AWS re:Inforce 2019: Security Benefits of the Nitro Architecture (SEP401-R)
The new Nitro architecture is fundamental to the Amazon EC2 virtual machine service. With Nitro, each host in the core compute platform is built with trusted computers that simulate the outside world and surround an untrusted CPU and memory computer that runs workloads. Those trusted Nitro computers appear to the customer workload computer as I/O devices that are accessible across the PCIe bus. Most of the traditional virtualization work is done via hardware emulation. The Nitro computers carefully control the workload computer access, providing a layer of protection. Learn about the security properties of this powerful architecture, which significantly increase cloud reliability and performance.

View on YouTube