Categories: BlogCanonicalUbuntu

Enhancing the Ubuntu Experience on Azure: Introducing Ubuntu Pro Updates Awareness

Canonical works closely with Microsoft to ensure that running Ubuntu on Azure is a great experience. One of the key aspects of this collaboration is ensuring the longevity and security of Ubuntu releases, such as Ubuntu 18.04 LTS, even beyond their Standard Security Maintenance period. We are excited to announce the integration of Ubuntu Pro update awareness into Azure through the Azure Guest Patching Service (AzGPS) and Update Management Center (UMC). This feature highlights the additional updates available through Ubuntu Pro, including those for Ubuntu 18.04 LTS, now under Extended Security Maintenance. This increased visibility of updates is a significant benefit for users of Azure native VMs and VM Scale Sets, as well as those connected via Azure Arc.

Ubuntu
Sponsored
Pro on Azure

Ubuntu Pro, a subscription by Canonical, provides enhanced security, compliance, and system management tools for organisations using Ubuntu in the Azure cloud.

Expanded Security Maintenance (ESM) is one of the key features of Ubuntu Pro. ESM extends the security maintenance period for Ubuntu LTS releases from five to ten years, allowing Ubuntu 18.04 LTS users to continue using their deployments in production until 2028. ESM also expands the security coverage to a much greater range of packages.

Ubuntu Pro Awareness in Azure

The newly integrated Ubuntu Pro feature in Azure helps users identify Ubuntu instances that aren’t receiving all available security updates. For instance, examining an Ubuntu Server 18.04 LTS instance on Azure today could display something like this:

Take note of the message, “Security-ESM update(s) are available for this machine. An Ubuntu Pro subscription is required to remain secure. Learn more.

This message indicates that 46 security updates are available for this Ubuntu 18.04 LTS instance, of which 42 can only be accessed through ESM. To receive these, you must attach Ubuntu Pro subscription to the instance. If your instance is in this state, it’s crucial to take action, as it has known unpatched security vulnerabilities. The process of obtaining Ubuntu Pro and how to attach it to your instance is explained in the subsequent section.

Looking at the detailed view of packages, we can see that these have Classifications of “Security-ESM”:

Sponsored

Once you have activated Ubuntu Pro on these instances, as explained in the following section, these updates appear as available and can be applied in the usual way, yielding the expected result:

How to Obtain Ubuntu Pro

You can obtain Ubuntu Pro on Azure in several ways, depending on your specific needs and the flexibility of your workload. Here are the options:

  • Redeploying your workload: If your workload allows for periodic redeployment, for example, in a CI/CD environment, we recommend using Ubuntu Pro from the Azure Marketplace. Ubuntu Pro images should be a drop-in replacement for Ubuntu Server images in nearly all popular deployment tools (Azure Image Builder, Terraform, Packer etc).
  • Upgrading without redeployment by contacting Canonical: If redeployment is not an option, and you need a tailored solution with options like adding support, you can upgrade to Ubuntu Pro without downtime by obtaining an activation token directly from Canonical. You can contact us here.
  • In-Place Upgrade from Ubuntu Server to Ubuntu Pro on Azure: This is a seamless, no-downtime option to upgrade from Ubuntu Server to Ubuntu Pro directly within Azure. This option is effortless and can be done in just a few commands, with the added benefit that Azure will directly handle the billing. For more details, read our recently published announcement.

Ubuntu Pro is accessible for free on up to 5 machines, or 50 if you are an official Ubuntu Community member. To get started, register here.

Azure Guest Patching Service

The Azure Guest Patching Service allows customers to simplify their Guest OS management on their VMs and VM Scale Sets. This service deploys the latest security and critical updates using Safe Deployment Principles, ensuring the customer’s operations remain uninterrupted and secure.

Azure Update Management Center

The Azure Update Management Center is designed to manage and govern updates across all your machines. Powered by Azure Guest Patching Service, it provides a unified service for monitoring Windows and Linux update compliance across your Azure, on-premises, and other cloud platform deployments, all from a single dashboard. Canonical collaborates with the Azure Update Management Center team to ensure that it can manage Ubuntu instances effectively at scale.

Conclusion

The introduction of enhanced Ubuntu update awareness into the Azure Update Management Center offers tailored security guidance to our Azure users. This guidance takes into account the actual Ubuntu releases and packages installed. Our ultimate goal is to empower our joint users with timely and relevant information, enabling them to make informed security decisions and thereby enhancing the security of their Ubuntu instances on Azure.

Ubuntu Server Admin

Recent Posts

Unleash new ways of working with flexible, cost-effective VDI

Empower your modern workforce with VDI from HPE and Canonical For years, virtual desktop infrastructure…

13 hours ago

Ubuntu Weekly Newsletter Issue 863

Welcome to the Ubuntu Weekly Newsletter, Issue 863 for the week of October 20 –…

1 day ago

Canonical at India Mobile Congress 2024 – a retrospective

With an ambition to become Asia’s technology hub for telecommunications in the 5G/6G era, India…

2 days ago

Imagining the future of Cybersecurity

October 2024 marks the 20th anniversary of Ubuntu. The cybersecurity landscape has significantly shifted since…

2 days ago

Join Canonical in Brazil at Dell Technologies Forum São Paulo

Canonical is excited to be a part of the Dell Technologies Forum in São Paulo…

7 days ago