Secret Virtual Machine on Ubuntu Pro for Azure: What’s the point?

In the cloud space, the advent of Confidential Virtual Machines (CVM) has been a major advance in security. It is still necessary to protect the exterior and interior. This is where the Ubuntu Pro service for discreet devices hosted on Azure comes in handy.

toWe are Secret virtual machines Adding an extra layer of security by encrypting data as it is processed, addressing an aspect of data protection that was previously problematic. This technology ensures data encryption at runtime, at rest, and at startup.

Although CVM systems excel at protecting against external code threats, they still exist Vulnerable to internal weaknesses From their borders. This is the ecclesiastical place He intends to play a role By ensuring some form of synergy between Ubuntu Pro and discreet virtual machines on Microsoft Azure.

Where a secret virtual machine fortifies the outer walls, Ubuntu Pro intends to vigilantly watch the interior, thanks to a kind of reinforced enclave.

Ubuntu Pro addresses the problem by adding additional enterprise-level capabilities to Ubuntu LTS:

• Extended security maintenance (ESM): 10 years of vulnerability management for all software.
• Complete patching : Security patch for over 25,000 open source packages, significantly reducing average vulnerability exposure (CVE).
• Direct kernel debugging : To reduce downtime and unplanned reboots with fixes for critical and extremely severe kernel vulnerabilities.
• Automated compliance : A tool to enhance profiles and compliance, including CIS, DISA-STIG, FIPS 140, etc.

to Deploying a new secret virtual machine with Ubuntu Prouse the Azure CLI command as follows:

az vm create \
--resource-group "${RESOURCE_GROUP}" \
--name "${VM_NAME}" \
--size Standard_DC4as_v5 \
--enable-vtpm true \
--image "Canonical:0001-com-ubuntu-confidential-vm-focal:20_04-lts-cvm:latest" \
--security-type ConfidentialVM \
--os-disk-security-encryption-type VMGuestStateOnly \
--enable-secure-boot true \
--license-type UBUNTU_PRO

Existing Ubuntu LTS Secret devices can be upgraded to Ubuntu Pro using some commands as well, Detailed here.

Billing is established On an hourly basis Via your existing Azure account. For more details about the solution, you can See the page dedicated to Ubuntu Pro for Azure.