Nitro

Deep dive

Published: Dec 4, 2019 by martoc

It based on cards, there are four different card types depending of the functionality.

Nitro Cards

Nitro Card for VPC

  • ENA Controller: it’s an abstraction for different network drivers.

  • VPC data plane: the card implement security groups, limiters, routing and encapsulation.

Nitro Card for EBS

  • NVMe Controller: interface with the OS.

  • EBS data plane: encryption, NVM to remote storage protocol.

Nitro Card for Instance Storage

  • NVMe controller: interface with the OS.

  • Instance Storage data plane: transparent encryption, limiters, drive monitoring.

Nitro Card Controller

  • System Control: provides passive API endpoint, coordinates all the other cards, Nitro Hypervisor and security chip.

  • Hardware root of trust: provides measurement and attestation.

Nitro Security Chip

It’s a microcontroller that provides security to the bare metal instance. therefore customer instances cannot update the flash code that lives in the motherboard.

Nitro Hypervisor

It’s based on KVM hypervisor but with a minimum number of features, the hypervisor runs only when the instance requires it.

Share

Latest Posts

Kafka Auth Handler Goes Multi-Cloud
Kafka Auth Handler Goes Multi-Cloud

Back in December 2024, I wrote about gcp-kafka-auth-handler, a utility I created to bridge the authentication gap between Apache Beam Dataflow and GCP Managed Kafka. Since then, the project has evolved significantly as part of our broader multi-cloud journey. Today, I’m pleased to announce that the library has been renamed to kafka-auth-handler and now supports both GCP and AWS MSK.

Read more about Kafka Auth Handler Goes Multi-Cloud

Published: Jan 10, 2026

Building an Open Deployment Framework with GitHub Actions
Building an Open Deployment Framework with GitHub Actions

Managing CI/CD pipelines across multiple repositories can quickly become unwieldy. Each project needs versioning, container builds, deployments, and releases—often with subtle variations that lead to duplicated workflow code. This post introduces an open deployment framework built entirely on GitHub Actions, designed to bring consistency and reusability to cloud-native deployments.

Read more about Building an Open Deployment Framework with GitHub Actions

Published: Jan 3, 2026

GCP Managed Kafka Authentication Handler
GCP Managed Kafka Authentication Handler

When working with Google Cloud Platform’s Managed Service for Apache Kafka, you’ll quickly discover that authentication can be surprisingly challenging, especially when using Apache Beam Dataflow pipelines. In this post, I’ll share a utility I created called gcp-kafka-auth-handler that bridges this gap.

Read more about GCP Managed Kafka Authentication Handler