Introduction
Every application you have ever used — from Gmail to Netflix, from a mobile banking app to a video game — runs on infrastructure. Yet most developers and even many engineers have only a vague understanding of what that word truly means.
Infrastructure is not just “servers.” It is the entire stack of physical and virtual resources that makes software run, communicate, persist data, and stay secure. Understanding infrastructure is the foundation for everything that follows in this series: cloud computing, Terraform, AWS, Azure, GCP, and platform engineering.
The Big Mental Model
Before we dive into any specific technology, we need a mental model. Think of infrastructure as a layered stack where each layer abstracts away the complexity of the layer below it:
flowchart TD
A[Physical Hardware] --> B[Virtualization]
B --> C[Cloud Infrastructure]
C --> D[Containers]
D --> E[Platforms]
E --> F[Applications]
Each layer builds upon the one below it. A developer writing a Python web application interacts with the Platforms layer (e.g., Heroku, AWS Elastic Beanstalk). But underneath that platform sits containers, which sit on cloud infrastructure, which sits on virtual machines, which ultimately run on physical hardware in a data centre somewhere.
Infrastructure Layers
Let us walk through each layer from the bottom up. Understanding this stack is crucial because every cloud service maps to one or more of these layers.
Layer 1: Physical Hardware
At the very bottom of every infrastructure stack is physical hardware — real machines sitting in real data centres consuming real electricity.
Inside a Modern Data Centre
A single AWS Availability Zone contains thousands of servers organised into racks. Each rack holds 40–80 servers. Each server has CPUs, RAM, SSDs, and network interface cards (NICs). The entire facility requires redundant power supplies, cooling systems, and physical security.
When you launch an EC2 instance, you are allocated a slice of one of these physical machines. The cloud provider handles all the complexity of physical maintenance, cooling, power, and replacement of failed hardware.
Physical hardware includes:
- Servers — rack-mounted machines with CPUs, RAM, storage
- Network equipment — switches, routers, firewalls, load balancers
- Storage arrays — SAN/NAS systems for persistent data
- Power & cooling — UPS systems, generators, HVAC
Layer 2: Virtualization
Virtualization is the technology that allows a single physical server to run multiple isolated virtual machines. This was the first major revolution in infrastructure — it decoupled software from hardware.
A hypervisor (like VMware ESXi, KVM, or Hyper-V) sits between the hardware and the guest operating systems, creating the illusion that each VM has its own dedicated hardware.
flowchart TD
HW[Physical Hardware
CPU, RAM, Disk, NIC] --> HV[Hypervisor
VMware ESXi / KVM / Hyper-V]
HV --> VM1[VM 1
Guest OS + App]
HV --> VM2[VM 2
Guest OS + App]
HV --> VM3[VM 3
Guest OS + App]
Layer 3: Cloud Infrastructure
Cloud infrastructure takes virtualization and adds APIs, automation, and self-service. Instead of calling a system administrator to provision a VM, you make an API call and a new virtual machine appears in seconds.
This is the defining characteristic of cloud computing: on-demand, API-driven infrastructure provisioning.
# Create a virtual machine with a single AWS CLI command
aws ec2 run-instances \
--image-id ami-0abcdef1234567890 \
--instance-type t3.medium \
--key-name my-key-pair \
--subnet-id subnet-0123456789abcdef0 \
--security-group-ids sg-0123456789abcdef0 \
--tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=WebServer}]'
The major cloud providers (AWS, Azure, GCP) each offer this same fundamental capability: turning infrastructure into API calls.
Layer 4: Containers
Containers (Docker, Podman) package an application with all its dependencies into a lightweight, portable unit. Unlike VMs, containers share the host OS kernel, making them much faster to start and more resource-efficient.
# Run an nginx web server in a container
docker run -d \
--name web-server \
-p 80:80 \
nginx:latest
# Verify it's running
docker ps
Containers sit on top of cloud infrastructure. Services like AWS ECS, Azure Container Instances, and Google Cloud Run orchestrate containers at scale.
Layer 5: Platforms
Platforms abstract away the infrastructure entirely. A developer pushes code, and the platform handles provisioning servers, scaling, networking, and deployment. Examples include:
- Heroku — push code, get a running application
- AWS Elastic Beanstalk — managed application hosting
- Vercel / Netlify — frontend deployment platforms
- Kubernetes — container orchestration platform
Layer 6: Applications
At the top of the stack sit the applications themselves — the code that delivers business value to end users. Everything below exists to serve this layer.
Core Infrastructure Domains
Regardless of which layer you are working at, infrastructure splits into six fundamental domains. Every cloud service, every Terraform resource, every infrastructure decision maps to one or more of these:
mindmap
root((Infrastructure))
Compute
CPUs
Memory
Processing
Networking
Routing
DNS
Load Balancing
Storage
Block
Object
File
Identity
Authentication
Authorization
Federation
Security
Encryption
Firewalls
Compliance
Observability
Metrics
Logs
Traces
Domain 1: Compute
Compute is the ability to execute code. It is the most fundamental infrastructure resource — without compute, nothing runs.
| Compute Model | Example | Use Case | Startup Time |
|---|---|---|---|
| Bare Metal | Dedicated server | High-performance databases | Hours/Days |
| Virtual Machine | AWS EC2, Azure VM | General-purpose workloads | Minutes |
| Container | Docker, ECS, AKS | Microservices | Seconds |
| Serverless | AWS Lambda, Azure Functions | Event-driven workloads | Milliseconds |
Notice the trend: as we move up the abstraction stack, startup time decreases dramatically. This is the power of each successive layer.
Domain 2: Networking
Networking enables communication between infrastructure components. In cloud environments, networking is software-defined — you create virtual networks, subnets, and routing rules through code.
Key networking concepts:
- Virtual Private Cloud (VPC) — isolated network within a cloud provider
- Subnets — segmented network ranges (public vs. private)
- Load Balancers — distribute traffic across multiple servers
- DNS — translate domain names to IP addresses
- Firewalls/Security Groups — control traffic flow
Domain 3: Storage
Storage persists data beyond the lifecycle of a single compute instance. Three fundamental types exist:
| Storage Type | Analogy | Cloud Example | Best For |
|---|---|---|---|
| Block Storage | Hard drive attached to a computer | AWS EBS, Azure Managed Disks | Databases, OS volumes |
| Object Storage | Infinite filing cabinet | AWS S3, Azure Blob Storage | Images, videos, backups |
| File Storage | Shared network drive | AWS EFS, Azure Files | Shared application data |
Domain 4: Identity
Identity answers the question: “Who are you, and what are you allowed to do?” In infrastructure, identity applies to both humans and machines (services, applications, automation tools).
- Authentication — proving identity (passwords, certificates, tokens)
- Authorization — defining permissions (policies, roles, ACLs)
- Federation — trusting external identity providers (SSO, SAML, OIDC)
Domain 5: Security
Security protects infrastructure from unauthorized access, data breaches, and attacks. It spans all other domains:
- Network security — firewalls, segmentation, encryption in transit
- Data security — encryption at rest, key management
- Compute security — patching, hardening, vulnerability scanning
- Compliance — meeting regulatory requirements (SOC2, HIPAA, GDPR)
Domain 6: Observability
Observability answers: “What is happening inside my infrastructure right now?” The three pillars:
- Metrics — numerical measurements over time (CPU usage, request latency)
- Logs — timestamped records of events
- Traces — end-to-end request paths through distributed systems
Without observability, infrastructure is a black box. You cannot improve what you cannot measure.
Infrastructure as Software
The Paradigm Shift
The most important transformation in infrastructure over the past two decades is this:
The progression looks like this:
flowchart LR
A[Manual Servers] --> B[Virtual Infrastructure]
B --> C[Cloud Platforms]
C --> D[Programmable Infrastructure]
D --> E[Self-Service Platforms]
API-Driven Infrastructure
In a modern cloud environment, every infrastructure operation is an API call. Creating a server, configuring a network, setting up DNS — all of it is programmable.
# Terraform: Declare desired infrastructure state
# This single file creates a complete web server setup
terraform init
terraform plan # Preview what will be created
terraform apply # Create the infrastructure
terraform destroy # Tear it all down
This is why learning infrastructure in 2026 means learning to write code that creates infrastructure. The rest of this series teaches you exactly how to do that.
Exercises
Map Your Favourite Application
Choose an application you use daily (Gmail, Spotify, a banking app). Draw the infrastructure layers it likely uses, from physical hardware up to the application layer. Consider: Where are the servers? What storage does it use? How does networking work?
Classify Cloud Services
Take the following AWS services and classify each into one or more of the six infrastructure domains: EC2, S3, VPC, IAM, CloudWatch, Route 53, KMS, EBS, Lambda, Security Groups.
Explore Your Local Infrastructure
On your own machine, identify examples of each infrastructure domain. Run these commands to explore:
# Compute: Check CPU information
lscpu | head -20
# Networking: View network interfaces
ip addr show
# Storage: View mounted filesystems
df -h
# Identity: Check current user and groups
id
# Security: View firewall rules (if available)
sudo iptables -L 2>/dev/null || echo "No iptables (try: sudo ufw status)"
# Observability: View system metrics
uptime
free -h
Conclusion & Next Steps
You now have the foundational mental model for understanding infrastructure:
- Six layers from physical hardware to applications
- Six domains that every infrastructure decision maps to
- The paradigm shift from manual configuration to programmable, API-driven infrastructure
This mental model will serve as your compass throughout the rest of this series. Every technology we study — from Terraform to Kubernetes, from AWS VPCs to Azure RBAC — maps back to these layers and domains.
Next in the Series
In Part 2: Evolution of Infrastructure, we trace the historical journey from bare metal servers to serverless and platform engineering — understanding why each transformation happened and what problems it solved.