Increased security and resiliency of Canonical workloads on Azure – General Availability

This post has been republished via RSS; it originally appeared at: Microsoft Tech Community - Latest Blogs - .


Azure's collaboration with Canonical is redefining the industry benchmark for safely patching Linux distributions in the cloud. This partnership underscores Azure’s commitment to customer security since Ubuntu images are a significant presence on Azure. The snapshot capability allows for uniform updates across VM fleets, making Azure the first cloud provider to offer such a homogeneous update experience across regions. 


Scalable reliability through Auto Patching


No action is required for customers that have enabled Auto Patching through Azure Guest Patching Service (AzGPS). The platform will install a package that is snapped to a point-in-time by default. In the event a snapshot-based update cannot be installed the platform will install the latest update to ensure the VM is secured. Customers can view the published-date information related to the update in Azure Resource Graph and the Instance View of the VM. The figure below highlights the difference between the current orchestration process and the expected reliability with snapshots.


Azure orchestration without snapshots



Today, each region gets the latest package as updates are applied across regions.


 Scalable Reliability with Canonical Snapshots



Azure Guest Patching Service will now apply the same package update from a specific date to all regions due to the integration with Canonical’s snapshot service.

Enabling the snapshot capability on Azure Guest Patching Service 


Azure Guest Patching Service: Enable Auto Guest Patching either through PowerShell or CLI for your existing VMs or select “Azure Orchestration” during new VM creation in the Azure portal. There is no action required for customers that have already enabled Auto Guest Patching on their VM and VM Scale Sets. This capability is currently available for Single Instance VMs and VM Scale Set Flexible Orchestration.



Customers of Azure Guest Patching will receive snapshot-based updates for a single point-in-time across their Canonical workloads by following safe deployment principles, by default. This is a game changer for Azure customers, since the platform can orchestrate updates and keep the updates in sync across regions. Azure is simplifying the way customers keep their assets secure, allowing homogeneity across customers’ fleet, and reducing the impact newer updates may have on customer workloads. 


Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.