Ubuntu Pro, the expanded security maintenance and compliance subscription, is now in public beta for data centres and workstations. Canonical will provide a free tier for personal and small-scale commercial use in line with the company’s community commitment and mission to make open source more easily consumable by everyone.
“Since we first launched Ubuntu LTS, with five years free security coverage for the main OS, our enterprise customers have asked us to cover more and more of the wider open-source landscape under private commercial agreements. Today, we are excited to offer the benefits of all of that work, free of charge, to anyone in the world, with a free personal Ubuntu Pro subscription”, said Mark Shuttleworth, CEO of Canonical.
Ubuntu Pro expands security coverage for critical, high and medium Common Vulnerabilities and Exposures (CVEs) to thousands of applications and toolchains, including Ansible, Apache Tomcat, Apache Zookeeper, Docker, Drupal, Nagios, Node.js, phpMyAdmin, Puppet, PowerDNS, Python 2, Redis, Rust, WordPress, ROS, and more.
Ubuntu Pro is available for every Ubuntu LTS from 16.04 LTS. It is already in production for large-scale customers offering global services.
“For the last decade, Google has partnered with Canonical to promote the adoption of open-source software”, said Derry Cheng, Product Manager for Compute Engine. “ By offering Ubuntu Pro on Google Compute Engine, together we help customers enhance the security and compliance for their production workloads.”
Users can obtain a free personal Ubuntu Pro subscription at ubuntu.com/pro for up to five machines.
Canonical has an 18-year track record of timely security updates for the main Ubuntu OS, with critical CVEs patched in less than 24 hours on average. Ubuntu Pro expands this coverage to ten times the number of packages in the standard Ubuntu repositories – more than 25,000 of them. Patches are applied for critical, high, and selected medium CVEs, with many zero-day vulnerabilities fixed under embargo for release the moment the CVE is public.
Most users apply these security fixes automatically, with Ubuntu’s unattended upgrades. Canonical Livepatch, which allows users to apply kernel security patches at run time without the need for an immediate reboot, is also included in Ubuntu Pro.
Canonical works with major security scanning and vulnerability management providers to ensure that information about Ubuntu Pro CVE fixes is available through widely used tooling and dashboards.
“Tenable and Canonical collaborate to provide timely, accurate and actionable vulnerability alerts”, said Robert Huber, Chief Security Officer at Tenable. “Ubuntu Pro offers security patch assurance for a broad spectrum of open-source software. Together, we give customers a foundation for the trustworthy open source.”
Long-term stability for infrastructure and applications
A fragmented approach to long-term maintenance is among the most significant challenges of open source adoption. Ubuntu Pro is ideal for business builders who want to focus on innovation and be confident of ongoing security maintenance and dependency tracking.
Canonical backports security fixes from newer versions of applications, giving Ubuntu Pro users a path to long-term security with no forced upgrades. The result is a decade of API stability.
“Transformative innovations such as AI and deep learning are being put to work to unlock new levels of business automation,” said Justin Boitano, vice president of Enterprise Computing at NVIDIA. “With the introduction of Ubuntu Pro, enterprises will benefit from better security, support and long-term maintenance for thousands of open source libraries that are at the core of modern AI and data science workflows.“
Compliance and hardening
Ubuntu Pro includes tools for compliance management in regulated and audited environments. Ubuntu Security Guide (USG) enables well-known hardening and compliance standards such as certified CIS benchmark tooling and DISA-STIG profiles. System management at scale is facilitated through Landscape.
Ubuntu Pro users can access FIPS 140-2 certified cryptographic packages, necessary for all Federal Government agencies as well as organisations operating under compliance regimes like FedRAMP, HIPAA, and PCI-DSS.
“Enterprises need modular, cloud-native application platforms that accelerate how they build, run, and manage their applications without compromising on their compliance, security, or support requirements,” said Ajay Patel, GM and SVP, Modern Apps & Cloud Management Business, VMWare. “VMware is thrilled to partner with Canonical with their field-proven expertise in securing and supporting open-source. By offering Ubuntu Pro with VMware Tanzu, we can provide customers with a hardened, better, secure and enterprise-grade application environment that is as friendly to their developers as it is to their CISO.”
The standard Ubuntu Pro subscription covers the full set of security updates for all packages in Ubuntu. Canonical’s Ubuntu Advantage for Infrastructure subscription is now rebranded to Ubuntu Pro (Infra-only) with no price or scope changes.
An Ubuntu Pro (Infra-only) subscription covers the base OS and the private cloud components needed for large-scale bare-metal deployments, but excludes the new broader application coverage. It is useful for organisations building private clouds that use other guest operating systems for applications.
“Ubuntu Pro enables our engineering teams to focus on delivering industry-leading products and services to Acquia customers. Canonical’s transparency and patching expedience give me peace of mind that we are providing the most secure and compelling solutions to power innovative digital experiences”, said Robert Former, Acquia’s Chief Information Security Officer.
Ubuntu Pro can be combined with up to 24×7 enterprise-grade support coverage for the Ubuntu operating system. Additionally, it can cover open infrastructure such as MAAS, LXD, Kubernetes, OpenStack or Ceph / Swift storage, and now also a range of open source applications.
Initial application support (Ubuntu Pro + Apps-only support and Ubuntu Pro + support) coverage consists of over 30 upstream applications, including many popular projects such as Kafka, Kubeflow, OpenJDK, PostgreSQL, Telegraf, Samba, and Vault. We continue to add to the list based on prioritised customer demand.
Canonical can extend the service further by providing a Technical Account Manager or Dedicated Support Engineer or take full responsibility for the whole environment – from the initial setup to operations of the environment on behalf of the customer with up to 99.9% SLA-backed uptime.
“FIPS 140-2 certified Ubuntu images on AWS fulfil our FedRAMP compliance requirements. With enterprise-grade Ubuntu Pro support backed by Canonical’s 10-year security maintenance commitment, we provide critical development infrastructure for some of the world’s most famous brands.” said Patrick Kaeding, Security Engineer at LaunchDarkly.
Free trial available for new and existing customers
A 30-day free trial of Ubuntu Pro is also available for new enterprise customers. Paid plans are priced at $25 per year for workstation or $500 per year for server. On public clouds, Ubuntu Pro is priced at approximately 3.5% of the average underlying compute cost. Additional services such as 24×7 support can be added if required, so businesses can choose the level of service they need. Full pricing details are available at ubuntu.com/pricing/pro
Canonical is also pleased to offer existing Ubuntu Advantage for Infrastructure customers (now Ubuntu Pro (Infra-only), with or without support) a trial of the new full Ubuntu Pro application security maintenance service until the end of their existing contract (up to one year) at no extra cost.