Canonical has launched free Ubuntu Pro subscriptions for individuals and small companies for up to five machines, enabling anybody to get longer-term support and features that were only reserved to paying enterprise customers so far.
Canonical provides Ubuntu for free with LTS versions released every two years and supported for 5 years. The latest Ubuntu 22.04 LTS was released in April 2022, meaning it will be supported until April 2027. But if you’d like to get 10-year support and extra security features you can now do it for free through an Ubuntu Pro subscription for up to 5 machines.
Let’s compare the key differences between Ubuntu LTS and Ubuntu Pro first.
| Ubuntu LTS | Ubuntu Pro | |
|---|---|---|
| Security patching - 2,300+ packages in Ubuntu Main repository | 5 years | 10 years |
| Security patching - 23,000+ packages in Ubuntu Universe repository | Best effort | 10 years |
| NIST-certified FIPS crypto-modules | No | Yes |
| USG hardening with CIS and DISA-STIG profiles | No | Yes |
| Common Criteria EAL2 | No | Yes |
| Kernel Livepatch | No | Yes |
| Systems management at scale with Landscape | No | Yes |
| Optional support | No | Yes |
You’ll get 10 years of support instead of 5 with Ubuntu Pro and as well as improved security. If you are upgrading to the latest LTS soon after it is out, the 10-year support may not be worth much to you, but you’d still get improved security compliant with government standards. Livepatch is possible with Ubuntu LTS too, but it’s not automatically enabled.
Mark Shuttleworth, CEO of Canonical, explains more about the Ubuntu Pro public beta in the video, notably how business partnerships enabled the company to release a free version of Ubuntu Pro.
I’m still using Ubuntu 20.04 right now, and that’s OK since Ubuntu Pro works with Ubuntu 16.04 and greater.
The only downside of Ubuntu pro that I can see is that you’ll need to setup a Ubuntu account and they’ll know which machines you are using. I already had a Ubuntu account, so I just went ahead and registered for an Ubuntu Pro subscription.
You’ll be given a token that you can attach to your machine(s). You’ll need to upgrade your installation to make sure you have the latest ubuntu-advantage-tools package:
|
1 2 |
$ sudo apt update && sudo apt upgrade $ sudo pro attach <Token> |
You’ll see which services are enabled at the end of the output:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
This machine is now attached to 'Ubuntu Pro - free personal subscription' SERVICE ENTITLED STATUS DESCRIPTION esm-infra yes enabled Expanded Security Maintenance for Infrastructure fips yes disabled NIST-certified core packages fips-updates yes disabled NIST-certified core packages with priority security updates livepatch yes enabled Canonical Livepatch service usg yes disabled Security compliance and audit tools NOTICES Operation in progress: pro attach Enable services with: pro enable <service> Account: xxxxx@cnx-software.com Subscription: Ubuntu Pro - free personal subscription |
If a service is disabled, you may opt to enable it with the adequate command, for example:
|
1 |
sudo pro enable usg |
Note that some services are mutually exclusive, and for instance, you cannot enable FIPS when livepatch is enabled.
There’s a tutorial further explaining how to enable “Expanded Security Maintenance for Applications (esm-apps)”:
|
1 2 3 4 |
$ sudo pro enable esm-apps --beta One moment, checking your subscription first Updating package lists Ubuntu Pro: ESM Apps enabled |
… and check if there are any new security updates:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
$ apt list --upgradable | grep apps-security WARNING: apt does not have a stable CLI interface. Use with caution in scripts. debugedit/focal-apps-security 4.14.2.1+dfsg1-1ubuntu0.1~esm1 amd64 [upgradable from: 4.14.2.1+dfsg1-1build2] inetutils-inetd/focal-apps-security 2:1.9.4-11ubuntu0.1+esm1 amd64 [upgradable from: 2:1.9.4-11ubuntu0.1] inetutils-traceroute/focal-apps-security 2:1.9.4-11ubuntu0.1+esm1 amd64 [upgradable from: 2:1.9.4-11ubuntu0.1] libgegl-0.4-0/focal-apps-security 0.4.22-3ubuntu0.1~esm1 amd64 [upgradable from: 0.4.22-3] libgegl-common/focal-apps-security,focal-apps-security 0.4.22-3ubuntu0.1~esm1 all [upgradable from: 0.4.22-3] libgraphicsmagick++-q16-12/focal-apps-security 1.4+really1.3.35-1ubuntu0.1~esm1 amd64 [upgradable from: 1.4+really1.3.35-1] libgraphicsmagick-q16-3/focal-apps-security 1.4+really1.3.35-1ubuntu0.1~esm1 amd64 [upgradable from: 1.4+really1.3.35-1] libhdf5-103/focal-apps-security 1.10.4+repack-11ubuntu1+esm1 amd64 [upgradable from: 1.10.4+repack-11ubuntu1] libhdf5-openmpi-103/focal-apps-security 1.10.4+repack-11ubuntu1+esm1 amd64 [upgradable from: 1.10.4+repack-11ubuntu1] libmediainfo0v5/focal-apps-security 19.09+dfsg-2ubuntu0.1~esm1 amd64 [upgradable from: 19.09+dfsg-2build1] ... |
I do have a few so I can just upgrade my installation again:
|
1 2 3 4 5 6 |
sudo apt upgrade ... 28 esm-apps security updates Need to get 13.3 MB of archives. After this operation, 21.5 kB of additional disk space will be used. Do you want to continue? [Y/n] |
Note that it’s still supposed to be beta, so it might not be a good idea to run those commands on a production machine or server just yet.
More details may be found in the press release.
Jean-Luc started CNX Software in 2010 as a part-time endeavor, before quitting his job as a software engineering manager, and starting to write daily news, and reviews full time later in 2011.
Support CNX Software! Donate via cryptocurrencies, become a Patron on Patreon, or purchase goods on Amazon or Aliexpress
> Livepatch is possible with Ubuntu LTS too
…but limited to x86_64/amd64 since only there Canonical cares that much about the Linux kernel.
Also from time to time Livepatch won’t do it and it needs kernel update + reboot and sometimes even other packages require a reboot (e.g. when libc gets updated due to a known and exploited vulnerability in the wild).
before it was called ESM and you could use it for 3 machines so now they’ve increased it to 5 and rebranded it – big deal ?!
Ah, great: on each “sudo apt upgrade”, I now get “Try Ubuntu Pro beta with a free personal subscription on up to 5 machines.”. Canonical is pushing it.
I, personally, absolutely detest these “only on so-and-so many devices”-schemes. I have plenty of devices and I don’t want the headache of trying to remember how many I’ve installed and/or enabled something on, so no thanks.
Where do you see “for small companies” on ubuntu site? I see “Free for personal use” *only*.
In the press release: