Enterprise

AWS Nitro Enclaves General Availability Announced

This week, Amazon Web Services Inc. (AWS) announced the general availability of AWS Nitro Enclaves. AWS Nitro Enclaves makes it easy for customers to create isolated compute environments within Amazon Elastic Compute Cloud (Amazon EC2) instances to protect their highly sensitive workloads. Nitro Enclaves uses the same Nitro Hypervisor technology that provides CPU and memory isolation for EC2 instances.

This week, Amazon Web Services Inc. (AWS) announced the general availability of AWS Nitro Enclaves. AWS Nitro Enclaves makes it easy for customers to create isolated compute environments within Amazon Elastic Compute Cloud (Amazon EC2) instances to protect their highly sensitive workloads. Nitro Enclaves uses the same Nitro Hypervisor technology that provides CPU and memory isolation for EC2 instances.

According to Amazon, many customers across all industries have asked to further protect their highly sensitive data like personally identifiable information, financial data, healthcare records, intellectual property, and more on the AWS Cloud. The current options they have are protecting their data with access controls and using encryption while it is at rest and in transit. This problem with this method is that encryption does not cover data when it is unencrypted at the point of use. To protect unencrypted data during processing, customers often set up separate instance clusters for secure data configured with limited connectivity, restricted user access, and other strict isolations. When AWS customers do this, they need to protect against internal and external threats. They need to deal with complex situations involving multiple, mutually untrusted partners, vendors, customers, and employees.

AWS is addressing this challenge with the launch of AWS Nitro Enclaves. AWS Nitro Enclaves helps customers reduce the attack surface for their applications by providing a trusted, highly isolated, and hardened environment for data processing. Each Enclave is a virtual machine created using the same Nitro Hypervisor technology that includes CPU and memory isolation for Amazon EC2 instances, but with no persistent storage, no administrator or operator access, and no external networking. Applications running in an Enclave remain inaccessible to other users and systems, even to users within the customer’s organization.

Nitro Enclaves uses the same Nitro Hypervisor technology that creates the CPU and memory isolation among EC2 instances to create the isolation between an Enclave and an EC2 instance.

Customers can develop Enclave applications using the open-source AWS Nitro Enclaves SDK set of libraries. The AWS Nitro Enclaves SDK also integrates with AWS Key Management Service (KMS), allowing customers to generate data keys and decrypt them inside the Enclave. Nitro Enclaves also includes cryptographic attestation for customers’ software to be sure that only authorized code is running and integration with the AWS Key Management Service so that only their enclaves can access sensitive material.

AWS has also announced ACM for Nitro Enclaves. With this solution, customers can quickly isolate SSL/TLS certificates within an Enclave, making them usable by webservers on the instance while protecting them from access by other users or applications in the customer’s environment. SSL/TLS certificates are used to secure network communications and establish websites’ identities over the Internet or resources on private networks. ACM for Nitro Enclaves ensures that sensitive data associated with these certificates never leaves the Enclave, while also managing the revocation and renewal of certificates to reduce the need for manual monitoring and webserver reconfigurations when a certificate expires.

There are no additional charges for using AWS Nitro Enclaves other than the use of Amazon EC2 instances and any other AWS services that are used with Nitro Enclaves.

Availability

AWS Nitro Enclaves is available on most Intel and AMD-based Amazon EC2 instance types built on the AWS Nitro System (AWS Graviton2-based instance support is coming in the first half of 2021).

AWS Nitro Enclaves is now available in the US East (N. Virginia), US East (Ohio), US West (Oregon), Europe (Frankfurt), Europe (Ireland), Europe (London), Europe (Paris), Europe (Stockholm), Asia Pacific (Hong Kong), Asia Pacific (Mumbai), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), and South America (Sao Paulo) regions, with more regions coming soon.

AWS EC2

Engage with StorageReview

Newsletter | YouTube | Podcast iTunes/Spotify | Instagram | Twitter | Facebook | RSS Feed

Juan Mulford

Juan is a staff writer with StorageReview, with extensive experience in Enterprise storage systems management.

Recent Posts

iXsystems Expands TrueNAS Enterprise with H-Series Platforms

iXsystems has launched the TrueNAS Enterprise H-Series platforms, designed to give organizations ultimate performance. The H10 model is now available,…

1 day ago

Microsoft Azure Edge Infrastructure At Hannover Messe 2024

Hannover Messe 2024 represents a significant event in the global industrial sector, serving as the world's largest industrial trade fair.…

1 day ago

IBM Storage Assurance Program Provides Purchase Protection and Flexibility

The IBM Storage Assurance program offers access to the latest FlashSystem hardware and software, supporting investment protection from day one.…

1 day ago

Proxmox Backup Server 3.2 Adds Advanced Notification System and Automated Installations

Proxmox Backup Server 3.2 has been released - open-source solution designed for backup of VMs, containers, and physical hosts. (more…)

2 days ago

IBM FlashSystem 5300 Entry All-Flash Array Launched

IBM has unveiled the FlashSystem 5300, setting a new standard for entry-level all-flash storage systems by providing impressive performance, high…

2 days ago

Proxmox VE 8.2 Introduces VMware Import Wizard, Enhanced Backup Options, and Advanced GUI Features

Proxmox Server Solutions has released the latest update to their server virtualization management platform, Proxmox VE 8.2. (more…)

3 days ago