Skip to main content

Your submission was sent successfully! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates from Canonical and upcoming events where you can meet our team.Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

  1. Blog
  2. Article

Jehudi
on 1 August 2023

Enhancing the Ubuntu Experience on Azure: Introducing Ubuntu Pro Updates Awareness


Canonical works closely with Microsoft to ensure that running Ubuntu on Azure is a great experience. One of the key aspects of this collaboration is ensuring the longevity and security of Ubuntu releases, such as Ubuntu 18.04 LTS, even beyond their Standard Security Maintenance period. We are excited to announce the integration of Ubuntu Pro update awareness into Azure through the Azure Guest Patching Service (AzGPS) and Update Management Center (UMC). This feature highlights the additional updates available through Ubuntu Pro, including those for Ubuntu 18.04 LTS, now under Extended Security Maintenance. This increased visibility of updates is a significant benefit for users of Azure native VMs and VM Scale Sets, as well as those connected via Azure Arc.

Ubuntu Pro on Azure

Ubuntu Pro, a subscription by Canonical, provides enhanced security, compliance, and system management tools for organisations using Ubuntu in the Azure cloud.

Expanded Security Maintenance (ESM) is one of the key features of Ubuntu Pro. ESM extends the security maintenance period for Ubuntu LTS releases from five to ten years, allowing Ubuntu 18.04 LTS users to continue using their deployments in production until 2028. ESM also expands the security coverage to a much greater range of packages.

Ubuntu Pro Awareness in Azure

The newly integrated Ubuntu Pro feature in Azure helps users identify Ubuntu instances that aren’t receiving all available security updates. For instance, examining an Ubuntu Server 18.04 LTS instance on Azure today could display something like this:

Take note of the message, “Security-ESM update(s) are available for this machine. An Ubuntu Pro subscription is required to remain secure. Learn more.

This message indicates that 46 security updates are available for this Ubuntu 18.04 LTS instance, of which 42 can only be accessed through ESM. To receive these, you must attach Ubuntu Pro subscription to the instance. If your instance is in this state, it’s crucial to take action, as it has known unpatched security vulnerabilities. The process of obtaining Ubuntu Pro and how to attach it to your instance is explained in the subsequent section.

Looking at the detailed view of packages, we can see that these have Classifications of “Security-ESM”:

Once you have activated Ubuntu Pro on these instances, as explained in the following section, these updates appear as available and can be applied in the usual way, yielding the expected result:

How to Obtain Ubuntu Pro

Selecting the best method to obtain Ubuntu Pro on Azure depends on your needs and workload flexibility. Here are your main options:

  • In-Place Upgrade: Directly transition from Ubuntu Server to Ubuntu Pro within Azure without any downtime. This process requires just a few commands, and Azure takes care of the billing. For an in-depth guide, refer to our recent announcement.
  • Redeployment with Azure Marketplace: For workloads that support regular redeployment, like in CI/CD setups, use the Ubuntu Pro images from the Azure Marketplace. These images come preloaded with the latest security updates, ensuring a secure start. Plus, they seamlessly replace Ubuntu Server images in most deployment tools, such as Azure Image Builder, Terraform, and Packer.

Ubuntu Pro is accessible for free on up to 5 machines, or 50 if you are an official Ubuntu Community member. To get started, register here.

Azure Guest Patching Service

The Azure Guest Patching Service allows customers to simplify their Guest OS management on their VMs and VM Scale Sets. This service deploys the latest security and critical updates using Safe Deployment Principles, ensuring the customer’s operations remain uninterrupted and secure.

Azure Update Management Center

The Azure Update Management Center is designed to manage and govern updates across all your machines. Powered by Azure Guest Patching Service, it provides a unified service for monitoring Windows and Linux update compliance across your Azure, on-premises, and other cloud platform deployments, all from a single dashboard. Canonical collaborates with the Azure Update Management Center team to ensure that it can manage Ubuntu instances effectively at scale.

Conclusion

The introduction of enhanced Ubuntu update awareness into the Azure Update Management Center offers tailored security guidance to our Azure users. This guidance takes into account the actual Ubuntu releases and packages installed. Our ultimate goal is to empower our joint users with timely and relevant information, enabling them to make informed security decisions and thereby enhancing the security of their Ubuntu instances on Azure.

Related posts


Yash Aggarwal
4 November 2024

Join us for Microsoft Ignite

Ubuntu Article

The Canonical team is gearing up for the next big gathering at Microsoft Ignite 2024, which will take place from November 18 – 22, 2024. Get ready to dive deep into the latest conversations that will shape the future of cloud and open-source innovation. Expand and secure your Microsoft Ignite journey with a visit to ...


Jehudi
16 August 2024

Ubuntu 24.04 LTS Confidential Virtual Machines with Ubuntu Pro enabled Now Available in the Microsoft Azure Marketplace

Ubuntu Article

Ubuntu 24.04 LTS and 22.04 LTS Confidential VMs with Ubuntu Pro now available on Azure Marketplace, offering enhanced security and compliance for sensitive workloads. ...


Matthew de Klerk
18 December 2024

What is patching automation?

Security Article

In software, patches are updates that are designed to overcome problems, flaws or vulnerabilities in the programming. Patch management is the process of gathering and applying these patches to the target software, devices or systems. ...