【新品发布】隆重推出 Nitro 隔离引擎：以数学实现透明化.pdf

1、 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.C M P 3 5 9J.D.BeanKarimAllah RaslanNathan Chong,PhDIntroducing Nitro Isolation Engine:Transparenc

2、y Through Mathematicshe/himPrincipal ArchitectAmazon Web Serviceshe/himSenior Principal EngineerAmazon Web Serviceshe/himPrincipal Applied ScientistAmazon Web Services 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Launched in November 2017In development since 2012Purpose-built h

3、ardware/softwareHypervisor built for AWSSix generations of custom chipsAWS Nitro SystemAll instances launched since 2018 are powered by the AWS Nitro SystemAWS Nitro System 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.AWS Nitro SystemCustomer instancesXen HypervisorManagementse

4、curitymonitoringLocalstorageAmazonEBS storageAmazon VPCnetworkingHost CPUAmazon EBSAmazon VPCNitroLocalstorageMgmt.monitorsecurityDom0Dom0Nitro HypervisorCustomer instancesHost CPUAWS Nitro SystemPrevious Generation EC2 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.The Nitro Sys

5、tem is the foundation for AWS All EC2 instance types released since 2018 are powered by the Nitro SystemSecure boot process based on a hardware root of trust ensures that every component is signed and every operation is pre-vetted for safetyEvery critical element of Nitro system can be live-updatedT

6、ransparent encryption of storage,networking,and memoryNitro-based EC2 server 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.No AWS operator access to the Nitro System There is no operator access mechanism in the Nitro System designNo SSH or general purpose access of any kind All