Your submission was sent successfully! Close

Jump to main content
  1. Blog
  2. Article

Gabriel Aguiar Noury
on 20 January 2023

Ubuntu 18.04 ‘Bionic Beaver’ is reaching End of Standard Support this May. If you don’t take action, you will transition to 18.04 EOL (End Of Life). This distribution of Ubuntu was installed by millions of users and powers up thousands of devices. From kiosks and appliances to IoT devices and robots, 18.04 helped many companies deploy innovations to the world. As with all other Ubuntu LTS releases that reach their end of standard support, Bionic Beaver will transition to Extended Security Maintenance (ESM). This blog post will help developers and companies evaluate their options for devices currently running Ubuntu 18.04 LTS. It will also cover how you can enable ESM in case you choose to extend the support window with this service. Before we jump in, let’s cover a burning question: why do Ubuntu releases reach EOL?  

Why do Ubuntu releases reach EOL?

Every single Ubuntu LTS comes with 5 years of standard support. During those five years, we provide bug fixes and security patches to more than 2,300 packages. This obviously requires a great engineering effort from Canonical. Even more, if you consider all the critical infrastructures where Ubuntu is being used today.

But our users also look forward to the new release of our operating system with the latest and greatest. So, as we release new distributions of Ubuntu, we also need to relocate our resources. And with this, we obviously need to move distributions to the ESM period. 

ESM enables continuous vulnerability management for critical, high and medium Common Vulnerabilities and Exposures (CVEs). During this period, we no longer improve the distribution, but we keep it secure. We offer ESM for the benefit of our users. Some cannot migrate and need to keep their infrastructure running reliably and securely. Therefore, we provide 5 more years of critical security to those organisations. This is a paid service, as engineering time and resources are still needed to provide these updates. A paid service that is still cheaper than the actual cost for organisations to do all of this maintenance in-house. 

Now that we covered the relationship between End of Standard Support and ESM, let’s explore what comes next.

Migrate from 18.04 EOL to a supported LTS distribution

It’s never too late to start thinking about the 18.04 EOL migration. Soon your 18.04 fleet will stop receiving updates, including security patches. That will put you and your final user at a security risk. So if you want to keep your device compliant with security maintenance and the latest and greatest software, migration is one way to go.

For device manufacturers, we advise you to have a look at Ubuntu Core. While Ubuntu Desktop and Server will fulfil their purpose for edge and IoT devices, Ubuntu Core was developed and has been optimised for these use cases. With out-of-the-box features such as OTA update control, low-touch device recovery, strict confinement, secure boot, and more, it makes it easier to deploy and manage devices. It also comes with a longer window of standard support: 10 years. This will help you avoid reading another blog about this for quite a while.

And the migration shouldn’t be painful. If you are short on resources, you can always package your application and bundle all your dependencies. We recommend the use of snaps as a container solution to bundle all your dependencies. Snaps won’t create another abstraction layer. They allow you to access the system’s resources through dedicated interfaces. Once your application is snapped, you can easily run it on any Ubuntu LTS, Core, Desktop or Server. You name it.  

Can’t migrate from 18.04 EOL? Get 18.04 ESM

Sometimes migration is not straightforward. Dealing with dependency changes or simply recalling devices from the field can be troublesome. While the aim will be to migrate, you might need some time. So if you need more time and want to keep devices compliant, ESM gives you 5 extra years before 18.04 EOL.

ESM is part of the Ubuntu Pro subscription. ESM provides continuous vulnerability management and patching for critical, high and medium Common Vulnerabilities and Exposures (CVEs). This means that you will keep receiving security updates for more than 2,300 packages in Ubuntu Main. Here you find packages such as Python, OpenSSL, OpenVPN, network-manager, sed, curl, systemd, udev, bash, OpenSSH, login, libc… For the whole list of what’s included in Main, you can visit the Ubuntu Packages Search tool

But there is more. With the release of Ubuntu Pro, you can also get security coverage to an additional 23,000 packages beyond the main operating system. These are packages in Ubuntu Universe. For example, Boost, Qt, OpenCV, PCL, python-(argcomplete, opencv, pybind11, png…), cython, eigen, GTK, FFMPEG… are some of the many packages covered in Universe that are now getting security maintenance from Canonical. 

Ubuntu Universe also includes well-used applications such as the Robot Operating System (ROS), where Canonical provides services such as ROS ESM.

Option 1: Purchase ESM through the Ubuntu Pro store

If you have a few units to cover with ESM, we recommend you to purchase it directly from our store. ESM is part of the Ubuntu Pro subscription. Pricing for Ubuntu Pro depends on the volume of devices you want to cover and years of subscription to the service. To calculate pricing and make a purchase: 

  1. Go to the Ubuntu Pro Store
  2. Select IoT and Devices Category 
  3. Add the number of devices that you want to cover
  4. Select 18.04 LTS
  5. Pick whether you want only security updates for Main, or Main and Universe.
  6. Select if you want Enterprise Support
  7. Click Buy Now

Go to the Store

Option 2: Purchase ESM through Canonical’s Embedding Programme

If you have a large fleet of devices, or you need to add support to estates that grow over time, joining Canonical’s Embedding Programme might be a better option. It will not only grant you access to the Ubuntu Pro subscription, and so to ESM, but it will also apply a beneficial discount-based model.

To join the Embedding Programme you need to get in touch with a sales representative.

Get in touch

What is included in the Ubuntu Pro subscription 

ESM is part of the Ubuntu Pro subscription. You get access to this subscription through the Embedding programme or the Pro store. Besides getting ESM, customers can also enjoy other services like: 

For more information about Ubuntu Pro visit our webpage, the service description or get in touch with one of our sales representatives

How to enable ESM

Security updates provided during the ESM period are accessed through a dedicated PPA. To access this PPA you need a token. Tokens will be available in your Ubuntu Pro subscription portal once you have completed the purchase of the service. Remember, the Ubuntu Pro subscription can be purchased through the Embedding Programme or directly through the Ubuntu Pro store.  

To enable ESM, you just need to follow the instructions in your welcome email: 

  1. Install the Ubuntu Pro client
  2. Attach your token to an Ubuntu machine
  3. Activate ESM 
  4. Run apt upgrade will now allow you to install available updates

For more detailed instructions please visit the Ubuntu Pro client discourse.

Enabling ESM on fleets of devices

Depending on your management infrastructure there will be different alternatives to enable ESM in your fleet of machines. An Ubuntu Pro subscription also gives you access to Landscape, which facilitates this process.   

Landscape is a management and administration tool for Ubuntu. It allows you to monitor your systems through a management agent installed on each machine. The agent communicates with the Landscape server to update an automatically selected set of essential health metrics. It also allows you to remotely update and upgrade machines and manage users and permissions.

Using remote script execution, Landscape can interact with the Ubuntu Pro client. It can also distribute tokens in air-gapped environments. 

Learn more about Landscape with our documentation.   

Summary of 18.04 EOL implications

As 18.04 reaches the End of Standard Support in May of 2023, companies that have deployed devices with this LTS need to take action. Staying on 18.04 EOL distribution is a security risk that companies can’t afford. While migrating to a supported LTS is our main recommendation, we understand this is not always possible. If that’s the case for your organisation, ESM gives you more time.

Get in touch if you need advice on the best path for your company. 

Related posts

Holly Hall
29 March 2023

3 reasons why OTA updates are important [Part II]

IoT Article

In the first part of this blog series, we covered what the term ‘OTA’ means and some key advantages and considerations of using OTA technology in IoT. Read more about what OTA means in the blog post here. Devices are everywhere but they all need maintenance. Maintaining household gadgets such as laptops, printers and smart ...

26 September 2023

CVE 우선순위 지정을 통한 오픈 소스 보안

Security Security

최근 연구에 따르면 엔터프라이즈 시장의 애플리케이션 중 96%가 오픈 소스 소프트웨어를 사용합니다. 오픈 소스 환경이 점점 더 세분화됨에 따라 조직에 대한 잠재적인 보안 취약점의 영향을 평가하는 작업이 엄청날 수 있습니다. 우분투는 가장 안전한 운영 체제 중 하나로 알려져 있습니다. 하지만 그 이유는 무엇일까요? 우분투 보안팀은 매일 알려진 취약점에 대해 업데이트된 소프트웨어 패키지를 수정하고 릴리스하기 때문에 ...

Felicia Jia
19 September 2023

Canonical partners with AMD to enable Ubuntu on AMD Kria™ K24 SOMs

IoT Article

Canonical has partnered with AMD (since from when it was still Xilinx) for many years and we jointly deliver optimised/certified Ubuntu on multiple AMD device families, e.g. AMD Zynq™ UltraScale+™ evaluation boards and AMD Kria™ K26 SOMs (system-on-module). Canonical is pleased to announce Ubuntu is now enabled on AMD’s new Kria™ KD240 an ...