Ubuntu has launched its Appliance Portfolio, an initiative designed to enable secure smart devices linked to cloud services. All Ubuntu appliances are “free to download and install” but may include an up-sell to paid-for services.
The idea of the Ubuntu Appliance Portfolio is to “enable secure, self-healing, single-purpose devices,” according to Canonical product manager Rhys Davies. You could probably build this software yourself by hand, though the appliances are supposed to be convenient self-maintaining packages of programs to save you the bother.
An “appliance” is a system disk image for a Intel NUC PC or a Raspberry Pi, based on Ubuntu Core, a stripped-down variant of the popular Linux distro. Once installed, an appliance requires configuration on first startup, after which it is meant to be self-maintaining, with a daily check for updates.
There is a built-in app store for adding features, based on the controversial snap packaging format, and snap is also used for the applications pre-installed in each image.
Currently your choice of Ubuntu appliances is limited to five devices. These are openHAB, an open source smart home solution which you can find on GitHub; Plex which is a well-known media server; NextCloud which is a system for a “private cloud at home”, in this case meaning a simple collaboration platform; Mosquitto which in contrast to the other offerings is an application service aimed at developers, an open source message broker managed by the Eclipse Foundation; and AdGuard which is a security device.
That is not much to launch on, and most of these offerings are already available from their respective web sites as Pi images, so what is distinctive about the new Ubuntu offering? The main theme is that a curated range of images should reduce the chance of bad things happening with your IoT setup.
Canonical says appliances will “meet consistent criteria for security, privacy, maintenance and operations.” These criteria include secure boot protocols, the snap application sandboxing and transactional updates, and full disk encryption.
In an enterprise context, there is the possibility of of a local corporate code store. But it does appear that Canonical will permit closed-source software in appliances, since it states that “commercial software appliances reuse the same mechanisms” as open source appliances; but the level of scrutiny cannot be the same.
BT adopts Ubuntu OpenStack as core brains for its 5G, fibre-to-the-premises rollout
How are Appliance images vetted though? Canonical has three categories of device. Certified appliances have “continuous testing by Canonical on all certified hardware.” Maintained simply means “a commitment from the appliance maintainers to update the underlying snaps for a declared period” and to do their own testing, and Experimental means no commitment at all.
What this means is that only the “Certified” devices come with meaningful reassurance. Even a certified device could have a commitment to support for only five years after the release date of the underlying version of Ubuntu Core. That means you could have a certified appliance based on Ubuntu Core 18 and it might only be kept updated until 2023 (though the OS itself has updates at least until 2028).
A disappointment is that currently only Intel NUC devices are listed as certified hardware on the PC side. That said, Canonical lists Dell, Lenovo, HP and component supplier Avnet as “appliance hardware partners,” suggesting that the list might grow. Diverse hardware and the appliance concept do not go together though, which is another reason why the Pi is the key target here.
Will Canonical win enough momentum for its Appliance initiative to have long-term value? That is the question; and a moribund community forum is not a good start – zero replies to three thread topics at the time of writing. Still, the official launch was only yesterday so that could change.®
Sponsored: Ransomware has gone nuclear
Follow me for more information.