Which services are for me?#
Ubuntu Pro is a broad subscription designed to meet many different needs. You are unlikely to want to use all of these tools and services at the same time, so you are free to select the precise stream of updates and versions you want to apply on any given machine covered by your Pro subscription.
To help you navigate the services offered through Ubuntu Pro, click on the tab that best describes your needs for our suggestions on which services might be of interest to you. For example, Pro includes a set of package versions that are compliant with FIPS regulations. You will only want these versions on machines that need to meet FIPS requirements, so you can choose to enable that stream specifically on those machines.
Expanded Security Maintenance (ESM)
If you’re using any Ubuntu LTS – Desktop or Server – in a commercial setting and you rely on ‘Universe’ packages, or if you’re on an older LTS and don’t want to upgrade yet, you can get additional security support through Expanded Security Maintenance (ESM). We recommend it for everyone using Pro, and it’s enabled by default. It includes two services:
esm-infra
provides security updates for packages in the Ubuntu ‘main’ repository (packages from Ubuntu) for five additional years beyond the standard five years of security maintenance of ‘main’ packages.esm-apps
covers packages in the ‘universe’ repository (which are from Debian and the community) for ten years after the LTS release.Whether you need one or both of these depends on your subscription. If you’re not sure which services best support the needs of your organisation, contact us for a security assessment.
Livepatch
Ubuntu Livepatch reduces costly unplanned maintenance by patching vulnerabilities while the system runs. It removes the need to immediately reboot after a kernel upgrade so that you can schedule downtime when it’s convenient. This tooling is available through
livepatch
and is one of the services we enable by default.Find out more about what Livepatch can do for your organisation in the Livepatch documentation, or learn how to enable it with
pro
.
Landscape
Landscape is the leading management and administration tool for Ubuntu. It can manage up to 40,000 Ubuntu machines with a single interface, and can automate security patching, as well as hardening and compliance. Landscape can be self-hosted or you can use Canonical’s Landscape SaaS offering.
Find out more about registering a machine with Landscape using
pro
.
Want more information?
Ubuntu provides security compliance, certifications, and hardening:
FIPS 140-2
FIPS 140-2 Certified Modules are available through
fips
.Compliant but non-certified patches are available through
fips-updates
.Find out more about managing FIPS.
Ubuntu Security Guide (USG)
In the 20.04 LTS we introduced the Ubuntu Security Guide, which provides security tooling through
usg
. It bundles together multiple key components, such as CIS benchmarking and DISA-STIG.Before USG, Center for Internet Security (CIS) Benchmark tooling was available as a separate service through
cis
. This can be used up to (and including) 20.04 LTS, but on all later LTS releases this functionality is provided throughusg
.Find out how to manage USG (and CIS) with the Pro Client.
Common Criteria
Common Criteria EAL2 (CC EAL) certification tooling is available through
cc-eal
. The Ubuntu 18.04 LTS and 16.04 LTS have both been certified.Find out how to enable CC EAL on your LTS.
Want more information?
Expanded Security Maintenance (ESM)
If you’re using Pro on an LTS machine (Desktop or Server) you can get additional security support through Expanded Security Maintenance (ESM). We recommend it for everyone using Pro, and it’s enabled by default. It includes two services:
esm-infra
provides security updates for packages in the Ubuntu ‘main’ repository (packages from Ubuntu) for five additional years beyond the standard five years of security maintenance of ‘main’ packages.esm-apps
covers packages in the ‘universe’ repository (which are from Debian and the community) for ten years after the LTS release.Read more about ESM-Apps and ESM-Infra.
Livepatch
Ubuntu Livepatch removes the need to immediately reboot your machine after a patch is applied to the kernel, so you can perform device reboots when it’s convenient for you. Although it’s lightweight, it may not be suitable on a very small system with limited memory. Check our list of supported kernels if you’re unsure.
Find out how to enable Livepatch.
Want more information?
ROS ESM
Our Robot Operating System Expanded Security Maintenance (ROS ESM) service provides security maintenance for ROS LTS releases, starting with ROS Kinetic on Ubuntu 16.04 – including packages from the Ubuntu ‘universe’ repository.
ros
provides security updates to the 600+ packages for ROS 1 Kinetic and Melodic, and ROS 2 Foxy – in addition to the security coverage already provided by ESM.ros-updates
also gives you access to non-security updates.Want to know how to enable ROS ESM? Check out this introductory guide by the ROS team to get started.
Real-time kernel
The Ubuntu 22.04 LTS brought the new, enterprise-grade real-time kernel, which reduces kernel latencies and ensures predictable performance for time-sensitive task execution. It was designed to deliver stable, ultra-low latency and security for critical telco infrastructure, but has applications across a wide variety of industries.
Find out more information about real-time Ubuntu and what it can do for your organisation.
Or see our guide on how to enable the real-time kernel.
Want more information?