Ubuntu Core 18 released for secure, reliable IoT devices

Canonical

on 22 January 2019

This article was last updated 5 years ago.


Canonical today published Ubuntu Core 18, bringing the popular Ubuntu 18.04 LTS to high-security embedded devices.

“Dell has been working closely with Canonical over the past three years to certify Ubuntu Core on all our Edge Gateway platforms. Ubuntu Core enables our customers to build highly secure, stable IoT solutions that deliver the deep insight they need to effectively run their business,” commented John Dauskurdas, Vice President, Global IoT/Embedded PC Sales at Dell EMC. “We see enormous interest in customers wanting to take advantage of the built-in app store infrastructure to securely maintain and deliver new functionality at the edge.”

Immutable, digitally signed snaps ensure that devices built with Ubuntu Core are resistant to corruption or tampering. Any component can be verified at any time. All snaps on Ubuntu Core devices are strictly confined, limiting any damage from a compromised application.

Ubuntu Core 18 will receive 10 years low-cost security maintenance, enabling long-term industrial and mission-critical deployments. Updates are delivered with a device-specific SLA, ensuring that change is managed by the manufacturer or the enterprise and providing a rapid response to any vulnerabilities that are detected over the device lifetime.

The attack surface of Ubuntu Core has been minimized, with very few packages installed in the base OS, reducing the size and frequency of security updates and providing more storage for applications and data.

All snaps distributed to devices are scanned regularly for known weaknesses and devices, enabling enterprises and manufacturers to learn quickly about potential risks in their ecosystem.

Ubuntu Core enables a new class of app-centric things, which can inherit apps from the broader Ubuntu and Snapcraft ecosystems or build unique and exclusive applications that are specific to a brand or model. Specific apps can be required, or optional, per model. Manufacturers get complete control over the versions and updates relevant to their own devices.

“We share a software-defined vision with Canonical to help enterprises discover new revenue opportunities and overcome legacy infrastructure challenges in the telco and wider IoT industry. Ubuntu Core, snaps, and IoT app stores create a secure, open-source platform that enables our partners to develop and deploy new disruptive technologies quickly,” said Ebrahim Bushehri, CEO, Lime Microsystems. “The CrowdCell project led by Vodafone and Telefonica provides cost-effective cellular connectivity as part of the Facebook TIP initiative, while the European Space Agency now has an app-enabled satellite communication network open for developers to create a variety of applications for widespread adoption, both powered by snaps on Ubuntu Core.”

Enterprises gain rigorous audit and control over every piece of software on every single device on the network – regardless of manufacturer. Since every Ubuntu Core device uses the same application delivery mechanism, a business can know exactly which devices have received relevant CVE updates and fixes, and control the rollout of those fixes across the network.

Using standard Ubuntu means that app publishers can support multiple devices without recompiling. Ubuntu is the most widely deployed Linux in the world and hence attracts a very wide range of publishers – there are 4,600 snaps published by 1700 independent publishers today.

Every Ubuntu Core device qualifies for Canonical support, which is more cost-efficient than support for traditional enterprise Linux because the immutable snap package format which makes up the entire Ubuntu Core system greatly reduces the complexity of debugging. Certain manufacturers include support from Canonical in their own appliance maintenance and support agreements.

Modern devices compete primarily on the quality of their software experience rather than hardware. It is a significant competitive advantage to be able to hire standard Ubuntu engineers and enable them to develop using the full range of familiar tools and processes, including cloud-based CI/CD, rather than the limited talent pools and complex legacy embedded Linux environments. With faster, cheaper and higher quality app development, together with much more cost-effective and reliable over-the-air updates, Ubuntu Core devices gain the ability to improve faster than any other class of embedded Linux appliance.

The snaps that power Ubuntu Core work just as well on Ubuntu Server, Desktop and cloud images. One platform, one format, and one process mean that the developer workstation, build farm, cloud and servers can all participate in the software design and development lifecycle. Running those snaps on Ubuntu Core provides a higher level of security than any other version of Ubuntu because the entire platform is made of strictly confined snaps.

Ubuntu, and hence Ubuntu Core, is enabled on a wide range of devices from leading manufacturers like Dell, Rigado, Intel, Qualcomm, Samsung and NXP. Using a pre-enabled and certified board greatly reduces the cost and time of appliance development. Customers focus entirely on their applications, with the base system enablement and security maintenance provided by Canonical throughout the lifetime of the device. Customers do not need to integrate and rebuild the OS for security maintenance, but they can control the distribution of Canonical updates to Ubuntu with their own certification and testing regime.

Approved updates are distributed to all devices within 24 hours, enabling rapid iteration and improvement for software publishers and manufacturers. Ubuntu Core brings the principles of continuous deployment right to the edge. Snap channels enable automatic beta testing and canary updates. Travis integration and a multi-architecture build service ensure that the same CI/CD train can support identical apps across x86, and ARM architectures with both 32 and 64-bit snaps and simultaneous update releases.

Ubuntu Core benefits from the extraordinary resilience and reliability of the snap update mechanism. Every update preserves both the prior binaries, and a snapshot of the application data, enabling perfect rollback to the state of the app and device before that update if needed. Devices will retain factory, last-known-good and latest versions of all snaps used on the device, automatically using the best, latest, known good version of a snap.

“Canonical’s Ubuntu Core puts the right code on a device with clean update and management semantics,” said Ian Hughes, Senior Analyst IoT, 451 Research.“Since snaps deliver everything from the kernel and device drivers to 3rd party applications, targeted upgrades can be orchestrated and delivered to IoT endpoints via a central app store with no user intervention. This manageability is essential to enhance the ongoing security and performance of devices in the field. Ubuntu Core is used across many types of IoT device such as digital signage, drones and robots, with ROS applications supported as snaps, and in IoT gateways. This all sits within the existing open source Ubuntu ecosystem providing familiarity and common tools for developers.”

Application data can be snapshotted and managed in a consistent way for all applications, greatly simplifying the enterprise archive, data retention and storage management position for the internet of things.

Every device has a backup kernel and OS which will be used if a device boot fails. New kernels and device-specific software are not considered good until the device has successfully booted and run with them. Ubuntu Core maximises the reliability of both system and application updates to reduce the physical maintenance required when updates fail.

Power failures during updates should not corrupt the state of the device, enabling updates to be distributed globally at very low risk without human intervention or physical access.

Updates to Ubuntu Core devices are automatically compressed, and where savings can be achieved through deltas rather than whole-snap updates, the system will automatically calculate, validate and prefer deltas. Manufacturers with millions of devices save significant amounts thanks to the efficiency of snap updates.

Ubuntu Core 18, available since December 2018, can be downloaded by clicking here.

To learn more about Ubuntu Core 18, register here for the webinar on 30th January 2019.

<Ends>

About Canonical
Canonical is the company behind Ubuntu, the leading OS for cloud operations. Most public cloud workloads use Ubuntu, as do most new smart gateways, switches, self-driving cars and advanced robots. Canonical provides enterprise support and services for commercial users of Ubuntu. Established in 2004, Canonical is a privately held company.


smart start

IoT as a service

Bring an IoT device to market fast. Focus on your apps, we handle the rest. Canonical offers hardware bring up, app integration, knowledge transfer and engineering support to get your first device to market. App store and security updates guaranteed.

Get your IoT device to market fast ›

smart start logo

IoT app store

Build a platform ecosystem for connected devices to unlock new avenues for revenue generation. Get a secure, hosted and managed multi-tenant app store for your IoT devices.

Build your IoT app ecosystem ›

Newsletter signup

Get the latest Ubuntu news and updates in your inbox.

By submitting this form, I confirm that I have read and agree to Canonical's Privacy Policy.

Related posts

EdgeIQ and Ubuntu Core; bringing security and scalability to device management 

Today, EdgeIQ and Canonical announced the release of the EdgeIQ Coda snap and official support of Ubuntu Core on the EdgeIQ Symphony platform. EdgeIQ Symphony...

AI Inference on the Edge with TensorFlow Lite

This blog post dives into the world of AI on the edge, and how to deploy TensorFlow Lite models on edge devices. We’ll explore the challenges of managing...

Space pioneers: Lonestar gears up to create a data centre on the Moon

Why establish a data centre on the Moon? Find out in our blog.