Your submission was sent successfully! Close

  1. Blog
  2. Article

on 26 October 2023

In the modern cloud ecosystem, the emergence of Confidential VMs (CVMs) has marked a significant stride towards robust security. However, while CVMs excel in guarding against external code threats, they remain susceptible to vulnerabilities within their boundaries. Herein lies the profound synergy between Ubuntu Pro and Confidential VMs on Microsoft Azure. While the latter fortifies the external walls, Ubuntu Pro vigilantly guards the interior, fostering a hardened, compliant, and manageable enclave for your cloud-based workloads. The integration not only significantly amplifies the security, but seamlessly aligns with enterprise requisites, propelling confidential computing towards being production-ready for professional workloads.

What are the benefits of Ubuntu Pro?

Ubuntu Pro extends the popular Ubuntu LTS with additional enterprise-grade capabilities tailored to meet the stringent requirements of professional and production use-cases. Here are some key advantages:

  • Extended Security Maintenance (ESM): 10 years of vulnerability management for the entire stack of software packages.
  • Comprehensive Patching: Security patching for over 25,000 open-source packages, expanding the set of packages your team can build on safely and reducing your average CVE exposure significantly.
  • Kernel Livepatch: Minimise downtime and unplanned reboots with patches for critical and high-severity kernel vulnerabilities.
  • Automated Compliance: Tooling for hardening and compliance profiles, including CIS, DISA-STIG, FIPS 140, and more.
  • Streamlined Billing: Hourly billing through your existing Azure account.

For more details, you can visit the Ubuntu Pro for Azure page.

Why use Confidential VMs (CVMs)?

Confidential VMs add an extra layer of security by encrypting data during processing, addressing a previously challenging aspect of data protection. The technology ensures that data is encrypted at runtime, at rest, and during boot-up. Here are some key features:

  • Runtime Protection: Data and code in memory are encrypted, ensuring that they are secure from any unauthorized access.
  • Data-at-Rest Encryption: Full-disk encryption capabilities to secure all stored data.
  • Boot-Time Verification: Hardware-rooted signed attestation to verify the OS, firmware, and platform boot measurements.

 For more information, you can visit this blog.

Combining Ubuntu Pro and Confidential VMs

Confidential computing introduces a security model where CVMs protect data from external software threats. However, vulnerabilities from within their boundaries remain a concern. This is where Ubuntu Pro becomes essential. Ubuntu Pro offers security measures to tackle vulnerabilities within the CVM’s software stack or the guest OS. Regular security patching and updates provided by Ubuntu Pro mitigate this risk. For a detailed exploration on the importance of securing your CVM from internal vulnerabilities, you can read our in-depth article here. This integration ensures a more secure environment suitable for enterprise operations and is compatible with both AMD SEV-SNP hardware and, for those in the Azure limited preview, Intel TDX.

How to Deploy

To deploy a new Confidential VM with Ubuntu Pro, use the Azure CLI command as follows:

az vm create \
--resource-group "${RESOURCE_GROUP}" \
--name "${VM_NAME}" \
--size Standard_DC4as_v5 \
--enable-vtpm true \
--image "Canonical:0001-com-ubuntu-confidential-vm-focal:20_04-lts-cvm:latest" \
--security-type ConfidentialVM \
--os-disk-security-encryption-type VMGuestStateOnly \
--enable-secure-boot true \
--license-type UBUNTU_PRO

The –license-type UBUNTU_PRO flag is the key for deploying Ubuntu Pro. 

In-Place Upgrade

Existing Confidential VM Ubuntu LTS VMs can be upgraded to Ubuntu Pro using a few commands. For more details, you can visit our In-Place Upgrade announcement.


Azure Confidential VMs provide an enhanced layer of protection for cloud-based workloads. But for a comprehensive security approach, it’s crucial to also address vulnerabilities from within. Ubuntu Pro fills this internal security need, improving the overall security framework. This integration between Ubuntu Pro and Azure Confidential VMs provides a more secure environment, enabling users to manage their confidential computing tasks with increased confidence.

Related posts

28 June 2023

Strengthen your cloud cyber security with Ubuntu Pro and confidential VMs

Ubuntu Article

Strengthen your cloud cyber security with Ubuntu Pro and confidential VMs. This blog dives into the crucial role your OS plays in cloud security and highlights the extensive security measures offered by Ubuntu, including the game-changing confidential computing technology. ...

3 November 2023

Intel® TDX 1.0 technology preview available on Ubuntu 23.10

Confidential computing Article

Today’s security landscape faces a significant challenge: the lack of adequate protection for data in active use. Data breaches can happen at runtime (that is, when computation is taking place on a machine’s main memory), stemming from a range of vectors such as malicious insiders with elevated privileges or hackers exploiting vulnerabili ...

8 August 2023

Announcing In-Place Upgrade from Ubuntu Server to Ubuntu Pro on Azure

Cloud and server Article

Seamlessly upgrade from Ubuntu Server to Ubuntu Pro on Azure without downtime. Explore advanced security, compliance, and long-term support features. Enhance your enterprise functionality and optimize your cloud journey with Ubuntu Pro. ...