With 12 years of support, Landscape 24.04 LTS adds snap and repository management controls to a modernised systems management web portal and API.

London, 30 April 2024.

Today Canonical announced the availability of Landscape’s first LTS release. Landscape 24.04 LTS features a new versioned API, a new web portal with accessibility and performance in mind, and intuitive controls for software distribution. Landscape 24.04 LTS comprises Landscape Server and Landscape Client. With a modernised backend and web portal in place, engineering teams can work efficiently, focusing on patches and new features.

Predictable release cadence and 12 years of support for LTS versions

Building on Canonical’s commitment to reliability, Landscape releases going forward will align with Ubuntu LTS and interim releases for predictable security coverage, feature patches, and bug fixes.

Landscape Server 24.04 can be installed on Ubuntu 22.04 LTS and Ubuntu 24.04 LTS releases with Ubuntu Pro. Landscape Server 24.04 is compatible with the previous four Ubuntu LTS releases (Ubuntu 16.04 LTS onwards), and will manage future Ubuntu releases including Ubuntu 26.04 LTS.

Like Ubuntu 24.04 LTS, this Landscape release gets a 12 year commitment for security maintenance and support. Landscape 24.04 LTS will get five years of bug fixes and incremental feature patches until August 2029. Ubuntu Pro subscribers can continue using Landscape 24.04 LTS after these 5 years for a total of 12 years, with the Legacy Support add-on.

A new web portal built with Canonical’s Vanilla Framework

Vanilla Framework provides consistent and uniform design patterns across Canonical’s products. Landscape joins MAAS, LXD UI, and others with a responsive React JS driven user interface. This web portal is built using a new versioned API serving JSON data. This API enhancement ensures seamless integration for developers, offering a forward-looking assurance that applications developed with a particular API version will remain robust and reliable, regardless of future updates to Landscape and its accompanying API endpoints.

The Monitoring feature from the legacy Landscape web portal has not yet been migrated to Landscape 24.04 LTS, yet. Monitoring will arrive as an incremental patch for Landscape 24.04 LTS with a modern charting library, a monitoring API, and companion documentation.

Lastly, the web portal provides a significant improvement in Lighthouse scores for Accessibility. The dashboard’s accessibility scores as measured by Lighthouse improved from 70% to 95%. Landscape 24.04 LTS has a web portal which is accessible to users with deficiencies in colour vision, complete colour blindness, and other visual impairments.

Save terabytes in storage and bandwidth with point-in-time repository snapshots

Landscape’s new web portal includes an intuitive point-and-click repository mirroring experience, and the repository snapshot service is available as a source when mirroring repositories. In late 2023, Canonical became the first Linux provider to integrate a repository snapshot service with Microsoft Azure’s update mechanisms. Landscape 24.04 LTS brings this simplified and safe deployment practice capability on-premises, and to mixed and hybrid cloud environments.

Benefits of Landscape’s repository snapshot service include predictable updates, consistency across deployments, and simplified repository mirroring, providing improved resilience and security for Ubuntu workloads.

Beyond the conveniences afforded to system administrators, the repository snapshots implementation also saves over 100 terabytes of disk space and network throughput, for organisations making complete repository mirrors every week. Canonical’s on-demand repository snapshot capability extends back to February 2023 for non-ESM (Expanded Security Maintenance) repositories. This innovation frees storage and network resources, because scheduled mirroring and archival of these mirrors becomes unnecessary.

Snap management for Ubuntu and Ubuntu Core

Beyond managing Ubuntu interim and LTS releases, Landscape 24.04 LTS also manages Ubuntu Core, Canonical’s snap based, immutable and strictly-confined operating system. A strictly confined Landscape Client snap package provides snap package management, remote script execution, monitoring and inventory capabilities to Ubuntu, for anyone interested in consuming the latest Landscape Client as a snap package.

Snap management capabilities also exist in the Landscape Client Debian package, available in the Main repository for Ubuntu 24.04 LTS, and in ppa:landscape/self-hosted-24.04 for previous versions of Ubuntu.

Distribution of updated snap revisions is controlled through the Snap Store, which organisations can self-host as a snap store proxy, or as a brand store if there is a need to distribute proprietary non-public snaps within the organisation. Snap management in Landscape 24.04 LTS can add, remove, update, and pause updates from Snap Store, snap store proxy, and brand stores.

Landscape has historically provided fine grained management of Debian packages installed through the apt package manager. With Landscape 24.04 LTS, similar management capabilities arrive for snap packages, with consideration for revisions and channels, which are specific to the snap ecosystem. By default, snap packages self-update through transactional over-the-air updates, and have the ability to rollback automatically if the upgrade fails. Organisations and individuals interested in uniformity across machines can pin revisions of a snap to machines, and ensure consistency between machines that must be uniformly configured.

Next steps

• Read the Landscape datasheet
• Install Landscape 24.04 LTS on Ubuntu Server, using Ubuntu 20.04 LTS or later
• Learn to enrol Ubuntu 24.04 LTS instances with Landscape, using Pro Client

About Canonical

Canonical, the publisher of Ubuntu, provides open source security, support and services. Our portfolio covers critical systems, from the smallest devices to the largest clouds, from the kernel to containers, from databases to AI. With customers that include top tech brands, emerging startups, governments and home users, Canonical delivers trusted open source for everyone.

Learn more at canonical.com.

Lire plus

Canonical recently announced the release of Ubuntu 24.04 LTS, codenamed “Noble Numbat”. This update underscores Ubuntu’s ongoing commitment to enhancing performance and security, focusing on optimizing developer productivity. The latest version features an optimized Linux kernel 6.8 and significant system management upgrades as detailed in the release notes. In this blog post, we highlight the key features and improvements that Ubuntu 24.04 LTS brings to the table, specifically tailored for users of Microsoft/Azure.

Unified marketplace offering

Ubuntu 24.04 LTS introduces a consolidated Azure Marketplace experience. Easily find the official Ubuntu images created by Canonical and endorsed by Microsoft for Azure, all under a single offering: ubuntu-24_04-lts. This simplification aids your search and selection process, helping you choose the right image for your needs and ensuring optimal compatibility and performance. [Explore the Ubuntu 24.04 images on the Azure Marketplace].

Optimized for Azure

Ubuntu 24.04 LTS is finely tuned to enhance performance on Azure infrastructure, ensuring that the Ubuntu images are fully compatible and support the latest cloud features as they are released. This optimization boosts system efficiency, speed, and reliability. Integration with Azure Guest Patching and the Update Management Center facilitates streamlined and continuous system updates, thereby reinforcing the overall security and stability of Ubuntu deployments.

Enhanced developer toolchains

.NET 8 is fully compatible with Ubuntu 24.04 LTS from launch, being directly available through the official Ubuntu feeds. This synchronization with the .NET release cadence ensures developers have immediate access to the latest features and updates. Additionally, .NET 8 introduces streamlined package management and new Ubuntu container images, boosting development flexibility and deployment efficiency. (Read more in this Microsoft’s blog post).

The commitment to developer productivity also extends to other popular programming languages, including TCK-certified Java versions and the latest Rust toolchains, enhancing support and smoothing the development experience.

Confidential Computing

Ubuntu continues to lead in confidential computing with support for Confidential VMs, including capabilities for confidential AI. This is facilitated by utilizing advanced hardware security extensions such as AMD’s 4th Gen EPYC processors with SEV-SNP and NVIDIA H100 Tensor Core GPUs. These features help safeguard data at runtime from system vulnerabilities and unauthorized access, making them particularly suitable for AI training and data inference involving sensitive information.

Windows Subsystem for Linux (WSL)

Ubuntu 24.04 LTS enhances its WSL integration using the same installer technology as Ubuntu Server. This update includes support for cloud-init, standardizing developer environments across installations and ensuring consistent and streamlined workflows.

Wrapping up

As we explore the capabilities of Ubuntu 24.04 LTS, Microsoft/Azure users will experience an integration that is tailored to current technological needs and equipped for upcoming developments. This version is supported for up to 12 years, providing a stable and reliable foundation that enterprises and developers can rely on for long-term projects and innovation.

Lire plus

Arriving alongside the main Ubuntu 24.04 LTS release are new versions of the official Ubuntu flavours, including Kubuntu, Xubuntu, and Ubuntu Cinnamon. What follows is a concise, top-level overview of the key new features and changes in some of the most popular Ubuntu flavours, plus the relevant downloads links to snag an ISO need should be tempted into trying a few flavors first-hand. Unless otherwise noted, all flavours share the same foundational footprint as the main release, e.g., Linux kernel, graphics drivers, tooling, etc. But some fears, like the Flutter-based OS installer and the snap-centric App Center aren’t used in […]

You're reading Ubuntu 24.04 Official Flavours Available to Download, a blog post from OMG! Ubuntu. Do not reproduce elsewhere without permission.

We’re excited about the upcoming Ubuntu 24.04 LTS release, Noble Numbat. Like all Ubuntu releases, Ubuntu 24.04 LTS comes with 5 years of free security maintenance for the main repository. Support can be expanded for an extra 5 years, and to include the universe repository, via Ubuntu Pro.  Organisations looking to keep their systems secure without needing a major upgrade can also get the Legacy Support add-on to expand that support beyond the 10 years. Combined with the enhanced security coverage provided by Ubuntu Pro and Legacy Support, Ubuntu 24.04 LTS provides a secure foundation on which to develop and deploy your applications and services in an increasingly risky environment. In this blog post, we will look at some of the enhancements and security features included in Noble Numbat, building on those available in Ubuntu 22.04 LTS.

Unprivileged user namespace restrictions

Unprivileged user namespaces are a widely used feature of the Linux kernel, providing additional security isolation for applications, and are often employed as part of a sandbox environment. They allow an application to gain additional permissions within a constrained environment, so that a more trusted part of an application can then use these additional permissions to create a more constrained sandbox environment within which less trusted parts can then be executed. A common use case is the sandboxing employed by modern web browsers, where the (trusted) application itself sets up the sandbox where it executes the untrusted web content. However, by providing these additional permissions, unprivileged user namespaces also expose additional attack surfaces within the Linux kernel. There has been a long history of (ab)use of unprivileged user namespaces to exploit various kernel vulnerabilities. The most recent interim release of Ubuntu, 23.10, introduced the ability to restrict the use of unprivileged user namespaces to only those applications which legitimately require such access. In Ubuntu 24.04 LTS, this feature has both been improved to cover additional applications both within Ubuntu and from third parties, and to allow better default semantics of the feature. For Ubuntu 24.04 LTS, the use of unprivileged user namespaces is then allowed for all applications but access to any additional permissions within the namespace are denied. This allows more applications to more better gracefully handle this default restriction whilst still protecting against the abuse of user namespaces to gain access to additional attack surfaces within the Linux kernel.

Binary hardening

Modern toolchains and compilers have gained many enhancements to be able to create binaries that include various defensive mechanisms. These include the ability to detect and avoid various possible buffer overflow conditions as well as the ability to take advantage of modern processor features like branch protection for additional defence against code reuse attacks.

The GNU C library, used as the cornerstone of many applications on Ubuntu, provides runtime detection of, and protection against, certain types of buffer overflow cases, as well as certain dangerous string handling operations via the use of the _FORTIFY_SOURCE macro. FORTIFY_SOURCE can be specified at various levels providing increasing security features, ranging from 0 to 3. Modern Ubuntu releases have all used FORTIFY_SOURCE=2 which provided a solid foundation by including checks on string handling functions like sprintf(), strcpy() and others to detect possible buffer overflows, as well as format-string vulnerabilities via the %n format specifier in various cases. Ubuntu 24.04 LTS enables additional security features by increasing this to FORTIFY_SOURCE=3. Level three greatly enhances the detection of possible dangerous use of a number of other common memory management functions including memmove(),  memcpy(), snprintf(), vsnprintf(), strtok() and strncat(). This feature is enabled by default in the gcc compiler within Ubuntu 24.04 LTS, so that all packages in the Ubuntu archive which are compiled with gcc, or any applications compiled with gcc on Ubuntu 24.04 LTS also receive this additional protection.

The Armv8-M hardware architecture (provided by the “arm64” software architecture on Ubuntu) provides hardware-enforced pointer authentication and branch target identification. Pointer authentication provides the ability to detect malicious stack buffer modifications which aim to redirect pointers stored on the stack to attacker controlled locations, whilst branch target identification is used to track certain indirect branch instructions and the possible locations which they can target. By tracking such valid locations, the processor can detect possible malicious jump-oriented programming attacks which aim to use existing indirect branches to jump to other gadgets within the code. The gcc compiler supports these features via the -mbranch-protection option. In Ubuntu 24.04 LTS, the dpkg package now enables -mbranch-protection=standard, so that all packages within the Ubuntu archive enable support for these hardware features where available.

AppArmor 4

The aforementioned unprivileged user namespace restrictions are all backed by the AppArmor mandatory access control system. AppArmor allows a system administrator to implement the principle of least authority by defining which resources an application should be granted access to and denying all others. AppArmor consists of a userspace package, which is used to define the security profiles for applications and the system, as well as the AppArmor Linux Security Module within the Linux kernel which provides enforcement of the policies. Ubuntu 24.04 LTS includes the latest AppArmor 4.0 release, providing support for many new features, such as specifying allowed network addresses and ports within the security policy (rather than just high level protocols) or various conditionals to allow more complex policy to be expressed. An exciting new development provided by AppArmor 4 in Ubuntu 24.04 LTS is the ability to defer access control decisions to a trusted userspace program. This allows for quite advanced decision making to be implemented, by taking into account the greater context available within userspace or to even interact with the user / system administrator in a real-time fashion. For example, the experimental snapd prompting feature takes advantage of this work to allow users to exercise direct control over which files a snap can access within their home directory. Finally, within the kernel, AppArmor has gained the ability to mediate access to user namespaces as well as the io_uring subsystem, both of which have historically provided additional kernel attack surfaces to malicious applications. 

Disabling of old TLS versions

The use of cryptography for private communications is the backbone of the modern internet. The Transport Layer Security protocol has provided confidentiality and integrity to internet communications since it was first standardised in 1999 with TLS 1.0. This protocol has undergone various revisions since that time to introduce additional security features and avoid various security issues inherent in the earlier versions of this standard. Given the wide range of TLS versions and options supported by each, modern internet systems will use a process of auto-negotiation to select an appropriate combination of protocol version and parameters when establishing a secure communications link. In Ubuntu 24.04 LTS, TLS 1.0, 1.1 and DTLS 1.0 are all forcefully disabled (for any applications that use the underlying openssl or gnutls libraries) to ensure that users are not exposed to possible TLS downgrade attacks which could expose their sensitive information.

Upstream Kernel Security Features

Linux kernel v5.15 was used as the basis for the Linux kernel in the previous Ubuntu 22.04 LTS release. This provided a number of kernel security features including core scheduling, kernel stack randomisation and unprivileged BPF restrictions to name a few. Since that time, the upstream Linux kernel community has been busy adding additional kernel security features. Ubuntu 24.04 LTS includes the v6.8 Linux kernel which provides the following additional security features:

Intel shadow stack support

Modern Intel CPUs support an additional hardware feature aimed at preventing certain types of return-oriented programming (ROP) and other attacks that target the malicious corruption of the call stack. A shadow stack is a hardware enforced copy of the stack return address that cannot be directly modified by the CPU. When the processor returns from a function call, the return address from the stack is compared against the value from the shadow stack – if the two differ, the process is terminated to prevent a possible ROP attack. Whilst compiler support for this feature has been enabled for userspace packages since Ubuntu 19.10, it has not been able to be utilised until it was also supported by the kernel and the C library. Ubuntu 24.04 LTS includes this additional support for shadow stacks to allow this feature to be enabled when desired by setting the GLIBC_TUNABLES=glibc.cpu.hwcaps=SHSTK environment variable.

Secure virtualisation with AMD SEV-SNP and Intel TDX

Confidential computing represents a fundamental departure from the traditional threat model, where vulnerabilities in the complex codebase of privileged system software like the operating system, hypervisor, and firmware pose ongoing risks to the confidentiality and integrity of both code and data. Likewise, unauthorised access by a malicious cloud administrator could jeopardise the security of your virtual machine (VM) and its environment. Building on the innovation of Trusted Execution Environments at the silicon level, Ubuntu Confidential VMs aim to restore your control over the security assurances of your VMs.

For the x86 architecture, both AMD and Intel processors provide hardware features (named AMD SEV SNP and Intel TDX respectively) to support running virtual machines with memory encryption and integrity protection. They ensure that the data contained within the virtual machine is inaccessible to the hypervisor and hence the infrastructure operator.  Support for using these features as a guest virtual machine was introduced in the upstream Linux kernel version 5.19.

Thanks to Ubuntu Confidential VMs, a user can make use of compute resources provided by a third party whilst maintaining the integrity and confidentiality of their data through the use of memory encryption and other features.  On the public cloud, Ubuntu offers the widest portfolio of confidential VMs. These build on the innovation of both the hardware features, with offerings available across Microsoft Azure, Google Cloud and Amazon AWS. 

For enterprise customers seeking to harness confidential computing within their private data centres, a fully enabled software stack is essential. This stack encompasses both the guest side (kernel and OVMF) and the host side (kernel-KVM, QEMU, and Libvirt). Currently, the host-side patches are not yet upstream. To address this, Canonical and Intel have forged a strategic collaboration to empower Ubuntu customers with an Intel-optimised TDX Ubuntu build. This offering includes all necessary guest and host patches, even those not yet merged upstream, starting with Ubuntu 23.10 and extending into 24.04 and beyond. The complete TDX software stack is accessible through this github repository. 

This collaborative effort enables our customers to promptly leverage the security assurances of Intel TDX. It also serves to narrow the gap between silicon innovation and software readiness, a gap that grows as Intel continues to push the boundaries of hardware innovation with 5th Gen Intel Xeon scalable processors and beyond.

Strict compile-time bounds checking

Similar to hardening of binaries within the libraries and applications distributed in Ubuntu, the Linux kernel itself gained enhanced support for detecting possible buffer overflows at compile time via improved bounds checking of the memcpy() family of functions. Within the kernel, the FORTIFY_SOURCE macro enables various checks in memory management functions like memcpy() and memset() by checking that the size of the destination object is large enough to hold the specified amount of memory, and if not will abort the compilation process. This helps to catch various trivial memory management issues, but previously was not able to properly handle more complex cases such as when an object was embedded within a larger object. This is quite a common pattern within the kernel, and so the changes introduced in the upstream 5.18 kernel version to enumerate and fix various such cases greatly improves this feature. Now the compiler is able to detect and enforce stricter checks when performing memory operations on sub-objects to ensure that other object members are not inadvertently overwritten, avoiding an entire class of possible buffer overflow vulnerabilities within the kernel.

Wrapping up

Overall, the vast range of security improvements that have gone into Ubuntu 24.04 LTS greatly improve on the strong foundation provided by previous Ubuntu releases, making it the most secure release to date. Additional features within both the kernel, userspace and across the distribution as a whole combine to address entire vulnerability classes and attack surfaces. With up to 12 years of support, Ubuntu 24.04 LTS provides the best and most secure foundation to develop and deploy Linux services and applications. Expanded Security Maintenance, kernel livepatching and additional services are all provided to Ubuntu Pro subscribers to enhance the security of their Ubuntu deployments.

Introduction

DISA, the Defense Information Systems Agency, has published their Security Technical Implementation Guide (STIG) for Ubuntu 22.04 LTS. The STIG is free for the public to download from the DOD Cyber Exchange. Canonical has been working with DISA since we published Ubuntu 22.04 LTS to draft this STIG, and we are delighted that it is now finalised and available for everyone to use.

We are now developing the Ubuntu Security Guide profile with a target release in summer 2024.

What is a STIG?

A STIG is a set of guidelines for how to configure an application or system in order to harden it. Hardening means reducing the system’s attack surface: removing unnecessary software packages, locking down default values to the tightest possible settings and configuring the system to run only what you explicitly require. System hardening guidelines also seek to lessen collateral damage in the event of a compromise.

STIGs are intended to be applied with judgement and common sense. Each mission or deployment is going to be different: where a piece of guidance doesn’t make sense for your specific needs, you can choose your own path forward whilst keeping the overall intentions of the STIG in mind.

The STIGs have been primarily developed for use within the US Department of Defense. However, because they are based on universally-recognised security principles, they can be used by anyone who wants a robust system hardening framework. As a result, STIGs are being more widely adopted across the US government and numerous industries, such as financial services and online gaming.

When will Canonical publish a DISA-STIG USG profile?

The STIG that DISA has published is primarily composed of a manual XCCDF XML document that describes in human-readable words how to configure Ubuntu 22.04 LTS. This XML file contains nearly 200 individual pieces of guidance, which can be quite a daunting prospect to tackle from scratch. To simplify this process, Canonical produces the Ubuntu Security Guide (USG), an automation tool that handles both the checking and remediation of the STIG rules. USG is available as part of Ubuntu Pro, and can be enabled through the Pro client.

Our engineering team is currently working through the XCCDF document and codifying the rules into a new profile for USG. We will publish the STIG profile for USG in the coming months, with a target release in summer 2024, and will make an announcement at that time.

Conclusion

The STIG for Ubuntu 22.04 LTS will allow any users or administrators to harden their systems in accordance with this rigorous standard. Doing this by hand is a time-consuming proposition, so we recommend waiting until automated tooling is available to speed up the hardening and auditing process; the USG profile is in active development and will be published as soon as it’s ready.

Further resources

• Maximizing security and compliance in the US public sector with Ubuntu Pro
• A guide to Infrastructure Hardening
• The Ubuntu Security Guide documentation

At the world’s leading industrial trade fair, companies from the mechanical engineering, electrical engineering and digital industries as well as the energy sector will come together to present solutions for a high-performance, but also sustainable industry at Hannover Messe. This year, Qualcomm brought its DX Summit to Hannover Messe, putting together business and technology leaders to discuss digital transformation solutions and experiences that are moving enterprise forward today, from manufacturing to logistics, transportation, energy and more.

Canonical will join the Qualcomm DX Summit at Hannover Messe on April 23rd , 2024, where industry experts will delve into the cutting-edge technologies that are driving Industry 4.0 forward.  We’re looking forward to meeting our partners and customers on-site to discuss the latest in open-source innovation, and solutions on edge AI. Fill in the form and get a free ticket for Qualcomm DX Summit and Hannover Messe from Canonical.

Book a meeting with us

Canonical and Qualcomm collaborate to speed up Industry 4.0 adoption

Last week, Canonical and Qualcomm Technologies announced strategic collaboration to bring Ubuntu and Ubuntu Core to devices powered by Qualcomm® processors which offers an easy solution for developers to create safe, compliant, security-focused, and high-performing applications for multiple industries including industrial, robotics and edge automation.

Secure and scale your smart edge AI deployments with Ubuntu

During the event, Canonical will present a talk using a real-world case-study to showcase our joint offering with Qualcomm and illustrate how Canonical solutions benefit enterprise IoT customers to bring digital transformation and AI to their latest IoT projects. 

Presenter: Aniket Ponkshe, Director of Silicon Alliances, Canonical

Date and time: 2:20 pm – 2:40 pm, April 23rd, 2024

Location: Hall 18

Schedule a meeting with our devices experts

Book a meeting with us

Today, Canonical is thrilled to announce our expanded collaboration with Google Cloud to provide Ubuntu images for Google Distributed Cloud. This partnership empowers Google Distributed Cloud customers with security-focused Ubuntu images, ensuring they meet the most stringent compliance standards.

Since 2021, Google Cloud, with its characteristic vision, has built a strong partnership with Canonical. This collaboration highlights both companies’ commitment to providing customers with the air-gapped cloud solutions they need. Through this partnership, Google Cloud demonstrates its strategic brilliance – delegating foundational image creation and maintenance to Canonical’s expertise, allowing Google Cloud to focus on the heart of Google Distributed Cloud development. Canonical’s dedication to rigorous testing upholds the reliability that data centers demand. Moreover, proactive support helps swiftly tackle critical issues, ensuring seamless data center operations. This partnership is a testament to the power of strategic collaborations in the tech sector:

• GDC Ready OS Images: Canonical supports multiple active releases of Google Distributed Cloud (1.9.x, 1.10.x, 1.11.x, and 1.12.x) ensuring Google Cloud has flexibility and choice.

• Risk Mitigation: Canonical employs a two-tiered image system–”development” and “stable.” This allows for thorough testing of changes before they are released into the stable production environment, minimizing potential problems.

These key benefits are the result of our unwavering pursuit of progress and innovation. Google Distributed Cloud customers can expect to reap the rewards of our continuous hard work:

• FIPS & CIS Compliance: Google Distributed Cloud customers operating in highly regulated industries can confidently deploy FIPS-compliant and CIS-hardened Ubuntu images, knowing they adhere to critical security standards.
• Multi-distro Support: Ubuntu’s adaptability allows Google Distributed Cloud users to run a diverse range of distro images, maximizing their choice and flexibility within the cloud environment.
• Air-gapped Innovation: Canonical and Google Cloud are dedicated to supporting air-gapped cloud technology, providing secure, cutting-edge solutions for customers with even the most sensitive data requirements.

At Canonical, we’re committed to open-source innovation. This collaboration with Google Cloud is a prime example of how we can work together to deliver industry-leading cloud solutions to our customers. We look forward to continued partnership and providing even more value to the Google Distributed Cloud ecosystem.

Lire plus

This blog post explores the technical and strategic benefits of deploying open-source AI models on Ubuntu. We’ll highlight why it makes sense to use Ubuntu with open-source AI models, and outline the deployment process on Azure.

Authored by Gauthier Jolly, Software Engineer, CPC, and Jehudi Castro-Sierra, Public Cloud Alliance Director, both from Canonical.

Why Ubuntu for Open-Source AI?

• Open Philosophy: Ubuntu’s open-source nature aligns seamlessly with the principles of open-source AI models, fostering collaboration and accessibility.
• Seamless Integration: Deploying open-source AI is smooth on Ubuntu, thanks to its robust support for AI libraries and tools.
• Community: Ubuntu’s large community provides valuable resources and knowledge-sharing for AI development.

The Role of Ubuntu Pro

Ubuntu Pro elevates the security and compliance aspects of deploying AI models, offering extended security maintenance, comprehensive patching, and automated compliance features that are vital for enterprise-grade applications. Its integration with Confidential VMs on Azure enhances the protection of sensitive data and model integrity, making it an indispensable tool for tasks requiring stringent security measures like ML training, inference, and confidential multi-party data analytics.

Why use the public cloud for deploying AI models?

Using a public cloud like Azure gives straightforward access to powerful GPUs and Confidential Compute capabilities, essential for intensive AI tasks. These features significantly reduce the time and complexity involved in setting up and running AI models, without compromising on security and privacy. Although some may opt for on-prem deployment due to specific requirements, Azure’s scalable and secure environment offers a compelling argument for cloud-based deployments.

Provisioning and Configuration

We are going to explore using open models on Azure by creating an instance with Ubuntu, installing NVIDIA drivers for GPU support, and setting up Ollama for running the models. The process is technical, involving CLI commands for creating the resource group, VM, and configuring NVIDIA drivers. Ollama, the chosen tool for running models like Mixtral, is best installed using Snap for a hassle-free experience, encapsulating dependencies and simplifying updates.

Provision an Azure VM

Begin by creating a resource group and then a VM with the Ubuntu image using the Azure CLI.

az group create --location westus --resource-group ml-workload
az vm create \
    --resource-group ml-workload \
    --name jammy \
    --image Ubuntu2204 \
    --generate-ssh-keys \
    --size Standard_NC4as_T4_v3 \
    --admin-username ubuntu --license-type UBUNTU_PRO

Install Nvidia Drivers (GPU Support)

For GPU capabilities, install NVIDIA drivers using Ubuntu’s package management system. Restart the system after installation.

sudo apt update -y
sudo apt full-upgrade -y
sudo apt install -y ubuntu-drivers-common
sudo ubuntu-drivers install
sudo systemctl reboot

Important: Standard NVIDIA drivers don’t support vGPUs (fractional GPUs). See instructions on the Azure site for installing GRID drivers, which might involve building an unsigned kernel module (which may be incompatible with Secure Boot).

Deploying Ollama with Snap

Snap simplifies the installation of Ollama and its dependencies, ensuring compatibility and streamlined updates. The –beta flag allows you to access the latest features and versions, which might still be under development

sudo snap install --beta ollama

Configuration

Configure Ollama to use the ephemeral disk

sudo mkdir /mnt/models
sudo snap connect ollama:removable-media # to allow the snap to reach /mnt
sudo snap set ollama models=/mnt/models

Installing Mixtral

At this point, you can run one of the open models available out of the box, like mixtral or llama2. If you have a fine-tuned version of these models (a process that involves further training on a specific dataset), you can run those as well.

ollama run mixtral

The first run might take a while to download the model.

Now you can use the model through the console interface:

Installing a UI

This step is optional, but provides a UI via your web browser.

sudo snap install --beta open-webui

Access the web UI securely

To quickly access the UI without open ports in the Azure security group, you can create an SSH tunnel to your VM using the following command:

ssh -L 8080:localhost:8080 ubuntu@${IP_ADDR}

Go to http://localhost:8080 in your web browser on your local machine (the command above tunnels the traffic from your localhost to the instance on Azure).:

In case you want to make this service public, follow this documentation.

Verify GPU usage

sudo watch -n2 nvidia-smi

Check that the ollama process is using the GPU, you should see something like this:

+---------------------------------------------------------------------------+
| Processes:                                                                |                                                                            
|  GPU   GI   CI        PID   Type   Process name                GPU Memory |
|        ID   ID                                                 Usage      |
|===========================================================================|
|    0   N/A  N/A      1063      C   /snap/ollama/13/bin/ollama     4882MiB |
+---------------------------------------------------------------------------+

Complementary and Alternative Solutions

• Charmed Kubeflow: Explore this solution for end-to-end MLOps (Machine Learning Operations), providing a streamlined platform to manage every stage of the machine learning lifecycle. It’s particularly well-suited for complex or large-scale AI deployments.
• Azure AI Studio: Provides ease of use for those seeking less customization.

Conclusion

Ubuntu’s open-source foundation and robust ecosystem make it a compelling choice for deploying open-source AI models. When combined with Azure’s GPU capabilities and Confidential Compute features, you gain a flexible, secure, and performant AI solution.

Lire plus

Ubuntu 23.10 experimental image with x86-64-v3 instruction set now available on Azure

Canonical is enabling enterprises to evaluate the performance of their most critical workloads in an experimental Ubuntu image on Azure compiled with x86-64-v3, which is a microarchitecture level that has the potential for performance gains. Developers can use this image to characterise workloads, which can help inform planning for a transition to x86-64-v3 and provide valuable input to the community working to make widespread adoption of x86-64-v3 a reality. 

The x86-64-v3 instruction set enables hardware features that have been added by chip vendors since the original instruction set architecture (ISA) commonly known as x86-64-v1, x86-64, or amd64.  Canonical Staff Engineer Michael Hudson-Doyle recently wrote about the history of the x86-64/amd64 instruction sets, what these v1 and v3 microarchitecture levels represent, and how Canonical is evaluating their performance. While fully backwards compatible, later versions of these feature groups are not available on all hardware, so when deciding on an ISA image you must choose to maximise the supported hardware or to get access to more recent hardware capabilities. Canonical plans to continue supporting x86-64-v1 as there is a significant amount of legacy hardware deployed in the field. However, we also want to enable users to take advantage of newer x86-64-v3 hardware features that provide the opportunity for performance improvements the industry isn’t yet capitalising on. 

Untapped performance and power benefits

Intel and Canonical partner closely to ensure that Ubuntu takes full advantage of the advanced hardware features Intel silicon offers, and the Ubuntu image on Azure is an interim step towards giving the industry access to the capabilities of x86-64-v3 and understanding the benefits that it offers. Intel has made x86-64-v3 available since Intel Haswell was first announced a decade ago. Support in their low power processor family is more recent, arriving in the Gracemont microarchitecture which was first in the 12th generation of Intel Core processors. Similarly, AMD has had examples since 2015, and emulators such as QEMU have supported  x86-64-v3 since 2022. Yet, with this broad base of hardware availability, distro support of the features in the x86-64-v3 microarchitecture level is not widespread. In the spirit of enabling Ubuntu everywhere and ensuring that users can benefit from the unique features on different hardware families, Canonical feels strongly about enabling a transition to x86-64-v3 while remaining committed to our many users on hardware that doesn’t support v3. x86-64-v3 is available in a significant amount of hardware, and provides the opportunity for performance improvements which are currently being left on the table. This is why we believe that v3 is the next logical microarchitecture level to offer in Ubuntu, and Michael’s blog post explains in greater detail why v3 should be chosen instead of v2 or v4.

Not just a porting exercise

The challenge with enabling the transition to v3 is that while we expect a broad range of performance improvements depending on the workload, the results are much more nuanced. From Canonical’s early benchmarking we see that certain workloads see significant benefit from the adoption of x86-64-v3; however there are outliers that regress and need further analysis.

Canonical continues to do benchmarking, with plans to evaluate different compilers, compiler parameters, and configurations of hostOS and guestOS. In certain cases, such as the Glibc Log2 benchmark, we have reproducibly seen up to a 60% improvement. On the other hand, we also see other benchmarks  that regress significantly. When digging in, we found unexpected behaviour in the compiled code. For example, in one of the benchmarks we verified an excessive number of moves between registers, leading to much worse performance due to the increased latency. In another situation, we noticed a large code size increase, as enabling x86-64-v3 on optimised SSE code caused the compiler to expand it into 17x more instructions, due to a possible bug during the translation to VEX encoding. With community efforts, these outliers  could be resolved.  However, they will require interdisciplinary collaboration to do so. This also underscores the necessity of benchmarking different types of workloads, so that we can understand their specific performance and bottlenecks. That’s why we believe it’s important to enable workloads to run on Azure, so that a broader community can give feedback and enable further optimisation.

Try Ubuntu 23.10 with x86-64-v3 on Azure today

The community now has access to resources on Azure to easily evaluate the performance of x86-64-v3 for their workloads, so that they can understand the benefits of migrating and can identify where improvements are still required.  What is being shared today is experimental and for evaluation and benchmarking purposes only, which means that it won’t receive security updates or other maintenance updates you would expect for an image you could use in production. When x86-64-v3 is introduced for production workloads there will be a benefit to being able to run both v3 and v1 depending on the workload and hardware available. As is usually the case, the answer to the question of whether to run on a v3 image or a v1 image is ‘it depends’. This image provides the tools to answer that cost, power, and performance optimisation problem. In addition to the availability of the cloud image on Azure, we’ve also previously posted on the availability of Ubuntu 23.04 rebuilt to target the x86-64-v3 microarchitecture level, and made available installer images from that archive. These are additional tools that the community can use to benchmark, when cloud environments can’t be targeted.

In order to access the image on Azure and use it, you can follow the instructions in our discourse post. Please be sure to leave your feedback there, or Contact us directly to discuss your use case.

Further reading

• Optimising Ubuntu performance on amd64 architecture
• Trying out Ubuntu 23.04 on x86-64-v3 rebuild for yourself

Today, Canonical announced the general availability of Legacy Support, an Ubuntu Pro add-on that expands security and support coverage for Ubuntu LTS releases to 12 years. The add-on will be available for Ubuntu 14.04 LTS onwards. 

Long term supported Ubuntu releases get five years of free security maintenance on the main Ubuntu repository. Ubuntu Pro expands that commitment to 10 years on both the main and universe repositories, providing enterprises and end users alike access to a vast secure open source software library. The subscription also comes with a phone and ticket support tier. Ubuntu Pro subscribers can purchase an extra two years of security maintenance and support with the new Legacy Support add-on. 

“We’re thrilled to offer our customers additional years of security maintenance and support for Ubuntu LTS releases”, said Maximilian Morgan, Global VP of Support Engineering at Canonical. “Drawing on 20 years of excellence in open source, Canonical delivers expert security maintenance and support for customers around the world. With Legacy Support, we empower organisations to navigate their operational needs and investments into open source with confidence, ensuring their systems remain available, secure, and supported for many years to come”. 

Ideal for stability and peace of mind

Running the latest operating system (OS) offers new features and enhanced performance, which is a good choice for new deployments. However, for large, established production systems, the transition to a new OS version presents a challenge as it may involve updating the entire software stack running on top of it. This complexity is amplified by modern software architectures that incorporate containerisation, microservices, extensive data management features, as well as integration with third-party APIs. 

Given these multifaceted challenges, ensuring the system remains operational, secure, and supported is paramount. Organisations looking to gain peace of mind and stability while they plan and execute their migration strategy can trust Canonical.

12 years of timely security fixes and support

Security maintenance is part of a continuous process that proactively protects systems. It includes regular vulnerability scanning, evaluation and patch management. With Ubuntu Pro, Canonical provides continuous vulnerability management for critical, high and medium Common Vulnerabilities and Exposures (CVEs) across all software packages shipped with Ubuntu. Canonical’s security team actively backports these crucial fixes to all supported Ubuntu LTS releases, giving enterprises and end users peace of mind to keep their systems secure without requiring a major upgrade.

Support is a user-triggered service that comes into play when incidents occur or additional expertise is required to address complex issues. Customers looking to strengthen their business continuity strategy with open source expertise can rely on Canonical support for troubleshooting, break fixes, bug fixes and guidance.

Available for Ubuntu 14.04 LTS Trusty Tahr and future LTS releases

Ubuntu Pro coverage for Ubuntu 14.04 LTS will end in April 2024. With Legacy Support, organisations running their systems on top of Ubuntu 14.04 LTS can obtain an additional two years of expanded security maintenance and phone and ticket support. This enables IT managers to prepare a detailed upgrade plan for the next LTS, and software architects to concentrate on the application level with the support offered by Canonical’s team.

Learn more about Ubuntu Pro and the Legacy Support add-on at https://ubuntu.com/pro,  https://ubuntu.com/support or contact Canonical  for more information.

Since the outset, Anbox Cloud was developed with a variety of use cases for running Android at scale. Cloud gaming, more specifically for casual games as found on most user’s mobile devices, is the most prominent one and growing in popularity. Enterprises are challenged to find a solution that can keep up with the increasing user demand, provide a rich experience and keep costs affordable while shortening the time to market.

Anbox Cloud brings Android from mobile devices to the cloud. This enables service providers to deliver a large and existing ecosystem of games to more users, regardless of their device or operating system. Existing games can be moved to Anbox Cloud with zero to minimal effort.

Canonical has built Anbox Cloud upon existing technologies that allow for a higher container density compared to traditional approaches, which helps to reduce the overall cost of building and operating a game streaming service. The cost structure of a casual game, based in the cloud, also shows that density is key for profitability margins. To achieve density optimisation, three factors must be considered: container density (CPU load, memory capacity and GPU capacity), profitability and user experience optimisation. Additional considerations include choosing the right hardware to match the target workload, intended rendering performance and the pricing sensitivity of gamers. Finding the optimal combination for these factors and adding a layer of automation is crucial to improve profitability margins and to meet SLAs.

To further address specific challenges in cloud gaming, Canonical collaborates with key silicon and cloud partners to build optimised hardware and cloud instance types. Cloud gaming has a high demand on various hardware components, specifically GPUs which provide the underlying foundation for every video streaming solution. Utilising the available hardware with the highest density for cost savings, requires optimisation on every layer. Anbox Cloud specifically helps to get the maximum out of the available hardware capacity. It keeps track of resources spent by all launched containers and optimises placement of new containers based on available capacity and resource requirements of specific containers.

Next to finding the right software and hardware platform, cloud gaming mandates positioning the actual workload as close to the user as possible to reduce latency and ensure a consistent experience. To scale across different geographical regions, Anbox Cloud provides operational tooling and software components to simplify the deployment without manual overhead and ensures users get automatically routed to their nearest location. By plugging individual regions dynamically into a control plane allows new regions to be easily added on the go without any downtime or manual intervention.

Anbox Cloud builds a high-density and easy-to-manage containerisation platform on top of the LXD container hypervisor which helps to minimise the time to market and reduce overall costs. It reflects Canonical’s deep expertise in cloud-native applications and minimises operational overhead in multiple ways. With the use of existing technologies from Canonical like Juju or MAAS, it provides a solid and proven platform which is easy to deploy and maintain. Combined with the Ubuntu Pro support program from Canonical, an enterprise can ensure it gets long-term help whenever needed.

As differentiation is key in building a successful cloud gaming platform, Anbox Cloud provides a solid foundation which is extensible and fits into many different use cases. For example, integrating a custom streaming protocol is possible by writing a plug-in and integrating it via provided customising hooks into the containers which power Anbox Cloud. To make this process easy, Canonical provides an SDK, rich documentation with example plugins and engineering services to help with any development around Anbox Cloud.

In summary, Anbox Cloud provides a feature rich, generic and solid foundation to build a state of the art cloud gaming service which provides optimal utilisation of the underlying hardware to deliver the best user experience while keeping operational costs low.

If you’re interested to learn more, please come and talk to us.

Android is a trademark of Google LLC. Anbox Cloud uses assets available through the Android Open Source Project.

The NVIDIA BlueField-3 networking platform – powering the latest data processing units (DPUs) and SuperNICs, and transforming data centre performance and efficiency – runs BlueField OS, an optimised Linux operating system (OS) derived from Ubuntu. With Ubuntu’s signature maintenance and support guarantees, the comprehensive Ubuntu Pro software infrastructure stack, and bespoke optimisation, the collaboration between NVIDIA and Canonical accelerates time to value for NVIDIA BlueField-3 users and elevates security. 

What are DPUs? 

DPUs are a relatively new technology that represents the third pillar of accelerated data centre processing units, alongside CPUs and GPUs. By offloading and accelerating a wide variety of complex networking, security and storage workloads to the DPU, enterprises can reduce server power consumption by up to 30% while freeing up CPU capacity for computation tasks.

NVIDIA, now shipping the third generation of its industry-leading BlueField DPU, empowers enterprises to transform data centres with a 400Gb/s infrastructure compute platform that can handle the most demanding AI workloads. 

NVIDIA BlueField OS is built on Ubuntu

DPUs require an operating system that is secure, stable and capable of supporting all of the innovative features that the new technology brings to the table – and that’s why NVIDIA BlueField-3 runs an optimised derivative of Ubuntu as its default OS. 

Ubuntu, delivered by Canonical, supports a broad range of  NVIDIA BlueField-3 features, ensuring that enterprise customers can readily consume the DPU functions with optimal performance. Canonical’s collaboration with NVIDIA delivers a solution that is easy to implement and offers full functionality out of the box.

Alongside time to value, Ubuntu reinforces the stability of NVIDIA BlueField-3. The optimised Ubuntu derivative powering the NVIDIA BlueField OS is based on Ubuntu Long Term Support (LTS) and goes through the same rigour of validation as an LTS release, which consequently delivers the same level of stability and performance. Ubuntu Pro embedded support is a core part of NVIDIA BlueField’s OS, thus enhancing the reliability of any NVIDIA BlueField-accelerated solution. 

NVIDIA BlueField-3 Enterprise support and security backed by Canonical

Ubuntu’s extensive security features, hardening and compliance tooling, coupled with Canonical’s enterprise-grade support, have been instrumental in making Ubuntu the first-choice OS for organisations worldwide. NVIDIA customers can be assured that these same capabilities are also extended to NVIDIA BlueField-3 deployments.

One of the key factors that sets Ubuntu’s security apart from alternative operating systems is the pace at which Canonical delivers fixes for security common vulnerabilities and exposures (CVEs). Canonical has the fastest turnaround for CVE fixes in the industry, and this rapid patching applies to the NVIDIA BlueField OS. What’s more, these updates can be applied automatically, further minimising any windows of vulnerability. 

Canonical is also signing the entire kernel image for the NVIDIA BlueField OS. This enables secure boot in enterprise deployments and guarantees that no modifications are made to the kernel, so that users can have complete trust in the OS.

Powering AI with Canonical infrastructure solutions and NVIDIA BlueField-3 

NVIDIA BlueField-3 DPUs are increasingly becoming a central component in enterprise AI strategies. These use cases require a comprehensive ecosystem of software for optimal performance and efficiency. Canonical’s close collaboration with NVIDIA enables BlueField-3 users to take advantage of infrastructure solutions to address most enterprise AI data centre deployments and enable end-to-end management.

Customers can utilise metal-as-a-service (MAAS) for cloud-style provisioning of their physical infrastructure, turning bare-metal servers into an elastic, cloud-like resource that they can easily provision, monitor and manage. Meanwhile, Juju provides an orchestration engine for software operators that enables the deployment, integration, and lifecycle management of applications at any scale on infrastructure compute.

On the infrastructure software side, Canonical OpenStack provides an enterprise cloud platform, and Canonical Kubernetes drives seamless, highly automated container orchestration. These infrastructure services can fully utilise the offload capabilities supported in NVIDIA BlueField DPUs. In fact, Canonical also offers MicroK8s, a lightweight Kubernetes distribution that is tailor-made for low footprint deployments on DPUs. Similarly, MicroCloud is a miniature version of LXD, providing enterprises with everything they need to run virtualized workloads and system containers on their DPUs. All of these solutions are secured and supported for 10 years with an Ubuntu Pro subscription.

Ubuntu Pro and NVIDIA DOCA

The Ubuntu Pro stack works in tandem with NVIDIA DOCA, software at the heart of NVIDIA BlueField-3. NVIDIA DOCA is a unified software framework that provides a variety of APIs for improved NVIDIA BlueField-3 management, unlocking features around connectivity, monitoring, logging and more. Utilised alongside Ubuntu Pro, these features drive unprecedented infrastructure efficiency.

• To learn more about deploying DPUs on Ubuntu, get in touch.
• To learn more about NVIDIA BlueField-3, check out the datasheet.
• Further reading: Canonical solutions reduce SmartNIC time-to-market and drive efficiency in enterprise data centers

Canonical expands its collaboration with NVIDIA through NVIDIA AI Workbench. NVIDIA AI Workbench is supported across workstations, data centres, and cloud deployments.

NVIDIA AI Workbench is an easy-to-use toolkit that allows developers to create, test, and customise AI and machine learning models on their PC or workstation and scale them to the data centre or public cloud.  It simplifies interactive development workflows while automating technical tasks that halt beginners and derail experts. Collaborative AI and ML development is now possible on any platform – and for any skill level. 

As the preferred OS for data science, artificial intelligence and machine learning, Ubuntu and Canonical play an integral role in AI Workbench capabilities. 

• On Windows, Ubuntu powers AI Workbench via WSL2. 
• In the cloud, Ubuntu 22.04 LTS enables AI Workbench cloud deployments as the only target OS supported for remote machines. 
• For AI application deployments from the datacenter to cloud to edge, Ubuntu-based containers are included as a key part of AI Workbench.

This seamless end user experience is made possible thanks to the partnership between Canonical and NVIDIA.

Define your AI journey, start local and scale globally

Create, collaborate, and reproduce generative AI and data science projects with ease. Develop and execute while NVIDIA AI Workbench handles the rest:

• Streamlined setup: easy installation and configuration of containerized development environments for GPU-accelerated hardware.
• Laptop to cloud: start locally on a RTX PC or workstation and scale out to data centre or cloud in just a few clicks.
• Automated workflow management: simplified management of project resources, versioning, and dependency tracking.

Ubuntu and NVIDIA AI Workbench improve the end user experience for Generative AI workloads on client machines

As the established OS for data science, Ubuntu is now commonly being used for AI/ML development and deployment purposes. This includes development, processing, and iterations of Generative AI (GenAI) workloads. GenAI on both smaller devices and GPUs is increasingly important with the growth of edge AI applications and devices. Applications such as smart cities require more edge devices such as cameras and sensors and thus require more data to be processed at the edge. To make it easier for end users to deploy workloads with more customisability, Ubuntu containers are often preferred due to their ease of use for bare metal deployments. NVIDIA AI Workbench offers Ubuntu container options that are well integrated and suited for GenAI use cases.

Peace of mind with Ubuntu LTS

With Ubuntu, developers benefit from Canonical’s 20-year track record of Long Term Supported releases, delivering security updates and patching for 5 years. With Ubuntu Pro, organisations can extend that support and security maintenance commitment to 10 years to offload security and compliance from their team so you can focus on building great models. Together, Canonical and Ubuntu provide an optimised and secure environment for AI innovators wherever they are. 

Getting started is easy (and free).

Get started with Canonical Open Source AI Solutions

• Check out more information about Canonical and NVIDIA’s efforts to help enterprises adopt AI.
• Canonical software is validated as part of the NVIDIA DGX-Ready Software program.
• Download the Run AI at scale whitepaper to learn how to build your performant ML stack with NVIDIA DGX and Kubeflow.
• Check out more information about AI Workbench.

Lire plus

Collaboration to benefit communication service providers and business application vendors at the telco edge

Barcelona, Spain. 28 February 2024. Canonical today announced an expansion of its relationship with Amazon Web Services (AWS) to make Real-time Ubuntu available to Amazon Elastic Kubernetes Service Anywhere (Amazon EKS Anywhere) customers for use in Open radio access network (RAN) commercial deployments. With Real-time Ubuntu and Amazon EKS Anywhere, customers can benefit from ultra-reliable low-latency operating system performance and simplified Kubernetes cluster management.

The need for ultra-reliability and low latency in data processing

Open RAN enables distributed deployment of mobile networking software that runs an operator’s RAN across edge clouds, making it possible to bring data processing closer to where devices and end users are located. Low-latency compute at the edge is required due to the stringent real-time processing of RAN workloads. Open RAN software requires agility in packet processing at the operating system level, so that the networking software stack can deliver information with bounded latency levels.

Besides Open RAN system software, business services that are sensitive to time delay, such as factory control systems, enterprise resource planning, and passenger information systems, also require low-latency and reliable communications quality. This means that the time delay in delivering information between a service and the devices that consume that service must be bounded throughout the lifetime of the service. This is necessary for operators to be able to meet application service level agreement (SLA) requirements given to business customers, so they can have the desired quality of experience.

Amazon EKS Anywhere

Amazon EKS Anywhere allows users to create and operate Kubernetes clusters on their own infrastructure. It builds on the strengths of Amazon EKS Distro and provides open source software that’s up to date and patched, so that users can have an on-premises Kubernetes environment that’s more reliable than a self-managed Kubernetes offering. These features make Amazon EKS Anywhere an ideal deployment option to run cloud-native Open RAN functions on Kubernetes at the telco edge.

Real-time Ubuntu

Real-time Ubuntu provides bounded low latency in the Linux kernel to applications that are sensitive to time-delay. By assigning a higher priority to such applications when scheduling system resources, Real-time Ubuntu can guarantee uninterrupted processing of latency-sensitive applications, minimising the time to process them. Real-time processing is an essential feature for telco clouds where Open RAN and edge computing workloads run.

“We are pleased to mark another milestone in our continued collaboration with AWS by bringing real-time data processing, required by advanced Open RAN workloads, on Amazon EKS Anywhere with Real-time Ubuntu,” said Arno Van Huyssteen, CTO of Telco at Canonical. 

“By continuing our joint innovation with AWS to provide cutting-edge capabilities and total cost of ownership benefits, this partnership delivers further value to our shared telecom customers. We take pride in making the most powerful Linux platform on the market accessible to all Amazon EKS Anywhere and Open RAN consumers. Drawing on Ubuntu’s renowned open source prowess and AWS’s cloud services, we strive to satisfy the performance and adaptability required for virtualised RAN and edge computing transformation in telecommunications. Together, we aim to supply the technical bedrock to propel the next wave of advancement.“

Ubuntu with real-time kernel on Amazon EKS Anywhere: A technology enabler for 5G telco edge

By working with AWS, Canonical will make it possible to offer real-time processing capabilities to Amazon EKS Anywhere customers. Operators deploying Open RAN software components, such as distributed unit (DU) and central unit (CU) on Amazon EKS Anywhere platforms can then boost the performance of their radio access networks, and get the benefits of Open RAN.

The technology also opens up the possibility to deliver real-time capabilities to application workloads on Amazon EKS Anywhere platforms, such as 5G industrial applications and location-based services among many others.

Join the discussion at MWC 2024

Canonical’s CTO for Telco, Arno Van Huysteen, will join industry leaders in a panel discussion at MWC 2024. The panel, titled “A roadmap to successful O-RAN deployment on cloud” and hosted by AWS, will take place on 28 February 2024 at 14:00 – 14:30 CET at the Inspiration Zone, Room CC1.4. Join the round-table discussion on how Open RAN on cloud computing systems will play a role in the future of telecommunications.

Learn more about Canonical’s solutions for telco

To learn more about Real-time Ubuntu and how it benefits telecommunication networks and applications, read our blog. If you would like to learn more about the telecommunication services we provide, visit https://ubuntu.com/telco.  

About Canonical

Canonical, the publisher of Ubuntu, provides open source security, support and services. Our portfolio covers critical systems, from the smallest devices to the largest clouds, from the kernel to containers, from databases to AI. With customers that include top tech brands, emerging startups, governments and home users, Canonical delivers trusted open source for everyone. Learn more at https://canonical.com/.