To verify a system we need to describe two things: the set of facts we want to verify, and the relevant aspects of the system that are needed to verify those facts. We investigate the types of facts we may want to prove about distributed systems in the next chapter. Here, we start with a gentle introduction to the art of describing distributed systems behavior at a relatively high level of abstraction, so that an automated verification of salient system facts becomes possible. We call such descriptions verification models.