Published in IoT

Canonical brings Ubuntu 18.04 LTS to high-security embedded devices.

by on23 January 2019

 2019 is the year of Linux on the lightbulb

Canonical today published Ubuntu Core 18, bringing Ubuntu 18.04 LTS to high-security embedded devices.

John Dauskurdas, Vice President, Global IoT/Embedded PC Sales at Dell EMC said that his company has been working closely with Canonical over the past three years to certify Ubuntu Core on its Edge Gateway platforms.

"Ubuntu Core enables our customers to build highly secure, stable IoT solutions that deliver the deep insight they need to run their business effectively,” commented. “We see enormous interest in customers wanting to take advantage of the built-in app store infrastructure to securely maintain and deliver new functionality at the edge.”

Immutable digitally signed snaps ensure that devices built with Ubuntu Core are resistant to corruption or tampering. Any component can be verified at any time. All snaps on Ubuntu Core devices are strictly confined, limiting any damage from a compromised application.

Ubuntu Core 18 will receive 10 years low-cost security maintenance, enabling long-term industrial and mission-critical deployments. Updates are delivered with a device-specific SLA, ensuring that change is managed by the manufacturer or the enterprise and providing a rapid response to any vulnerabilities that are detected over the device lifetime.

The attack surface of Ubuntu Core has been minimised, with few packages installed in the base OS, reducing the size and frequency of security updates and providing more storage for applications and data.

All snaps distributed to devices are scanned regularly for known weaknesses and devices, enabling enterprises and manufacturers to learn quickly about potential risks in their ecosystem.

Ubuntu Core enables a different class of app-centric things, which can inherit apps from the broader Ubuntu and Snapcraft ecosystems or build unique and exclusive applications that are specific to a brand or model. Specific apps can be required, or optional, per model. Manufacturers get complete control over the versions and updates relevant to their own devices.

Ebrahim Bushehri, CEO, Lime Microsystems said: " We share a software-defined vision with Canonical to help enterprises discover new revenue opportunities and overcome legacy infrastructure challenges in the telco and wider IoT industry. Ubuntu Core, snaps, and IoT app stores create a secure, open-source platform that enables our partners to develop and deploy new disruptive technologies quickly, The CrowdCell project led by Vodafone and Telefonica provides cost-effective cellular connectivity as part of the Facebook TIP initiative, while the European Space Agency now has an app-enabled satellite communication network open for developers to create a variety of applications for widespread adoption, both powered by snaps on Ubuntu Core.”

Enterprises gain rigorous audit and control over every piece of software on every single device on the network – regardless of manufacturer. Since every Ubuntu Core device uses the same application delivery mechanism, a business can know exactly which devices have received relevant CVE updates and fixes, and control the rollout of those fixes across the network.

Using standard Ubuntu means that app publishers can support multiple devices without recompiling. Ubuntu is the most widely deployed Linux in the world and hence attracts a very wide range of publishers – there are 4,600 snaps published by 1700 independent publishers today.

Every Ubuntu Core device qualifies for Canonical support, which is more cost-efficient than support for traditional enterprise Linux because the immutable snap package format which makes up the entire Ubuntu Core system greatly reduces the complexity of debugging. Certain manufacturers include support from Canonical in their own appliance maintenance and support agreements.

Modern devices compete primarily on the quality of their software experience rather than hardware. It is a significant competitive advantage to be able to hire standard Ubuntu engineers and enable them to develop using the full range of familiar tools and processes, including cloud-based CI/CD, rather than the limited talent pools and complex legacy embedded Linux environments. With faster, cheaper and higher quality app development, together with much more cost-effective and reliable over-the-air updates, Ubuntu Core devices gain the ability to improve faster than any other class of embedded Linux appliance.

The snaps that power Ubuntu Core work just as well on Ubuntu Server, Desktop and cloud images. One platform, one format, and one process mean that the developer workstation, build farm, cloud and servers can all participate in the software design and development lifecycle. Running those snaps on Ubuntu Core provides a higher level of security than any other version of Ubuntu because the entire platform is made of strictly confined snaps.

Ubuntu, and hence Ubuntu Core, is enabled on a wide range of devices from leading manufacturers like Dell, Rigado, Intel, Qualcomm, Samsung and NXP.

Using a pre-enabled and certified board greatly reduces the cost and time of appliance development. Customers focus entirely on their applications, with the base system enablement and security maintenance provided by Canonical throughout the lifetime of the device. Customers do not need to integrate and rebuild the OS for security maintenance, but they can control the distribution of Canonical updates to Ubuntu with their own certification and testing regime.

Approved updates are distributed to all devices within 24 hours, enabling rapid iteration and improvement for software publishers and manufacturers. Ubuntu Core brings the principles of continuous deployment right to the edge. Snap channels enable automatic beta testing and canary updates. Travis integration and a multi-architecture build service ensure that the same CI/CD train can support identical apps across x86, and ARM architectures with both 32 and 64-bit snaps and simultaneous update releases.

Ubuntu Core benefits from the extraordinary resilience and reliability of the snap update mechanism. Every update preserves both the prior binaries, and a snapshot of the application data, enabling perfect rollback to the state of the app and device before that update if needed. Devices will retain factory, last-known-good and latest versions of all snaps used on the device, automatically using the best, latest, known good version of a snap.

Ian Hughes, Senior Analyst IoT, 451 Research said Canonical’s Ubuntu Core puts the right code on a device with clean update and management semantics

“Since snaps deliver everything from the kernel and device drivers to 3rd party applications, targeted upgrades can be orchestrated and delivered to IoT endpoints via a central app store with no user intervention. This manageability is essential to enhance the ongoing security and performance of devices in the field. Ubuntu Core is used across many types of IoT device such as digital signage, drones and robots, with ROS applications supported as snaps, and in IoT gateways. This all sits within the existing open source Ubuntu ecosystem providing familiarity and common tools for developers.”

Application data can be consistantly snapshotted and managed for all applications, greatly simplifying the enterprise archive, data retention and storage management position for the internet of things.

Every device has a backup kernel and OS which will be used if a device boot fails. New kernels and device-specific software are not considered good until the device has successfully booted and run with them. Ubuntu Core maximises the reliability of system and application updates to reduce the physical maintenance required when updates fail.

Power failures during updates should not corrupt the state of the device, enabling updates to be distributed globally at low risk without human intervention or physical access.

Updates to Ubuntu Core devices are automatically compressed, and where savings can be achieved through deltas rather than whole-snap updates, the system will automatically calculate, validate and prefer deltas. Manufacturers with millions of devices save amounts thanks to the efficiency of snap updates.

 

 

Last modified on 23 January 2019
Rate this item
(0 votes)

Read more about: