Which services are for me?#

Ubuntu Pro is a broad subscription designed to meet many different needs. You are unlikely to want to use all of these tools and services at the same time, so you are free to select the precise stream of updates and versions you want to apply on any given machine covered by your Pro subscription.

To help you navigate the services offered through Ubuntu Pro, click on the tab that best describes your needs for our suggestions on which services might be of interest to you. For example, Pro includes a set of package versions that are compliant with FIPS regulations. You will only want these versions on machines that need to meet FIPS requirements, so you can choose to enable that stream specifically on those machines.

  • Expanded Security Maintenance (ESM)

    If you’re using any Ubuntu LTS – Desktop or Server – in a commercial setting and you rely on ‘Universe’ packages, or if you’re on an older LTS and don’t want to upgrade yet, you can get additional security support through Expanded Security Maintenance (ESM). We recommend it for everyone using Pro, and it’s enabled by default. It includes two services:

    • esm-infra provides security updates for packages in the Ubuntu ‘main’ repository (packages from Ubuntu) for five additional years beyond the standard five years of security maintenance of ‘main’ packages.

    • esm-apps covers packages in the ‘universe’ repository (which are from Debian and the community) for ten years after the LTS release.

    • Whether you need one or both of these depends on your subscription. If you’re not sure which services best support the needs of your organisation, contact us for a security assessment.

  • Livepatch

    Ubuntu Livepatch reduces costly unplanned maintenance by patching vulnerabilities while the system runs. It removes the need to immediately reboot after a kernel upgrade so that you can schedule downtime when it’s convenient. This tooling is available through livepatch and is one of the services we enable by default.

  • Landscape

    Landscape is the leading management and administration tool for Ubuntu. It can manage up to 40,000 Ubuntu machines with a single interface, and can automate security patching, as well as hardening and compliance. Landscape can be self-hosted or you can use Canonical’s Landscape SaaS offering.

Want more information?

Ubuntu provides security compliance, certifications, and hardening:

  • FIPS 140-2

  • Ubuntu Security Guide (USG)

    • In the 20.04 LTS we introduced the Ubuntu Security Guide, which provides security tooling through usg. It bundles together multiple key components, such as CIS benchmarking and DISA-STIG.

    • Before USG, Center for Internet Security (CIS) Benchmark tooling was available as a separate service through cis. This can be used up to (and including) 20.04 LTS, but on all later LTS releases this functionality is provided through usg.

    • Find out how to manage USG (and CIS) with the Pro Client.

  • Common Criteria

Want more information?

  • Expanded Security Maintenance (ESM)

    If you’re using Pro on an LTS machine (Desktop or Server) you can get additional security support through Expanded Security Maintenance (ESM). We recommend it for everyone using Pro, and it’s enabled by default. It includes two services:

    • esm-infra provides security updates for packages in the Ubuntu ‘main’ repository (packages from Ubuntu) for five additional years beyond the standard five years of security maintenance of ‘main’ packages.

    • esm-apps covers packages in the ‘universe’ repository (which are from Debian and the community) for ten years after the LTS release.

    • Read more about ESM-Apps and ESM-Infra.

  • Livepatch

    Ubuntu Livepatch removes the need to immediately reboot your machine after a patch is applied to the kernel, so you can perform device reboots when it’s convenient for you. Although it’s lightweight, it may not be suitable on a very small system with limited memory. Check our list of supported kernels if you’re unsure.

Want more information?

  • ROS ESM

    Our Robot Operating System Expanded Security Maintenance (ROS ESM) service provides security maintenance for ROS LTS releases, starting with ROS Kinetic on Ubuntu 16.04 – including packages from the Ubuntu ‘universe’ repository.

    • ros provides security updates to the 600+ packages for ROS 1 Kinetic and Melodic, and ROS 2 Foxy – in addition to the security coverage already provided by ESM.

    • ros-updates also gives you access to non-security updates.

    • Want to know how to enable ROS ESM? Check out this introductory guide by the ROS team to get started.

  • Real-time kernel

    The Ubuntu 22.04 LTS brought the new, enterprise-grade real-time kernel, which reduces kernel latencies and ensures predictable performance for time-sensitive task execution. It was designed to deliver stable, ultra-low latency and security for critical telco infrastructure, but has applications across a wide variety of industries.

Want more information?