Canonical recently announced the release of Ubuntu 24.04 LTS, codenamed “Noble Numbat”. This update underscores Ubuntu’s ongoing commitment to enhancing performance and security, focusing on optimizing developer productivity. The latest version features an optimized Linux kernel 6.8 and significant system management upgrades as detailed in the release notes. In this blog post, we highlight the key features and improvements that Ubuntu 24.04 LTS brings to the table, specifically tailored for users of Microsoft/Azure.
Unified marketplace offering
Ubuntu 24.04 LTS introduces a consolidated Azure Marketplace experience. Easily find the official Ubuntu images created by Canonical and endorsed by Microsoft for Azure, all under a single offering: ubuntu-24_04-lts. This simplification aids your search and selection process, helping you choose the right image for your needs and ensuring optimal compatibility and performance. [Explore the Ubuntu 24.04 images on the Azure Marketplace].
Optimized for Azure
Ubuntu 24.04 LTS is finely tuned to enhance performance on Azure infrastructure, ensuring that the Ubuntu images are fully compatible and support the latest cloud features as they are released. This optimization boosts system efficiency, speed, and reliability. Integration with Azure Guest Patching and the Update Management Center facilitates streamlined and continuous system updates, thereby reinforcing the overall security and stability of Ubuntu deployments.
Enhanced developer toolchains
.NET 8 is fully compatible with Ubuntu 24.04 LTS from launch, being directly available through the official Ubuntu feeds. This synchronization with the .NET release cadence ensures developers have immediate access to the latest features and updates. Additionally, .NET 8 introduces streamlined package management and new Ubuntu container images, boosting development flexibility and deployment efficiency. (Read more in this Microsoft’s blog post).
The commitment to developer productivity also extends to other popular programming languages, including TCK-certified Java versions and the latest Rust toolchains, enhancing support and smoothing the development experience.
Confidential Computing
Ubuntu continues to lead in confidential computing with support for Confidential VMs, including capabilities for confidential AI. This is facilitated by utilizing advanced hardware security extensions such as AMD’s 4th Gen EPYC processors with SEV-SNP and NVIDIA H100 Tensor Core GPUs. These features help safeguard data at runtime from system vulnerabilities and unauthorized access, making them particularly suitable for AI training and data inference involving sensitive information.
Windows Subsystem for Linux (WSL)
Ubuntu 24.04 LTS enhances its WSL integration using the same installer technology as Ubuntu Server. This update includes support for cloud-init, standardizing developer environments across installations and ensuring consistent and streamlined workflows.
Wrapping up
As we explore the capabilities of Ubuntu 24.04 LTS, Microsoft/Azure users will experience an integration that is tailored to current technological needs and equipped for upcoming developments. This version is supported for up to 12 years, providing a stable and reliable foundation that enterprises and developers can rely on for long-term projects and innovation.
Canonical’s 10th Long Term Supported release sets a new standard in performance engineering, enterprise security and developer experience.
London, 25 April 2024.
Today Canonical announced the release of Ubuntu 24.04 LTS, codenamed “Noble Numbat”, available to download and install from https://ubuntu.com/download.
Ubuntu 24.04 LTS builds on the advancements of the last three interim releases as well as the contributions of open source developers from around the world to ensure a secure, optimised and forward looking platform.
“Ubuntu 24.04 LTS takes a bold step into performance engineering and confidential computing to deliver an enterprise-grade innovation platform, supported for at least 12 years”, said Mark Shuttleworth, CEO of Canonical. “For developers we are delighted to announce TCK certified Java, an LTS for .NET and the latest Rust toolchain.”
Performance engineering tools pre-enabled and pre-loaded
Canonical is dedicated to raising the bar for quality and performance across the entire Ubuntu ecosystem.
Ubuntu 24.04 LTS delivers the latest Linux 6.8 kernel with improved syscall performance, nested KVM support on ppc64el, and access to the newly landed bcachefs filesystem. In addition to upstream improvements, Ubuntu 24.04 LTS has merged low-latency kernel features into the default kernel, reducing kernel task scheduling delays.
Ubuntu 24.04 LTS also enables frame pointers by default on all 64-bit architectures so that performance engineers have ready access to accurate and complete flame graphs as they profile their systems for troubleshooting and optimisation.
“Frame pointers allow more complete CPU profiling and off-CPU profiling. The performance wins that these can provide far outweigh the comparatively tiny loss in performance. Ubuntu enabling frame pointers by default will be a huge win for performance engineering and the default developer experience”, said Brendan Gregg, Computer Performance Expert and Fellow at Intel. Tracing with bpftrace is now standard in Ubuntu 24.04 LTS, alongside pre-existing profiling tools to provide site reliability engineers with immediate access to essential resources.
Integrated workload accelerators bring additional performance improvements. Canonical and Intel worked together to integrate Intel® QuickAssist Technology (Intel® QAT) for the first time ever in an LTS. Intel QAT enables users to accelerate encryption and compression in order to reduce CPU utilisation and improve networking and storage application performance on 4th Gen and newer Intel Xeon Scalable processors.
“Ubuntu is a natural fit to enable the most advanced Intel features. Canonical and Intel have a shared philosophy of enabling performance and security at scale across platforms”, said Mark Skarpness, Vice President and General Manager of System Software Engineering at Intel.
Increased developer productivity with LTS toolchains
Ubuntu 24.04 LTS includes Python 3.12, Ruby 3.2, PHP 8.3 and Go 1.22 with additional focus dedicated to the developer experience for .NET, Java and Rust.
With the introduction of .NET 8, Ubuntu is taking a significant step forward in supporting the .NET community. NET 8 will be fully supported on Ubuntu 24.04 LTS and 22.04 LTS for the entire lifecycle of both releases, enabling developers to upgrade their applications to newer .NET versions prior to upgrading their Ubuntu release. This .NET support has also been extended to the IBM System Z platform.
“We are pleased about the release of Canonical Ubuntu 24.04 LTS and the increased performance, developer productivity, and security that it provides our joint customers,” said Jeremy Winter, Corporate Vice President, Azure Cloud Native. “Ubuntu is an endorsed Linux distro on Microsoft Azure, and an important component for many of Microsoft’s technologies, including .NET, Windows Subsystem for Linux, Azure Kubernetes Service, and Azure confidential computing. Microsoft and Canonical have a close engineering relationship spanning everything from update infrastructure in Azure to developer tooling, notably .NET 8 which is part of the Noble Numbat release from day one. We look forward to continuing our strong collaboration with Canonical to enhance developer productivity and provide a robust experience for Ubuntu on Azure.”
For Java developers, OpenJDK 21 is the default in Ubuntu 24.04 LTS while maintaining support for versions 17, 11, and 8. OpenJDK 17 and 21 are also TCK certified, which means they adhere to Java standards and ensure interoperability with other Java platforms. A special FIPS-compliant OpenJDK 11 package is also available for Ubuntu Pro users.
Ubuntu 24.04 LTS ships with Rust 1.75 and a simpler Rust toolchain snap framework. This will support the increasing use of Rust in key Ubuntu packages, like the kernel and Firefox, and enables future Rust versions to be delivered to developers on 24.04 LTS in years to come.
New management tools for Ubuntu Desktop and WSL
For the first time in an LTS, Ubuntu Desktop now uses the same installer technology as Ubuntu Server. This means that desktop administrators can now use image customisation tools like autoinstall and cloud-init to create tailored experiences for their developers. The user interface has also received a makeover, with a modern design built in Flutter.
For those managing mixed Windows and Ubuntu environments, the Active Directory Group Policy client available via Ubuntu Pro now supports enterprise proxy configuration, privilege management and remote script execution.
Canonical continues to invest in Ubuntu on Windows Subsystem for Linux (WSL) as a first class platform for developers and data scientists. Starting with Ubuntu 24.04 LTS, Ubuntu on WSL now supports cloud-init to enable image customisation and standardisation across developer estates.
Confidential computing on the cloud and private data centres
Confidential computing secures data at runtime from vulnerabilities within the host privileged system software, including the hypervisor. It also protects data against unauthorised access by
infrastructure administrators. Today, Ubuntu offers the most extensive portfolio of confidential virtual machines, available across Microsoft Azure, Google Cloud, and Amazon Web Services.
Ubuntu is also the first and only Linux distribution to support confidential GPUs on the public cloud, starting with a preview on Microsoft Azure. Building on the silicon innovation of NVIDIA H100 Tensor Core GPUs and AMD 4th Gen EPYC processors with SEV-SNP, Ubuntu confidential VMs are ideal to perform AI training and inference tasks on sensitive data.
Ubuntu also supports confidential computing in private data centres. Thanks to a strategic collaboration between Intel and Canonical, Ubuntu now seamlessly supports Intel® Trust Domain Extensions (Intel® TDX) on both the host and guest sides, starting with an Intel-optimised Ubuntu 23.10 build. With no changes required to the application layer, VM isolation with Intel TDX greatly simplifies the porting and migration of existing workloads to a confidential computing environment.
12 years of support with new Ubuntu Pro add-on
To meet the needs of Canonical’s enterprise customers, Ubuntu 24.04 LTS gets a 12 year commitment for security maintenance and support. As with other long term supported releases, Noble Numbat will get five years of free security maintenance on the main Ubuntu repository. Ubuntu Pro extends that commitment to 10 years on both the main and universe repositories. Ubuntu Pro subscribers can purchase an extra two years with the Legacy Support add-on.
The 12 year commitment also applies to earlier Ubuntu releases, starting with 14.04 LTS. The LTS expansion offers benefits for individuals and organisations who want to gain even more stability while building on top of Ubuntu’s wide array of open source software libraries.
Canonical, the publisher of Ubuntu, provides open source security, support and services. Our portfolio covers critical systems, from the smallest devices to the largest clouds, from the kernel to containers, from databases to AI. With customers that include top tech brands, emerging startups, governments and home users, Canonical delivers trusted open source for everyone.
Google Next is making its way to Las Vegas, and Ubuntu is joining the journey. As a proud sponsor, Canonical, the publisher of Ubuntu , invites you to join us at the event and visit booth #252 in the Mandalay Bay Expo Hall. As one of the most popular Linux operating systems, Canonical is dedicated to providing commercial support and driving open source innovation across a diverse range of industries and applications. Stop by and learn more about how Canonical and GCP are collaborating to empower businesses with secure and scalable solutions for their cloud computing needs.
Ubuntu ‘Show you’re a Pro’ Challenge: Find and patch the vulnerabilities and earn awesome swag!
Are you an Ubuntu Pro? Test your skills at our booth! Sit down at our workstation and discover any unpatched vulnerabilities on the machine. Showcase your expertise by securing the system completely, and receive exclusive swag as a token of our gratitude.
Security maintenance for your full software stack
At Canonical, security is paramount. Ubuntu Pro offers a solution to offload security and compliance concerns for your open source stack, allowing you to concentrate on building and managing your business. Serving as an additional layer of services atop every Ubuntu LTS release, Ubuntu Pro ensures robust protection for your entire software stack, encompassing over 30,000 open source packages. Say farewell to fragmented security measures; Canonical provides a holistic approach, delivering security and support through a unified vendor. Additionally, relish the assurance of vendor-backed SLA support for open source software, providing peace of mind for your operations.
Confidential computing across clouds
Confidential computing is a revolutionary technology that disrupts the conventional threat model of public clouds. In the past, vulnerabilities within the extensive codebase of the cloud’s privileged system software, including the operating system and hypervisor, posed a constant risk to the confidentiality and integrity of code and data in operation. Likewise, unauthorized access by a cloud administrator could compromise the security of your virtual machine (VM).
Ubuntu Confidential VMs (CVMs) on Google Cloud offer enhanced security for your workloads by utilizing hardware-protected Trusted Execution Environments (TEEs). With the broadest range of CVMs available, Ubuntu enables users on Google Cloud to benefit from the cutting-edge security features of AMD 4th Gen EPYC processors with SEV-SNP and Intel Trust Domain Extensions (Intel TDX).
Scale your AI projects with open source tooling
Empower your organization with Canonical’s AI solutions. We specialize in the automation of machine learning workloads on any environment, whether private or public cloud, or hybrid or multi cloud. We provide an end-to-end MLOps solution to develop and deploy models in a secure, reproducible, and portable manner that seamlessly integrates with your existing technology stack. Let us help you unlock the full potential of AI.
Join Us at Google Next 2024
Mark your calendars and make plans to visit Canonical at Google Cloud Next 2024. Whether you’re seeking cutting-edge solutions for cloud computing, robust security measures for your software stack, or innovative AI tools to propel your organization forward, our team will be on hand to offer insights, demonstrations, and personalized consultations to help you harness the power of open source technology for your business. Join us at booth #252 to discover how Canonical and Ubuntu can elevate your digital journey. See you there!
Prompts:
Canonical at Google Next – What you need to know!
Canonical is excited to sponsor Google Cloud Next in Las Vegas, NV April 9-11, 2024.
visit to the Canonical-Ubuntu booth #252 in the Mandalay Bay Expo Hall.
Our team will be available to discuss the following:
Protect your full software tech stack with Ubuntu Pro providing security coverage for 30,000+ software packages.
Single vendor for security requirements – delivery, security, support; Vendor-backed SLA support for open source
Confidential computing – OS support across all clouds (multi-cloud/hybrid cloud)
AI
Canonical provides tailored solutions to enable your organisation to efficiently run machine learning workloads. Canonical offers an end-to-end MLOps solution that can be used across all layers of the technology stack.
While at our booth, earn some awesome swag by showing that you’re an Ubuntu Pro. Take a seat at our workstation to find the unpatched vulnerabilities on the machine! Upgrade the machine to be fully secure to earn awesome swag!
Google Next is making its way to Las Vegas, and Ubuntu is joining the journey. As a proud sponsor, Canonical, the publisher of Ubuntu , invites you to join us at the event and visit booth #252 in the Mandalay Bay Expo Hall. As one of the most popular Linux operating systems, Canonical is dedicated to providing commercial support and driving open source innovation across a diverse range of industries and applications. Stop by and learn more about how Canonical and GCP are collaborating to empower businesses with secure and scalable solutions for their cloud computing needs.
Ubuntu ‘Show you’re a Pro’ Challenge: Find and patch the vulnerabilities and earn awesome swag!
Are you an Ubuntu Pro? Test your skills at our booth! Sit down at our workstation and discover any unpatched vulnerabilities on the machine. Showcase your expertise by securing the system completely, and receive exclusive swag as a token of our gratitude.
Security maintenance for your full software stack
At Canonical, security is paramount. Ubuntu Pro offers a solution to offload security and compliance concerns for your open source stack, allowing you to concentrate on building and managing your business. Serving as an additional layer of services atop every Ubuntu LTS release, Ubuntu Pro ensures robust protection for your entire software stack, encompassing over 30,000 open source packages. Say farewell to fragmented security measures; Canonical provides a holistic approach, delivering security and support through a unified vendor. Additionally, relish the assurance of vendor-backed SLA support for open source software, providing peace of mind for your operations.
Confidential computing across clouds
Confidential computing is a revolutionary technology that disrupts the conventional threat model of public clouds. In the past, vulnerabilities within the extensive codebase of the cloud’s privileged system software, including the operating system and hypervisor, posed a constant risk to the confidentiality and integrity of code and data in operation. Likewise, unauthorized access by a cloud administrator could compromise the security of your virtual machine (VM).
Ubuntu Confidential VMs (CVMs) on Google Cloud offer enhanced security for your workloads by utilizing hardware-protected Trusted Execution Environments (TEEs). With the broadest range of CVMs available, Ubuntu enables users on Google Cloud to benefit from the cutting-edge security features of AMD 4th Gen EPYC processors with SEV-SNP and Intel Trust Domain Extensions (Intel TDX).
Scale your AI projects with open source tooling
Empower your organization with Canonical’s AI solutions. We specialize in the automation of machine learning workloads on any environment, whether private or public cloud, or hybrid or multi cloud. We provide an end-to-end MLOps solution to develop and deploy models in a secure, reproducible, and portable manner that seamlessly integrates with your existing technology stack. Let us help you unlock the full potential of AI.
Join Us at Google Next 2024
Mark your calendars and make plans to visit Canonical at Google Cloud Next 2024. Whether you’re seeking cutting-edge solutions for cloud computing, robust security measures for your software stack, or innovative AI tools to propel your organization forward, our team will be on hand to offer insights, demonstrations, and personalized consultations to help you harness the power of open source technology for your business. Join us at booth #252 to discover how Canonical and Ubuntu can elevate your digital journey. See you there!
Prompts:
Canonical at Google Next – What you need to know!
Canonical is excited to sponsor Google Cloud Next in Las Vegas, NV April 9-11, 2024.
visit to the Canonical-Ubuntu booth #252 in the Mandalay Bay Expo Hall.
Our team will be available to discuss the following:
Protect your full software tech stack with Ubuntu Pro providing security coverage for 30,000+ software packages.
Single vendor for security requirements – delivery, security, support; Vendor-backed SLA support for open source
Confidential computing – OS support across all clouds (multi-cloud/hybrid cloud)
AI
Canonical provides tailored solutions to enable your organisation to efficiently run machine learning workloads. Canonical offers an end-to-end MLOps solution that can be used across all layers of the technology stack.
While at our booth, earn some awesome swag by showing that you’re an Ubuntu Pro. Take a seat at our workstation to find the unpatched vulnerabilities on the machine! Upgrade the machine to be fully secure to earn awesome swag!
With Ubuntu confidential AI on Azure, businesses can undertake various tasks including ML training, inference, confidential multi-party data analytics, and federated learning with confidence.
The effectiveness of AI models depends heavily on having access to large amounts of good quality data. While using publicly available datasets has its place, for tasks like medical diagnosis or financial risk assessment, we need access to private data during both training and inference.
When performing machine learning tasks in the cloud, enterprises understandably have concerns about the potential compromise of their sensitive data privacy as well as their model’s intellectual property. Additionally, stringent industry regulations often prohibit the sharing of such data. This makes it difficult, or outright impossible, to utilise large amounts of valuable private data, limiting the true potential of AI across crucial domains.
Confidential AI tackles this problem head on, providing a hardware-rooted execution environment that spans both the CPU and GPU. This environment enhances the protection of AI data and code at runtime by helping to safeguard it against privileged system software (such as the hypervisor or host OS) and privileged operators in the cloud.
Confidential AI is made possible thanks to confidential computing, a game-changing technology that represents a significant departure from the traditional threat model of public clouds. In the past, vulnerabilities within the extensive codebase of the cloud’s privileged system software, including the operating system, hypervisor, and firmware, posed a constant risk to the confidentiality and integrity of running code and data. Similarly, unauthorised access by a malicious cloud administrator could compromise the security of your virtual machine (VM) and its platform.
Ubuntu CVMs are here to give you back control over the security guarantees of your VMs. They enable you to run your workload within a hardware-protected Trusted Execution Environment, TEE. Such secure and isolated environments are purpose-built to prevent unauthorised access or alterations to applications and data at run-time, thereby enhancing security for organisations managing sensitive and regulated data.
As such, CVMs’ primary goal is to safeguard your guest workloads from various potential software threats, including the virtual-machine manager and other non-CVM software on the platform. CVMs also enhance your workload’s security against specific physical access attacks on platform memory, including offline dynamic random access memory (DRAM) analysis such as cold-boot attacks and active attacks on DRAM interfaces.
From confidential computing to confidential AI
While confidential computing efforts have historically focused primarily on CPUs, the advent of Nvidia H100 GPUs with confidentiality computing capabilities opens up new possibilities for extending this security paradigm to GPUs as well. The Azure solution, which integrates both CPU and GPU components, is what makes confidential AI achievable. At a high level, this solution relies on the following components:
CPU-TEE: Ubuntu confidential VMs that run on the AMD 4th Gen EPYC processors with SEV-SNP protect the workload’s computation while in the CPU:
Run-time confidentiality: the DRAM of your Ubuntu CVMs is kept encrypted thanks to the new AES-128 hardware encryption engine that sits within the CPU memory memory controller. This engine encrypts and decrypts memory pages whenever there is a memory read or write operation. Instead of having workload code and data in plain text in system memory, they are encrypted using a hardware-managed encryption key. This encryption and decryption process happens seamlessly within the CPU, ensuring strong memory isolation for confidential workloads.
Run-time Integrity: Ubuntu CVMs make use of the new AMD SEV SNP instructions and data structures that allow auditing of security-sensitive tasks typically carried out by privileged system software. These tasks encompass memory management and access to platform devices. For example, when reading memory pages mapped to confidential workloads, these new instructions also provide information about the last value written into the page. This feature helps prevent data corruption and replay attacks by detecting unauthorised modifications to memory pages.
GPU-TEE: NVIDIA H100 Tensor Core GPUs, which protect the confidentiality and integrity of the workload’s computation within the GPU.
Encrypted PCIe communication between the CPUs and GPU.
Attestation: Enables a relying party, whether it’s the owner of the workload or a user of the services provided by the workload, to cryptographically verify the security claims of both the CPU and GPU TEEs.
By integrating these components into a cohesive solution, confidential AI becomes not only feasible but also practical, allowing organisations to harness the power of AI while maintaining the highest standards of data security and confidentiality. Confidential AI can then be further augmented with cryptographic primitives, such as differential privacy, which protect the workload from further sophisticated data leakage.
Build your confidential AI workloads with Ubuntu today
Confidential AI can support numerous use cases across the entire lifecycle of building and deploying an AI application. For example, you can use Ubuntu CVMs during the training phase to protect your data, model IP, and its weights.
Confidential AI can also be beneficial for fine-tuning large language models, whereby enterprises need to use private data to optimize the generic models and improve their performance for their specific industries
We firmly believe that confidential AI represents a pivotal opportunity to unleash the full potential of AI, especially for industries that need to deal with security-sensitive data, such as healthcare and finance. We invite you to join us on this transformative journey with Ubuntu. Together, we can chart new horizons in AI innovation while steadfastly maintaining the highest standards of privacy and security for sensitive data.
Connexion
