Nitro

Deep dive

Published: Dec 4, 2019 by martoc

It based on cards, there are four different card types depending of the functionality.

Nitro Cards

Nitro Card for VPC

  • ENA Controller: it’s an abstraction for different network drivers.

  • VPC data plane: the card implement security groups, limiters, routing and encapsulation.

Nitro Card for EBS

  • NVMe Controller: interface with the OS.

  • EBS data plane: encryption, NVM to remote storage protocol.

Nitro Card for Instance Storage

  • NVMe controller: interface with the OS.

  • Instance Storage data plane: transparent encryption, limiters, drive monitoring.

Nitro Card Controller

  • System Control: provides passive API endpoint, coordinates all the other cards, Nitro Hypervisor and security chip.

  • Hardware root of trust: provides measurement and attestation.

Nitro Security Chip

It’s a microcontroller that provides security to the bare metal instance. therefore customer instances cannot update the flash code that lives in the motherboard.

Nitro Hypervisor

It’s based on KVM hypervisor but with a minimum number of features, the hypervisor runs only when the instance requires it.

Share

Latest Posts

GCP Managed Kafka Authentication Handler
GCP Managed Kafka Authentication Handler

When working with Google Cloud Platform’s Managed Service for Apache Kafka, you’ll quickly discover that authentication can be surprisingly challenging, especially when using Apache Beam Dataflow pipelines. In this post, I’ll share a utility I created called gcp-kafka-auth-handler that bridges this gap.

Read more about GCP Managed Kafka Authentication Handler

Published: Dec 9, 2024

AWS KMS Key Replication
AWS KMS Key Replication

When architecting cloud-based solutions, one key principle I follow is to isolate resources within their respective regions and avoid sharing or replicating them across regions. This approach consistently provides a more secure and compliant framework for business continuity. Recently, AWS has introduced replication capabilities for various resources. In this post, I will delve into AWS Key Management Service (KMS) and assess whether adopting replication for KMS keys offers tangible benefits.

Read more about AWS KMS Key Replication

Published: Jun 13, 2024

AWS VPN Client
AWS VPN Client

Amazon Web Services (AWS) offers a VPN Client that is particularly advantageous for organizations seeking scalable and secure connectivity solutions compared to traditional VPN services like NordVPN. This distinction is largely due to the inherent flexibility and elasticity of cloud-based services provided by AWS, tailored to meet the dynamic requirements of modern businesses.

Read more about AWS VPN Client