perform DevOps operations.
  • Currently Azure requires the user to take the initiative to submit a work order to the software vendor on the cloud vendor platform to request DevOps. The prerequisite requirement here is that the user is required to identify the problem, and then the software vendor is required to resolve it.
  • Since the authorized and operated machine resources come from the cloud vendor platform, Azure is currently providing audit logs specific to the resource level to facilitate users to review the actions done by the software vendor on their machines when needed, but service level auditing is not yet available.

From a personal point of view, the current form of Managed Service provided by Azure is still quite a distance from the ideal state of managed service model.

  • Cloud vendors need to provide better control and oversight roles, and provide a more fine-grained level of service audit logging capabilities.
  • The discovery of DevOps issues should ideally not depend on the user, which would be similar to the SaaS fully managed experience, so that the user does not need to care about DevOps and does not need to have knowledge about it.


This is part of NebulaGraph's past experience in exploring cloud-based graph database services. If we compare the three service models, from my personal point of view, the fully managed cloud service model is undoubtedly the best choice for the future as people's usage habits change and the corresponding infrastructure is improved. We have recently released our SaaS fully managed offering of NebulaGraph on the Azure Marketplace and you are welcome to try it out.

In addition, for users who need to keep their data in their own hands, our Manage Service on Azure is also under development, please stay tuned.

About the author

Jerry Liang is a technical lead at NebulaGraph’s Cloud division. He and his team are behind a series of NebulaGraph’s visualization tools such as Nebula Dashboard, Nebula Explorer, and Nebula Studio.