Nitro

Deep dive

Published: Dec 4, 2019 by martoc

It based on cards, there are four different card types depending of the functionality.

Nitro Cards

Nitro Card for VPC

  • ENA Controller: it’s an abstraction for different network drivers.

  • VPC data plane: the card implement security groups, limiters, routing and encapsulation.

Nitro Card for EBS

  • NVMe Controller: interface with the OS.

  • EBS data plane: encryption, NVM to remote storage protocol.

Nitro Card for Instance Storage

  • NVMe controller: interface with the OS.

  • Instance Storage data plane: transparent encryption, limiters, drive monitoring.

Nitro Card Controller

  • System Control: provides passive API endpoint, coordinates all the other cards, Nitro Hypervisor and security chip.

  • Hardware root of trust: provides measurement and attestation.

Nitro Security Chip

It’s a microcontroller that provides security to the bare metal instance. therefore customer instances cannot update the flash code that lives in the motherboard.

Nitro Hypervisor

It’s based on KVM hypervisor but with a minimum number of features, the hypervisor runs only when the instance requires it.

Share

Latest Posts

AWS KMS Key Replication
AWS KMS Key Replication

When architecting cloud-based solutions, one key principle I follow is to isolate resources within their respective regions and avoid sharing or replicating them across regions. This approach consistently provides a more secure and compliant framework for business continuity. Recently, AWS has introduced replication capabilities for various resources. In this post, I will delve into AWS Key Management Service (KMS) and assess whether adopting replication for KMS keys offers tangible benefits.

Read more

Published: Jun 13, 2024

AWS VPN Client
AWS VPN Client

Amazon Web Services (AWS) offers a VPN Client that is particularly advantageous for organizations seeking scalable and secure connectivity solutions compared to traditional VPN services like NordVPN. This distinction is largely due to the inherent flexibility and elasticity of cloud-based services provided by AWS, tailored to meet the dynamic requirements of modern businesses.

Read more

Published: Apr 13, 2024

Analysis of Github Actions
Analysis of Github Actions

The examination of GitHub Actions involves a comprehensive evaluation of its functionalities, features, and overall effectiveness. GitHub Actions is a powerful tool for automating workflows within the GitHub platform, enabling seamless integration and continuous delivery processes. It facilitates the automation of tasks such as code compilation, testing, and deployment, contributing to an efficient and streamlined development pipeline.

Read more