How Ubuntu Advantage for Infrastructure delivers top-notch Linux security
Lech Sandecki
on 22 October 2019
Tags: ESM , Extended Security Maintenance , kernel , livepatch , LTS , Security , Ubuntu Advantage
Linux security is central to each release of Ubuntu, the most widely-used Linux distribution. With Ubuntu’s predictable six-month release cycle, users know when to expect the latest upstream open source capabilities and security.
Long Term Support (LTS) vs Interim releases
Every two years in April, a Long Term Support (LTS) release is published. Ubuntu LTS releases are commonly used in enterprise environments, with more than 60% of large-scale production clouds running Ubuntu LTS images.
Ubuntu 18.04 LTS (Bionic Beaver) is the latest Ubuntu LTS release, with Ubuntu 20.04 LTS coming in April 2020. Each new LTS release is supported for ten years total; five years of standard support, and five additional years of support under Ubuntu Advantage for Infrastructure (UA-I). UA-I provides users and organisations access to key security fixes and patches, including Canonical’s Extended Security Maintenance (ESM) and Kernel Livepatch services.
Twice every year, in April and October, interim releases are published. They are commonly used by those interested in the latest features and capable of upgrading more frequently.
Our latest interim release, which arrived last week, is Ubuntu 19.10 (Eoan Ermine). Its enhanced capabilities include the latest OpenStack Train release for live-migration assistance, improved security for Kubernetes deployments at the edge and significant updates to desktop performance. Standard support for an interim release is provided for nine months with no additional support extension offered.
10 years of continuous security under the Extended Security Maintenance (ESM)
ESM provides Linux security patches against high and critical security vulnerabilities for an extended period of time. The ESM service is the result of Canonical’s commitment to continuously provide security patches for Ubuntu LTS releases to secure Ubuntu systems and enterprise workloads in production for those unable to upgrade their systems more frequently.
Ubuntu 14.04 (Trusty Tahr) transitioned into the ESM support phase in April of this year, with many utilising this service to secure their Ubuntu environments. The next release to be covered by ESM is Ubuntu 16.04 LTS (Xenial Xerus, which is currently under standard support until 2021).
Kernel Livepatch – automated security patches
Security, automation and efficiency are the main tenets behind Canonical’s product and support offerings. Kernel Livepatch is a service that embodies all of these tenets, as it automatically applies the latest kernel security patches without rebooting.
Livepatch is not only the most secure way to keep the kernel up-to-date. It also saves time and effort needed to apply patches manually. As a result, it increases the overall availability of an organisation’s infrastructure.
To test and get started with Livepatch, anyone can subscribe up to 3 machines for free. For those needing security coverage on a larger scale, go ahead to buy Ubuntu Advantage for Infrastructure to get access to Kernel Livepatch, ESM, and more.
Want the full Ubuntu Linux security story?
To learn more about securing Linux and your Ubuntu systems register for our upcoming webinar.
Talk to us today
Interested in running Ubuntu in your organisation?
Newsletter signup
Related posts
6 facts for CentOS users who are holding on
Considering migrating to Ubuntu from other Linux platforms, such as CentOS? Find six useful facts to get started!
Securing open source through CVE prioritisation
According to a recent study, 96% of applications in the enterprise market use open-source software. As the open source landscape becomes more and more...
Ubuntu Explained: How to ensure security and stability in cloud instances—part 3
Applying updates across a fleet of multiple Ubuntu instances is a balance of security and service uptime. We explore best practices to maximise stability.