Amazon Nitro - University Of California, San Diego
Amazon NitroPresented by Vansh, Kunlin
Agenda Why Nitro Nitro Overview Nitro Cards Nitro Security Chip Nitro Hypervisor
Why Nitro?Before Nitro - AWS EC2 CR1 (2013): Traditional software-basedvirtualization Relatively simple virtual machinemonitor Access to device models throughprivileged OS
Why Nitro?Drawbacks Reserve CPU cores for Dom0 acceleration Device models compete for CPU and system resources Dom0 OS is too big and complicatedApply microservices architecture here?Use specialized hardware?
Nitro OverviewWhat is Nitro? The underlying platform for AWS next generation of EC2 instances A combination of dedicated hardware and lightweight hypervisorBenefits Better performance and price Faster innovation Enhanced security
Better Performance and PriceW/ NitroW/o NitroW/ NitroW/o NitroW/ NitroW/o gec5.24xlargec4.8xlargevCPURAM (GiB) CPU:RAM221616963643.75323019260Source: 1.8751:21:1.8751:21:1.875Price( /Hour)0.00850.10.680.7964.081.591
Faster Innovation - Network Example: Networking on HPC ENA: Elastic Network Adapter EFA: Elastic Fabric Adapter (using Nitro Card)
Faster Innovation - NetworkExample: Networking on HPCBenefits of Nitro Over 20x increase in PPS performance (Packet Per Second) Reduces instance-to-instance latencies Enables 100 Gbps of bandwidth performance
EC2 “instance” host architectureWhere should be first part to optimize?
2012 EC2 “instance” host architecture
2013 EC2 “instance” host architecture
2017 Introducing Nitro Architecture
2018 Nitro enabling bare metal instances 2018 Nitro enabling bare metal instances
Nitro performance
Nitro HypervisorKVM-based hypervisorwith custom MM andsmall userspaceOnly executes on behalfof instance, quiescent.With Nitro, the hypervisor can be fast and simple 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Nitro Security ChipCustom microcontrollerthat traps all I/O to nonvolatile storageControllable from theNitro Controller to holdsystem bootProvides a simple, hardware-based root of trust 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
UEFI Secure BootFail Boot!NoPK/KEKProperly Signed?YesBoot starts untrusted and mustEarly Firmwareprove that system is trustworthy.Deep complexity with millions oflines of code.Unavoidable complexity due toneed to support legacy and generalpurpose workloads. 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
UEFI Secure BootFail Boot!NoPK/KEKProperly Signed?YesBoot starts untrusted and mustEarly FirmwareProperly Signed?Yesprove that system is trustworthy.UEFI Boot ManagerDeep complexity with millions oflines of code.Unavoidable complexity due toneed to support legacy and generalpurpose workloads. 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.No
UEFI Secure BootFail Boot!NoPK/KEKProperly Signed?YesBoot starts untrusted and mustEarly FirmwareNoProperly Signed?Yesprove that system is trustworthy.UEFI Boot ManagerDeep complexity with millions ofProperly Signed?Yeslines of code.UEFI ApplicationsUnavoidable complexity due toneed to support legacy and generalpurpose workloads. 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.No
UEFI Secure BootFail Boot!NoPK/KEKProperly Signed?YesBoot starts untrusted and mustEarly FirmwareNoProperly Signed?Yesprove that system is trustworthy.UEFI Boot ManagerDeep complexity with millions ofProperly Signed?NoYeslines of code.UEFI ApplicationsProperly Signed?YesUnavoidable complexity due toUEFI Driversneed to support legacy and generalpurpose workloads. 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.No
UEFI Secure BootFail Boot!NoPK/KEKProperly Signed?YesBoot starts untrusted and mustEarly FirmwareNoProperly Signed?Yesprove that system is trustworthy.UEFI Boot ManagerDeep complexity with millions ofProperly Signed?NoYeslines of code.UEFI ApplicationsProperly Signed?NoYesUnavoidable complexity due toUEFI Driversneed to support legacy and generalpurpose workloads.Properly Signed?NoYesOperating System 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.Properly Signed?No
Integrity: Nitro systemNitro controller is the root of trustNitro controller boots from completely private SSDBoot process formally verified by AWS Automated Reasoning 8-3-319-96142-2 28Conducts various integrity checks ofNitro computersContinues on with mainboard bootWhen necessary, secure softwareupdates for all components usingsecure channels, signed binaries 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Integrity: M5d boot processMainboard cannotupdate firmwareBut Hold mainboard in resetduring power-upValidate all firmware;if valid, continueEither inject known-goodhypervisorOr boot customerOS/hypervisor AMI frompseudo-NVMe (EBS)volumeNitro controller 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.Nitro computers &priv work
Intel mainboardNitro architecturePrivate networkNitro controller & otherNitro computersAmazon EBS Instancevolumes storagePCIe bus 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.ENA
Intel mainboardNitro architecturePrivate networkNitro controller & otherNitro computersAmazon EBS Instancevolumes storagePCIe bus 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.ENA
Intel mainboardNitro architecturePrivate networkNitro controller & otherNitro computersAmazon EBS Instancevolumes storagePCIe bus 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.ENA
Intel mainboardNitro architecturePrivate networkNitro controller & otherNitro computersAmazon EBS Instancevolumes storagePCIe bus 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.ENA
Amazon EBS attach volume APIUser calls Amazon EC2 API endpointInternal microservices send command to control planeNitro controller sends command to EBS controllerEBS controller sends hot-plug event for PCIe deviceControl plane sends command to Nitro controllerNVMe device (emulated) shows up on the busIntel mainboardNitro cont oller & otherNitro computersAmazon EBS InstancevolumesstoragePCIe bus 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.ENA
Key aspects of NitroSoftware device models replaced by (software-defined) hardware devices on thesystem busAmazon EC2 dynamic system changes modeled as hardware events (e.g., NVMeand ENA hot-plug, ACPI power state changes)Extension of microservice architecture into hardwareENA, NVMe protocols are hardened APIs behind which we can innovateData hiding and service decompositionApply (relatively) cheap hardware acceleration to a range of issuesSoftware elements are also microservices, all dynamically updatableNo virtual machine (VM) downtime required even for major updates 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Encryption—performanceHardware acceleration allows for line-rate AES-256 encryption of EBS,instance storage, and network without performance penaltyInstance storage: All dataEBS: Now enforceable (for all types) at the account levelNetwork: Beginning with N types, all direct inter-N customer trafficSame VPC and across VPC peering, same regionAll at up to 100 GB/sCf: Project Lever; VPC x-region peeringCaveats 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Encryption—key managementEBS: Volumes have independent lifetimes (plus snapshots); therefore, keymanagement via AWS KMSInstance storage: Locally generated, used, and deleted (instance lifecycle)VPC:Seed materials regionally generated and managed in AWS KMSSeeds distributed, not actual secrets; rotated frequently(previous, current, next)In all cases, plaintext data keys arecached/ used only on Nitro computersProtected from “customer workload co-processor” 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Passive communications designHypervisor awaits commands from Nitro controllerSent via trusted communications channelNever initiates communications with the controllerNot connected to the network at allNitro controller awaits commands from the external control planeListens on network substrate awaiting encrypted, authenticated API callsNever initiates outbound connectionsOutbound communications from either layerare a clear sign of compromise and aretreated accordingly 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
In SumNo Dom0 in Nitro hypervisor—greater simplicity and safetyNo SSH or other interactive modes anywhere—no direct human accessAll access via 100% AuthN/AuthZ APIs with logging/auditing—no APIs for memory accessOnly the Nitro controller has access to the physical Amazon EC2 network; themainboard does notEnd-to-end Nitro system is developed,deployed, and managed by DevSecOpsprocess 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
In Sum .Big benefits from applying microservice concepts to hardware and fullsystem designUnneeded functionality not presentWhat remains is better-defined and easier to reason about: build/test/validateStronger single root of trust and greater separation of concerns (and code,and teams) along every dimensionNitro building blocks will continue to beapplied in Amazon EC2 and beyondFirecracker, Outposts, etc.Lots of security value already, and there’smore that we can do! 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Thank you! 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
No Dom0 in Nitro hypervisor—greater simplicity and safety No SSH or other interactive modes anywhere—no direct human access All access via 100% AuthN/AuthZ APIs with logging/auditing —no APIs for memory access Only the Nitro controller has access to the physical Amazon EC2 network; the mainboard does not End-to-end Nitro system is developed,
Saving to Nitro Cloud Logging into Nitro Cloud through Nitro Pro gives you the added benefit of taking your workflow outside of your desktop, utilitizing the services Nitro Cloud offers How to save to Nitro Cloud 1 . Ensure that you are logged into Nitro Cloud, then Open a PDF file in Nitro
9. Brake adjust screw 10. Repeat this process until the desired height Rear wheel unfolding the Nitro Rollator To unfold the Rollator, position the Nitro upright on all three wheels. Hold each hand grip and pull outward until the Nitro rollator unlocks and opens fully (figure 1-2)
The Walking aid is suitable for a single user with limited mobility. The nitro is ideal for indoor and outdoor use. 1. Bag 2. Back Rest 3. Operating Instructions introduction 7. Seat 8. Bag 9. Front wheel 10. Brake adjust screw 11. Rear wheel 12. Safety bow nitro includes: unfolding the nitro Position t
terminate enclaves. The Nitro CLI must be installed and used on the parent instance. For more information, see Nitro Enclaves Command Line Interface (p. 52). AWS Nitro Enclaves SDK The AWS Nitro Enclaves SDK is an open-source library that you can use to develop enclave applications,
Thank you for purchasing the Traxxas Nitro Rustler. This man-ual contains the instructions you will need to operate, and main-tain your Nitro Rustler.Look over the manual and examine the Nitro Rustler carefully before running it.If for some reason you think the Nitro Rustler is not what you wanted, then do
Nitro Pro, from Nitro Software, is a popular PDF editing, markup and collaboration application for all industries. More information on Nitro Pro. Nitro Pro natively works with CoSign to digitally sign and certify PDF files. It also supports verification of digital signatures. Supported File TypesFile Size: 1MB
The NiTRO 1000 is intended for indoor use; keep away from water and moisture. The NiTRO 1000 must be mounted more than two feet away from any two-way radio equipment. Do not mount the NiTRO 1000 near a heat source and do not block vents on the enclosure. Do not remove
Genes and DNA Methylation associated with Prenatal Protein Undernutrition by Albumen Removal in an avian model . the main source of protein for the developing embryo8, the net effect is prenatal protein undernutrition. Thus, in the chicken only strictly nutritional effects are involved, in contrast to mammalian models where maternal effects (e.g. hormonal effects) are implicated. Indeed, in .
