How Ubuntu Advantage for Infrastructure delivers top-notch Linux security

Lech Sandecki

on 22 October 2019

Linux security is central to each release of Ubuntu, the most widely-used Linux distribution. With Ubuntu’s predictable six-month release cycle, users know when to expect the latest upstream open source capabilities and security.

Long Term Support (LTS) vs Interim releases

Every two years in April, a Long Term Support (LTS) release is published. Ubuntu LTS releases are commonly used in enterprise environments, with more than 60% of large-scale production clouds running Ubuntu LTS images.

Ubuntu 18.04 LTS (Bionic Beaver) is the latest Ubuntu LTS release, with Ubuntu 20.04 LTS coming in April 2020. Each new LTS release is supported for ten years total; five years of standard support, and five additional years of support under Ubuntu Advantage for Infrastructure (UA-I). UA-I provides users and organisations access to key security fixes and patches, including Canonical’s Extended Security Maintenance (ESM) and Kernel Livepatch services.

Twice every year, in April and October, interim releases are published. They are commonly used by those interested in the latest features and capable of upgrading more frequently.

Our latest interim release, which arrived last week, is Ubuntu 19.10 (Eoan Ermine). Its enhanced capabilities include the latest OpenStack Train release for live-migration assistance, improved security for Kubernetes deployments at the edge and significant updates to desktop performance. Standard support for an interim release is provided for nine months with no additional support extension offered.

10 years of continuous security under the Extended Security Maintenance (ESM)

ESM provides Linux security patches against high and critical security vulnerabilities for an extended period of time. The ESM service is the result of Canonical’s commitment to continuously provide security patches for Ubuntu LTS releases to secure Ubuntu systems and enterprise workloads in production for those unable to upgrade their systems more frequently.

Ubuntu 14.04 (Trusty Tahr) transitioned into the ESM support phase in April of this year, with many utilising this service to secure their Ubuntu environments. The next release to be covered by ESM is Ubuntu 16.04 LTS (Xenial Xerus, which is currently under standard support until 2021).

Kernel Livepatch – automated security patches

Security, automation and efficiency are the main tenets behind Canonical’s product and support offerings. Kernel Livepatch is a service that embodies all of these tenets, as it automatically applies the latest kernel security patches without rebooting. 

Livepatch is not only the most secure way to keep the kernel up-to-date. It also saves time and effort needed to apply patches manually. As a result, it increases the overall availability of an organisation’s infrastructure. 

To test and get started with Livepatch, anyone can subscribe up to 3 machines for free. For those needing security coverage on a larger scale, go ahead to buy Ubuntu Advantage for Infrastructure to get access to Kernel Livepatch, ESM, and more.

Want the full Ubuntu Linux security story?

To learn more about securing Linux and your Ubuntu systems register for our upcoming webinar.

Talk to us today

Interested in running Ubuntu in your organisation?

Newsletter signup

Select topics you're
interested in

In submitting this form, I confirm that I have read and agree to Canonical's Privacy Notice and Privacy Policy.

Related posts

Ubuntu 16.04 LTS transitions to Extended Security Maintenance (ESM)

Ubuntu 16.04 LTS ‘Xenial Xerus’ transitions into the extended security maintenance (ESM) support phase at the end of April 2021 from its standard, five-year...

Building and running FIPS containers on Ubuntu

Build and run Ubuntu containers that comply with the US and Canada government FIPS140-2 data protection standard.

Should you ever reinstall your Linux box? If so, how?

Broadly speaking, the Linux community can be divided into two camps – those who upgrade their operating systems in-vivo, whenever there is an option to do so...