weishen
c3f9de5f9f
Source: Cloud & DevOps/Public-Cloud-Learning-Sessions/05_FinOps/public-cloud-learning-sessions-best-practices-for-ec2-cost-optimization-in-aws-2.md Entities: Mike-Dukes, Steele-Taylor, Spot-Invaders Concepts: AWS-Nitro, EC2-Spot-Instances, ECS Concepts updated: Graviton, SpotInstances (added source reference)
46 lines
1.5 KiB
Markdown
46 lines
1.5 KiB
Markdown
---
|
||
title: "AWS Nitro"
|
||
type: concept
|
||
tags:
|
||
- AWS
|
||
- EC2
|
||
- Virtualization
|
||
- Performance
|
||
aliases:
|
||
- Nitro
|
||
- AWS Nitro System
|
||
- Nitro Hypervisor
|
||
last_updated: 2026-05-12
|
||
---
|
||
|
||
## Overview
|
||
|
||
AWS Nitro 是 AWS 自研的专用虚拟化平台,通过将网络、存储和安全组件从主机处理器卸载到专用硬件(Nitro 卡),大幅提升 EC2 实例的效率和性能。
|
||
|
||
## Architecture
|
||
|
||
Nitro 系统由多个专用组件组成:
|
||
- **Nitro Hypervisor**:轻量级 Type-1 hypervisor,负责 CPU 和内存虚拟化
|
||
- **Nitro Card for VPC**:提供 ENI(Elastic Network Interface)和 VPC 网络
|
||
- **Nitro Card for EBS**:提供 EBS 卷和网络存储
|
||
- **Nitro Card for Instance Storage**:提供本地 NVMe 存储
|
||
- **Nitro Enclaves**:提供隔离的执行环境(用于处理敏感数据)
|
||
|
||
## Benefits
|
||
|
||
- **性能提升**:减少虚拟化开销,提升网络和存储 I/O 性能
|
||
- **更强的隔离性**:Nitro Enclaves 提供硬件级隔离的独立计算环境
|
||
- **更高的安全性**:安全组件卸载到专用硬件,减少攻击面
|
||
- **更大的实例灵活性**:支持更多实例类型和更大实例规格
|
||
|
||
## Graviton on Nitro
|
||
|
||
所有 Graviton 实例均运行于 Nitro 系统之上,享受 Nitro 带来的性能和安全优势,同时结合 ARM64 架构的成本效益。
|
||
|
||
## Related Pages
|
||
|
||
- [[Graviton]]:运行于 Nitro 的 ARM 处理器
|
||
- [[EC2-Spot-Instances]]:可在 Nitro 实例上使用
|
||
- [[FinOps]]:云成本优化
|
||
- [[public-cloud-learning-sessions-best-practices-for-ec2-cost-optimization-in-aws-2]]
|