Published: Nov 03, 2023
Key Takeaways:
- Microsoft and Canonical have partnered to simplify Linux OS updates and enhance security for Canonical workloads on Azure.
- Microsoft Azure is the first cloud provider to integrate with Canonical’s snapshot service.
- The Azure Guest Patching Service (AzGPS) and Azure Kubernetes Service (AKS) now offer the ability to apply the same package update from a specific date across all regions.
Microsoft has collaborated with Canonical to simplify Linux OS updates and bolster security for Canonical workloads on Azure. This partnership marks a significant milestone, with Microsoft Azure becoming the first cloud provider to integrate with Canonical’s snapshot service.
Microsoft mentioned that deploying security updates on Linux-based operating systems can be challenging for organizations in order to address vulnerabilities. The new feature allows the Azure Guest Patching Service (AzGPS) and Azure Kubernetes Service (AKS) services to apply the same package update from a specific date across all regions.
Azure Guest Patching Service (AzGPS) is an automatic patching service for Azure virtual machines (VMs). The service offers health monitoring capabilities to help customers detect patching failures, and it’s available for Windows and Linux VMs as well as flexible scale sets.
Azure Kubernetes Service (AKS) is a service that is designed to streamline the deployment process of a managed Kubernetes cluster in Azure. It provides a unified experience for managing and governing Kubernetes clusters across on-premises, edge, and multi-cloud environments.
“To tackle the issue of inconsistent updates, we are introducing the Ubuntu snapshot service. Available at snapshot.ubuntu.com, it provides a complete archive of the Ubuntu repository, starting from February 2023. This system empowers administrators to update an Ubuntu Virtual Machine (VM) or container based on the state of the archive as it was at a specific date and time,” Canonical explained.
Here are some advantages of Azure’s integration with Canonical’s snapshot service:
Microsoft notes that organizations can use CLI or PowerShell commands to enable Auto Guest Patching for their existing VMs. It’s also possible to select the “Azure Orchestration” option while creating a new VM in the Azure portal. However, IT administrators who have already configured Auto Guest Patching on their VM or VM Scale Sets won’t need to take any action.
For Azure Kubernetes Service, customers can use Bicep, CLI, or Terraform to enable the Node OS Auto Upgrade Security Patch channel for all existing and new clusters. “When the patches are applied, the VHD is updated and existing machines are upgraded to that VHD, honoring maintenance windows and surge settings for that cluster,” Microsoft added. If you’re interested, you can learn more about this capability on the official blog post.