AWS sap documentation change
Summary
Formatting changes including quote style adjustments and link spacing correction. No substantive content changes regarding security features.
Security assessment
Changes involve punctuation formatting (single to double quotes) and whitespace in links. Existing security-related content about Nitro Security Chip and side channel attack mitigation remains unchanged but not expanded.
Diff
diff --git a/sap/latest/general/aws-nitro.md b/sap/latest/general/aws-nitro.md index 692766778..309ef3800 100644 --- a//sap/latest/general/aws-nitro.md +++ b//sap/latest/general/aws-nitro.md @@ -9 +9 @@ AWS Nitro System is the underlying technology used for [ Amazon Elastic Compute -A traditional virtualization architecture consists of ‘hypervisor’ or ‘Virtual Machine Monitor (VMM)’ and what is commonly known as ['Dom0’](https://docs.aws.amazon.com/whitepapers/latest/security-design-of-aws-nitro-system/traditional-virtualization-primer.html#:~:text=Xen%20Project%20calls%20the%20system%E2%80%99s%20dom0) in Xen project or [‘parent partition’](https://learn.microsoft.com/en-us/virtualization/hyper-v-on-windows/reference/hyper-v-architecture) in Hyper-V. More details on traditional virtualization architecture is available [here](https://docs.aws.amazon.com/whitepapers/latest/security-design-of-aws-nitro-system/traditional-virtualization-primer.html). +A traditional virtualization architecture consists of "hypervisor" or "Virtual Machine Monitor (VMM)" and what is commonly known as ['Dom0’](https://docs.aws.amazon.com/whitepapers/latest/security-design-of-aws-nitro-system/traditional-virtualization-primer.html#:~:text=Xen%20Project%20calls%20the%20system%E2%80%99s%20dom0) in Xen project or ["parent partition"](https://learn.microsoft.com/en-us/virtualization/hyper-v-on-windows/reference/hyper-v-architecture) in Hyper-V. More details on traditional virtualization architecture is available [here](https://docs.aws.amazon.com/whitepapers/latest/security-design-of-aws-nitro-system/traditional-virtualization-primer.html). @@ -11 +11 @@ A traditional virtualization architecture consists of ‘hypervisor’ or ‘Vir -In Nitro System virtualization architecture, the management or control domain components (with privileged access to the hardware and device drivers) are fragmented into independent purpose-built service processor units (SoC - System on Chip) which are known as Nitro cards. While the ‘hypervisor’ layer remains, the design has been minimized to include only those services and features which are strictly necessary for its task. Additionally, there is also a ‘Nitro Security Chip’ introduced to enhance the security while ensuring there is no overhead on performance. +In Nitro System virtualization architecture, the management or control domain components (with privileged access to the hardware and device drivers) are fragmented into independent purpose-built service processor units (SoC - System on Chip) which are known as Nitro cards. While the "hypervisor" layer remains, the design has been minimized to include only those services and features which are strictly necessary for its task. Additionally, there is also a "Nitro Security Chip" introduced to enhance the security while ensuring there is no overhead on performance. @@ -60 +60 @@ This simplicity of the Nitro Hypervisor is a significant security benefit compar - * Tenancy protection and prevention of side channel attacks - The Nitro Hypervisor is directed by the Nitro Controller to allocate the full complement of physical cores and memory for the instance. These hardware resources are “pinned” to that particular instance. The CPU cores are not used to run other customer workloads, nor are any instance memory pages shared in any fashion across instances. No sharing of CPU cores means that instances never share CPU core-specific resources, including Level 1 or Level 2 caches thereby providing strong mitigation against side channel attacks. Please find more information [ here](https://docs.aws.amazon.com/whitepapers/latest/security-design-of-aws-nitro-system/the-ec2-approach-to-preventing-side-channels.html). + * Tenancy protection and prevention of side channel attacks - The Nitro Hypervisor is directed by the Nitro Controller to allocate the full complement of physical cores and memory for the instance. These hardware resources are "pinned" to that particular instance. The CPU cores are not used to run other customer workloads, nor are any instance memory pages shared in any fashion across instances. No sharing of CPU cores means that instances never share CPU core-specific resources, including Level 1 or Level 2 caches thereby providing strong mitigation against side channel attacks. Please find more information [here](https://docs.aws.amazon.com/whitepapers/latest/security-design-of-aws-nitro-system/the-ec2-approach-to-preventing-side-channels.html).