In the modern cloud ecosystem, the emergence of Confidential VMs (CVMs) has marked a significant stride towards robust security. However, while CVMs excel in guarding against external code threats, they remain susceptible to vulnerabilities within their boundaries. Herein lies the profound synergy between Ubuntu Pro and Confidential VMs on Microsoft Azure. While the latter fortifies the external walls, Ubuntu Pro vigilantly guards the interior, fostering a hardened, compliant, and manageable enclave for your cloud-based workloads. The integration not only significantly amplifies the security, but seamlessly aligns with enterprise requisites, propelling confidential computing towards being production-ready for professional workloads.
Ubuntu Pro extends the popular Ubuntu LTS with additional enterprise-grade capabilities tailored to meet the stringent requirements of professional and production use-cases. Here are some key advantages:
For more details, you can visit the Ubuntu Pro for Azure page.
Confidential VMs add an extra layer of security by encrypting data during processing, addressing a previously challenging aspect of data protection. The technology ensures that data is encrypted at runtime, at rest, and during boot-up. Here are some key features:
For more information, you can visit this blog.
Confidential computing introduces a security model where CVMs protect data from external software threats. However, vulnerabilities from within their boundaries remain a concern. This is where Ubuntu Pro becomes essential. Ubuntu Pro offers security measures to tackle vulnerabilities within the CVM’s software stack or the guest OS. Regular security patching and updates provided by Ubuntu Pro mitigate this risk. For a detailed exploration on the importance of securing your CVM from internal vulnerabilities, you can read our in-depth article here. This integration ensures a more secure environment suitable for enterprise operations and is compatible with both AMD SEV-SNP hardware and, for those in the Azure limited preview, Intel TDX.
To deploy a new Confidential VM with Ubuntu Pro, use the Azure CLI command as follows:
az vm create --resource-group "${RESOURCE_GROUP}" --name "${VM_NAME}" --size Standard_DC4as_v5 --enable-vtpm true --image "Canonical:0001-com-ubuntu-confidential-vm-focal:20_04-lts-cvm:latest" --security-type ConfidentialVM --os-disk-security-encryption-type VMGuestStateOnly --enable-secure-boot true --license-type UBUNTU_PRO
The –license-type UBUNTU_PRO flag is the key for deploying Ubuntu Pro.
Existing Confidential VM Ubuntu LTS VMs can be upgraded to Ubuntu Pro using a few commands. For more details, you can visit our In-Place Upgrade announcement.
Azure Confidential VMs provide an enhanced layer of protection for cloud-based workloads. But for a comprehensive security approach, it’s crucial to also address vulnerabilities from within. Ubuntu Pro fills this internal security need, improving the overall security framework. This integration between Ubuntu Pro and Azure Confidential VMs provides a more secure environment, enabling users to manage their confidential computing tasks with increased confidence.
This article provides a complete guide to setting up an Apache reverse proxy for an…
Canonical is excited to be a part of the Dell Technologies Forum in São Paulo…
In 2020, it was announced that CentOS 7 would reach end of life (EoL) by…
The launch of Ubuntu in 2004 was a step-change for everyday users and developers everywhere.…
Welcome to the Ubuntu Weekly Newsletter, Issue 862 for the week of October 13 –…
Merlijn writes: I’m happy to announce the new 2024 Ubuntu Community Council! Heather Ellsworth (~hellsworth1)…