Your submission was sent successfully! Close

Jump to main content
  1. Blog
  2. Article

Nikos Mavrogiannopoulos
on 23 November 2021

Cloud-optimized Linux kernels – what makes Ubuntu the top OS across the clouds

Ubuntu is the platform of choice for deploying and running workloads on public clouds. No other operating system gives you better performance and consistency of experience across public clouds, including Amazon, Azure, Google, IBM and Oracle. There is a reason behind this exceptional experience. By design, Ubuntu images in public clouds include an optimized Linux kernel for each cloud, giving you the best performance and functionality across all instance types and services. At the same time, Ubuntu integrates with cloud-native tooling, enabling you to manage your fleet from the cloud’s dashboards. 

How do these cloud-specific kernel optimizations actually look in practice? Let’s do a deep dive on the optimizations Ubuntu enables on public clouds.

Ubuntu Pro vs. Ubuntu on the cloud

The cloud environment has very interesting properties, as it blurs the traditional notion of the security perimeter to a more complex security posture. Ubuntu has proven itself capable of running production workloads securely for many small and large organizations; however, organisations applying the zero-trust model need, among others, to comply with rigorous security profiles. Ubuntu Pro on public clouds brings enterprise lifecycle, kernel livepatching, CIS compliance automation tooling, FIPS 140 certified cryptography, and daily refreshed images that contain all the latest patches and security updates, enabling secure workflows and practices everywhere without an Ubuntu Advantage subscription.

Cloud-optimized Linux kernels

The generic Ubuntu kernels contain a huge number of hardware-specific drivers for every possible audio card, mouse, video display, and other peripherals that are not present in a cloud environment. Although these drivers are excellent to enable the kernel’s applicability in diverse environments, in a restricted environment such as the cloud, they add to the kernel footprint, taking up unnecessary memory, adding loading time, and increasing the kernel attack surface. Ubuntu cloud-optimized kernels remove any drivers that are not needed in the cloud, resulting in a smaller kernel footprint that boots faster and works efficiently on smaller instances, leaving more memory space for applications. 

Furthermore, several clouds provide services or use hardware that either lacks drivers in the upstream Linux kernel, or they appear in a later version of the kernel. Ubuntu cloud-optimized Linux kernels are delivered with the latest version of these drivers backported, and bring drivers that enable unique features present on each cloud, such as the FPGAs and virtual ethernet devices (discussed in greater detail below).

Ubuntu cloud kernels are derived from the generic kernel of each corresponding release, and follow the same kernel lifecycle and certifications. In alphabetical order, let’s explore some more details regarding the optimisations and unique tweaks Ubuntu brings to better integrate with major public clouds.

Ubuntu on Amazon Web Services

The optimised Ubuntu for Amazon cloud comes with the linux-aws variant of Ubuntu’s kernel. Each kernel enables the Elastic Fabric Adapter, allowing high-performance applications to access the network adapter directly for low-latency, reliable transport functionality. Furthermore, linux-aws comes with the Nitro enclaves driver, providing data processing applications a secure enclave with CPU and memory isolation to prevent data leaks. Going beyond x86-64, the arm64 version of the linux-aws kernel brings several patches to take advantage of the unique features of AWS Graviton native CPUs.

Last but not least, Ubuntu on Amazon cloud integrates natively with AWS, enabling systems to be managed through AWS Systems Manager.

Ubuntu on Google Cloud Platform

The optimised Ubuntu for Google cloud comes with the linux-gcp flavor of our kernel. Each linux-gcp kernel enables accelerated networking with the Compute Engine Virtual Ethernet device and supports the Google latest Tau VM, enabling scale-out optimized workloads. These advantages contribute to Ubuntu being the default host images for Anthos Multi-cloud.

Ubuntu on Google cloud integrates natively with the Administrator console, enabling patch management. Ubuntu LTS images can upgrade in-place to Ubuntu Pro, avoiding the need to redeploy workloads to take advantage of Ubuntu Pro.

Ubuntu on Microsoft Azure

The optimized Ubuntu for Azure cloud comes with the linux-azure flavor of our kernel. Each linux-azure kernel enables accelerated networking for the InfiniBand capable instances, as well as consistent support for the Single Root I/O Virtualization (SR-IOV) on the present hardware, enabling network traffic to bypass the virtualisation stack and achieve almost native performance. It comes with FPGA support out of the box, taking advantage of project catapult to provide performance without the cost and complexity of a custom ASIC.

Ubuntu on Microsoft Azure cloud integrates with the Systems Manager, ensuring that system management tools work natively for instances on the platform. This includes everything from Azure Update Manager and Security Center, to Azure Policy, to using Azure AD to manage your SSH logins. A number of Microsoft products are built on Ubuntu, such as Azure Kubernetes Service, Databricks, and the new SQL Server on Ubuntu Pro, which includes end-to-end joint support. Furthermore Canonical is working with Microsoft to bring confidential VMs on the cloud on Ubuntu Advantage and Pro. You can find more information on the public preview of AMD-based Confidential VMs.

Ubuntu on Oracle Cloud

The optimized Ubuntu for the Oracle cloud comes with the linux-oracle flavor of our kernel. Each linux-oracle kernel enables fast networking and boot by taking advantage of the native hardware, while supporting the live migration of Ubuntu guests. Furthermore, the arm64 version of the linux-oracle kernel takes advantage of the unique features of Ampere native CPUs.

Although there is not yet Ubuntu Pro on the Oracle cloud, Canonical’s standard offerings apply and the Ubuntu LTS instances on Oracle cloud can be attached to Ubuntu Advantage subscriptions. That enables access to enterprise lifecycle, kernel livepatching, CIS compliance automation tooling, and FIPS 140 certified cryptography.


Public clouds are environments where organizations can run traditional server workloads with an improved ability to scale quickly. Many organizations want to preserve their cloud independence by running operating systems that are portable across different public clouds and on premise. On the flipside, they want to take advantage of the individual hardware present on the cloud, as well as optimizing the kernel image for faster boot times, network performance, and the exclusive features of each cloud.

The unique approach that Ubuntu takes in providing a familiar experience across all platforms, while still being heavily optimized for each, is one of the main reasons why Ubuntu is the number one operating system across the clouds.

Related posts

8 August 2023

Announcing In-Place Upgrade from Ubuntu Server to Ubuntu Pro on Azure

Cloud and server Article

Seamlessly upgrade from Ubuntu Server to Ubuntu Pro on Azure without downtime. Explore advanced security, compliance, and long-term support features. Enhance your enterprise functionality and optimize your cloud journey with Ubuntu Pro. ...

1 August 2023

Enhancing the Ubuntu Experience on Azure: Introducing Ubuntu Pro Updates Awareness

Cloud and server Article

Canonical integrates Ubuntu Pro update awareness into Azure, highlighting additional updates including extended security maintenance for Ubuntu 18.04 LTS. This feature helps identify Ubuntu instances lacking security updates, offering a solution through Ubuntu Pro subscription, enhancing the security of Ubuntu on Azure. ...

Hugo Huang
21 July 2023

Start your SNP VMs on Google Cloud

Cloud and server Article

SEV-SNP is a new security feature that is available on AMD’s EPYC processors. It stands for Secure Encrypted Virtualization Secure Nested Pages. SEV-SNP provides a new level of protection for firmware by encrypting the memory pages that contain the firmware code. This makes it much more difficult for attackers to gain access to the firmwa ...