Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Certified Cloud Security Professional > AWS Nitro Architecture > Flashcards

AWS Nitro Architecture Flashcards

1
Q

What are the components of the Nitro Architecture?

A

Nitro Architecture is a system with three main components:

a) Nitro Cards (a family of cards for different functions).
b) Nitro Security Chip
c) Nitro Hypervisor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the different types of Nitro Cards?

A

Four different types of cards:

a) VPC Data Plane - ENA PCIe controller
b) NVMe PCIe Contoller -EBS Data Plane
c) NVMe PCIe Contoller - Transparent Encryption; instance storage
d) Nitro Controller - Root of Trust

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is NVMe?

A

NVMe = Non-Volatile Memory Express

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What does the Nitro VPC Card do?

A

Key components are:

  1. ENA Driver (support for multiple OSs and network speeds).
  2. Responsible for the VPC Data Plane
    - Encapsulation
    - Security Groups implemented in the card.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What does the Nitro EBS Card do?

A
  • NVMe storage device
  • Network attached storage (receives requests from VMs on the host and turns them into requests on the network)
  • Supports encryption in HW (hence no tradeoff for performance vs security).
  • Remote storage protocol (e.g. over fabric - appears that AWS uses proprietary protocols under the hood).
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What does the Nitro Instance Store Card do?

A
  • Provides access to local storage at very high data rates
  • Does drive monitoring - i.e. the NVMe storage tends to wear out with time and performance tends to drop.
  • Physical SSDs are on the same platform as the VMs.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What does the Nitro Controller Card do?

A

System Control

  • Talks to the EC2 Control Plane (when a customer runs a “LaunchInstance” API call, that call eventually makes its way to a Nitro Controller card.
  • Provides passive API endpoint
  • Coordinates all other nitro cards
  • Coordinates with the hypervisor and security chip
  • Hardware root of trust (measurements and attestations).
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What does the Nitro Security Chip do?

A
  • Custom micro-controller; sits in front of all the buses to non-volatile memory; traps I/O; ensures that it is in a state that is deired.
  • Controlled by Nitro Controller
  • Provides HW-based root of trust.
  • Because it sits in front of every bus on the motherboard, it is able to trap writes to devices - even on bare metal instances.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the Nitro Hypervisor?

A
  • KVM-based hypervisor; no SSH capability is supported.

- Quiescent - does nothing by itself, acts only when requested by instance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How are updates to Nitro done?

A

Updates to the Nitro Cards and Hypervisors are done safely.

No impact to customer instances.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Certified Cloud Security Professional (9 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions