Pei Ling Hoo - Fotolia

Ubuntu Core: A secure open source OS for IoT

Canonical says easy over-the-air updates put its open source IoT OS ahead of the competition, but others tout its security, flexibility and scalability.

Canonical's Ubuntu Core, a tiny, transactional version of the Ubuntu Linux OS for IoT devices, runs highly secure Linux application packages, known as "snaps," that can be upgraded remotely.

Using the same kernel, libraries and system software as classic Ubuntu, customers can develop snaps on their Ubuntu PCs just like any other application. IoT is where the difference lies.

"Because IoT devices tend to be smaller in terms of CPU and memory than a server or a desktop, we've done what we call a 'minimal distribution' of Ubuntu targeted for IoT," said Mike Bell, executive vice president of devices and IoT at London-based Canonical Ltd. "The great thing is that I can use the same technology on the desktop and in the cloud as I can on an IoT device."

But rather than just cutting down the OS for IoT, Canonical took a step back to figure out the core challenges of IoT and determine how those differed from the cloud.

Mike BellMike Bell

"One of the basic tenets we thought about was security," Bell said. "With a server, you care about security on every platform, but with an IoT device, that device is physically vulnerable as well." That is, an attacker has direct access to the electronics in their device -- it's in enemy hands. "So, using container technology, we provide a way that basically packages up applications into containers that we call snaps." In enemy hands, the container approach is more robust than conventional apps -- or at least any weaknesses can be dealt with more quickly and in an organized way.

Each snap not only distributes over-the-air application updates, but also contains the application when it's running on an IoT device.

"One of the key challenges for device makers is keeping a device updated, so we take care of that," Bell said. "We have a software repository; put your latest binary up into that repository and we will take care of updating every single device that is running that snap. So, for people with 50,000 or 100,000 devices doing some IoT task, we are going to manage the updating of that software stack for them and manage the operating system updates as well."

Bell said this is a unique selling point and one of the key aspects that sets Ubuntu Core apart from many of its competitors and other OSes for IoT.

Open source: The ideal OS for IoT?

According to Bell, Canonical considers Ubuntu Core the answer to open source software for IoT.

"We believe that people don't want to be locked in and want to be able to extend things if they'd like," he said. "The other advantage is that, with so many people developing on the platform, security issues get addressed quicker than in closed source; that's our contention."

You have big things that need constant access to power and don't need to have any resource constraints, and you have tiny things like sensors that are heavily optimized for the constrained environment. So, there is a lot of scope for deploying OSes in the market.
Aapo Markkanenprincipal research analyst, Gartner

However, given the variety of form factors, applications and use cases across industries such as agriculture, enterprise IT, government, health, industrial and so on, there will be multiple OSes for IoT, rather than just one, said Christian Renaud, research director of IoT at 451 Research.

Aapo Markkanen, a principal research analyst specializing in IoT at Gartner Inc., agreed that when it comes to an OS for IoT, the need and demand is hugely diverse because so many different things have to be connected.

"You have big things that need constant access to power and don't need to have any resource constraints, and you have tiny things like sensors that are heavily optimized for the constrained environment," he said. "So, there is a lot of scope for deploying OSes in the market."

The real value of the Ubuntu Core IoT OS is that it's very developer-friendly; developers can apply the same skill sets they've acquired for Linux or Ubuntu outside of IoT, Markkanen added.

Renaud applauded its ability to run on a broad array of compute-constrained devices. "Right now, that is a lot of the landscape of IoT because most of those things were not initially designed thinking they were going to be computing devices," he said. "They were oil pump sensors or portable endoscopes or crop moisture detectors."

This flexibility also means that the security and the orchestration of various systems start to become "solvable," Renaud said. "That's what Ubuntu Core brings to the table. What it's good at is bringing that consistency in common security and management approach and application development approach," he said. "Intel is trying to do the same thing with Wind River and there are a number of other people trying to be in this space."

Renaud added that traditional IT technology vendors are more focused on larger footprints, applications and more robust computing, and not as focused on what OS IoT devices themselves run.

Creating an open source all-footprint OS for IoT is definitely a major obstacle that the industry has to overcome to enable a connected environment, Renaud said. "When it's Pandora's box and there's more than 5,000 different device types running 5,000 different operating systems, don't worry about connecting them because there's no way to manage them and secure them," he said.

Ubuntu Core in action

One manufacturer that has already embraced the Ubuntu Core IoT OS is Dell Technologies; the Dell Edge Gateway 3000 launched in February with Ubuntu Core.

Jason ShepherdJason Shepherd

"We wouldn't have [Ubuntu Core] as one of our key OS choices from our factory if we didn't feel it was worthwhile," said Jason Shepherd, director of IoT strategy and partnerships at Dell. "We knew we had to pick a Linux OS because there is so much of IoT that is spinning up on the Linux side of the house compared to the PC space where it's more predominantly Windows."

Dell selected Canonical as its strategic Linux partner based on what operating systems people were using from an independent software vendor standpoint, which was predominantly Ubuntu, although not necessarily Core, Shepherd said. After choosing Canonical, Dell had to decide whether to go with server Ubuntu, desktop Ubuntu or Ubuntu Core. The Ubuntu Core IoT OS won, and even though it's a new offering and doesn't have the long-standing proof points in the market that some of the other Linux operating systems have, Dell decision-makers thought it would be the best option for an IoT system.

"It's the right approach when you want to have a very bare OS running on the box and then only add what you need to make your solution work, because then you minimize your attack surface," Shepherd said.

Because it has that bare kernel plus the snaps on top, Ubuntu Core allows for additional security elements as well as for separation in terms of what different applications are doing and what they're able to access on the system, he said.

"It also provides you with that transactional update ability, meaning that if I'm running some sort of operation and I want to update one of the snaps on there, I don't have to bring down the whole system to do it," Shepherd said. "And if something goes wrong during that update, I can roll back to the last known state so I don't bring down the whole system. I don't have to wait until I can get in and fix everything."

Another attractive feature for Dell was Canonical's back-end software repository, where Dell could load snaps and push out the updates to any systems connected to that repository. Shepherd said this infrastructure was attractive, especially when scaling a product or service. "There are lots and lots of Linux distributions out there, [but] they tend to be set up more for people who do not have to build for scale," he said. Ubuntu solved this issue.

Dig Deeper on Internet of things platform

Data Center
Data Management